Key benefits/advantages brought by relational databases
• Flexible and engrained, established with quality standardized products in the IT industry.
• Uses SQL (Standard data access language) which is a well know language in the industry.
• Large development efforts and with large databases are well understood.
• Risks and costs are known to be worth it.
• The fundamental structure is easily understood, yet security is known to be better than other databases
• design and normalization process is well-defined
• Data is stored efficiently and allows for the implementation of future requirements
• Provides the ability to conduct complex queries
What are key characters of relational database management systems?
• Data is displayed in tables, columns, and rows.
• Supports missing data in an organized and logical way.
• Supports at least one language
o Languages support data definition operations, data manipulation, constraints, and transaction management.
• Supports logical data independence.
• Supports physical data independence
• Support distribution independence.
What I meant was: “data within a column must be accessible by specifying the table name, the column name, and the value of the primary key of the row. The DBMS must support missing and inapplicable information in a systematic way, distinct from regular values and independent of data type.”
I agree with Ian on key characteristics of database management systems DBMS, however one of the key identifiers of DBMS is “relational” aspect of aspect, where data is connected vertically and horizontally via several relations using keys and associations.
List some risk associated with database management systems (DBMS)
• High development costs
• Long development projects
• Large and expensive physical infrastructure
• RDMS are known to resource inefficiency and ineffective distribution
• Facilitate poor performance “bottlenecks” for the user
• Each single server has limits and when those limits are reached, many database platforms have few practical options available for further scalability. This is a management nightmare and it causes significant overhead costs.
some of the risks you mentioned here were reduced significantly due to the technology advance in recently years. e.g. hardware and software resource requirement. 10 years ago, cost for storage and memory were very high, management needed to consider the resource allocation when implementing RDMS, but it changed significantly due to the low cost of hardware in these days.
Can you follow up a few controls that can mitigate the risks identified above?
Capacity management could be a control the bottleneck issue. Cloud computing could help with the server limitations. I am sure that over the years the equipment has increased in efficiency and decreased in size which helps with some of the issues as well.
Ian, interesting perspectives on the recommended controls you brought up. I definitely agree with capacity management. Cloud computing may also address server limitations but opens up an entirely different list of risks, however, off the top of my head I can’t seem to come up with an alternative.
Relational databases are a collection of computer programs that are used to organize files into a database for the storage, organization, manipulation, and retrieval by the computer’s operating system. Traditional file systems are used as a collection of raw data files stored on a hard drive.
DBMS has more benefits over traditional file system because DBMS can handle a large majority of applications which purpose is to manage the data stored in databases. File systems make tasks like storage, search and retrieval more tedious because it has to be done manually. This could potentially cause problems like, data integrity, data inconsistency and data security which can be avoided when using a DBMS.
DBMS is the more efficient option because reading line by line is not required and specific control mechanisms are in place.
“techniques that allow data to be changed without affecting the applications that process it. There are two kinds of data independence. The first type is data independence for data, which is accomplished in a database management system (DBMS). It allows the database to be structurally changed without affecting most existing programs. Programs access data in a DBMS by field and are concerned with only the data fields they use, not the format of the complete record. Thus, when the record layout is updated (fields added, deleted or changed in size), the only programs that must be changed are those that use those new fields.”
Good comparison Victoria, I would add another key contrast is the fact that DBMS is structured data type whilst traditional file system in unstructured in nature.
What are key characters of relational database management systems?
The Relational database management system are created for fast storage and recovery of large quantities of data.
Provides data to be stored in tables:
– Keeps data in the form of rows and columns
– Provides multi-user availability that can be controlled by an individual user
– Runs primary keys, to identify the rows
– Generates keys for quicker data retrieval
– Provides a virtual table creation in which sensitive data can be stored and simplified query can be applied
– Sharing of common columns, in two or more tables such as primary key and foreign key
Key benefits/advantages brought by relational databases?
The advantages of RDMS is that it removes duplicate data and allows easy accessibility to information from other users, as well as makes it easier to update data.
Good Laly. I think the key advantage of RDMS is simply that it provides a betters security overall. In fact, by splitting data into tables, certain tables can be made confidential. When a person logs on with their username and password, the system can then limit access only to those tables whose records they are authorised to view.
Great point Alex, I completely agree. By having the added security within the tables and the ability to configure those tables into having more confidentiality is a great key advantage, but I do also, think having the ability to have easy accessibility to information from other users and the ability make updates to the data, decrease the risk of human error, which I believe is a huge risk, that is overlooked with data entry.
I think, RDBMS offers security by providing below features,
1. Logical and physical independence
eg if a disk has to be replaced where database stored, it will not impact the logical tables, rows and columns.
2. By having constraints
e.g primary key will help uniqueness, defining range of values in Check constraint will ensure that the values do not pose errors
3. DBMS software in themselves require authentication and privileges to access database schema.
e.g A oracle database administrator will have access to database schema eg School schema in Philadelphia , while he grants access to a particular database eg Fox school table to only Fox admin.
Thanks for the insight and the suggestion. I just researched the RDMS security features and learned the following:
The complex design of RDMS itself is a security feature. Its hierarchical storage allows metadata documentation to be inside the database and even when given access to the database it is impossible to hack this data. The proprietary storage make it tough for other third party tools to decipher the meaning. The transparent data encryption (TDE) performs real time I/O encryption and decryption of the data and logs the file. The symmetric key is secured by using a certificate stored in the master database of the server or by a database encryption key module. TDE protects data “at rest”, meaning the data and log files. This permits software developers to encrypt data by using AES and 3DES encryption algorithms without changing existing applications.
Additionally, a good RDBMS design is a security feature within itself as well. If they are carefully abstracted with the role based security, fine grained access control and other features like views can prevent hackers from accessing the data. This means that the data is fully secured even if the network and server are compromised.
Through the data normalizing process. This process helps reduce redundancies of data in a database. It has guidelines that are used to optimally design a database to reduce redundant data.
Redundant data wastes valuable space and causes troubles in maintaining a database. To reduce or eliminate redundant data, you can implement a Normalization method in an RDMS. Normalization is a means to organize your data to prevent redundancy. Normalization is to establish and maintain the integrity of the data tables as well as remove inconsistent data dependencies.
You brought up a very interesting point that redundant data wastes space. That would be an important issue if it was 10 years ago where storage space was ridiculously expensive. Today, storage space is already affordable and nobody cares about running out of space, accept for their phone because of availability of database space. I believe when the data is redundant, it takes so much time for the computer users to manage and maintain the database in terms of data integrity.
Normalization method is a great way to reduce data redundancy, it can also result in greater overall database organization, consistency, flexibility of data, and better handle on database security.
One example of Normalization is the class webpage. The page allows both Prof. Yao and the students access to data in an organized fashion. It allows for a reduction in redundancy, and puts the data in one central bucket.
In file system, if authorization levels had to be different, for example L1 user having access to read and L2 user having the access to write then 2 different files had to be present one with L1 level access and one with L2 level of access. But in RDBMS the access control which delegates different levels of access to the same data provides redundancy by not repeating the same data again.
What are key characters of relational database management systems?
Relational database management systems are a collection of data items organized as a set of formally-described tables from which data can be accessed or reassembled in many different ways without having to reorganize the database tables.
The key characters are as below:
1. Data is presented as a collection of relations.
2. Each relation is depicted as a table.
3. Columns are attributes that belong to the entity modeled by the table
4. Each row represents a single entity
5. Every table has a set of attributes that taken together as a “key” uniquely identifies each entity
Professor, taking the example of a family, the possible relationships are the following:
1- One-to-one: Both tables can have only one record on either side of the relationship. Each primary key value relates to only one (or no) record in the related table. They’re like spouses—you may or may not be married, but if you are, both you and your spouse have only one spouse.
2-One-to-many: The primary key table contains only one record that relates to none, one, or many records in the related table. This relationship is similar to the one between you and a parent. You have only one mother, but your mother may have several children.
3-Many-to-many: each record in both tables can relate to any number of records (or no records) in the other table. For instance, if you have several siblings, so do your siblings (have many siblings). Many-to-many relationships require a third table, known as an associate or linking table, because relational systems can’t directly accommodate the relationship.
Great post! I would like to provide a small example in a business scenario. For example in the case of Amazon, They have tables for
Customer information,
Orders,
Items,
Reviews,
Payment,
Supplier,
Good examples, Abhay. I’d like to cite an example of Many-to-Many relationship here – that of our assignments – each one of us has written multiple answers to different questions and each different question has many different answers by different students.
Key benefits of relational databases vs traditional file system?
A database is generally used for storing related, structured data, with well defined data formats, in an efficient manner for insert, update and/or retrieval.
A file system is a more unstructured data store for storing arbitrary, probably unrelated data. The file system is more general, and databases are built on top of the general data storage services provided by file systems.
A database management system is designed to coordinate multiple users accessing the same data at the same time.
A file-processing system is usually designed to allow one or more programs to access different data files at the same time
.
Unauthorized access is restricted in RDBMS but not in the file system.
RDBMS allow to control unwanted repetition of data ( redundancy)
List risks associated with database management systems (DBMS)
Database systems interface with many different technologies and have a significant impact on a company’s resources and culture. The changes introduced by the adoption of a database system must be properly managed to ensure that they help advance the company’s objectives. The fact that database systems hold sensitive information is a vulnerability. Indeed, they can contain customers’ personal data, confidential competitive information, and intellectual property. Losing these data can result in brand damage, competitive disadvantage, and serious fines.
Because DBMS are accessed from multiple sources, security issues must be assessed constantly.
Correct. RDMS provides better security than unstructured data. However, it also made itself a target for malicious users. DBMS is usually an important IT audit entity within the audit universe.
I agree that database management systems, while generally more secure than unstructured data, bring about a different set of risks. As you mentioned, DBMS are accessed from a variety of sources, which may not have the same security controls. This can potentially provide an easy entry-point for individuals who want to access to data and is a reason why security controls must constantly be monitored.
What are key characters of relational database management systems?
A relational database is a collection of data items organized as a set of formally described tables from which data can be accessed easily. It is created using the relational model. The software used in a relational database is called a relational database management system (RDBMS).
Each table (which is sometimes called a relation) contains one or more data categories in columns
Each row contains a unique instance of data for the categories defined by the columns.
A user of the database could obtain a view of the database that fitted the user’s needs.
It’s good that you pointed out some disadvantages of the RDMS. Indeed, it is expensive to set up and maintain the database system. In order to set up a relational database, you generally need to purchase special software. If you are not a programmer, you can use any number of products to set up a relational database. It does take time to enter in all the information and set up the program.
I also agree that it is important that organizations take into account the disadvantages of DBMS so they are able to make informed decisions and are truly prepared once they choose to implement. In addition to the cost of the software itself, I would add that another cost can come from the need to hire additional personnel to manage the new database system.
For this we need analysis of ROI. Will the data which is being moved from traditional to relational database give enough returns to overcome the cost of movement or not. Is that data needed in long term and on the basis of these parameter we need to make an analysis of the risk level. This will help in making analysis of ROI
I agree with you Said that databases are difficult to recover in case of failure.
Oracle has many database recovery techniques in place,
1. Control files – This is the file that software requires to access database. No one except Oracle can edit this file. The file contains time stamps, database logs, transaction logs. And we can refer to this file to recover data.
2. Back up – Database can be backed up on a regular basis. You can set in the system a periodic back up day and time, what part needs to be backed up and what should be the location of backup. This becomes human error free when controlled by the system.
3. Roll back statements – These statements can rollback to a point and retrieve the earlier data or perform operations to get the old data back.
Yes, I also think it’s important to mention the disadvantage of the DBMS. The cost-benefit analysis is a useful tool for the decision maker of an organization. Indeed, the relational databases can organize the structure of obtained data, however, just like what Said mentioned, the relational databases are usually costly. Therefore, the management in a small company or new-start company should balance the gain and loss of implementing the DBMS, a powerful database system may not what they really need.
Said I completely agree with the others it was a good idea to bring to the forefront some of the limitations or challenges they bring to the table when used. That being said, I think we can all agree that even with the few limitations or disadvantages there’s no question why relational databases are so widely used today.
What are key characters of relational database management systems?
1. Data Integrity: DBMS maintains consistency of data
2. Rollback: Revert the previously executed command
3. Security: No unauthorized user can access the data
4. Concurrency control: Multiple user access
5. Backup: Backup of the data can be stored for security
6. Data Independent: Independent of queries.
RDMS provides better security features…but controls need to be implemented to prevent unauthorized users’ access. Can you identify some security controls related to a database system and explain during the class? Thx
We need to manage the log as a detective measure for multiple user access so that in case any unwanted event occurs it can easily be traced with exact information such as who performed the transaction, when did it occurred and so on.
Key benefits of relational databases vs traditional file system?
Benefits of relational databases:
1. Query ability: In file system, the information was stored in file and to retrieve it the entire file had to be scanned. For doing this query had to be written step by step in programming language. Whereas in database, the query ability helps in finding the data
2. Redundancy Control: Unwanted repetition of data. In file system suppose if user has to be restricted from viewing or accessing certain information, 2 copies of the same information needs to be stored- one with the restricted access and one with full access. Redundancy control is a feature in database system where in permission are granted to user and depending on these permission users can access the data.
3. Access control: This feature enables the database administrator to delegate different levels of accesses to its users which was not present in file system
4. Option to store persistent object: Database gives the option to save an object which can be referred to later.
5. Backup and migrate: Option to import and export.
6. Multiple user interface
7. Integrity constraints: Maintain relationship between tables.
8. Relationship among data
9. Flexibility: Can change the schema of the data.
10. Application development time is reduced
I think the flexibility of an RDBMS presents a double-edged sword. By that I mean, experienced designers love it, but inexperienced designers can mess up the company’s data. For instance, an RDBMS does not force database designers to impose a coherent table structure; inexperienced programmers may design systems that create unnecessary complexity or limit the future development of the database through poorly chosen data types.
Q] What are key characters of relational database management systems?
Data was earlier stored in flat files. Where data was separated using delimeters.eg tab or ; or, or |. E.F Codd designed the relational database. Here data that is related to each other is stored in tables(relations). Relational database(db) has following characteristics:
– Table- called as Relation. Stores values. It can be related to another table. eg Table1 is of schools in Philadelphia. Table 2 is Fox school table.
– Here we can establish a relation. Fox School table is a subset of Table1.
– Attributes- They are the columns which define the characteristics of the relation. Eg.in Table 1 columns like School number, address, Name, contact number, state rank are the attributes.
– Tuple – it is the row in the table. Tuple is set of attributes that are related to each other.
e.g Table 1 (attribute, value)
Attributes (School number, address, Name, contact number, state rank)
Tuple (1231, 1800 Broad St, 901234569, Fox School of Business, 2)
– Primary key – There is a primary key in every tuple that makes it unique. Eg School number 1231 in our example.
– Relations – As the name suggests with help of primary keys you can establish a relation within two tables. Primary key can help join one – to- one or many – to many relations.
– Integrity – Relational tables follow various integrity rules that ensure the data stored in them is always accessible and accurate. The rules coupled with SQL enable users to easily enforce transaction and concurrency controls, thus guaranteeing data integrity.
– Optimized data – With unique identifiers, it is easy to search for data.
– Relational database is accomplished though structured query language, or SQL, which is based on relational algebraic principles.
Q] Key benefits of relational databases vs traditional file system?
Traditional RDBMS
1. Data stored in flat files separated by delimiters Data stored in tables, in rows and columns
2. One file cannot be related to another Relationships between tables can be shown
3. Data is not independent of each other Data is physically and logically independent
4. They lack structure Structured: Atomicity,Consistency,Isolation, Durability
5. Data is not easy to access as there is no identifier Easy to access and search
Traditional ||||||||||| RDBMS
1. Data stored in flat files separated by delimiters ||||||||| RDBMS: Data stored in tables, in rows and columns
2. Relation between files cannot be established ||||||||| RDBMS: Relationships between tables can be shown
3. Data is not independent of each other |||||||||| RDBMS: Data is physically and logically independent
4. They lack structure |||||||||||| RDBMS: Structured: Atomicity,Consistency,Isolation, Durability
5. Data is not easy to access as there is no identifier ||||||||||| RDBMS: Easy to access and search
This is a great way to easily distinguish the differences between a traditional file system and RDBMS. This really highlights the benefits that can be gained from RDBMS, including data independence, increased accessibility, etc. Organizations should complete a similar comparison when attempting to decide the method of data storage that they want to implement.
This is a great comparison. Certain organizations may be able to organize their data in a filing system, it just depends on the policies they have in place.The biggest difference I feel like in your points is establishing relationships between data. I feel like this point is key when discussing relational databases as the retrieval of related data can be very very helpful.
Q] List risks associated with database management systems (DBMS)
1. Sensitive data if stored in plain text can be a big risk. e.g storing passwords
2. Maintaining concurrency of data
3. Frequent updates or version changes from the DB product can sometime create discrepancies in data
4. Data must be made available at all times
5. Access must be well controlled
6. To keep availability at all times , maintaining back up and recovery is must, which increases additional costs
7. Tracking redundant data
Very nice points, especially in mentioning that data must be available at all times .. this poses a risk when placing measures in place to ensure that the system is secure.
