qwertyuiopasdfghjklzxcvbnm qwertyuiopasdfghjklzxcvbnm qwertyuiopasdfghjklzxcvbnm qwertyuiopasdfghjklzxcvbnm qwertyuiopasdfghjklzxcvbnm qwertyuiopasdfghjklzxcvbnm ABC Co.

qwertyuiopasdfghjklzxcvbnm qwertyuiopasdfghjklzxcvbnm CHANGE OF qwertyuiopasdfghjklzxcvbnm DATABASE qwertyuiopasdfghjklzxcvbnm MANAGEMENT qwertyuiopasdfghjklzxcvbnm SYSTEM qwertyuiopasdfghjklzxcvbnm qwertyuiopasdfghjklzxcvbnm qwertyuiopasdfghjklzxcvbnm qwertyuiopasdfghjklzxcvbnm qwertyuiopasdfghjklzxcvbnm qwertyuiopasdfghjklzxcvbnm qwertyuiopasdfghjklzxcvbnm rtyuiopasdfghjklzxcvbnmqwe

TABLE OF CONTENTS
SECTION NO.
EXECUTIVE SUMMARY PROFILE OF THE COMPANY NATURE OF THE BUSINESS SECURITY AND RISK OF THE NEW DBMS RISK IN CHANGING THE SYSTEM CONTROL EXPOSURES ADEQUACY OF CONTROLS CONTROLS TO ENSURE CONTINUITY OF OPERATIONS COST-BENEFIT ANALYSIS

PAGE

3 4 4 5 6 7 8 8 9

pg.

Executive Summary
This report is prepared in the context of growing importance of changing/upgrading database management system of more advance, fast and face todays world challenges in any organization. In todays information age organizations have adopted huge databases which are the backbone of their information systems. These database management systems require special attention and care on every aspect from initial development to maintenance and security issues. ABC Company is the company whose changing database management system is analyzed in this report in detail. It is well established company and engaged in the business of restaurant pizzeria point of sale (POS), distributing, delivering and making sales around the country. The report precisely covers the topics namely, Security and Risk of the new DBMS, Risk in Changing the System, Control Exposure, Adequacy of Controls, Controls to ensure Continuity of Operations and Cost-Benefit Analysis. Finally the report is concluded with the comparison of both the systems.

pg.

Profile of the company

An ABC company has specialized in the niche pizzeria point of sale (POS) in market. A privately held company provides turnkey POS and restaurant management software and hardware systems to pizzerias and pizza restaurant chains in the country. Speed and reliability are vital ingredients in an effective pizzeria POS system.

Nature of the business

ABC company software applications are designed to manage a restaurant from the front to the back, and to provide exceptional centralized control for multi-unit restaurant groups. Company core software product line includes: Restaurant POS software that manages order entry, employee timekeeping, delivery dispatch, tendering, and related tasks. A menu design application that controls the menus, pricing, and coupons used in the POS software. A back office restaurant management application that provides system setup tools, scheduling, and extensive reporting, and marketing capabilities. A restaurant inventory system that manages recipes, food cost analysis, purchasing, and physical inventory. A Web-based reporting tool for remote access of store information A one-number call center solution for multi-unit pizza delivery operations An enterprise reporting and management solution and custom intranet services for multiunit chains.

Successful pizzerias need to handle orders quickly and efficiently to manage their high order volume. A good POS helps them to do this. A slow or unreliable computer system, on the other hand, can cost them business. Consequently, when ABC Company, began to pg.

evaluate database management system options to replace their aging Hierarchical model of DBMS to new Relational model of DBMS, as speed and reliability are their primary considerations.

Security And Risk Of The New DBMS

A database system is composed of four components which coordinate with each other to form an effective database system. Data: It is a very important component of the database system. The data acts a bridge between the machine parts i.e. hardware and software and the users. Data may be different types: User Data, Metadata and Application data. Hardware: The hardware consists of the secondary storage devices such as magnetic disks, optical disks, magnetic tapes etc. on which data is stored together with the Input/Output devices, processors, main memory etc. which are used for storing and retrieving the data in a fast and efficient manner. Software: The Software part consists of DBMS that interacts with the users, application programs, and database and files system of a particular storage media to insert, update, delete and retrieve data. For performing these operations we can either use the Query Languages like SQL, QUEL, and Developers etc. Users: Users are those persons who need the information from the database to carry out their primary business responsibilities. The architecture of DBMS is based on three types of metadata: Conceptual Schema External Schema Internal Schema If any of these elements is missing from the data definition maintained within the DBMS, the DBMS may not be adequate to meet the users needs.

