CHAPTER 4: AUDITING DATABASE
SYSTEMS
The focus of this chapter is on
Sarbanes-Oxley Compliance regarding
the security and control of
organization databases.
Two general approaches:
- Flat-file model: used in many
older (legacy) systems that are still
in operation today. Private
ownership of data, which
characterizes this model, is the root
cause of several problems that
inhibit data integration.
- Database model: there are three
common database models (the
hierarchical, the network and the
relational model) that are
presented from the perspective of
a centralized IT function.
o The hierarchical and network
models are called
navigational databases
because of their structure
and inflexibility.
o The relational model this
flexible approach presents
data in a two-dimensional
format that is conceptually
more pleasing to end users
than complex navigational
structures.
Distributed data processing (DDP)
empowers end users with ownership
and control of IT resources, including
databases.
DATA MANAGEMENT APPROACHES
The Flat-File Approach
Flat-files are data files that contain
records with no structured
relationships to other files. The flat-file
approach is most often associated with
so called legacy system.
The flat-file environment promotes a
single-user view approach to data
management whereby end users own
their data files rather than share them
with other users.
Data files are therefore structured,
formatted, and arranges to suit the
specific needs of the owner or primary
user of the data.
When multiple users need the same
data for different purposes, they must
obtain separated data sets
structured to their specific needs.
Data redundancy the replication of
essentially the same data in multiple
files.
Four significant problems in the
flat-file environment: (DaS-DU-CI-
TDD)
- Data Storage: efficient data
management captures and stores
data only once and makes this
single source available to all users
who need it, which is not possible.
- Data Updating: these redundant
updating tasks add significantly to
the cost of data management.
- Currency of Information: if
update information is not properly
disseminated, the change will not
be reflected in some users data,
resulting in decisions based on
outdated information.
- Task-Data Dependency: the
users inability to obtain additional
information as his or her needs
change.
The Database Approach
Access to the data resource is
controlled by a database
management system (DBMS).
DBMS a special software system
that is programmed to know which
data elements each user is authorized
to access.
- This approach centralizes the
organizations data into a common
database that is shared by other
users.
How problems in the flat-file
approach may be overcome
through data sharing?
- Elimination of Data Storage:
each data element is stored only
once, thereby eliminating data
redundancy and reducing data
collection and storage costs.
- Elimination of Data Update
Problem: because each data
element exists only in one place, it
requires only a single update
procedure. This reduces the time
 and cost of keeping the database - The DDL identifies the names and
current. the relationship of all data
- Elimination of Currency elements, records, and files that
Problem: a single change to a constitute the database.
database attribute is automatically
made available to all users of the DATABASE VIEWS
attribute. Internal View/Physical View the
- Elimination of Task-Data physical arrangement of records in the
Dependency Problem: the most database is presented through the
striking difference between the internal view.
database model and the flat-file - This is the lowest level of
model is the pooling of data into a representation, which is one step
common database that is shared removed from the physical
by all organization users. database.
Conceptual View/Logical View
KEY ELEMENTS OF DATABASE (Schema) the schema (or
ENVIRONMENT conceptual view) describes the entire
database.
Database Management System - this view represents the database
The DBMS provides a controlled logically and abstractly, rather than
environment to assist (or prevent) the way it is physically stored.
access to the database and to External View/User View
efficiently manage the data resource. (Subschema) the subschema or
Typical features: user view defines the users section of
- Program development: the the database
DBMS contains application
development software. Both USERS
programmers and end users may
employ this feature to create Formal Access: Application Interfaces
applications to access. Under this mode of access, the
- Backup and recovery: without presence of the DBMS is transparent
the backup and recovery feature to the users.
the database would be vulnerable
to total destruction. Data Manipulation Language
o Disk failure, program error Data manipulation language (DML) is
or malicious act renders the the proprietary programming language
database unusable. that a particular DBMS uses to
- Database usage reporting: this retrieve, process, and store data
feature captures statistics on what
data are being used, when they are DBMS Operation
used, and who uses them. This Illustrates how the DBMS and user
information is used by the DBA to applications work together.
help assign under authorization
and maintain the database. Informal Access: Query Language
- Database access: the most Definition
important feature of a DBMS is to
Query - is an ad hoc access
permit authorized user access,
methodology for extracting
both formal and informal, to the
information from a database
database.
- Built-in query facility: this
feature allows authorized users to
DATA DEFINITION LANGUAGE
process data independent of
Data Definition Language (DDL)
professional programmers by
is a programming language used to providing a friendly environment
define the database to the DBMS. for integrating and retrieving data
 to produce ad hoc management
reports.
Standard Query Language (SQL) -
has emerged as the standard query
language for both mainframe and
microcomputers DBMSs.
- SQL is a fourth-generation,
nonprocedural language (English-
like commands) with many
commands that allow users to
input, retrieve, and modify data
easily.
- SELECT Command: is a powerful
tool for retrieving data.
The Database Administrator (DBA)
The DBA is responsible for managing
the database resource.
The duties of the DBA fall into the
following areas: database planning,
database design, database
implementation, operation and
maintenance, and database growth
and change.