I think the necessity of availablity of data is often times forgotten while the confidentiality and integrity are more often focused on rather than the A in the CIA triad. Availability is absolutely critical and should always be top of mind when analyzing.
I think you brought up a really good real-life point that frequent updates can sometimes affect data’s discrepancies. This also happened to the companies I currently worked for. When I accessed to the database, I was often recommended to update the database management system, but the update might cause data discrepancies. There is a policy to restrict employees from updating the system.
Thank you for sharing. Now that you mentioned it, I also experienced the same situation where I am always asked to update my database application whenever I open it and have been informed to not update the application. Whenever a new employee comes, they are always informed to not update the system.
Thanks for sharing the experience Yang Li. When I worked in the China Construction Bank, the customer service system was required update check once a week to make sure the system was the newest version. And just like what you mentioned, most of new employees would informed not to update the system.
Good job on putting light on the availability point. An example that I can think of is if the data is destroyed in a database containing user login information for a company, that will restrict them to entering into the system.
Of course, the frequent update the software. It will be limited to use the information. So this affected the data available aspect. However, the updating system is to mitigate the risk. The company should get a balance.
I totally agree with you. Since the relational database are designed to grant permissions on a table or a column and are not well designed to restrict access to a subset of rows in a table, one user with privileges on a table is able to read every row in the table, if that table consists of sensitive data, such as password, well, that’s really a big risk
Ming, I agree with you and have seen this in my current job. When handling our client’s data they can be resistant to giving us an entire table sometimes, and will instead create temp tables and then send the temp tables over. As you can imagine this can be problematic because they temp tables may be missing key information we need.
What are key characters of relational database management systems?
Some of the characteristics of relational database management systems are data being store within tables that have relationship with each other. The data is set up in tables, rows, or even columns and they all must relate to each other either by a primarily or foreign key. To view or find the data that are store, there must be a command that combines the table base on the relationship. So the data has to be related in order for the command to work. SQL is one example of relational databases. I worked with SQL in my old job and the codes use to find something would only work if the data were related.
They must have a common key that relates both tables to one another. Something in one table has to have a relationship with the other in order for it to connect to one another. I know when working with SQL, some of the programs had to call another program in order for it to do a command. Both tables had a relationship with one another since they had the same program listing in both.
The need to establish relationships among tables is to have it connect to one another. If it does not have any sorts of relationship then it is just two different tables unrelated to one another. You cannot call upon two tables that does not share any relationship towards one another. Even using programs like Microsoft Access, there must be a primary key in both tables that share a relationship in order for it to connect. So having a relationship is very important to share a connection towards two tables or programs.
For example one table contains information of temple ID and name and the health insurance policy associated and another table has temple ID and the fees due information, RDBMS is able to find relation between the tables and associate the temple ID to both the health insurance policy and the fees dues.
Prof Yao,
The relationship between tables could be any of the following 3 types –
1) One-to-One : In such a relationship, a row in table A can have can only have one matching row in table B, and vice versa. This type of relationship is not common as most data related this way could very well be in one table itself. A one-to-one relationship is created if both of the related columns are primary keys or have unique constraints. For example, it could be used to store data that is short-lived and could be easily deleted by simply deleting the table.
2) One-to-Many : For example, the publishers and titles tables have a one-to-many relationship: each publisher produces many titles, but each title comes from only one publisher
3) Many-to-Many : In this type of relationship, a row in table A can have many rows in table B and vice versa.
Question 1: What are key characters of relational database management systems?
Relational database management systems are offer greater benefits than a traditional management system. Instead of a hierarchical database that uses a tree like structure, a relational database utilizes tables to store data. The name relational comes from the fact that different tables “relate” to one another which allows data to be accessed and manipulated in a number of ways. The text identifies the following database objects that allow users to access data in a relational database management system.
1. Table – Store rows of data in one or more columns
2. View – A select statement on top of a table or another view that creates a virtual table
3. Stored procedure/function – Procedural code that can be called to execute complex functionality within the database.
4. Trigger – Procedural code that is called when a table is modified.
5. Index – Mechanism to provide fast lookup of data.
Question 2: Key benefits of relational databases vs traditional file system?
One of the major benefits from a relational database vs a traditional file system is the ability to manipulate data and scalability. This is due to the fact that data is formatted into tables which allows the data to be reassembled and accessed without having to modify the entire database. Therefore, the structured query language (SQL) is used to pull information needed. Along with the ability to manipulate data much easier than a traditional file system, some other key benefits include reduction of data redundancy and increased data integrity. If I understand correctly, a traditional file system will need to organize data multiple times to get the results one is aiming for. Since the relational database utilizes a table, there are no multiple copies of the data. Likewise, one database that is controlled and monitored will have a much higher data integrity than multiple databases.
Paul, reading you I can deduce that a relational database’s best use is organizing large amounts of data. RDMS are pretty much the right tool for some jobs and the wrong for others. So, if you need to store and manipulate transactional data, you need it to be secure and yet allow multiple people to have simultaneous access to it, then an RDBMS is an excellent tool.
Wouldn’t a DBMS be less likely than the rest of a business’s network components to be infected by malware? My understanding is that most DBMS’s are well behind a network’s firewalls and IDS/IPS components, and that would make them much less likely to get infected.
Correct. DBMS should be placed behind the firewall. However, they are not immune from the attacks. We will discuss the concept of “layers of defense” during this course.
The Database Firewalls have a set of predefined, customizable security audit policies and they can recognize database attacks based on past incidents or threat patterns called ‘signatures’.
However, all the attacks on the databases may not be familiar. So, Database Firewalls create white list of approved SQL commands. All the input commands are compared with this white list and only those that are already present in the white list are sent to the database. Additionally Database Firewalls can retain a blacklist of certain specific and potentially harmful commands/ SQL statements and do not allow these type of inputs.
Good point in creating the white list and black list. The white list is an effective method in mitigate the risk of attacking, and of cause, the black list can stop the harmful commands before they occur. So in this case, I think the white list and black list can be considered as preventive control.
Thank you for explaining how firewall operates in detail. A couple months ago, in my church, we got a new Check Point firewall. It was my first time configuring the firewall. I guess the white list and black list you mentioned could be the part of the configuration process. I and another senior who are currently working as a Networking Architecture spent so much time to complete the configuration because we had to come up with every possible scenario of being attacked or what to limit and what to allow users to access when they are using the church’s network. Then, we talked about how today’s hackers are evolving and attack victims with unprecedented ways. The firewall configuration won’t get easier but get more sophisticating as technology evolves.
• Unauthorized users to the database
o Have standard process/policy in place for creating users. Also there should be a periodic review of the users with access to the database.
o Remove excessive rights and users that either default or have been added
• Malware
o Vulnerability assessment software
o Monitoring of database user activity
• Unmanaged Sensitive Data
o Encryption of database environments
• Privilege Abuse
o Monitoring of database user activity
o Remove excessive rights and users that either default or have been added
• Misconfiguration of database system
o Policy in place to identify when a patch is available and to apply the patch.
o Vulnerability assessment software
1. What are key characters of relational database management systems?
Some of the key characteristics of a RDMBS are as follows:
– Tables, rows, and Columns
– Primary and foreign keys
– Attributes to describe data
– Ability to create relationships between data with keys
2. Key benefits of relational databases vs traditional file system?
RDBMS’s prevent data redundancy, limit access by requiring logon credentials for authentication, prevent data losses by authorizing different levels of data manipulation to different users, offer portability of access from different locations, data is easier to manipulate to extrapolate information by users, and data is structured in a standard/uniform manner.
3. List risks associated with database management systems (DBMS)
Risks associated with DBMS’s are as follows:
– Improper privileges granted to users
– Single point of failure
– SQL Injection attacks
– Databases are a BIG target for hackers; especially with those storing PCI/PII type data
– Without proper checklists for auditors, DB’s could be missed in audits
– Default passwords for users that aren’t changed
I think you bring up a good point that a major risk associated with DBMS, is that of being a big target for hackers. It seems like every other day a major company is being hacked, which I am sure not all compromises are reported. Since information is a valuable and easy to sell, databases are a huge target. It will be interesting to see how companies and IT professionals respond to the current environment of how frequent databases are being hacked.
You’re correct about your assumption that many compromises go unreported. I watched an episode of the show “Cyber Wars” on the new Vice News channel recently and it talked about how low the percentage of attacks are actually disclosed to the public. Certain attacks, like those that involve PCI and HIPAA, are required by law to disclose to the public. If there is no statutory regulation requiring disclosure most businesses do not do so in the fear of the impact on business and profits. The show interestingly brought up too that many attacks are carried out by employees and the companies forego charging them with a crime all in the effort to keep the attacks out of the public’s eye.
You rightly said. Along with your point, companies that realize their information system has been compromised are reluctant to disclose they are under attack at the moment. They try to fix the problems on their own until they realize the attack has been gone for a while and they cannot fix them without the outside help.
I suppose revealing that a company has been breached poses a bigger risk since it might provoke hackers or “bad guys” in general to get involved in the action.
I totally agree with you. Database are big target for hackers, it’s especially vulnerable for DBMS because hole database is modified if one record is modified. Data is stored in a single large table, therefore a breach will have the access to the entire database information
Great list Sean, agreed with all your points, these are huge risks towards the database management system. I remember when working as an Associate application developer I would have to get access granted for every database in order to view and work in them. Without that then it would be a huge risk since anyone can access these databases and delete or edit them which could hurt the company. Since I worked for a health company, anyone with access would be able to go into the database and make changes to ID Cards. So making it so everyone has to be granted access would avoid this crucial risk.
What are key characters of relational database management systems?
“Database management systems (DBMS) maintain data records and their relationships, or indexes, in tables. Relationships can be created and maintained across and among the data and tables.”
One of the unique characteristics of a relational database is its primary key, which is a unique identifier assigned to every record in a table. An example of a good primary key is a registration number. It makes every record unique, facilitating the storage of data in multiple tables, and every table in a relational database must have a primary key field.
The primary key feature allows allow data to be linked over multiple tables which overcome the limitations of simple flat file databases that can only have one table.
Primary Key can join table in a one-to-one, one-to-many, many-to-many relationship
Relational databases enable users to delete, update, read and create data entries in the database tables. This is accomplished though structured query language, or SQL.
Great post. For the primary key, I think the best example I can think of is the social security number, which is unique to every individual; in case you are accepting the SSNs from the user in the form.
Good example, and I think with that unique primary key, it’s would be more easier to search for specific values by the use of indexing, like through social security number, authorities can easily look up your criminal records, your background, etc.
Great post. As a Temple University, we all have our own primary keys. For example, TUID and AccessNet are good examples of primary keys. Now Temple is trying to put everything on their cloud network. Those primary keys will play a huge role letting users to access all different platforms under the cloud.
Yu Ming, Thanks for the informative comments. A relational database is a collection of data items organized as a set of formally-described tables from which data can be accessed or reassembled in many different ways without having to reorganize the database tables. The relational database was invented by E. F. Codd at IBM in 1970.
Question 3: List risks associated with database management systems (DBMS)
– Excessive and Unused Privileges
– Malware
– Storage Media Exposure
– Database injection attacks
– Unmanaged sensitive data
– The human factor
To mitigate the risks associated with database management systems (DBMS), an organization can do the following:
– Managing user access rights and removing excessive privileges and dormant users
– Blocking malicious web requests
– Training employees on risk-mitigation techniques including how to recognize common cyberthreats such as a spear-phishing attack, best practices around Internet and e-mail usage, and password management.
Good point that you brought up about training being an effective way to mitigate risks. My first thoughts seem to go to access controls and monitoring. However, simple training can teach employees the value of following policies and procedures as well as incorporate them as a vital part of information security. You can have the most sophisticated anti-virus/malware software, but if you can teach employees to avoid downloading malware then you are already one step ahead.
I agree with you. People, technology and process are the three elements for a successful IT operation within an organization but people are often the weakest link in security because most people are unsophisticated. Many organizations invested heavily on monitoring, surveillance and anti-malware software. However, its employees often pose a risk because of their improper cyber behavior. That is why organizations should provide proper training in line with its policies, procedures, and culture for its employees.
Exactly! Technology are here to simplify and enhance business functions. People are still the one behind the technology. They create it, they maintain it, they operate it and they can also break it. Employee training is definitely one of the most important policy that organizations should prioritize.
I agree with you Yu Ming that no matter what security precautions are taken, employees impose threat to the system. Educating employees help in reducing the risk.
Hi, Yu Ming
You brought up a great point. Many organizations invested large amount of money in monitoring, surveillance and anti-malware software. However, most organization didn’t invest enough in employee training which is extremely important. I believe employees are the biggest risk of the organization because they often lack the awareness of secure information assets. Therefore, they should be properly trained on how to secure the information, as well as organization’s policies, procedures and culture, etc.
Rightly said, Paul. It’s too common to view training employees as a cost or lost productivity and managers often fail to realize the benefits of basic IT security training imparted to employees. And while we say that employees are the weakest link in the IT model of a company, it is also true that sometimes training employees would accomplish the same results quicker and at a lower cost than implementing a complex, time consuming and often expensive control mechanism.
Improperly or inadequately trained employees can be a danger to themselves and those around them such as system. To minimize issues, all employees in the same position should receive the same training. In addition, all training should be formalized, scheduled as a separate activity and documented when complete.
1. What are key characters of relational database management systems?
The key characters of relational database management systems are:
• A relational database is a collection of data items organized as a set of formally described tables from which data can be accessed easily.
• It is created using the relational model
• The software used in a relational database is called a relational database management system (RDBMS)
• It has access and control functions.
• It has management and security features such as:
Rules
Triggers
A stored procedure
Security
• Relational structure allows dynamic reformatting of the tables that drive data access, so that they are more flexible and adaptable to changing needs
In Relational Databases, Data is organized into tables, columns and rows.
A table is equivalent to a file, as it represents a collection of records.
A row is a horizontal set of data fields or components. A column is a vertical set of data fields or components
Q 2. Key benefits of relational databases vs traditional file system?
• Data independence (e.g. n-tier application)
• Reduction of data redundancy (via Normalization)
• Maximize data consistency (primary key/ foreign key)
• Reducing maintenance cost through data sharing
• Security Feature
• Enforce Data integrity
Deepali, how database enforces integrity is interesting,
Domain integrity – Ensuring a domain gets selected range and type of values. eg If a phone number column must allow only numbers and special characters but not alphabets.
Triggers and Procedures They are the stored programs that run behind the system when a particular action is evoked. Eg. On delete of a entry the relative entries must be deleted. Say in a table of schools if entry for Fox school is deleted from Schools Master table, this entry must also be deleted from the Business Schools table.
Business Integrity – By running stored programs without knowledge of users checks can be performed to apply business rules.
Referential integrity – The use of primary keys to define unique records and foreign keys to establish relations enforces integrity.
I thought it was really interesting reading the textbook portion on DBMS’s about how many are open source. I think that is both a positive and negative aspect. Having the systems open source allows everybody easy access to the code which helps find vulnerabilities quickly. Once vulnerabilities are found those who discovery them either make the choice to alert others and create a patch, or they say nothing and now potentially have a path in the system wherever it is being employed to access data they otherwise wouldn’t be authorized to.
Great point Sean. Open source software usage is only growing as time passes, and this presents new benefits and risks for organizations. Recent studies have shown that only a small percent of companies utilizing open source software have any sort of controls in place, such as selection procedures and management, to mitigate those risks. With databases containing potentially confidential data, it is crucial that organizations using open source components create and test controls to ensure that they are not leaving a potential access point completely exposed.
Key benefits of relational databases vs traditional file system?
One of the key benefits of relational databases is that it allows flexible access to data by creating different queries or tables whereas a file system only allows predetermined access to data.
Relational database system is designed to coordinate multiple users accessing the same data at the same time, which will enhance productivities and efficiencies. A file system only allows one user to access to the files.
RDBMS can reduce redundancy associated with data, increase data integrity and flexibility, restricts unauthorized access, provide better backup and recovery functions whereas a file system might not have all these functions.
List risks associated with database management systems (DBMS)
Ans: The common risks associated with DBMS are:
1. Excessive privileges: If a person is given more privileges than is required, he/she may misuse the access. Or failure to remove access for an employee who leaves the project or organization.
2. Legitimate privilege abuse: Users may abuse their legitimate privileges for unauthorized purposes.
3. Database Injection attacks: An input injection attack can give an attacker unrestricted privileges.
4. Malware: Can steal sensitive data through legitimate user laptop/device.
5. Storage media exposure: Failure to protect back up or a regular check on who is accessing the data and what sort of data even by low level privileged users can be a risk if not monitored properly
6. Exploitation of vulnerable database: Proper patches have to be updated regularly. And it takes months to update the database. During this time, it is vulnerable to external attacks.
7. Unmanaged sensitive data: Forgotten databases can contain sensitive data which can be exposed to threat if the required controls and permissions are not implemented
8. The human factor: Human negligence or lack of knowledge on the best practices can impose a great risk
Source: https://www.shrm.org/resourcesandtools/hr-topics/risk-management/pages/top-database-security-threats.aspx
Great post Binu!