1.

2.

3.

The advantage of setting up of a database makes it easier to enforce security restrictions since data is now centralized. It is easier to control who has access to what parts of the database. Different checks can be established for each type of access (retrieve, modify, delete etc.) to each piece of information in the database.

pg.

4.

The DBMS also has the job of controlling access to database. Various types of control systems within the DBMS make sure that the database continues to function properly: * Integrity system * Security system * Concurrency control system * Recovery control system

5.

A DBMS is a software system that enables users to define, create and maintain a database. The DBMS also enforces necessary access restrictions and security measures in order to protect the database.

Risk in Changing The System

Technology and systems implementations are full of risks. But being aware of the potential hazards can help you avoid them -- and increase the chances for a successful system implementation. There are seven major risk involved in changing the Database Management System. 1: End user involvement: If the business wants the system and new process, they have to be willing to put skin in the game or be part of the effort because these tasks are not appropriate for IT to do. They dont have the knowledge or experience of the business staff. 2: Requirements definition and project scope: Scope creep and unstable requirements are big problems in almost all major systems efforts because due to the changing in the system the requirements definition and scope might have not been gathered and when someone wants to make a change to requirements or add to the scope cause a great risk. 3: Getting the business rules: Business rules are the detailed directions for how specific pieces of work or transactions are handled and many are in the program code of the existing, old system. As such, their understanding is key to whether the new system and process meet the requirements of the business and deliver the benefits. 4. System interfaces and integration: While the risk in changing system this is an area of major concern. Most new systems do not operate in a vacuum. They have to interface to surviving parts of the old system or to other systems. . pg.

5: User acceptance of change: While in changing system the risk of user acceptance are of great importance because user acceptance does not come overnight. In traditional system implementation user acceptance of change is a milestone left to the end. 6: Benefits attainment: Attaining benefits is a major concern these benefits must be translated into tangible benefits i.e., fuzzy benefits are not allowed. While changing in system the risk one should keep in mind when measuring benefits, is measured not just the new process, but also what would happen if the old process were to continue to live. There would be more deterioration. 7: Process measurement: Many organizations implement new systems and then perform a post implementation review. If this is successful and the business unit is not unhappy, measurement often stops. The risks appear when there is no provision of on-going measurement in IT systems implementation that the system and process can deteriorate individually and collectively.

Control Exposures
It is critical that database integrity and availability be maintained. This is ensured through the following controls. Establish and enforce definition standards. Establish and implement data backup and recovery procedure to ensure database availability. Establish the necessary levels of access controls of data items, tables and files to prevent inadvertent and unauthorized access. Establish controls to ensure that only personnel can update the database. Establish controls to handle concurrent access problem such as multiple user desiring to update the same data elements at the same time (i.e., transaction commit, locking of records/files). Establish controls to ensure accuracy, completeness and consistency of data elements and relationships in the database. It is important that these controls, if possible, be contained in the table/columns definition. In this way, there is no possibility that these rules will be violated because of programming flaws or through the usage of utilities of manipulating data. Use database checkpoints at junctures in the job stream that minimize data loss and recovery efforts to restart processing after a system failure. pg.

 Perform database reorganization to reduce unused disk space and verify defined data relationships. Follow database restructuring procedures when making logical, physical and procedural changes. Use database performance reporting tools to monitor and maintain database efficiency (e.g., available storage space, buffer size, CPU usage, disk storage configuration and deadlock conditions). Minimize the ability to use nonsystematic tools, i.e., those outside security controls, to access the database. Controlling Data Redundancy in the conventional file processing system, every user group maintains its own files for handling its data files. This may lead to Duplication of same data in different files. Wastage of storage space, since duplicated data is stored. Errors may be generated due to updation of the same data in different files. Time in entering data again and again is wasted. Computer Resources are needlessly used. It is very difficult to combine information

Adequacy Of Controls
The Security Policy(s) is regularly reviewed for adequacy based upon the evolving technology and changing user/customer requirements. IS department Staff has adequate training on servers and gateways. Adequate logging, reporting and surveillance facilities exist within the firewall software. Adequate controls are applied to ensure the integrity and security of transactions between the core systems and the mainframe. Controls over DBMS resources are adequately documented and implemented. Adequate certification techniques are in place to verify user identity. Keys used for authentication or encryption are adequately managed. Appropriate controls are in place to ensure PIN/Password storage databases are adequately secured and managed. Procedures have been defined for regular monitoring the core systems performance to ensure there is adequate capacity for transactions.