Database Planning:
- Develop organizations database
strategy
- Define database environment
- Define data requirements
- Develop data dictionary
Database Design:
- Logical database (schema)
- External users views (subschema)
- Internal view of databases
- Database controls
Implementation:
- Determine access policy
- Implement security controls
- Specify tests procedures
- Establish programming standards
Operation and Maintenance
- Evaluate database performance
- Reorganize database as user needs
demand
- Review standards and procedures
Change and Growth
- Plan for change and growth
- Evaluate new technology
Data Dictionary
Data Dictionary describes every
data element in the database. This
enables all users (and programmers)
to share a common view of the data
resource, thus greatly facilitating the
analysis of user needs.
The Physical Database
Physical Database this is the
lowest level of the database and the
only level that exists in physical form.
- The physical database consists of
magnetic spots on metallic coated
disks
Data Structures are the bricks and
mortar of the database. The data
structure allows records to be located,
stored, and retrieved, and enables
movement from one record to another.
Data Organization
- Organization of a file refers to
the way records are physically
arranged on the secondary storage
device. This may be either
sequential or random.
o Records in sequential
files: are stored in
contiguous locations that
occupy a specified area of
disk space.
o Records in random files:
are stored without regard for
their physical relationship to
other records of the same
file.
Data Access Methods
- Access Method the techniques
used to locate records and to
navigate through the database.
DBMS Models
Data model - is an abstract
representation of the data about
entities, including resources (assets),
events (transactions), and agents
(personnel or customers, etc.) and
their relationship in an organization.
Purpose: To represent entity
attributes in a way that is
understandable to users.
Database Terminology (DERDA)
Data Attribute/Field is a single
item of data, such as customers
name, account balance or address.
Entity is a database representation
of an individual resource, event, or
 agent about which we choose to
collect data.
Record Type (Table or File) a The Network Model
group of data attributes that logically In the late 1970s, an ANSI committee
define an entity. created the Committee on
Database is the set of record types Development of Applied Symbolic
that an organization needs to support Language (CODASYL), which formed
its business processes. a database task group to develop
Associations record types that standards for database design.
constitute a database exist in relation CODASYL developed the network
to other record types. model for databases.
- One-to-one association Most popular example: IDMS
- One-to-many association (Integrated Database
- Many-to-many association Management System) which was
introduced by Cullinane/Cullinet
The Hierarchical Model Software
This was a popular method of data The distinction between
representation because it reflected, hierarchical model and network
more or less faithfully, many aspects model is that the network model
of an organization that are hierarchical permits a child records to have
in relationship. multiple parents.
It is constructed of sets that describe
the relationship between two linked The Relational Model
files. Each set contains a parent and a E.F. Codd originally proposed the
child. principles of the relational model in
Most prevalent example: IBMs the late 1960s.
Information Management System (IMS) The formal model has its foundations
Siblings files at the same level with in relational algebra and set theory,
the same parent. which provide the theoretical basis for
Tree structure the so called structure most of the data manipulation
Root the highest level in the tree operations used.
structure The most apparent difference
Leaf lowest file in a particular branch between the relational model and
the navigational model is the way
Navigational Databases in which data associations are
represented to the user.
The hierarchical data model is called
navigational database because Attributes (data fields) columns
traversing the files requires following a forming across the top of the table.
predefined path. Tuples a normalized array of data
This is established through explicit that is similar, but not precisely
linkages (pointers) between related equivalent, to a record in a flat-file
records. system.
- They are intersecting the columns
The only way to access data at lower
to form rows in the table.
levels in the tree is from the root and
via the pointers down the navigational Four characteristics of properly
path to the desired records. designed tables:
1. All occurrences at the
Limitations of the Hierarchical Model intersection of a row and a
1. A parent record may have one or more column are a single value. No
child records. multiple values (repeating
2. No child record can have more than groups) are allowed.
one parent 2. The attribute value in any
column must all be of the same
class.
 3. Each column in a given table
must be uniquely named.
However, different tables may
contain columns with the same
name.
4. Each row in the table must be
unique in at least one attribute.
This attribute is the primary key.
DATABASES IN A DISTRIBUTED
ENVIRONMENT
Two categories: Partitioned databases Deadlock Resolution
and Replicated Databases.
Centralized Databases
The first approach involves retaining
the data in a central location.
The actual processing of data is
performed at the remote IT unit.
The central site performs the functions
of a file manager that services the
data needs of the remote sites.
Data Currency in a DDP Environment
During data processing, account
balances pass through a state of
temporary inconsistency where their
values are incorrectly stated. This
occurs during the execution of a
transaction.
Database lockout a software
control (usually a function of the
DBMS) that prevent multiple
simultaneous access to data.
Distributed Databases
Partitioned Database Approach
Splits the central database into
segments or partitions that are
distributed to their primary users.
Advantages:
- Having data stored at local sites
increases users control.
- Transaction processing response
time is improved by permitting
local access to data and reducing
the volume of data that must be
transmitted between IT units.
- Partitioned databases can reduce
the potential effects of a disaster.