You mentioned about SQL injection. In this attack the SQL query is exploited by entering an input that was not expected by the system. This input serves to the SQL query in such a way that it forms a different meaning of a query and gives us possibility to see data that we are not authorized for.
Similarly exploits are done to overflow the buffer. The input to a query/text box in form is given way beyond its capacity to hold characters. eg Name text box can hold say 30 characters but hacker will try to input 500 characters. The database and memory will not be able to handle that overflow and causes the program to crash.
The solution is to use secure coding practices. eg restricting number of characters that a input box can take.
Denial of service attacks are example attack where attacker inputs data in a database system beyond its capacity to handle so much that the program crashes. A distributed Dos is when multiple users flood data to the system.
Q1. What are key characters of relational database management systems?
-Table: is equivalent to a file, representing a collection of records. Rows and columns are horizontal and vertical sets of data fields.
-Trigger: activate a stored procedure when a table or field is inserted, updated, or deleted.
-Stored Procedure/Function: program written in language of DBMS and behave like any other program.
-View: manipulate the data to show users what they would like to see, without changing the data.
Q2. Key benefits of relational databases vs. traditional file system?
Key benefits of a relational database include the following:
-Data independence
-Reduced data redundancy
-Maximized data consistency
-Reduced maintenance costs (via data sharing)
-Increased security
-Enforced data integrity
Q3. List risks associated with database management systems.
Risks associated with database management systems include:
-Potential organizational conflict
-Target for hackers
-Required to be available at all times
-Misconfiguration
Nice responses Annamarie, in additional I feel like privilege abuse among employees is also another risk. If you do not have proper controls and security settings in place employees who may not require access to the data will be able to access it and use it in an unprofessional manner.
Great post Annamarie, database system can easily become an attractive target for hackers because it stored a lot of business data including business competencies and client’s privacy and credit card information so we need proper controls and security to mitigate DBMS risks.
Mitigating controls for a DBMS could be:
– Managing user access rights and removing excessive privileges and dormant users
– Blocking malicious web requests
Rightly said Annamarie & Yu Ming. In addition to the measures suggested by Yu Ming, we can also deploy other layered controls as a risk mitigation strategy like database encryption and log-monitoring which would greatly reduce the probability of a security incident occurring .
1) What are key characters of relational database management systems?
A relational data base management system is a program that lets you create, update and administer a relational database. Compared to a manual database this is more flexible, compact and faster. It reduces the probability of inconsistent data.
– Data is displayed in tables, columns and rows
– It must support at least one language
– It must support insert, update and delete operations on sets
– Indexes are used to speed up data retrieval.
– Primary keys, foreign keys, and unique keys are called constraints and are created to enforce data integrity.
– Triggers are created to satisfy the business rules.
– Roles and privileges are used for security.
Great definition Jaspreet, I liked how you compared relational database management systems to manual ones saying how it is more flexible, compact and faster. All very true and that is why companies would rather use relational databases on their system so that it is easier to run programs and make changes. It is easier to search and find information inside databases through relational, I could not imagine how it would be to have to do it manually. Working as an Associate App Developer I work just put a command in SQL to search the whole program for any key terms so it made it a lot easier to find what I was looking for. Having to do it manually would mean going through the whole program line for line searching what I was looking for and that could take days. So agreed relational compared to manual database is far better.
2) Key benefits of relational databases vs traditional file system?
Key benefits of relation databases vs traditional file system are that you can:
– search for multiple different data sets at once (or across different data sets)
– relational databases are computer based and much faster in terms of pulling information
– you can update many records very quickly
– many users can access the database
– you can restrict which users see which information or what actions they can perform in a database
Q1: What are key characters of relational database management systems?
A relational database management system (RDMS) is a program that gives you an ability to create, update and administer a relational database. Most commercial RDBMS’s use the structured query language (SQL) to access and retrieve the database.
Characteristics are as follows:
– Provides data to be stored in tables
– Persists data in the form of rows and columns
– Provides facility primary key, to uniquely identify the rows
– Creates indexes for quicker data retrieval
– Provides a virtual table creation in which sensitive data can be stored and simplified query can be applied.(views)
– Sharing a common column in two or more tables(primary key and foreign key)
– Provides multi-user accessibility that can be controlled by individual users.
3) List risks associated with database management systems (DBMS)
– Performance issues are difficult to predict
– Data integrity is difficult to ensure with shared databases
– Mainly privilege abuse
– Poor audit trail
– Failed or incomplete backups
– Weak authentication
– Not requiring passwords for databases or weak passwords
– Weak systems configurations
Q2: Key benefits of relational databases vs traditional file system?
– Relational databases system uses both the physical and the logical access to the data. On the other hand, a traditional file system only deals with the physical access.
– Relational databases system allows flexible access to data and multiple user access to the same data, whereas a traditional system is created to let predetermined access to data.
– Relational database controls redundancy, restrict the unauthorized access, provide back-up for recovery; but not in a traditional file system.
I agree with you. Relational databases allow you to define certain record fields, as keys or indexes, to perform search queries, join table records and establish integrity constraints. Search queries are faster and more accurate when based on indexed values. Table records can be easily joined by the indexed values. Integrity constraints can be established to ensure that table relationships are valid. If you are able to establish a one-to-many relationship in your data tables, you should be using a relational database because a flat file is not sufficient to handle your data processing needs.
What are key characters of relational database management systems?
Relational Database Management System organizes data into related rows and columns.
Features:
– It stores data in tables.
– Tables have rows and column.
– These tables are created using SQL.
– And data from these tables are also retrieved using SQL.
Wenlin, nice post. To add onto what you said, some additional characteristics can be providing facility primary key to uniquely identify rows and creating indexes to easily retrieve data.
Key benefits of relational databases vs traditional file system?
A “relational database” is a database structured on the “relational” model. Data are stored and presented in a tabular format, organized in rows and columns with one record per row.
The traditional filing system (TFS) is a method of storing and arranging computer files and the information in the file (data). Basically it organizes these files into a database for the storage, organization, manipulation, and retrieval by the computer’s operating system.
• Flexibility: Because programs and data are independent, programs do not have to be modified when types of unrelated data are added to or deleted from the database, or when physical storage changes.
• Fast response to information requests: Because data is integrated into a single database, complex requests can be handled much more rapidly than locating data separately. In many businesses, faster response means better customer service.
• Multiple access: Database software allows data to be accessed in a variety of ways (through various key fields), by using several programming languages (both3GL and nonprocedural4GL programs).
• Lower user training costs: Users often find it easier to learn such systems and training costs may be reduced. Also, the total time taken to process requests may be less, which would increase user productivity.
• Less storage: Theoretically, all occurrences of data items need be stored only once, thereby eliminating the storage of redundant data. System developers and database designers often use data normalization to minimize data redundancy.
I strongly agree with you about the failed/incomplete backups point. I too believe that an organization needs to have right controls (corrective, preventive) to restore the system if such a situation arises.
I agree with you Abhay, the corrective controls and preventive controls should have segregation of duties. The app developer should be different with corrective person.
What are key characters of relational database management systems?
RDBMS is a type of a system that organizes the data in related rows and columns.
> Users can query the data and receive widest range of output.
> The input, storage, alteration and deletion of data is done through SQL.
> Primary key (unique ID) is used to identify data in rows.
> “Data must be stored and presented as relations, i.e., tables that have relationships with each other, e.g., primary/foreign keys.”
Key benefits of relational databases vs traditional file system?
The traditional database is designed around a single table containing the data and it fails to support “big data,” like data gathered from various enterprise applications.
RDBMS incorporates multiple tables with methods for the tables to work together. If you need to store and manipulate data and allow multiple employees to have access to it simultaneously, then RDBMS is an excellent way to go about it. Other benefits include:
> mature development and administration tools
> best data modelling practices and physical database implementation
> support transactions
Question: What are key characters of relational database management systems?
– Tables: each table includes one or more data categories in columns.
– Row: each row includes a unique instance of data for the categories defined by the columns.
– View: a user of the database could obtain a view of the database that fitted the user’s needs.
– Rules: rules define format and range of data that can be stored.
– Triggers: triggers can activate a DBMS stored procedure when a field, record or table is inserted, updated or deleted.
Good post fangzhou. It is brief and informative.
and here is my understanding of relational database.
A relational database is a set of tables containing data fitted into predefined categories. Each table (which is sometimes called a relation) contains one or more data categories in columns. Each row contains a unique instance of data for the categories defined by the columns. For example, a typical business order entry database would include a table that described a customer with columns for name, address, phone number, and so forth. Another table would describe an order: product, customer, date, sales price, and so forth. A user of the database could obtain a view of the database that fitted the user’s needs. For example, a branch office manager might like a view or report on all customers that had bought products after a certain date. A financial services manager in the same company could, from the same tables, obtain a report on accounts that needed to be paid.
Question: Key benefits of relational databases vs traditional file system?
Different from traditional file system, the relational databases can collect and store related data with effective structure, which allows database users easier access and research the data. Moreover, following the development of information technology, the amount of data is increasing rapidly, which reduces traditional file systems’ efficiency. Under this circumstance, relational databases can handle big data storing by using relational model, and enhance the data integrity. Furthermore, the relational databases can better protect the information assets of an organization, since the traditional file systems usually lack of an effective access authorization, which may cause data leak.
Great answer, I think one of other benefits is that traditional file system is kind of manual process within which human errors is a high risk, while database is kind of automated process within which could greatly mitigate the risks caused by human.
Yes, the traditional file system is usually unstructured and may have human errors. Comparing with traditional system, the databases can collect and store information with an organized structure. However, the DBMS also has some disadvantage like highly cost. Therefore, the decision maker should carefully balance it.
List risks associated with database management systems (DBMS)
First and the most important risk that I can think of is destruction of data. If the organization doesn’t have any corrective controls or preventive controls in place, a human error, which is inevitable, could cause this.
Other risks include misuse of data due to poor access controls, corruption of data.
I would like to put forward an example of data corruption:
A bank employee whose job requires the ability to change only account holder contact information may take advantage of excessive database privileges and increase the account balance of a colleague’s savings account.
Other can be, companies fail to update access privileges for employees who change roles within an organization or leave altogether.
A recent case of data corruption is one that occurred at wells Fargo. Employees of the bank enrolled customers into online banking and bill paying products without their knowledge.Employees generated ATM’s for dummy accounts and assigned pin numbers usually “0000” to the cards for which they received compensation.
This is a very serious issue as this has been the biggest case of identity theft which occurred due to loopholes in DBMS.
Deepali – Thanks for bring in the real life example. However, the sample you brought up is rather from human aspect not a data corruption issue. We can discuss during the class.
Thanks for sharing. I would also like to add that data corruption in DBMS is a big risk since the entire organization rely on the same database. Multiple departments may be using the corrupt data which could lead to a big mess that will be hard to correct.
But I assume most companies will have a back up system and have multiple recovery points for the databases as it contains lot of important information..
Question: List risks associated with database management systems (DBMS)
Indeed, the database management systems (DBMS) is an organized structure to store data. However, it also stores huge amounts of sensitive information like the employees’ personal identity information (PII), customers’ personal information, and other business data like ordering information. If the attackers obtain the access authority and access in the DBMS, all the sensitive information might be stolen and cause significant data leak, which may serious damage the company’s information assets.
That is true. By unifying the database, it brings about a new threat where an intruder from any of the multiple access point will cause the entire information in the database to get stolen.
Yes Fangzhou, DBMS storing these data is a huge risk if someone were to hack into the system. There must be many security measures in place to prevent this from happening. But hackers are using so many tools these days to get around the security to get into the system to steal these information. So the company must also develop a plan for the after effect. Meaning after it happens, how would they come back from it and what can they do to ensure it won’t happen again.
Agreed! Other threat or risk may also be internal steals, because lack of logical access control may lead multiple unauthorized steals from multiple points of the company. Sensitive data and information of the company are the most important area, public engineer is one threat, but internal steal is another big threat.
1. What are key characters of relational database management systems?
The key characters of relational database are: relational term, derived relvar, tuple, attribute, SQL equivalent, table, view, query result, result set, row, column
A relation is defined as a set of tuples that have the same attributes. A tuple usually represents an object and information about that object. Objects are typically physical objects or concepts. A relation is usually described as a table, which is organized into rows and columns. All the data referenced by an attribute are in the samedomain and conform to the same constraints.Flat file-it stores records without any relationships, and it can be stored in any random sequence.
Examples of relational databases include: DB2, Informix, Lotus Approach, MS Access, Oracle, SQL Server, Sybase.
Another character of RDBMS is that it supports multiple users access which is not possible in DBMS.
RDBMS offers logical database independence in which data can be viewed in different ways by different users.
2. Key benefits of relational databases vs traditional file system?
The benefits of relational database are:
Relational database has multiple tables and allows these tables to work together. The relationships between table data can be collated, merged and displayed in database forms. When search queries in relational database, it makes work faster and more accurate. And table records can be easily joined by the indexed values. Establishing one-to-many relationships, relational database can easily solve the problems whereas traditional file system cannot handle.
3. List risks associated with database management systems (DBMS)
1) Data leaks
2) Stolen database backups-internal steals
3) lack of consistency
4) deployment failures-lack of due care
5) lack of segregation-segregation duties
How about duplication of data? Or would that be included in data consistency? I think data duplication and other inaccurate data is a real problem within large data bases. It causes a waste of storage and it costs money to explore, investigate, and fix these data issues.
Agree with you, YuLun,
List risks associated with database management systems (DBMS)
I think Data leaks would cause a huge impact on the system. Databases may be considered a “back end” part of the office and secure from Internet-based threats (and so data doesn’t have to be encrypted), but this is not the case. Databases also contain a networking interface, and so hackers are able to capture this type of traffic to exploit it. To avoid such a pitfall, administrators should use SSL- or TLS-encrypted communication platforms.
What are key characters of relational database management systems?
Relational Database is collection of two dimensional data stored in rows and columns.
The Database Management Systems DBMS provides:
– Database pro-active maintenance services like indexing for quick data retrieval of specific group of database records based on primary key.
– Provide RBAC to control who has access to which parts of database based on authorization and job function.
– Controls management functions performed on database such as query, records retrieval, data removal/deletion, regular security, and integrity checks.
– The DBMS has capability to query database on the fly to form virtual views using pre-determined criteria resulting on great flexibility.
List risks associated with database management systems (DBMS)
One of the goals for DBMS is to secure databases against risks posed against the database. The risks vary from intentional hacking to expose data (confidentiality and privacy), commit fraud by altering data records (integrity), or bring database down (availability) and disrupt user access. The controls against such risks should target each area of potential data loss.
Some of the controls to limit Impact of risks:
Authorization/Authentication:
Define users access level based on their work function and authorized access, use RBAC, increase logging of database activities, limit database views creation based on access level and job function. Use of complex passwords, force database users to change their passwords more often, use of two factor authentication to lower risk if intruder gained access even to database administrator work station
Integrity:
Use DBMS integrity checks to validate data on front end applications and database levels as well. Use robust backup and recovery policy to be able to go back to restore database to trusted point in time should security breach is detected. Backups can run incremental more often during the day to lower the RPO should data breach occur and need to restore from last know good condition.
Encryption
Encrypt database traffic in flight and at rest. Encryption makes it so difficult to decipher database records if unauthorized intruder intercepted database traffic or gained access to physical disks where database is stored.
You brought up several important subjects here: authentication vs. authorization; protecting data at rest, data in use and data in transition. Those are things concern IT auditors. We will discuss on Wednesday.
Great post! other risks may include organizational data leakages, stolen database backups by internal steals, lack of consistency, lack of due care, or lack of segregation of duties within an organization.
Key benefits of relational databases vs traditional file system?
Relational database:
– Database is structured data logically combined based on selection of database keys and table relations.
– Store related data in 2 dimensional array.
– Use specific format based on database system used (Oracle, MySQL).
– Data are being saved to database in synchronous manner, DBMS waits for acknowledgement back from database before it declares record is saved.
– DBMS provides integrity, security, availability during customer access.
Traditional File System:
– File system stores files in an unstructured fashion.
– Files saved to file systems in asynchronous manner.
– File system provide security and integrity but not as robust as DBMS.
Agreed! In addition, when search queries in relational database, it makes work faster and more accurate. And table records can be easily joined by the indexed values. Establishing one-to-many relationships, relational database can easily solve the problems whereas traditional file system cannot handle.
What are key characters of relational database management systems?
– Stores data in tables in the form of rows and columns
– Has primary key, to uniquely identify the rows
– Creates indexes for quicker data retrieval
– Ability to view data through creating a virtual table with customizable queries
– Multi-user access and sharing of data
Key benefits of relational databases vs traditional file system?
In a traditional file system, each department will have their own file system. Most of the time, each department will need information from other departments so, they will have to copy information from other systems into their own. This creates a redundancy and a waste of space as each systems have same information. The RDMS on the other hand, is a single system where all department share information.