Controls to ensure continuity of Operation

pg.

The problem of maintaining continuity of operation in the face of natural disasters, hardware failures, and other disruptive events has received considerable attention in both theory and practice. The basic technique to deal with such situations is redundancy in various forms. Recovery mechanisms: In DBMSs must also ensure that we arrive at a consistent state. In many respects, these mechanisms are syntactic in the sense of being application independent, much as mechanisms for the first three properties presented in the section Well-formed transactions were. Authenticated users: Authentication is primarily the responsibility of the operating system. If the operating system is lacking in its authentication mechanism, it would be very difficult to ensure the integrity of the DBMS itself. The integrity of the database would thereby be that much more suspect. It therefore makes sense not to duplicate authentication mechanisms in the DBMS. Authentication underlies some of the other principles, particularly least privilege, separation of duties, reconstruction of events, and delegation of authority. In all of these, the end objective can be achieved to the fullest extent only if authentication is possible at the level of individual users.

Cost-Benefit Analysis
ADVANTAGE and DISADVANTAGE of OLD DBMS (HIERARCHICAL MODEL)

ADVANTAGE: Since the database is based on the hierarchical structure, the relationship between the various layers is logically simple. Since it is based on the parent child relationship, there is always a link between the parent segment and the child segment under it. It is very efficient because when the database contains a large number of 1: N relationship and when the user requires large number of transaction.

pg.

 Fast update performance where locality of reference exists (locality of reference states that performance is significantly enhanced when the processing is close to the data being processed). Hierarchical model was the first database model that offered the data security that is provided by the DBMS.

DISADVANTAGE:

Although it is simple and easy to design, it is quite complex to implement. There is lack of structural independence because when we change the structure then it becomes compulsory to change the application too. Hierarchical model suffers from the insert, delete and update anomalies, also retrieval operation is difficult. Lack of flexibility; non-hierarchical relationships are awkward to represent; redundancy may be required. If you make any changes in the database structure, then you need to make changes in the entire application program that access the database.

ADVANTAGE and DISADVANTAGE of NEW DBMS (RELATIONAL MODEL):

ADVANTAGE: Flexible and well-established. Costs and risks associated with large development efforts and with large databases are well understood. The fundamental structure, i.e., a table, is easily understood and the design and normalization process is well defined. Standard data access language through SQL. pg.

10

 Sound theoretical foundation and use over many years has resulted in stable, standardized products available.

DISADVANTAGE: Performance problems associated with re-assembling simple data structures into their more complicated real-world representations. Lack of support for complex base types, e.g., drawings. Locking mechanisms defined by RDBMSs do not allow design transactions to be supported, e.g., the "check in" and "check out" type of feature that would allow an engineer to modify a drawing over the course of several working days. SQL is limited when accessing complex data. Knowledge of the database structure is required to create ad hoc queries.

Comparison Of Old (Hierarchical Model) And New (Relational Model) DBMS

In old model data access are Navigational, usually accessed from the root and user is required to understand database structure in contrary to new DBMS is Nonnavigational, database structure is completely transparent to the user. In old DBMS performance are faster because structure is predefined. While in new DBMS performance are slower because of the flexible arbitrary structure.

pg.

11

The old DBMS not compatible with the other DBMS models because changes to the database structure must be reflected in the application as well. In contrary the new DBMS is compatible with the other models because database structure is transparent. In old DBMS No query language unless it is predefined in to application. User needs to know the structure in order to query information. While in new DBMS versatile query language, includes ability to run ad hoc queries. In old DBMS data integrity plagued with redundancy due to the child/parent limitations. In contrary the new DBMS logical rules guarantee imposition of integrity constraints. In old DBMS changes to the structure are difficult to implement since the entire structure is predefined. While in new DBMS changes are easy to implement since the structure is transparent to the user and the application.

Conclusion
The cost of changing the system is estimated sharply and it is found that the savings in data entry cost alone would pay for the installation and operation of the DBMS.

pg.

12