By locating data at several sites,
the loss of a single IT unit does not
eliminate all data processing by the
organization.
Deadlock Phenomenon
Deadlock is a permanent condition
that must be resolved by special
software that analyzes each deadlock
condition to determine the best
solution.
A deadlock occurs because there is a
mutual exclusion to the data resource,
and the transactions are in a wait
state until the locks are removed.
Resolving a deadlock usually involves
terminating one or more transactions
to complete processing of the other
transactions in the deadlock.
Factors to consider in the decision of
resolving a deadlock:
- The resources currently invested in
the transaction
- The transactions stage of
completion
- The number of deadlock associated
with the transaction
Replicated Databases
Are effective in companies where
there exists a high degree of data
sharing but no primary user.
The primary justification for a
replicated database is to support read-
only queries.
Concurrency Control
Database concurrency is the
presence of complete and accurate
data at all user sites.
A commonly used method for
concurrency control is to serialize
transactions.
Two criteria in labeling each
transaction:
1. Special software group
transactions into classes to
identify potential conflicts.
2. Time- stamp each transaction. A
system wide clock is used to
keep all sites, some of which
may be in different time zones,
on the same logical time.
CONTROLLING AND AUDITING DATA
MANAGEMENT SYSTEMS
Access Controls are designed to prevent
unauthorized individuals from viewing,
retrieving, corrupting, or destroying the
entitys data.
User Views
The user view or subschema is a
subset of total database that defines
the users data domain and provide
access to the database.
Data Authorization Table
The database authorization table
contains rules that limit the actions a
user can take.
Each user is granted certain privileges
that are coded in the authority table,
which is used to verify the users
action requests.
User-Defined Procedures
A user-defined procedures allow
the user to create a personal security
program or routine to provide more
positive user identification than a
single password.
In addition to a password, the security
procedure asks a series of personal
questions (such as the users
mothers maiden name), which only
the legitimate user should know.
Data Encryption
Database systems also use encryption
procedures to protect highly sensitive
stored data, such as product formulas,
personnel pay rates, password files
and certain financial data thus making
it unreadable to an intruder
browsing the database.
Biometric Devices
The ultimate in user authentication
procedures is the use of biometric
devices, which measure various
personal characteristics, such as
fingerprints, voice prints, retina prints
or signature characteristics.
These user characteristics are
digitized and stored permanently in a
database security file or on an
identification card that the user
carries.
Inference Controls
Inference controls should be in
place to prevent users from inferring
through query features, specific data
values that they otherwise are
unauthorized to access.
Inference controls attempt to prevent
three types of compromises to the
database:
1. Positive compromise the
user determines the specific
value of a data item.
2. Negative compromise the
user determines that a data
item does not have a specific
value.
3. Approximate compromise
the user is unable to determine
the exact value of an item but is
able to estimate it with
sufficient accuracy to violate
the confidentiality of the data.
Audit Objectives Relating to Database
Access
Verify that database access authority
and privileges are granted to users in
accordance with their legitimate
needs.
Audit Procedures for Testing Database
Access Controls
Responsibility for Authority Tables and
Subschemas
Appropriate Access Authority
Biometric Controls
Inference Controls
Encryption Controls
Backup controls ensure that in the event
of data loss due to unauthorized access,
equipment failure, or physical disaster the
organization can recover its database.
GPC Backup Technique
Grandparent-Parent- Child (GPC)
Backup Technique is used in
sequential file batch systems.
Two factors in determining the number
of backup master files needed for each
application:
1. The financial significance of the
system
2. The degree of file activity

Direct Access File Backup
Data values in direct access files are
changed in place through a process
called destructive replacement.
The timing of the direct access backup
procedures will depend on the
processing method being used.
Off-Site Storage
As an added safeguard, backup files
created under both the GPC and direct
access approaches should be stored
off-site in a secure location.
Audit Objective Relating to Flat-File
Backup
Verify that backup controls in place are
effective in protecting data files from
physical damage, loss, accidental
erasure, and data corruption through
system failures sand program errors.
Audit Procedures for Testing Flat-File
Backup Controls
Sequential File (GPC) Backup
Backup Transaction Files
Direct Access File Backup
Off-Site Storage
Backup Controls in the Database
Environment
Backup
The backup feature makes a periodic
backup of the entire database. This is
an automatic procedure that should be
performed at least once a day.
Transaction Log (Journal)
The transaction log feature provides
an audit trail of all processed
transactions.
Checkpoint Feature
The checkpoint facility suspends all
data processing while the system
reconciles the transaction log and the
database change log against the
database.
Recovery Module
The recovery module uses the logs
and backup files to restart the system
after a failure.
Audit Objective Relating to Database
Backup
Verify that controls over the data
resource are sufficient to preserve the
integrity and physical security of the
database.
Audit Procedures for Testing Database
Backup Controls
The auditor should verify that backup
is performed routinely and frequently
to facilitate the recovery of lost,
destroyed, or corrupted data without
excessive reprocessing.
The auditor should verify that
automatic backup procedures are in
place and functioning, and that copies
of the database are stored off-site for
further security.