Some of the key benefits of RDMS vs traditional file system are:
-Control of data redundancy
-Sharing of data
-Improved data integrity
-Improved data accessibility and productivity
List risks associated with database management systems (DBMS)
-If the integrity of data is compromised, the whole organization will be affected.
-A breach will allow access to the entire database information.
-Database failure will severely affect the organization’s ability to function
-Virus/malware/infection will affect the entire database.
What are key characters of relational database management systems?
• Data is stored in the forms of tables. In tables, data are stored in rows (records) and columns (field)
• Relationships are created and maintained across and among the data and the tables
• Designed to handle large amount of data, it supports multiple users
• Single database can be separated across several tables
• Database is “broken down” into smaller pieces
• The changes will NOT affect the entire database
• Use SQL commands to retrieve or update data
List risks associated with database management systems (DBMS)
-Concurrent Access Anomalies
multiple users using the same data will lead to inconsistent data problem
-DBMS does not apply any security with regards to data manipulation
– Whole database is modified if one record is modified. Data is stored in a single large table, therefore a breach will have the access to the entire database information
RDMS has built in mechanism to handle concurrent access; it also has the security feature to assign different types of access; usually a database consists a lot of objects, including a lot of tables, access can be granted to those objects.
Key benefits of relational databases vs traditional file system?
Multiple access- Database software allows data to be accessed in a variety of ways (through various key fields), by using several programming languages
Flexibility-Because programs and data are independent, programs do not have to be modified when types of unrelated data are added to or deleted from the database, or when physical storage changes.
Lower user training costs- Users often find it easier to learn such systems and training costs may be reduced. Also, the total time taken to process requests may be less, which would increase user productivity.
Control redundancy- DBMS approach whereby a pool of related data is shared by multiple application programs. System developers and database designers often use data normalization to minimize data redundancy. Whereas traditional file system duplicate data in separate files.
Fast response to information requests- Data is integrated into a single database, complex requests can be handled much more rapidly than locating data separately. In many businesses, faster response means better customer service.
Primary key is an efficient way for indexing, since it’s unique, just like our TU id, authorized people can search one by typing his/her TU id into the system. Also, first name or last name could be used for indexing as well, but it not as efficient as TU id, since it is not unique, for example, if you type “David”, maybe more than one result appears.
Thanks for sharing the information of benefit of relational database.
In my opinion, Digital technology has reduced the cost of sharing information. The use of the Internet is effective for teachers to transmit notes to students, and also to connect with other teachers. This expands access to knowledge and opportunity. When students access lecture notes prior to the lesson, the lesson may be more interactive and interesting.
The Internet and other kinds of technology also allow students to access extra information that may not have been covered in class. Similarly, it’s cheaper for learning institutions to subscribe to online journals compared to purchasing printed books. The Internet has tremendously lowered barriers to information by making it possible for researchers to share their discoveries and publications online.
In addition, keeping digital records in hospitals allows for easier retrieval than manual records. Digital information is also secure in case of theft or fire. The use of electronic banking is convenient, as it allows account holders to make transactions in the comfort of their homes.
What are key characters of relational database management systems?
Below are some of the key characteristics of RDBMS :
• Data must be organized in a table format. Even relations between tables are stored in the form of a table.
• Data in a column must be accessible by specifying the the table and column name along with the value of the primary key of the row
• Supports missing data in organized, logical way
• must support an active on-line catalogue
• must support at least one language that can be used independently and from within programs, and supports data definition operations, data manipulation, constraints, and transaction management.
• Views must be updatable by the system
• must support insert, update, and delete operations on sets
• supports logical, physical and distribution independence
• Integrity constraints must be stored within the catalogue, separate from the application
• Provides multi user accessibility that can be controlled by individual users(through field access controls like author access/creator access)
What are key characters of relational database management systems?
-Use tables to store information
-Data is represented in columns (fields) and rows (records)
-Primary and Foreign Keys; used for building relationships between tables
-Typically utilizes SQL for building, maintaining, and querying
-Must support at least one language
Key benefits of relational databases vs traditional file system?
-Data is only stored once which makes changing/updating data more efficient
-Complex queries (using SQL) can be used to extract data
-There are some controls in place to help increase security
-Easily expandable to accommodate future requirements
List risks associated with database management systems (DBMS)
-Increased costs (hardware, software, personnel, training)
-Management Complexity – changes must be made carefully to ensure data remains secure and in-line with how the business intends the DB to interface with other systems
-Frequent updating and patching is required
Because these DBs are so complex and changes made can have far reaching impacts, it would be very important during an audit to take a close look at the change management policies and procedures to ensure they cover all aspects of the change control process, and to make sure that the changes being made do follow all parts of the documented process. The same is true of updating and patching; these activities should be done in accordance with the documented processes concerning them.
Some of the key benefits of relational databases vs traditional flat file system are as below :
• Traditional file systems are more prone to data corruption as its storage is unstructured. Relational databases on the other hand have data stored in tables which makes the data less prone to corruption
• Traditional file systems are not sufficient to handle large volumes of data
• Search queries are faster to run on Relational databases as compared to file system
• Relational databases offer more robust reporting and the capability to import and export
• Relational databases offer better security and access control as compared to file system as users can be given specific access level to different fields
Q: What are key characters of relational database management systems?
Using of primary keys
Avoiding of data redundancy – the use of “normalization” rules
Constraining data input – specify what sort of data a database column is allowed to contain
Using of SQL
Convertibility – data can be transferred between relational database systems relatively easily.
Q: Key benefits of relational databases vs traditional file system?
It’s easier for user to understand and implement
It’s easier to convert from other database structures
it’s easier to implement projection and join operations
It’s easier to create new relations for applications
It’s easier to implement access controls over sensitive data
It’s easier to modify the database
Q: List risks associated with database management systems (DBMS)
Legitimate privilege abuse – users may abuse legitimate database privileges for unauthorized purposes
Database injection attacks – SQL injections and NoSQL injections
Malware
Storage media exposure
Exploitation of vulnerable databases – it generally takes organizations months to patch databases, during which time they remain vulnerable
The human factor
I like that you listed the human factor on your list. Human error is always a risk regardless of how the data is stored. A system may reduce the error, but it is impossible to eliminate completely. I’ve looked throw a lot of DBMS that have errors that were most likely human.
Agree, the risk you listed is the really we need to concern. For those of you who prefer to get more technical, here are a few examples of exploits. More are fleshed out in the full paper. Consider the following situation: A PHP application has a login mechanism where the username and password are sent from the user’s browser via HTTP POST. This vulnerability is applicable to HTTP GET, as well.
A3 The most common risks associated with database management systems can be listed as :
• Abuse of excessive privileges
• Database injection attacks
• Malware
• Storage media exposure
• Vulnerability due to delayed patching
• Unmanaged sensitive data
• Security incidents due to human negligence
• RDMS’s are created to store large amounts of data that the applications of the business will use in their day-to-day activities.
• Data is stored in tables.
• The rows of the table identify a record, and the columns of the table identify a characteristic of that record
• A Data Dictionary that identifies how the database is formatted, such as data type, or the configuration but doesn’t say anything about the data itself.
– Tables have a primary key that is a unique identifier for that record and then can contain foreign keys which show association via a primary key to another table.
2. Key Benefits of relational databases vs. traditional file system.
– I think a major benefit of a relational database is the ability to query and manipulate data as opposed to a traditional file system or flat file.
– A user can utilize SQL to run queries to get the results of the data that the user needs.
– Many users have access to the information, but users can have different security preferences. In a traditional file system, everyone who is accessing data has the same privileges with this data.
– Less redundancy in data. Primary to foreign key relationships reduce the amount of data redundancy in comparison to a traditional file system.
3. List risks associated with database management systems (DBMS)
-A DBMS is in contact with several different business applications, thus if data is corrupted in a record then that piece of corrupted data can flow over to many different applications that are using that record from the database.
-Large amounts of sensitive data are stored in a DBMS. If a hacker gains access to the DBMS he has access to a lot of information that can harm a company.
-SQL Injection attacks can occur where a person could alter the database by entering in SQL into a field in an application currently using the database, and the database would respond to the SQL script.
At least towards the issue concerning hackers, there are all sorts of vulnerability management tools out there to help businesses control their risk and patch known vulnerabilities (Qualys, Nessus, Imperva, etc.) If I were to implement a vulnerability management program as a control to prevent hacking, it would involve continuous scanning, patching critical vulnerabilities within 30 days of their being discovered (on a rolling basis), implementing patches and updates within 30 days of their being released, and also scanning for simple configuration changes that could be made to harden/secure the database.
Q3: List risks associated with database management systems (DBMS)
Although DBMS brings up considerable advantages to an organization, it also carries some flaws. Examples are as follows:
1. Increased costs: Since Database systems require sophisticated hardware and software and highly skilled personnel, the cost of maintaining the hardware, software, and personnel required to operate and manage a database system can be substantial.
2. Management complexity: Database systems interface with many different technologies and have a significant impact on a company’s resources and culture. The changes introduced by the adoption of a database system must be properly managed to ensure that they help advance the company’s objectives. Given the fact that database systems hold crucial company data that are accessed from multiple sources, security issues must be assessed constantly.
3. Maintaining currency: To maximize the efficiency of the database system, you must keep your system current. Therefore, you must perform frequent updates and apply the latest patches and security measures to all components. Because database technology advances rapidly, personnel training costs tend to be significant.
4. Vendor dependence: Given the heavy investment in technology and personnel training, companies might be reluctant to change database vendors. As a consequence, vendors are less likely to offer pricing point advantages to existing customers, and those customers might be limited in their choice of database system components.
5. Frequent upgrade/replacement cycles: DBMS vendors frequently upgrade their products by adding new functionality. Such new features often come bundled in new upgrade versions of the software. Some of these versions require hardware upgrades. Not only do the upgrades themselves cost money, but it also costs money to train database users and administrators to properly use and manage the new features.
Very detailed summary Daniel. DBMS is considered the more efficient option because reading line by line is not required and specific control mechanisms are already in place.
Key benefits of relational databases vs traditional file system?
Traditional file systems store data in files, as opposed to a relational database which stores data in tables with rows and columns. As a result, relational databases allow for more sophisticated data organization and retrieval. Key organizational benefits to relational databases are less redundancy/inconsistency, and more data integrity. Because relevant data is often stored in separate files with different people maintaining them it becomes difficult to enforce consistency and reduce redundancy between files. Often creates many silos as each file is subject to an individual user.
Data retrieval is also more difficult in a traditional file system because of the data silos and formatting inconsistencies. Files may not have any inter-relationship, regardless of their relevancy to one another. A relational database address these issues by using a table format, and serving as a single data source for multiple users. Because there is one source, standards can be applied and enforced which will reduce inconsistencies and redundancy. As a result, there are less resources wasted, while data can be organized and retrieved faster.
Last, security is an important benefit for relational databases. Access controls can be implemented for relational databases, so users can only see data they are allowed to. Traditional file systems do not have this feature because there are maintained on an ad hoc bases over a long period of time. Users will likely have access to data that should be restricted in some form.
What are key characters of relational database management systems?
1. Data Storage – Data is organized and stored in tables (Columns & Rows).
2. Rules – Can set up thresholds to limit the data input and/or access
3. Triggers – Allows for a reaction from an initial action.
4. Storage – program specific procedures to store data (Saved or Updated) and where to save the data
5. View – The interface is customizable and can be tailored to the company / industry.
Key benefits of relational databases vs traditional file system?
1. Data Independence – This allows for the data structure, in a database management system to be changed without changing the other fields. An example of this is data mapping for program customization. You may want to change a phone number with a separate field for the area code, into one field. This feature allows for you to change how the phone number looks without affecting the other data.
2. Reduction of Data Redundancy – This reduces the amount of times the same data is stored on the network. This will reduce the amount of drive space on your network. Data Redundancy should be avoided locally and backed-up to a cloud environment.
3. Maximize Data Consistency – This allows for data to be used and updated across different platforms, close to real-time. An example of this would be the operations department changing the items list in one program that populates the new items to the accounting department for invoicing.
4. Data Sharing – This is when the data is accessible by multiple users. It is a centralized location, allowing for multiple access by different users. The centralized database reduces costs associated with maintaining separate databases and possibly redundant data.
5. Security – The system allows for the setting of group policies and controls. You have the ability to limit access to data based on user rights and privileges. Confidential document data can be encrypted locally to protect data transfers between different programs.
6. Data Integrity – The accuracy of the data stored will increase by only allowing certain data fields to be changed, moved, or added. The database is only as good as the data. The data should be complete, consistent, and accurate for a system to be effective.
List risks associated with database management systems (DBMS)
1. Configuring or setting security controls on users – This give the user access to otherwise restricted data and/or granting administrator privileges to move, add, or change data.
2. Securing the system from hackers – Malware may be installed on the server, granting access to the entire database.
3. Disasters – Natural or Man initiated disaster may cause data to be corrupted or lost.
Question: Key benefits of relational databases vs traditional file system?
The biggest single difference is database systems actually know the data and the structure of the data they manage at a very deep level, while the lowest-level data item for file systems is typically the page (Paging).
At the lowest level, there is a lot of cross-pollination between db engine storage layers and file systems, particularly in areas like transactions and recovery (Journaling file system), where concepts such as Transaction logs are used by most DB engine storage systems and many modern file systems.
That said, since DB engines have very detailed knowledge of their data that file systems don’t have, they often have big differences at the storage layer:
Base data and indexes are often managed very, very differently, and db engines often have several Cache algorithms for different situations. File systems typically are less complex at this layer since they don’t have the same level of visibility into the access patterns of the data.
DB engines often have to deal with heavy update concurrency, so they have complex lock managers to manage concurrent updates. Lock (database). File systems don’t have this type of requirement.
Above the storage layer, things get much different. DB engines have lots of Metadata describing the structure of their data, and they use it to support both querying and organizing the data.
File systems have much less app-provided metadata, typically just a file name and the actual file bytes from the app. File systems maintain their own metadata about files, but this is generally restricted to where the bytes are in the file system. There is no need for file systems to know things like table FOO’s third column is an integer and has a hash index on it.
What are key characters of relational database management systems?
Data in the relational databases must be represented in tables, with values in columns within rows. Data within a column must be accessible by specifying the table name, the column name, and the value of the primary key of the row. The DBMS must support missing and inapplicable information in a systematic way, distinct from regular values and independent of data type. The DBMS must support an active on-line catalog. The DBMS must support at least one language that can be used independently and from within programs and supports data definition operations, data manipulation, constraints, and transaction management. Views must be updatable by the system. The DBMS must support insert, update, and delete operations on sets. The DMBS must support logical data independence. The DBMS must support physical data independence. Integrity constraints must be stored within the catalog, separate from the application.
Key benefits of relational databases vs traditional file system?
Tradition file system is designed around a single table. File may contain many fields, often with duplicate data that are prone to data corruption and duplicates. Relational databases leverages multiple tables that work together. The relationships between table data can be collated, merged and displayed in database forms. This allows to share data across networks, over the internet, with other devices and software systems. Also relational databases allow for more robust reporting.
You are correct that rational databases control redundancy. DBMS approach whereby a pool of related data is shared by multiple application programs. System developers and database designers often use data normalization to minimize data redundancy. Whereas traditional file system duplicate data in separate files. In addition, rational database software allows data to be accessed in a variety of ways (through various key fields), by using several programming languages.
What are key characters of relational database management systems?
A relational database is a collection of data items organized as a set of formally described tables from which data can be accessed easily. A relational database is created using the relational model. The software used in a relational database is called a relational database management system (RDBMS).
The Relational database management system are created for fast storage and recovery of large quantities of data. Provides data to be stored in tables. The advantages of RDMS is that it removes duplicate data and allows easy accessibility to information from other users, as well as makes it easier to update data. The RDBMS will Increase cost, management difficulty, maintaining Currency, and upgrade and Frequency
Key benefits of relational databases vs traditional file system?
There are several benefits of relational databases management system. Few of them are as follows:
1. Data is only stored once. In the previous example, the city data was gathered into one table so now there is only one record per city. The advantages of this are
No multiple record changes needed
More efficient storage
Simple to delete or modify details.
All records in other tables having a link to that entry will show the change.
2. Complex queries can be carried out. A language called SQL has been developed to allow programmers to ‘Insert’, ‘Update’, ‘Delete’, ‘Create’, ‘Drop’ table records. These actions are further refined by a ‘Where’ clause. For example
SELECT * FROM Customer WHERE ID = 2
This SQL statement will extract record number 2 from the Customer table. Far more complicated queries can be written that can extract data from many tables at once.
3. Better security. By splitting data into tables, certain tables can be made confidential. When a person logs on with their username and password, the system can then limit access only to those tables whose records they are authorized to view. For example, a receptionist would be able to view employee location and contact details but not their salary. A salesman may see his team’s sales performance but not competing teams.
4. Cater for future requirements. By having data held in separate tables, it is simple to add records that are not yet needed but may be in the future. For example, the city table could be expanded to include every city and town in the country, even though no other records are using them all as yet. A flat file database cannot do this.
Jianhui , Nice recap of DBMS risks , it is important to log DBMS activities to remote syslog facility for purpose of spotting misconfigurations and excessive privilege access.
