Database Management

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 15 minutes
Difficulty
Intermediate
CEU/CPE
8
Video Transcription
00:00
>> Hi there. Welcome to
00:00
our next lesson, database management.
00:00
In this lesson, we'll cover what database management is,
00:00
some of the advantages of database management system,
00:00
the organizational aspects of DBMS,
00:00
the different types of DBMS,
00:00
and the database audits.
00:00
Let's begin. Database management systems or
00:00
DBMS assist in the organization control
00:00
and use of data by application programs.
00:00
You'll see a lot of
00:00
organizations are essentially run by databases,
00:00
and the database is not
00:00
the application that necessarily the user uses,
00:00
but the structure and the way that the data
00:00
is actually managed and maintained.
00:00
Basically, the DBMS system controls access
00:00
to all levels of the data for the user and the programs.
00:00
Programs are written on top of the database
00:00
to access the valuable data we contain within.
00:00
Some of the advantages.
00:00
As I was just saying,
00:00
in data independence of the application,
00:00
the data exists separately to
00:00
the application that uses it or
00:00
applications that use it,
00:00
that gives a lot of flexibility in terms of
00:00
how the data is manipulated and used.
00:00
There's transaction processing efficiency,
00:00
so the database system is designed to actually
00:00
manage the data and ensure
00:00
that these processes such as updates,
00:00
reads, deletes are done effectively.
00:00
It's reduction of data redundancy.
00:00
As we'll learn in the next few slides,
00:00
there are mechanisms within
00:00
database management systems to
00:00
ensure that there's minimal duplication of data.
00:00
There's also consistency across the data,
00:00
so there are mechanisms to ensure that
00:00
the data is managed and
00:00
maintained in the way it needs to be.
00:00
Minimized cost through data sharing.
00:00
Many applications can access
00:00
the same data with different views and
00:00
different approaches so that there's
00:00
no need to necessarily recreate an entire database,
00:00
just build an application on top of it.
00:00
There's an enforcement of standards.
00:00
The data is maintained under
00:00
a given control of legislation or protocols.
00:00
Data security. DBMSs contain
00:00
a ability to lock down
00:00
the data and control it at a very granular level.
00:00
A database management systems will maintain integrity,
00:00
and also allow ad-hoc access to
00:00
data such as SQL queries, for example.
00:00
A couple of key terms with the DBMS organizations.
00:00
We have the data definition language or the DDL,
00:00
and this defines the data stored in the database and
00:00
the relationships between
00:00
different proportions of that data.
00:00
It's basically the way that the data is
00:00
structured and interrelates with one another.
00:00
The data dictionary stores information
00:00
about the internal structure of the database.
00:00
In essence, the data dictionary
00:00
is a database about the database.
00:00
It defines exactly how the database is made,
00:00
and how the data is actually defined.
00:00
We have the data manipulation language
00:00
or the DML which is used to insert,
00:00
delete or update data in the DBMS.
00:00
A common example of that is Microsoft OS,
00:00
structured query language, or SQL.
00:00
Now relational database management systems are
00:00
probably the more common ones that you'll come across.
00:00
Basically, relational database management system or
00:00
RDBMS consist of one or more tables.
00:00
The table contains different data,
00:00
so broken up into topics for example.
00:00
An example could be names and
00:00
addresses of customers in one table,
00:00
and customer orders can be
00:00
maintained in a separate table.
00:00
There is one unique table field called the primary key.
00:00
This ensures that there is no duplication.
00:00
For example, in a customer database,
00:00
the primary key could be the phone number.
00:00
We know that that is likely to be
00:00
a unique field across all the different customers,
00:00
and it's a way to ensure that
00:00
there's no duplication of data.
00:00
We also have multiple indexes,
00:00
so different ways to search and manage the data,
00:00
and also foreign keys.
00:00
They can be foreign keys which are
00:00
unique table fields or primary keys
00:00
from separate table databases.
00:00
RDBMS security.
00:00
We have access control,
00:00
encryption, and audit logging.
00:00
Pretty much the controls that you would expect
00:00
in any modern IT system.
00:00
NoSQL.
00:00
Well, this has appeared in the last few years,
00:00
probably the last 10 years now,
00:00
it's a non-relational database,
00:00
and it supports large and disparate data sets
00:00
across multiple systems.
00:00
You would be looking at this type of
00:00
thing for big data applications.
00:00
Areas where there is
00:00
large amounts of data that needs to be analyzed,
00:00
scientific data, for example,
00:00
is a key, and it's essentially used when
00:00
relational databases are not an optimal choice.
00:00
It's very much a special needs database
00:00
that basically is determined
00:00
based upon the data requirements.
00:00
Object database management systems.
00:00
This is another type of database management system,
00:00
but to be honest, in my career,
00:00
I certainly have never come across one of these before.
00:00
Basically, it's information represented as objects.
00:00
It's used in object-orientated programming language,
00:00
and it's basically used for data that doesn't
00:00
require a static already predefined attributes.
00:00
You're not likely to see these widely used commercially,
00:00
but certainly be aware that
00:00
this type of database is another option that exists.
00:00
Hierarchical database management systems.
00:00
This is a data model that's
00:00
driven in a top-down hierarchy.
00:00
We have paired records,
00:00
and one or more child records underneath those records.
00:00
It's basically a dominant product in
00:00
use today for IBM's, IMS,
00:00
and a good example of this would
00:00
be your Windows computer registry,
00:00
where you have top-level keys and you have
00:00
sub-child keys contained within
00:00
the written registry database.
00:00
As an auditor, these are
00:00
the things that you need to have a look for.
00:00
You could be doing an audit on the
00:00
logical or the physical schema,
00:00
so this would be basically
00:00
an audit or the actual structure of the database itself.
00:00
Access time reports, so auditing
00:00
who is accessing what information, where and when.
00:00
Database security controls are obviously
00:00
an area of access or area of audit.
00:00
Interfaces with other software.
00:00
As I mentioned earlier,
00:00
there's a separation between
00:00
the application and the database itself,
00:00
and so you may have a single database set
00:00
of data being accessed by
00:00
a large number of applications within an organization.
00:00
The interfaces with these applications,
00:00
the other software, might
00:00
need to be the subject of an audit.
00:00
Obvious one would be backup and disaster recovery,
00:00
given that organizations are very data-driven,
00:00
this is a key thing that needs to be audited.
00:00
Database supported information system controls,
00:00
so how well is the database
00:00
supported within the organization's IT system?
00:00
IT Asset Management.
00:00
Data being a valuable asset,
00:00
it needs to be managed pretty much as such,
00:00
just like any physical asset would.
00:00
That's the end of our lesson.
00:00
We've talked a little bit about database management,
00:00
some of the advantages of using this type of system,
00:00
the organization of databases,
00:00
different types of database management systems,
00:00
and what to look out for as an auditor.
00:00
That's the end of our lesson.
00:00
I hope you enjoyed it. I look
00:00
forward to seeing you at the next one.
Up Next