Ian M. Johnson says
Key benefits/advantages brought by relational databases
• Flexible and engrained, established with quality standardized products in the IT industry.
• Uses SQL (Standard data access language) which is a well know language in the industry.
• Large development efforts and with large databases are well understood.
• Risks and costs are known to be worth it.
• The fundamental structure is easily understood, yet security is known to be better than other databases
• design and normalization process is well-defined
• Data is stored efficiently and allows for the implementation of future requirements
• Provides the ability to conduct complex queries
http://it.toolbox.com/blogs/enterprise-solutions/some-pros-cons-of-relational-databases-24144
http://www.teach-ict.com/as_as_computing/ocr/H447/F453/3_3_9/database_design/miniweb/pg8.htm
Ian M. Johnson says
What are key characters of relational database management systems?
• Data is displayed in tables, columns, and rows.
• Supports missing data in an organized and logical way.
• Supports at least one language
o Languages support data definition operations, data manipulation, constraints, and transaction management.
• Supports logical data independence.
• Supports physical data independence
• Support distribution independence.
http://it.toolbox.com/blogs/enterprise-solutions/characteristics-of-relational-databases-24134
Liang Yao says
Ian – Can you elaborate “supports missing data in an organized logical way”? Thx
Ian M. Johnson says
What I meant was: “data within a column must be accessible by specifying the table name, the column name, and the value of the primary key of the row. The DBMS must support missing and inapplicable information in a systematic way, distinct from regular values and independent of data type.”
Shizhong Yang says
Johnson , I totally agree with your answers!!
Tamer Tayea says
I agree with Ian on key characteristics of database management systems DBMS, however one of the key identifiers of DBMS is “relational” aspect of aspect, where data is connected vertically and horizontally via several relations using keys and associations.
Ian M. Johnson says
List some risk associated with database management systems (DBMS)
• High development costs
• Long development projects
• Large and expensive physical infrastructure
• RDMS are known to resource inefficiency and ineffective distribution
• Facilitate poor performance “bottlenecks” for the user
• Each single server has limits and when those limits are reached, many database platforms have few practical options available for further scalability. This is a management nightmare and it causes significant overhead costs.
http://blog.tonybain.com/tony_bain/2009/05/the-problem-with-the-relational-database-part-1-the-deployment-model.html
Liang Yao says
some of the risks you mentioned here were reduced significantly due to the technology advance in recently years. e.g. hardware and software resource requirement. 10 years ago, cost for storage and memory were very high, management needed to consider the resource allocation when implementing RDMS, but it changed significantly due to the low cost of hardware in these days.
Can you follow up a few controls that can mitigate the risks identified above?
Ian M. Johnson says
Capacity management could be a control the bottleneck issue. Cloud computing could help with the server limitations. I am sure that over the years the equipment has increased in efficiency and decreased in size which helps with some of the issues as well.
Paul M. Dooley says
Ian, interesting perspectives on the recommended controls you brought up. I definitely agree with capacity management. Cloud computing may also address server limitations but opens up an entirely different list of risks, however, off the top of my head I can’t seem to come up with an alternative.
Victoria A. Johnson says
Relational databases are a collection of computer programs that are used to organize files into a database for the storage, organization, manipulation, and retrieval by the computer’s operating system. Traditional file systems are used as a collection of raw data files stored on a hard drive.
DBMS has more benefits over traditional file system because DBMS can handle a large majority of applications which purpose is to manage the data stored in databases. File systems make tasks like storage, search and retrieval more tedious because it has to be done manually. This could potentially cause problems like, data integrity, data inconsistency and data security which can be avoided when using a DBMS.
DBMS is the more efficient option because reading line by line is not required and specific control mechanisms are in place.
Liang Yao says
please research what “data independent” means…
Ian M. Johnson says
According to PCMag, data independence is:
“techniques that allow data to be changed without affecting the applications that process it. There are two kinds of data independence. The first type is data independence for data, which is accomplished in a database management system (DBMS). It allows the database to be structurally changed without affecting most existing programs. Programs access data in a DBMS by field and are concerned with only the data fields they use, not the format of the complete record. Thus, when the record layout is updated (fields added, deleted or changed in size), the only programs that must be changed are those that use those new fields.”
source: http://www.pcmag.com/encyclopedia/term/40791/data-independence
Shizhong Yang says
Johnson , I totally agree with you that DBMS has more benefits over traditional file system.
Tamer Tayea says
Good comparison Victoria, I would add another key contrast is the fact that DBMS is structured data type whilst traditional file system in unstructured in nature.
Magaly Perez says
What are key characters of relational database management systems?
The Relational database management system are created for fast storage and recovery of large quantities of data.
Provides data to be stored in tables:
– Keeps data in the form of rows and columns
– Provides multi-user availability that can be controlled by an individual user
– Runs primary keys, to identify the rows
– Generates keys for quicker data retrieval
– Provides a virtual table creation in which sensitive data can be stored and simplified query can be applied
– Sharing of common columns, in two or more tables such as primary key and foreign key
Key benefits/advantages brought by relational databases?
The advantages of RDMS is that it removes duplicate data and allows easy accessibility to information from other users, as well as makes it easier to update data.
List some risk associated with database management systems (DBMS)?
– Increased cost
– Management difficulty
– Maintaining Currency
– Upgrade and Frequency
Source: https://equizine.wordpress.com/2012/10/22/advantage-ans-disadvantages-of-database-management-system/comment-page-1/
Brou Marie Joelle Alexandra Adje says
Good Laly. I think the key advantage of RDMS is simply that it provides a betters security overall. In fact, by splitting data into tables, certain tables can be made confidential. When a person logs on with their username and password, the system can then limit access only to those tables whose records they are authorised to view.
Magaly Perez says
Great point Alex, I completely agree. By having the added security within the tables and the ability to configure those tables into having more confidentiality is a great key advantage, but I do also, think having the ability to have easy accessibility to information from other users and the ability make updates to the data, decrease the risk of human error, which I believe is a huge risk, that is overlooked with data entry.
Liang Yao says
Yes, RDMS provides better security feature, but not via spliting the data into tables…please research what RDMS can offer from secuerity aspect,..
Priya Prasad Pataskar says
I think, RDBMS offers security by providing below features,
1. Logical and physical independence
eg if a disk has to be replaced where database stored, it will not impact the logical tables, rows and columns.
2. By having constraints
e.g primary key will help uniqueness, defining range of values in Check constraint will ensure that the values do not pose errors
3. DBMS software in themselves require authentication and privileges to access database schema.
e.g A oracle database administrator will have access to database schema eg School schema in Philadelphia , while he grants access to a particular database eg Fox school table to only Fox admin.
Magaly Perez says
Prof,
Thanks for the insight and the suggestion. I just researched the RDMS security features and learned the following:
The complex design of RDMS itself is a security feature. Its hierarchical storage allows metadata documentation to be inside the database and even when given access to the database it is impossible to hack this data. The proprietary storage make it tough for other third party tools to decipher the meaning. The transparent data encryption (TDE) performs real time I/O encryption and decryption of the data and logs the file. The symmetric key is secured by using a certificate stored in the master database of the server or by a database encryption key module. TDE protects data “at rest”, meaning the data and log files. This permits software developers to encrypt data by using AES and 3DES encryption algorithms without changing existing applications.
Additionally, a good RDBMS design is a security feature within itself as well. If they are carefully abstracted with the role based security, fine grained access control and other features like views can prevent hackers from accessing the data. This means that the data is fully secured even if the network and server are compromised.
Liang Yao says
Through what process, a RDMS can reduce/eliminate redundant data?
Magaly Perez says
Through the data normalizing process. This process helps reduce redundancies of data in a database. It has guidelines that are used to optimally design a database to reduce redundant data.
Seunghyun (Daniel) Min says
Professor Yao,
Redundant data wastes valuable space and causes troubles in maintaining a database. To reduce or eliminate redundant data, you can implement a Normalization method in an RDMS. Normalization is a means to organize your data to prevent redundancy. Normalization is to establish and maintain the integrity of the data tables as well as remove inconsistent data dependencies.
Yu Ming Keung says
Hi Daniel,
You brought up a very interesting point that redundant data wastes space. That would be an important issue if it was 10 years ago where storage space was ridiculously expensive. Today, storage space is already affordable and nobody cares about running out of space, accept for their phone because of availability of database space. I believe when the data is redundant, it takes so much time for the computer users to manage and maintain the database in terms of data integrity.
Normalization method is a great way to reduce data redundancy, it can also result in greater overall database organization, consistency, flexibility of data, and better handle on database security.
Liang Yao says
Yu Ming – Can you provide an example of how normalization works during the class? Let me know. Thx
Fred Zajac says
One example of Normalization is the class webpage. The page allows both Prof. Yao and the students access to data in an organized fashion. It allows for a reduction in redundancy, and puts the data in one central bucket.
Binu Anna Eapen says
In file system, if authorization levels had to be different, for example L1 user having access to read and L2 user having the access to write then 2 different files had to be present one with L1 level access and one with L2 level of access. But in RDBMS the access control which delegates different levels of access to the same data provides redundancy by not repeating the same data again.
Brou Marie Joelle Alexandra Adje says
What are key characters of relational database management systems?
Relational database management systems are a collection of data items organized as a set of formally-described tables from which data can be accessed or reassembled in many different ways without having to reorganize the database tables.
The key characters are as below:
1. Data is presented as a collection of relations.
2. Each relation is depicted as a table.
3. Columns are attributes that belong to the entity modeled by the table
4. Each row represents a single entity
5. Every table has a set of attributes that taken together as a “key” uniquely identifies each entity
Liang Yao says
What types of relationship may exist among tables within a database?
Brou Marie Joelle Alexandra Adje says
Professor, taking the example of a family, the possible relationships are the following:
1- One-to-one: Both tables can have only one record on either side of the relationship. Each primary key value relates to only one (or no) record in the related table. They’re like spouses—you may or may not be married, but if you are, both you and your spouse have only one spouse.
2-One-to-many: The primary key table contains only one record that relates to none, one, or many records in the related table. This relationship is similar to the one between you and a parent. You have only one mother, but your mother may have several children.
3-Many-to-many: each record in both tables can relate to any number of records (or no records) in the other table. For instance, if you have several siblings, so do your siblings (have many siblings). Many-to-many relationships require a third table, known as an associate or linking table, because relational systems can’t directly accommodate the relationship.
Abhay V Kshirsagar says
Great post! I would like to provide a small example in a business scenario. For example in the case of Amazon, They have tables for
Customer information,
Orders,
Items,
Reviews,
Payment,
Supplier,
A customer can have many orders (one to many)
An order can have only one customer (many to one)
Mansi Paun says
Good examples, Abhay. I’d like to cite an example of Many-to-Many relationship here – that of our assignments – each one of us has written multiple answers to different questions and each different question has many different answers by different students.
Brou Marie Joelle Alexandra Adje says
Key benefits of relational databases vs traditional file system?
A database is generally used for storing related, structured data, with well defined data formats, in an efficient manner for insert, update and/or retrieval.
A file system is a more unstructured data store for storing arbitrary, probably unrelated data. The file system is more general, and databases are built on top of the general data storage services provided by file systems.
A database management system is designed to coordinate multiple users accessing the same data at the same time.
A file-processing system is usually designed to allow one or more programs to access different data files at the same time
.
Unauthorized access is restricted in RDBMS but not in the file system.
RDBMS allow to control unwanted repetition of data ( redundancy)
Brou Marie Joelle Alexandra Adje says
List risks associated with database management systems (DBMS)
Database systems interface with many different technologies and have a significant impact on a company’s resources and culture. The changes introduced by the adoption of a database system must be properly managed to ensure that they help advance the company’s objectives. The fact that database systems hold sensitive information is a vulnerability. Indeed, they can contain customers’ personal data, confidential competitive information, and intellectual property. Losing these data can result in brand damage, competitive disadvantage, and serious fines.
Because DBMS are accessed from multiple sources, security issues must be assessed constantly.
Liang Yao says
Correct. RDMS provides better security than unstructured data. However, it also made itself a target for malicious users. DBMS is usually an important IT audit entity within the audit universe.
Annamarie Filippone says
I agree that database management systems, while generally more secure than unstructured data, bring about a different set of risks. As you mentioned, DBMS are accessed from a variety of sources, which may not have the same security controls. This can potentially provide an easy entry-point for individuals who want to access to data and is a reason why security controls must constantly be monitored.
Said Ouedraogo says
What are key characters of relational database management systems?
A relational database is a collection of data items organized as a set of formally described tables from which data can be accessed easily. It is created using the relational model. The software used in a relational database is called a relational database management system (RDBMS).
Each table (which is sometimes called a relation) contains one or more data categories in columns
Each row contains a unique instance of data for the categories defined by the columns.
A user of the database could obtain a view of the database that fitted the user’s needs.
Sources: Deck slides
http://searchsqlserver.techtarget.com/definition/relational-database
Liang Yao says
How about the “relationship” please?
Said Ouedraogo says
Key benefits of relational databases vs traditional file system?
– Reduce data redundancy
– Improve data integrity
– Data and program independence
– Improve strategic use of data
– Improve security
However, relational databases are more complex, expensive, and difficult to recover from a failure.
Source: https://prezi.com/_yvckcg5pinu/advantages-of-using-database-approach-vs-traditional-file-pr/
Brou Marie Joelle Alexandra Adje says
It’s good that you pointed out some disadvantages of the RDMS. Indeed, it is expensive to set up and maintain the database system. In order to set up a relational database, you generally need to purchase special software. If you are not a programmer, you can use any number of products to set up a relational database. It does take time to enter in all the information and set up the program.
Annamarie Filippone says
I also agree that it is important that organizations take into account the disadvantages of DBMS so they are able to make informed decisions and are truly prepared once they choose to implement. In addition to the cost of the software itself, I would add that another cost can come from the need to hire additional personnel to manage the new database system.
Deepali Kochhar says
For this we need analysis of ROI. Will the data which is being moved from traditional to relational database give enough returns to overcome the cost of movement or not. Is that data needed in long term and on the basis of these parameter we need to make an analysis of the risk level. This will help in making analysis of ROI
Liang Yao says
Said, prepare to elaborate each of the benefit listed during our next class…:)
Priya Prasad Pataskar says
I agree with you Said that databases are difficult to recover in case of failure.
Oracle has many database recovery techniques in place,
1. Control files – This is the file that software requires to access database. No one except Oracle can edit this file. The file contains time stamps, database logs, transaction logs. And we can refer to this file to recover data.
2. Back up – Database can be backed up on a regular basis. You can set in the system a periodic back up day and time, what part needs to be backed up and what should be the location of backup. This becomes human error free when controlled by the system.
3. Roll back statements – These statements can rollback to a point and retrieve the earlier data or perform operations to get the old data back.
Fangzhou Hou says
Yes, I also think it’s important to mention the disadvantage of the DBMS. The cost-benefit analysis is a useful tool for the decision maker of an organization. Indeed, the relational databases can organize the structure of obtained data, however, just like what Said mentioned, the relational databases are usually costly. Therefore, the management in a small company or new-start company should balance the gain and loss of implementing the DBMS, a powerful database system may not what they really need.
Paul M. Dooley says
Said I completely agree with the others it was a good idea to bring to the forefront some of the limitations or challenges they bring to the table when used. That being said, I think we can all agree that even with the few limitations or disadvantages there’s no question why relational databases are so widely used today.
Said Ouedraogo says
List risks associated with database management systems (DBMS)
– Easily guessed passwords
– Missing Patches
– Misconfigurations
– Excessive Privileges
– Web application attacks (SQL-injection) •
– Insider mistakes
– Weak or non-existent audit controls
Source: Slide decks
Deepali Kochhar says
Rightly pointed Said.
Confidentiality, Integrity and Availability is always at high risk.
Binu Anna Eapen says
What are key characters of relational database management systems?
1. Data Integrity: DBMS maintains consistency of data
2. Rollback: Revert the previously executed command
3. Security: No unauthorized user can access the data
4. Concurrency control: Multiple user access
5. Backup: Backup of the data can be stored for security
6. Data Independent: Independent of queries.
Liang Yao says
RDMS provides better security features…but controls need to be implemented to prevent unauthorized users’ access. Can you identify some security controls related to a database system and explain during the class? Thx
Deepali Kochhar says
We need to manage the log as a detective measure for multiple user access so that in case any unwanted event occurs it can easily be traced with exact information such as who performed the transaction, when did it occurred and so on.
Binu Anna Eapen says
Key benefits of relational databases vs traditional file system?
Benefits of relational databases:
1. Query ability: In file system, the information was stored in file and to retrieve it the entire file had to be scanned. For doing this query had to be written step by step in programming language. Whereas in database, the query ability helps in finding the data
2. Redundancy Control: Unwanted repetition of data. In file system suppose if user has to be restricted from viewing or accessing certain information, 2 copies of the same information needs to be stored- one with the restricted access and one with full access. Redundancy control is a feature in database system where in permission are granted to user and depending on these permission users can access the data.
3. Access control: This feature enables the database administrator to delegate different levels of accesses to its users which was not present in file system
4. Option to store persistent object: Database gives the option to save an object which can be referred to later.
5. Backup and migrate: Option to import and export.
6. Multiple user interface
7. Integrity constraints: Maintain relationship between tables.
8. Relationship among data
9. Flexibility: Can change the schema of the data.
10. Application development time is reduced
Brou Marie Joelle Alexandra Adje says
I think the flexibility of an RDBMS presents a double-edged sword. By that I mean, experienced designers love it, but inexperienced designers can mess up the company’s data. For instance, an RDBMS does not force database designers to impose a coherent table structure; inexperienced programmers may design systems that create unnecessary complexity or limit the future development of the database through poorly chosen data types.
Liang Yao says
not try to go too deep into application development territory, but do you familiar with multi-tier architecture for application development?
Brou Marie Joelle Alexandra Adje says
No i’m not. Can you explain?
Priya Prasad Pataskar says
Q] What are key characters of relational database management systems?
Data was earlier stored in flat files. Where data was separated using delimeters.eg tab or ; or, or |. E.F Codd designed the relational database. Here data that is related to each other is stored in tables(relations). Relational database(db) has following characteristics:
– Table- called as Relation. Stores values. It can be related to another table. eg Table1 is of schools in Philadelphia. Table 2 is Fox school table.
– Here we can establish a relation. Fox School table is a subset of Table1.
– Attributes- They are the columns which define the characteristics of the relation. Eg.in Table 1 columns like School number, address, Name, contact number, state rank are the attributes.
– Tuple – it is the row in the table. Tuple is set of attributes that are related to each other.
e.g Table 1 (attribute, value)
Attributes (School number, address, Name, contact number, state rank)
Tuple (1231, 1800 Broad St, 901234569, Fox School of Business, 2)
– Primary key – There is a primary key in every tuple that makes it unique. Eg School number 1231 in our example.
– Relations – As the name suggests with help of primary keys you can establish a relation within two tables. Primary key can help join one – to- one or many – to many relations.
– Integrity – Relational tables follow various integrity rules that ensure the data stored in them is always accessible and accurate. The rules coupled with SQL enable users to easily enforce transaction and concurrency controls, thus guaranteeing data integrity.
– Optimized data – With unique identifiers, it is easy to search for data.
– Relational database is accomplished though structured query language, or SQL, which is based on relational algebraic principles.
Liang Yao says
Pyria, challenge question: prepare to discuss types of database constraints during the class.
Liang Yao says
Sorry, miss-spelled your name, Priya.
Priya Prasad Pataskar says
Yes Prof Yao. I can explain the constraints in class.
Priya Prasad Pataskar says
Q] Key benefits of relational databases vs traditional file system?
Traditional RDBMS
1. Data stored in flat files separated by delimiters Data stored in tables, in rows and columns
2. One file cannot be related to another Relationships between tables can be shown
3. Data is not independent of each other Data is physically and logically independent
4. They lack structure Structured: Atomicity,Consistency,Isolation, Durability
5. Data is not easy to access as there is no identifier Easy to access and search
Priya Prasad Pataskar says
Traditional ||||||||||| RDBMS
1. Data stored in flat files separated by delimiters ||||||||| RDBMS: Data stored in tables, in rows and columns
2. Relation between files cannot be established ||||||||| RDBMS: Relationships between tables can be shown
3. Data is not independent of each other |||||||||| RDBMS: Data is physically and logically independent
4. They lack structure |||||||||||| RDBMS: Structured: Atomicity,Consistency,Isolation, Durability
5. Data is not easy to access as there is no identifier ||||||||||| RDBMS: Easy to access and search
Annamarie Filippone says
This is a great way to easily distinguish the differences between a traditional file system and RDBMS. This really highlights the benefits that can be gained from RDBMS, including data independence, increased accessibility, etc. Organizations should complete a similar comparison when attempting to decide the method of data storage that they want to implement.
Jaspreet K. Badesha says
This is a great comparison. Certain organizations may be able to organize their data in a filing system, it just depends on the policies they have in place.The biggest difference I feel like in your points is establishing relationships between data. I feel like this point is key when discussing relational databases as the retrieval of related data can be very very helpful.
Priya Prasad Pataskar says
Q] List risks associated with database management systems (DBMS)
1. Sensitive data if stored in plain text can be a big risk. e.g storing passwords
2. Maintaining concurrency of data
3. Frequent updates or version changes from the DB product can sometime create discrepancies in data
4. Data must be made available at all times
5. Access must be well controlled
6. To keep availability at all times , maintaining back up and recovery is must, which increases additional costs
7. Tracking redundant data
Jaspreet K. Badesha says
Very nice points, especially in mentioning that data must be available at all times .. this poses a risk when placing measures in place to ensure that the system is secure.
Paul M. Dooley says
I think the necessity of availablity of data is often times forgotten while the confidentiality and integrity are more often focused on rather than the A in the CIA triad. Availability is absolutely critical and should always be top of mind when analyzing.
Yu Ming Keung says
Hi Priya,
I think you brought up a really good real-life point that frequent updates can sometimes affect data’s discrepancies. This also happened to the companies I currently worked for. When I accessed to the database, I was often recommended to update the database management system, but the update might cause data discrepancies. There is a policy to restrict employees from updating the system.
Yang Li Kang says
Thank you for sharing. Now that you mentioned it, I also experienced the same situation where I am always asked to update my database application whenever I open it and have been informed to not update the application. Whenever a new employee comes, they are always informed to not update the system.
Fangzhou Hou says
Thanks for sharing the experience Yang Li. When I worked in the China Construction Bank, the customer service system was required update check once a week to make sure the system was the newest version. And just like what you mentioned, most of new employees would informed not to update the system.
Abhay V Kshirsagar says
Priya,
Good job on putting light on the availability point. An example that I can think of is if the data is destroyed in a database containing user login information for a company, that will restrict them to entering into the system.
Wenlin Zhou says
Of course, the frequent update the software. It will be limited to use the information. So this affected the data available aspect. However, the updating system is to mitigate the risk. The company should get a balance.
Ming Hu says
I totally agree with you. Since the relational database are designed to grant permissions on a table or a column and are not well designed to restrict access to a subset of rows in a table, one user with privileges on a table is able to read every row in the table, if that table consists of sensitive data, such as password, well, that’s really a big risk
Daniel Warner says
Ming, I agree with you and have seen this in my current job. When handling our client’s data they can be resistant to giving us an entire table sometimes, and will instead create temp tables and then send the temp tables over. As you can imagine this can be problematic because they temp tables may be missing key information we need.
Vu Do says
What are key characters of relational database management systems?
Some of the characteristics of relational database management systems are data being store within tables that have relationship with each other. The data is set up in tables, rows, or even columns and they all must relate to each other either by a primarily or foreign key. To view or find the data that are store, there must be a command that combines the table base on the relationship. So the data has to be related in order for the command to work. SQL is one example of relational databases. I worked with SQL in my old job and the codes use to find something would only work if the data were related.
Liang Yao says
What types of relationship among tables? What’s the need to establish relationship among tables?
Vu Do says
They must have a common key that relates both tables to one another. Something in one table has to have a relationship with the other in order for it to connect to one another. I know when working with SQL, some of the programs had to call another program in order for it to do a command. Both tables had a relationship with one another since they had the same program listing in both.
The need to establish relationships among tables is to have it connect to one another. If it does not have any sorts of relationship then it is just two different tables unrelated to one another. You cannot call upon two tables that does not share any relationship towards one another. Even using programs like Microsoft Access, there must be a primary key in both tables that share a relationship in order for it to connect. So having a relationship is very important to share a connection towards two tables or programs.
Binu Anna Eapen says
For example one table contains information of temple ID and name and the health insurance policy associated and another table has temple ID and the fees due information, RDBMS is able to find relation between the tables and associate the temple ID to both the health insurance policy and the fees dues.
Mansi Paun says
Prof Yao,
The relationship between tables could be any of the following 3 types –
1) One-to-One : In such a relationship, a row in table A can have can only have one matching row in table B, and vice versa. This type of relationship is not common as most data related this way could very well be in one table itself. A one-to-one relationship is created if both of the related columns are primary keys or have unique constraints. For example, it could be used to store data that is short-lived and could be easily deleted by simply deleting the table.
2) One-to-Many : For example, the publishers and titles tables have a one-to-many relationship: each publisher produces many titles, but each title comes from only one publisher
3) Many-to-Many : In this type of relationship, a row in table A can have many rows in table B and vice versa.
Paul Linkchorst says
Question 1: What are key characters of relational database management systems?
Relational database management systems are offer greater benefits than a traditional management system. Instead of a hierarchical database that uses a tree like structure, a relational database utilizes tables to store data. The name relational comes from the fact that different tables “relate” to one another which allows data to be accessed and manipulated in a number of ways. The text identifies the following database objects that allow users to access data in a relational database management system.
1. Table – Store rows of data in one or more columns
2. View – A select statement on top of a table or another view that creates a virtual table
3. Stored procedure/function – Procedural code that can be called to execute complex functionality within the database.
4. Trigger – Procedural code that is called when a table is modified.
5. Index – Mechanism to provide fast lookup of data.
Paul Linkchorst says
Question 2: Key benefits of relational databases vs traditional file system?
One of the major benefits from a relational database vs a traditional file system is the ability to manipulate data and scalability. This is due to the fact that data is formatted into tables which allows the data to be reassembled and accessed without having to modify the entire database. Therefore, the structured query language (SQL) is used to pull information needed. Along with the ability to manipulate data much easier than a traditional file system, some other key benefits include reduction of data redundancy and increased data integrity. If I understand correctly, a traditional file system will need to organize data multiple times to get the results one is aiming for. Since the relational database utilizes a table, there are no multiple copies of the data. Likewise, one database that is controlled and monitored will have a much higher data integrity than multiple databases.
Brou Marie Joelle Alexandra Adje says
Paul, reading you I can deduce that a relational database’s best use is organizing large amounts of data. RDMS are pretty much the right tool for some jobs and the wrong for others. So, if you need to store and manipulate transactional data, you need it to be secure and yet allow multiple people to have simultaneous access to it, then an RDBMS is an excellent tool.
Liang Yao says
Can you think about a scenario that RDMS is not idea and bring to the class?
Brou Marie Joelle Alexandra Adje says
No problem professor. I will
Paul Linkchorst says
Question 3: List risks associated with database management systems (DBMS)
• Unauthorized users to the database
• Malware
• Unmanaged Sensitive Data
• Privilege Abuse
• Misconfiguration of database system
A list of database security threats can be found here:
https://www.imperva.com/docs/gated/WP_TopTen_Database_Threats.pdf
Sean Patrick Walsh says
Wouldn’t a DBMS be less likely than the rest of a business’s network components to be infected by malware? My understanding is that most DBMS’s are well behind a network’s firewalls and IDS/IPS components, and that would make them much less likely to get infected.
Liang Yao says
Correct. DBMS should be placed behind the firewall. However, they are not immune from the attacks. We will discuss the concept of “layers of defense” during this course.
Magaly Perez says
The Database Firewalls have a set of predefined, customizable security audit policies and they can recognize database attacks based on past incidents or threat patterns called ‘signatures’.
However, all the attacks on the databases may not be familiar. So, Database Firewalls create white list of approved SQL commands. All the input commands are compared with this white list and only those that are already present in the white list are sent to the database. Additionally Database Firewalls can retain a blacklist of certain specific and potentially harmful commands/ SQL statements and do not allow these type of inputs.
Fangzhou Hou says
Good point in creating the white list and black list. The white list is an effective method in mitigate the risk of attacking, and of cause, the black list can stop the harmful commands before they occur. So in this case, I think the white list and black list can be considered as preventive control.
Seunghyun (Daniel) Min says
Magaly,
Thank you for explaining how firewall operates in detail. A couple months ago, in my church, we got a new Check Point firewall. It was my first time configuring the firewall. I guess the white list and black list you mentioned could be the part of the configuration process. I and another senior who are currently working as a Networking Architecture spent so much time to complete the configuration because we had to come up with every possible scenario of being attacked or what to limit and what to allow users to access when they are using the church’s network. Then, we talked about how today’s hackers are evolving and attack victims with unprecedented ways. The firewall configuration won’t get easier but get more sophisticating as technology evolves.
Liang Yao says
Paul – Think about what controls can be implemented to mitigate those risks…let’s discuss during the class.
Paul Linkchorst says
Hi Professor Yao,
Will do. I will leave my thoughts here as well.
• Unauthorized users to the database
o Have standard process/policy in place for creating users. Also there should be a periodic review of the users with access to the database.
o Remove excessive rights and users that either default or have been added
• Malware
o Vulnerability assessment software
o Monitoring of database user activity
• Unmanaged Sensitive Data
o Encryption of database environments
• Privilege Abuse
o Monitoring of database user activity
o Remove excessive rights and users that either default or have been added
• Misconfiguration of database system
o Policy in place to identify when a patch is available and to apply the patch.
o Vulnerability assessment software
Sean Patrick Walsh says
1. What are key characters of relational database management systems?
Some of the key characteristics of a RDMBS are as follows:
– Tables, rows, and Columns
– Primary and foreign keys
– Attributes to describe data
– Ability to create relationships between data with keys
Sean Patrick Walsh says
2. Key benefits of relational databases vs traditional file system?
RDBMS’s prevent data redundancy, limit access by requiring logon credentials for authentication, prevent data losses by authorizing different levels of data manipulation to different users, offer portability of access from different locations, data is easier to manipulate to extrapolate information by users, and data is structured in a standard/uniform manner.
Sean Patrick Walsh says
3. List risks associated with database management systems (DBMS)
Risks associated with DBMS’s are as follows:
– Improper privileges granted to users
– Single point of failure
– SQL Injection attacks
– Databases are a BIG target for hackers; especially with those storing PCI/PII type data
– Without proper checklists for auditors, DB’s could be missed in audits
– Default passwords for users that aren’t changed
Paul Linkchorst says
Hi Sean,
I think you bring up a good point that a major risk associated with DBMS, is that of being a big target for hackers. It seems like every other day a major company is being hacked, which I am sure not all compromises are reported. Since information is a valuable and easy to sell, databases are a huge target. It will be interesting to see how companies and IT professionals respond to the current environment of how frequent databases are being hacked.
Sean Patrick Walsh says
You’re correct about your assumption that many compromises go unreported. I watched an episode of the show “Cyber Wars” on the new Vice News channel recently and it talked about how low the percentage of attacks are actually disclosed to the public. Certain attacks, like those that involve PCI and HIPAA, are required by law to disclose to the public. If there is no statutory regulation requiring disclosure most businesses do not do so in the fear of the impact on business and profits. The show interestingly brought up too that many attacks are carried out by employees and the companies forego charging them with a crime all in the effort to keep the attacks out of the public’s eye.
Seunghyun (Daniel) Min says
Paul,
You rightly said. Along with your point, companies that realize their information system has been compromised are reluctant to disclose they are under attack at the moment. They try to fix the problems on their own until they realize the attack has been gone for a while and they cannot fix them without the outside help.
Paul Linkchorst says
Hi Daniel,
I suppose revealing that a company has been breached poses a bigger risk since it might provoke hackers or “bad guys” in general to get involved in the action.
Wen Ting Lu says
Hi, Sean
I totally agree with you. Database are big target for hackers, it’s especially vulnerable for DBMS because hole database is modified if one record is modified. Data is stored in a single large table, therefore a breach will have the access to the entire database information
Vu Do says
Great list Sean, agreed with all your points, these are huge risks towards the database management system. I remember when working as an Associate application developer I would have to get access granted for every database in order to view and work in them. Without that then it would be a huge risk since anyone can access these databases and delete or edit them which could hurt the company. Since I worked for a health company, anyone with access would be able to go into the database and make changes to ID Cards. So making it so everyone has to be granted access would avoid this crucial risk.
Yu Ming Keung says
What are key characters of relational database management systems?
“Database management systems (DBMS) maintain data records and their relationships, or indexes, in tables. Relationships can be created and maintained across and among the data and tables.”
One of the unique characteristics of a relational database is its primary key, which is a unique identifier assigned to every record in a table. An example of a good primary key is a registration number. It makes every record unique, facilitating the storage of data in multiple tables, and every table in a relational database must have a primary key field.
The primary key feature allows allow data to be linked over multiple tables which overcome the limitations of simple flat file databases that can only have one table.
Primary Key can join table in a one-to-one, one-to-many, many-to-many relationship
Relational databases enable users to delete, update, read and create data entries in the database tables. This is accomplished though structured query language, or SQL.
Source:
https://www.reference.com/technology/features-relational-database-4ae8a3b8d37ffafa#
Abhay V Kshirsagar says
Yu Ming,
Great post. For the primary key, I think the best example I can think of is the social security number, which is unique to every individual; in case you are accepting the SSNs from the user in the form.
Ming Hu says
Good example, and I think with that unique primary key, it’s would be more easier to search for specific values by the use of indexing, like through social security number, authorities can easily look up your criminal records, your background, etc.
Seunghyun (Daniel) Min says
Yu Ming,
Great post. As a Temple University, we all have our own primary keys. For example, TUID and AccessNet are good examples of primary keys. Now Temple is trying to put everything on their cloud network. Those primary keys will play a huge role letting users to access all different platforms under the cloud.
Jianhui Chen says
Yu Ming, Thanks for the informative comments. A relational database is a collection of data items organized as a set of formally-described tables from which data can be accessed or reassembled in many different ways without having to reorganize the database tables. The relational database was invented by E. F. Codd at IBM in 1970.
Yu Ming Keung says
Question 3: List risks associated with database management systems (DBMS)
– Excessive and Unused Privileges
– Malware
– Storage Media Exposure
– Database injection attacks
– Unmanaged sensitive data
– The human factor
To mitigate the risks associated with database management systems (DBMS), an organization can do the following:
– Managing user access rights and removing excessive privileges and dormant users
– Blocking malicious web requests
– Training employees on risk-mitigation techniques including how to recognize common cyberthreats such as a spear-phishing attack, best practices around Internet and e-mail usage, and password management.
More database vulnerabilities and solutions can be found in this website:
https://www.shrm.org/resourcesandtools/hr-topics/risk-management/pages/top-database-security-threats.aspx
Paul Linkchorst says
Hi Yu Ming,
Good point that you brought up about training being an effective way to mitigate risks. My first thoughts seem to go to access controls and monitoring. However, simple training can teach employees the value of following policies and procedures as well as incorporate them as a vital part of information security. You can have the most sophisticated anti-virus/malware software, but if you can teach employees to avoid downloading malware then you are already one step ahead.
Yu Ming Keung says
Hi Paul,
I agree with you. People, technology and process are the three elements for a successful IT operation within an organization but people are often the weakest link in security because most people are unsophisticated. Many organizations invested heavily on monitoring, surveillance and anti-malware software. However, its employees often pose a risk because of their improper cyber behavior. That is why organizations should provide proper training in line with its policies, procedures, and culture for its employees.
Yang Li Kang says
Exactly! Technology are here to simplify and enhance business functions. People are still the one behind the technology. They create it, they maintain it, they operate it and they can also break it. Employee training is definitely one of the most important policy that organizations should prioritize.
Binu Anna Eapen says
I agree with you Yu Ming that no matter what security precautions are taken, employees impose threat to the system. Educating employees help in reducing the risk.
Wen Ting Lu says
Hi, Yu Ming
You brought up a great point. Many organizations invested large amount of money in monitoring, surveillance and anti-malware software. However, most organization didn’t invest enough in employee training which is extremely important. I believe employees are the biggest risk of the organization because they often lack the awareness of secure information assets. Therefore, they should be properly trained on how to secure the information, as well as organization’s policies, procedures and culture, etc.
Mansi Paun says
Rightly said, Paul. It’s too common to view training employees as a cost or lost productivity and managers often fail to realize the benefits of basic IT security training imparted to employees. And while we say that employees are the weakest link in the IT model of a company, it is also true that sometimes training employees would accomplish the same results quicker and at a lower cost than implementing a complex, time consuming and often expensive control mechanism.
Wenlin Zhou says
Improperly or inadequately trained employees can be a danger to themselves and those around them such as system. To minimize issues, all employees in the same position should receive the same training. In addition, all training should be formalized, scheduled as a separate activity and documented when complete.
Deepali Kochhar says
1. What are key characters of relational database management systems?
The key characters of relational database management systems are:
• A relational database is a collection of data items organized as a set of formally described tables from which data can be accessed easily.
• It is created using the relational model
• The software used in a relational database is called a relational database management system (RDBMS)
• It has access and control functions.
• It has management and security features such as:
Rules
Triggers
A stored procedure
Security
• Relational structure allows dynamic reformatting of the tables that drive data access, so that they are more flexible and adaptable to changing needs
In Relational Databases, Data is organized into tables, columns and rows.
A table is equivalent to a file, as it represents a collection of records.
A row is a horizontal set of data fields or components. A column is a vertical set of data fields or components
• Examples of relational databases include:
DB2
Informix
Lotus Approach
Deepali Kochhar says
Q 2. Key benefits of relational databases vs traditional file system?
• Data independence (e.g. n-tier application)
• Reduction of data redundancy (via Normalization)
• Maximize data consistency (primary key/ foreign key)
• Reducing maintenance cost through data sharing
• Security Feature
• Enforce Data integrity
Priya Prasad Pataskar says
Deepali, how database enforces integrity is interesting,
Domain integrity – Ensuring a domain gets selected range and type of values. eg If a phone number column must allow only numbers and special characters but not alphabets.
Triggers and Procedures They are the stored programs that run behind the system when a particular action is evoked. Eg. On delete of a entry the relative entries must be deleted. Say in a table of schools if entry for Fox school is deleted from Schools Master table, this entry must also be deleted from the Business Schools table.
Business Integrity – By running stored programs without knowledge of users checks can be performed to apply business rules.
Referential integrity – The use of primary keys to define unique records and foreign keys to establish relations enforces integrity.
Deepali Kochhar says
Q 3. List risks associated with database management systems (DBMS)
Following are the risk associated with the database management systems(DBMS):
• Easily guessed passwords
• Missing Patches
• Misconfigurations
• Excessive Privileges
• Web application attacks (SQL-injection)
• Insider mistakes
• Weak or non-existent audit controls
• Social engineering
Sean Patrick Walsh says
I thought it was really interesting reading the textbook portion on DBMS’s about how many are open source. I think that is both a positive and negative aspect. Having the systems open source allows everybody easy access to the code which helps find vulnerabilities quickly. Once vulnerabilities are found those who discovery them either make the choice to alert others and create a patch, or they say nothing and now potentially have a path in the system wherever it is being employed to access data they otherwise wouldn’t be authorized to.
Annamarie Filippone says
Great point Sean. Open source software usage is only growing as time passes, and this presents new benefits and risks for organizations. Recent studies have shown that only a small percent of companies utilizing open source software have any sort of controls in place, such as selection procedures and management, to mitigate those risks. With databases containing potentially confidential data, it is crucial that organizations using open source components create and test controls to ensure that they are not leaving a potential access point completely exposed.
Yu Ming Keung says
Key benefits of relational databases vs traditional file system?
One of the key benefits of relational databases is that it allows flexible access to data by creating different queries or tables whereas a file system only allows predetermined access to data.
Relational database system is designed to coordinate multiple users accessing the same data at the same time, which will enhance productivities and efficiencies. A file system only allows one user to access to the files.
RDBMS can reduce redundancy associated with data, increase data integrity and flexibility, restricts unauthorized access, provide better backup and recovery functions whereas a file system might not have all these functions.
Binu Anna Eapen says
List risks associated with database management systems (DBMS)
Ans: The common risks associated with DBMS are:
1. Excessive privileges: If a person is given more privileges than is required, he/she may misuse the access. Or failure to remove access for an employee who leaves the project or organization.
2. Legitimate privilege abuse: Users may abuse their legitimate privileges for unauthorized purposes.
3. Database Injection attacks: An input injection attack can give an attacker unrestricted privileges.
4. Malware: Can steal sensitive data through legitimate user laptop/device.
5. Storage media exposure: Failure to protect back up or a regular check on who is accessing the data and what sort of data even by low level privileged users can be a risk if not monitored properly
6. Exploitation of vulnerable database: Proper patches have to be updated regularly. And it takes months to update the database. During this time, it is vulnerable to external attacks.
7. Unmanaged sensitive data: Forgotten databases can contain sensitive data which can be exposed to threat if the required controls and permissions are not implemented
8. The human factor: Human negligence or lack of knowledge on the best practices can impose a great risk
Source: https://www.shrm.org/resourcesandtools/hr-topics/risk-management/pages/top-database-security-threats.aspx
Priya Prasad Pataskar says
Great post Binu!
You mentioned about SQL injection. In this attack the SQL query is exploited by entering an input that was not expected by the system. This input serves to the SQL query in such a way that it forms a different meaning of a query and gives us possibility to see data that we are not authorized for.
Similarly exploits are done to overflow the buffer. The input to a query/text box in form is given way beyond its capacity to hold characters. eg Name text box can hold say 30 characters but hacker will try to input 500 characters. The database and memory will not be able to handle that overflow and causes the program to crash.
The solution is to use secure coding practices. eg restricting number of characters that a input box can take.
Denial of service attacks are example attack where attacker inputs data in a database system beyond its capacity to handle so much that the program crashes. A distributed Dos is when multiple users flood data to the system.
Binu Anna Eapen says
Thanks Priya for the example.
Victoria A. Johnson says
Binu, great post! You thorough explained the common risks with DBMS.
Annamarie Filippone says
Q1. What are key characters of relational database management systems?
-Table: is equivalent to a file, representing a collection of records. Rows and columns are horizontal and vertical sets of data fields.
-Trigger: activate a stored procedure when a table or field is inserted, updated, or deleted.
-Stored Procedure/Function: program written in language of DBMS and behave like any other program.
-View: manipulate the data to show users what they would like to see, without changing the data.
Annamarie Filippone says
Q2. Key benefits of relational databases vs. traditional file system?
Key benefits of a relational database include the following:
-Data independence
-Reduced data redundancy
-Maximized data consistency
-Reduced maintenance costs (via data sharing)
-Increased security
-Enforced data integrity
Annamarie Filippone says
Q3. List risks associated with database management systems.
Risks associated with database management systems include:
-Potential organizational conflict
-Target for hackers
-Required to be available at all times
-Misconfiguration
Jaspreet K. Badesha says
Nice responses Annamarie, in additional I feel like privilege abuse among employees is also another risk. If you do not have proper controls and security settings in place employees who may not require access to the data will be able to access it and use it in an unprofessional manner.
Yu Ming Keung says
Great post Annamarie, database system can easily become an attractive target for hackers because it stored a lot of business data including business competencies and client’s privacy and credit card information so we need proper controls and security to mitigate DBMS risks.
Mitigating controls for a DBMS could be:
– Managing user access rights and removing excessive privileges and dormant users
– Blocking malicious web requests
Mansi Paun says
Rightly said Annamarie & Yu Ming. In addition to the measures suggested by Yu Ming, we can also deploy other layered controls as a risk mitigation strategy like database encryption and log-monitoring which would greatly reduce the probability of a security incident occurring .
Jaspreet K. Badesha says
1) What are key characters of relational database management systems?
A relational data base management system is a program that lets you create, update and administer a relational database. Compared to a manual database this is more flexible, compact and faster. It reduces the probability of inconsistent data.
– Data is displayed in tables, columns and rows
– It must support at least one language
– It must support insert, update and delete operations on sets
– Indexes are used to speed up data retrieval.
– Primary keys, foreign keys, and unique keys are called constraints and are created to enforce data integrity.
– Triggers are created to satisfy the business rules.
– Roles and privileges are used for security.
Vu Do says
Great definition Jaspreet, I liked how you compared relational database management systems to manual ones saying how it is more flexible, compact and faster. All very true and that is why companies would rather use relational databases on their system so that it is easier to run programs and make changes. It is easier to search and find information inside databases through relational, I could not imagine how it would be to have to do it manually. Working as an Associate App Developer I work just put a command in SQL to search the whole program for any key terms so it made it a lot easier to find what I was looking for. Having to do it manually would mean going through the whole program line for line searching what I was looking for and that could take days. So agreed relational compared to manual database is far better.
Jaspreet K. Badesha says
2) Key benefits of relational databases vs traditional file system?
Key benefits of relation databases vs traditional file system are that you can:
– search for multiple different data sets at once (or across different data sets)
– relational databases are computer based and much faster in terms of pulling information
– you can update many records very quickly
– many users can access the database
– you can restrict which users see which information or what actions they can perform in a database
Seunghyun (Daniel) Min says
Q1: What are key characters of relational database management systems?
A relational database management system (RDMS) is a program that gives you an ability to create, update and administer a relational database. Most commercial RDBMS’s use the structured query language (SQL) to access and retrieve the database.
Characteristics are as follows:
– Provides data to be stored in tables
– Persists data in the form of rows and columns
– Provides facility primary key, to uniquely identify the rows
– Creates indexes for quicker data retrieval
– Provides a virtual table creation in which sensitive data can be stored and simplified query can be applied.(views)
– Sharing a common column in two or more tables(primary key and foreign key)
– Provides multi-user accessibility that can be controlled by individual users.
Source: http://searchsqlserver.techtarget.com/definition/relational-database-management-system, http://www.careerride.com/DB-RDBMS.aspx
Jaspreet K. Badesha says
3) List risks associated with database management systems (DBMS)
– Performance issues are difficult to predict
– Data integrity is difficult to ensure with shared databases
– Mainly privilege abuse
– Poor audit trail
– Failed or incomplete backups
– Weak authentication
– Not requiring passwords for databases or weak passwords
– Weak systems configurations
Seunghyun (Daniel) Min says
Q2: Key benefits of relational databases vs traditional file system?
– Relational databases system uses both the physical and the logical access to the data. On the other hand, a traditional file system only deals with the physical access.
– Relational databases system allows flexible access to data and multiple user access to the same data, whereas a traditional system is created to let predetermined access to data.
– Relational database controls redundancy, restrict the unauthorized access, provide back-up for recovery; but not in a traditional file system.
Wenlin Zhou says
I agree with you. Relational databases allow you to define certain record fields, as keys or indexes, to perform search queries, join table records and establish integrity constraints. Search queries are faster and more accurate when based on indexed values. Table records can be easily joined by the indexed values. Integrity constraints can be established to ensure that table relationships are valid. If you are able to establish a one-to-many relationship in your data tables, you should be using a relational database because a flat file is not sufficient to handle your data processing needs.
Wenlin Zhou says
What are key characters of relational database management systems?
Relational Database Management System organizes data into related rows and columns.
Features:
– It stores data in tables.
– Tables have rows and column.
– These tables are created using SQL.
– And data from these tables are also retrieved using SQL.
Victoria A. Johnson says
Wenlin, nice post. To add onto what you said, some additional characteristics can be providing facility primary key to uniquely identify rows and creating indexes to easily retrieve data.
Wenlin Zhou says
Key benefits of relational databases vs traditional file system?
A “relational database” is a database structured on the “relational” model. Data are stored and presented in a tabular format, organized in rows and columns with one record per row.
The traditional filing system (TFS) is a method of storing and arranging computer files and the information in the file (data). Basically it organizes these files into a database for the storage, organization, manipulation, and retrieval by the computer’s operating system.
• Flexibility: Because programs and data are independent, programs do not have to be modified when types of unrelated data are added to or deleted from the database, or when physical storage changes.
• Fast response to information requests: Because data is integrated into a single database, complex requests can be handled much more rapidly than locating data separately. In many businesses, faster response means better customer service.
• Multiple access: Database software allows data to be accessed in a variety of ways (through various key fields), by using several programming languages (both3GL and nonprocedural4GL programs).
• Lower user training costs: Users often find it easier to learn such systems and training costs may be reduced. Also, the total time taken to process requests may be less, which would increase user productivity.
• Less storage: Theoretically, all occurrences of data items need be stored only once, thereby eliminating the storage of redundant data. System developers and database designers often use data normalization to minimize data redundancy.
Wenlin Zhou says
Q: List risks associated with database management systems (DBMS)?
-Easily guessed passwords
-Potential organizational conflict
-Target for hackers
-Required to be available at all times
–Failed or incomplete backups
Abhay V Kshirsagar says
Wenlin,
I strongly agree with you about the failed/incomplete backups point. I too believe that an organization needs to have right controls (corrective, preventive) to restore the system if such a situation arises.
Wenlin Zhou says
I agree with you Abhay, the corrective controls and preventive controls should have segregation of duties. The app developer should be different with corrective person.
Abhay V Kshirsagar says
What are key characters of relational database management systems?
RDBMS is a type of a system that organizes the data in related rows and columns.
> Users can query the data and receive widest range of output.
> The input, storage, alteration and deletion of data is done through SQL.
> Primary key (unique ID) is used to identify data in rows.
> “Data must be stored and presented as relations, i.e., tables that have relationships with each other, e.g., primary/foreign keys.”
Source: https://www.techopedia.com/definition/1235/relational-database-management-system-rdbms
Abhay V Kshirsagar says
Key benefits of relational databases vs traditional file system?
The traditional database is designed around a single table containing the data and it fails to support “big data,” like data gathered from various enterprise applications.
RDBMS incorporates multiple tables with methods for the tables to work together. If you need to store and manipulate data and allow multiple employees to have access to it simultaneously, then RDBMS is an excellent way to go about it. Other benefits include:
> mature development and administration tools
> best data modelling practices and physical database implementation
> support transactions
Source: http://www.tomsitpro.com/articles/rdbms-sql-cassandra-dba-developer,2-547.html
Fangzhou Hou says
Question: What are key characters of relational database management systems?
– Tables: each table includes one or more data categories in columns.
– Row: each row includes a unique instance of data for the categories defined by the columns.
– View: a user of the database could obtain a view of the database that fitted the user’s needs.
– Rules: rules define format and range of data that can be stored.
– Triggers: triggers can activate a DBMS stored procedure when a field, record or table is inserted, updated or deleted.
Source:
Week 3 slides deck
http://searchsqlserver.techtarget.com/definition/relational-database
Jianhui Chen says
Good post fangzhou. It is brief and informative.
and here is my understanding of relational database.
A relational database is a set of tables containing data fitted into predefined categories. Each table (which is sometimes called a relation) contains one or more data categories in columns. Each row contains a unique instance of data for the categories defined by the columns. For example, a typical business order entry database would include a table that described a customer with columns for name, address, phone number, and so forth. Another table would describe an order: product, customer, date, sales price, and so forth. A user of the database could obtain a view of the database that fitted the user’s needs. For example, a branch office manager might like a view or report on all customers that had bought products after a certain date. A financial services manager in the same company could, from the same tables, obtain a report on accounts that needed to be paid.
Fangzhou Hou says
Question: Key benefits of relational databases vs traditional file system?
Different from traditional file system, the relational databases can collect and store related data with effective structure, which allows database users easier access and research the data. Moreover, following the development of information technology, the amount of data is increasing rapidly, which reduces traditional file systems’ efficiency. Under this circumstance, relational databases can handle big data storing by using relational model, and enhance the data integrity. Furthermore, the relational databases can better protect the information assets of an organization, since the traditional file systems usually lack of an effective access authorization, which may cause data leak.
Yang Li Kang says
Great! As you explained, DBMS stores data in structured method through relational model which allows easier use of data.
Ming Hu says
Great answer, I think one of other benefits is that traditional file system is kind of manual process within which human errors is a high risk, while database is kind of automated process within which could greatly mitigate the risks caused by human.
Fangzhou Hou says
Yes, the traditional file system is usually unstructured and may have human errors. Comparing with traditional system, the databases can collect and store information with an organized structure. However, the DBMS also has some disadvantage like highly cost. Therefore, the decision maker should carefully balance it.
Abhay V Kshirsagar says
List risks associated with database management systems (DBMS)
First and the most important risk that I can think of is destruction of data. If the organization doesn’t have any corrective controls or preventive controls in place, a human error, which is inevitable, could cause this.
Other risks include misuse of data due to poor access controls, corruption of data.
Deepali Kochhar says
Good point Abhay,
I would like to put forward an example of data corruption:
A bank employee whose job requires the ability to change only account holder contact information may take advantage of excessive database privileges and increase the account balance of a colleague’s savings account.
Other can be, companies fail to update access privileges for employees who change roles within an organization or leave altogether.
A recent case of data corruption is one that occurred at wells Fargo. Employees of the bank enrolled customers into online banking and bill paying products without their knowledge.Employees generated ATM’s for dummy accounts and assigned pin numbers usually “0000” to the cards for which they received compensation.
This is a very serious issue as this has been the biggest case of identity theft which occurred due to loopholes in DBMS.
Liang Yao says
Deepali – Thanks for bring in the real life example. However, the sample you brought up is rather from human aspect not a data corruption issue. We can discuss during the class.
Yang Li Kang says
Thanks for sharing. I would also like to add that data corruption in DBMS is a big risk since the entire organization rely on the same database. Multiple departments may be using the corrupt data which could lead to a big mess that will be hard to correct.
Binu Anna Eapen says
Hi Yang,
But I assume most companies will have a back up system and have multiple recovery points for the databases as it contains lot of important information..
Liang Yao says
Good point. We will discuss data recovery strategy in a few weeks.
Fangzhou Hou says
Question: List risks associated with database management systems (DBMS)
Indeed, the database management systems (DBMS) is an organized structure to store data. However, it also stores huge amounts of sensitive information like the employees’ personal identity information (PII), customers’ personal information, and other business data like ordering information. If the attackers obtain the access authority and access in the DBMS, all the sensitive information might be stolen and cause significant data leak, which may serious damage the company’s information assets.
Yang Li Kang says
That is true. By unifying the database, it brings about a new threat where an intruder from any of the multiple access point will cause the entire information in the database to get stolen.
Vu Do says
Yes Fangzhou, DBMS storing these data is a huge risk if someone were to hack into the system. There must be many security measures in place to prevent this from happening. But hackers are using so many tools these days to get around the security to get into the system to steal these information. So the company must also develop a plan for the after effect. Meaning after it happens, how would they come back from it and what can they do to ensure it won’t happen again.
Yulun Song says
Agreed! Other threat or risk may also be internal steals, because lack of logical access control may lead multiple unauthorized steals from multiple points of the company. Sensitive data and information of the company are the most important area, public engineer is one threat, but internal steal is another big threat.
Yulun Song says
1. What are key characters of relational database management systems?
The key characters of relational database are: relational term, derived relvar, tuple, attribute, SQL equivalent, table, view, query result, result set, row, column
A relation is defined as a set of tuples that have the same attributes. A tuple usually represents an object and information about that object. Objects are typically physical objects or concepts. A relation is usually described as a table, which is organized into rows and columns. All the data referenced by an attribute are in the samedomain and conform to the same constraints.Flat file-it stores records without any relationships, and it can be stored in any random sequence.
Examples of relational databases include: DB2, Informix, Lotus Approach, MS Access, Oracle, SQL Server, Sybase.
sources from:
https://en.wikipedia.org/wiki/Relational_database#Relationships
Class PPT for week 3
Wen Ting Lu says
Another character of RDBMS is that it supports multiple users access which is not possible in DBMS.
RDBMS offers logical database independence in which data can be viewed in different ways by different users.
Liang Yao says
Actually RDMS is a type of DBMS. It’s based on relationship among tables.
Yulun Song says
2. Key benefits of relational databases vs traditional file system?
The benefits of relational database are:
Relational database has multiple tables and allows these tables to work together. The relationships between table data can be collated, merged and displayed in database forms. When search queries in relational database, it makes work faster and more accurate. And table records can be easily joined by the indexed values. Establishing one-to-many relationships, relational database can easily solve the problems whereas traditional file system cannot handle.
Yulun Song says
3. List risks associated with database management systems (DBMS)
1) Data leaks
2) Stolen database backups-internal steals
3) lack of consistency
4) deployment failures-lack of due care
5) lack of segregation-segregation duties
Yulun Song says
more and source from: http://www.zdnet.com/article/the-top-ten-most-common-database-security-vulnerabilities/
Ian M. Johnson says
How about duplication of data? Or would that be included in data consistency? I think data duplication and other inaccurate data is a real problem within large data bases. It causes a waste of storage and it costs money to explore, investigate, and fix these data issues.
Liang Yao says
Data duplication can be reduced via a process called Normalization. We will discuss during the class.
Jianhui Chen says
Agree with you, YuLun,
List risks associated with database management systems (DBMS)
I think Data leaks would cause a huge impact on the system. Databases may be considered a “back end” part of the office and secure from Internet-based threats (and so data doesn’t have to be encrypted), but this is not the case. Databases also contain a networking interface, and so hackers are able to capture this type of traffic to exploit it. To avoid such a pitfall, administrators should use SSL- or TLS-encrypted communication platforms.
Tamer Tayea says
What are key characters of relational database management systems?
Relational Database is collection of two dimensional data stored in rows and columns.
The Database Management Systems DBMS provides:
– Database pro-active maintenance services like indexing for quick data retrieval of specific group of database records based on primary key.
– Provide RBAC to control who has access to which parts of database based on authorization and job function.
– Controls management functions performed on database such as query, records retrieval, data removal/deletion, regular security, and integrity checks.
– The DBMS has capability to query database on the fly to form virtual views using pre-determined criteria resulting on great flexibility.
Tamer Tayea says
List risks associated with database management systems (DBMS)
One of the goals for DBMS is to secure databases against risks posed against the database. The risks vary from intentional hacking to expose data (confidentiality and privacy), commit fraud by altering data records (integrity), or bring database down (availability) and disrupt user access. The controls against such risks should target each area of potential data loss.
Some of the controls to limit Impact of risks:
Authorization/Authentication:
Define users access level based on their work function and authorized access, use RBAC, increase logging of database activities, limit database views creation based on access level and job function. Use of complex passwords, force database users to change their passwords more often, use of two factor authentication to lower risk if intruder gained access even to database administrator work station
Integrity:
Use DBMS integrity checks to validate data on front end applications and database levels as well. Use robust backup and recovery policy to be able to go back to restore database to trusted point in time should security breach is detected. Backups can run incremental more often during the day to lower the RPO should data breach occur and need to restore from last know good condition.
Encryption
Encrypt database traffic in flight and at rest. Encryption makes it so difficult to decipher database records if unauthorized intruder intercepted database traffic or gained access to physical disks where database is stored.
Liang Yao says
You brought up several important subjects here: authentication vs. authorization; protecting data at rest, data in use and data in transition. Those are things concern IT auditors. We will discuss on Wednesday.
Yulun Song says
Great post! other risks may include organizational data leakages, stolen database backups by internal steals, lack of consistency, lack of due care, or lack of segregation of duties within an organization.
Tamer Tayea says
Key benefits of relational databases vs traditional file system?
Relational database:
– Database is structured data logically combined based on selection of database keys and table relations.
– Store related data in 2 dimensional array.
– Use specific format based on database system used (Oracle, MySQL).
– Data are being saved to database in synchronous manner, DBMS waits for acknowledgement back from database before it declares record is saved.
– DBMS provides integrity, security, availability during customer access.
Traditional File System:
– File system stores files in an unstructured fashion.
– Files saved to file systems in asynchronous manner.
– File system provide security and integrity but not as robust as DBMS.
https://www.quora.com/What-is-the-difference-between-a-file-system-and-a-database
Yulun Song says
Agreed! In addition, when search queries in relational database, it makes work faster and more accurate. And table records can be easily joined by the indexed values. Establishing one-to-many relationships, relational database can easily solve the problems whereas traditional file system cannot handle.
Yang Li Kang says
What are key characters of relational database management systems?
– Stores data in tables in the form of rows and columns
– Has primary key, to uniquely identify the rows
– Creates indexes for quicker data retrieval
– Ability to view data through creating a virtual table with customizable queries
– Multi-user access and sharing of data
Yang Li Kang says
Key benefits of relational databases vs traditional file system?
In a traditional file system, each department will have their own file system. Most of the time, each department will need information from other departments so, they will have to copy information from other systems into their own. This creates a redundancy and a waste of space as each systems have same information. The RDMS on the other hand, is a single system where all department share information.
Some of the key benefits of RDMS vs traditional file system are:
-Control of data redundancy
-Sharing of data
-Improved data integrity
-Improved data accessibility and productivity
Yang Li Kang says
List risks associated with database management systems (DBMS)
-If the integrity of data is compromised, the whole organization will be affected.
-A breach will allow access to the entire database information.
-Database failure will severely affect the organization’s ability to function
-Virus/malware/infection will affect the entire database.
Binu Anna Eapen says
I guess by properly delegating accesses, updating the patch regularly and have proper restore points most of the risks mentioned can be mitigated.
Liang Yao says
Database Administrator (DBA) and database developer are two different roles and we will discuss during the class.
Wen Ting Lu says
What are key characters of relational database management systems?
• Data is stored in the forms of tables. In tables, data are stored in rows (records) and columns (field)
• Relationships are created and maintained across and among the data and the tables
• Designed to handle large amount of data, it supports multiple users
• Single database can be separated across several tables
• Database is “broken down” into smaller pieces
• The changes will NOT affect the entire database
• Use SQL commands to retrieve or update data
Source: https://www.youtube.com/watch?v=baeoDqjWEMg
Wen Ting Lu says
List risks associated with database management systems (DBMS)
-Concurrent Access Anomalies
multiple users using the same data will lead to inconsistent data problem
-DBMS does not apply any security with regards to data manipulation
– Whole database is modified if one record is modified. Data is stored in a single large table, therefore a breach will have the access to the entire database information
Liang Yao says
RDMS has built in mechanism to handle concurrent access; it also has the security feature to assign different types of access; usually a database consists a lot of objects, including a lot of tables, access can be granted to those objects.
Wen Ting Lu says
Key benefits of relational databases vs traditional file system?
Multiple access- Database software allows data to be accessed in a variety of ways (through various key fields), by using several programming languages
Flexibility-Because programs and data are independent, programs do not have to be modified when types of unrelated data are added to or deleted from the database, or when physical storage changes.
Lower user training costs- Users often find it easier to learn such systems and training costs may be reduced. Also, the total time taken to process requests may be less, which would increase user productivity.
Control redundancy- DBMS approach whereby a pool of related data is shared by multiple application programs. System developers and database designers often use data normalization to minimize data redundancy. Whereas traditional file system duplicate data in separate files.
Fast response to information requests- Data is integrated into a single database, complex requests can be handled much more rapidly than locating data separately. In many businesses, faster response means better customer service.
Source: http://www.bayt.com/en/specialties/q/47871/advantages-and-disadvantages-of-dbms-over-traditional-file-processing-system/
Liang Yao says
One reason database can provide fast query results is via indexing. How does index work? Can you find out and explain during the class?
Ming Hu says
Primary key is an efficient way for indexing, since it’s unique, just like our TU id, authorized people can search one by typing his/her TU id into the system. Also, first name or last name could be used for indexing as well, but it not as efficient as TU id, since it is not unique, for example, if you type “David”, maybe more than one result appears.
Jianhui Chen says
Thanks for sharing the information of benefit of relational database.
In my opinion, Digital technology has reduced the cost of sharing information. The use of the Internet is effective for teachers to transmit notes to students, and also to connect with other teachers. This expands access to knowledge and opportunity. When students access lecture notes prior to the lesson, the lesson may be more interactive and interesting.
The Internet and other kinds of technology also allow students to access extra information that may not have been covered in class. Similarly, it’s cheaper for learning institutions to subscribe to online journals compared to purchasing printed books. The Internet has tremendously lowered barriers to information by making it possible for researchers to share their discoveries and publications online.
In addition, keeping digital records in hospitals allows for easier retrieval than manual records. Digital information is also secure in case of theft or fire. The use of electronic banking is convenient, as it allows account holders to make transactions in the comfort of their homes.
Mansi Paun says
What are key characters of relational database management systems?
Below are some of the key characteristics of RDBMS :
• Data must be organized in a table format. Even relations between tables are stored in the form of a table.
• Data in a column must be accessible by specifying the the table and column name along with the value of the primary key of the row
• Supports missing data in organized, logical way
• must support an active on-line catalogue
• must support at least one language that can be used independently and from within programs, and supports data definition operations, data manipulation, constraints, and transaction management.
• Views must be updatable by the system
• must support insert, update, and delete operations on sets
• supports logical, physical and distribution independence
• Integrity constraints must be stored within the catalogue, separate from the application
• Provides multi user accessibility that can be controlled by individual users(through field access controls like author access/creator access)
Source :
http://www.careerride.com/DB-RDBMS.aspx
http://it.toolbox.com/blogs/enterprise-solutions/characteristics-of-relational-databases-24134
Ariana Levinson says
What are key characters of relational database management systems?
-Use tables to store information
-Data is represented in columns (fields) and rows (records)
-Primary and Foreign Keys; used for building relationships between tables
-Typically utilizes SQL for building, maintaining, and querying
-Must support at least one language
Key benefits of relational databases vs traditional file system?
-Data is only stored once which makes changing/updating data more efficient
-Complex queries (using SQL) can be used to extract data
-There are some controls in place to help increase security
-Easily expandable to accommodate future requirements
List risks associated with database management systems (DBMS)
-Increased costs (hardware, software, personnel, training)
-Management Complexity – changes must be made carefully to ensure data remains secure and in-line with how the business intends the DB to interface with other systems
-Frequent updating and patching is required
Source: https://equizine.wordpress.com/2012/10/22/advantage-ans-disadvantages-of-database-management-system/comment-page-1/
Liang Yao says
From IT audit aspects, can you list a few key controls auditors must to take into consideration while auditing a relational database?
Ariana Levinson says
Because these DBs are so complex and changes made can have far reaching impacts, it would be very important during an audit to take a close look at the change management policies and procedures to ensure they cover all aspects of the change control process, and to make sure that the changes being made do follow all parts of the documented process. The same is true of updating and patching; these activities should be done in accordance with the documented processes concerning them.
Mansi Paun says
Some of the key benefits of relational databases vs traditional flat file system are as below :
• Traditional file systems are more prone to data corruption as its storage is unstructured. Relational databases on the other hand have data stored in tables which makes the data less prone to corruption
• Traditional file systems are not sufficient to handle large volumes of data
• Search queries are faster to run on Relational databases as compared to file system
• Relational databases offer more robust reporting and the capability to import and export
• Relational databases offer better security and access control as compared to file system as users can be given specific access level to different fields
Liang Yao says
Any security implications or improvements?
Ming Hu says
Q: What are key characters of relational database management systems?
Using of primary keys
Avoiding of data redundancy – the use of “normalization” rules
Constraining data input – specify what sort of data a database column is allowed to contain
Using of SQL
Convertibility – data can be transferred between relational database systems relatively easily.
Source: http://en.tekstenuitleg.net/articles/software/database-design-tutorial/database-characteristics.html
Ming Hu says
Q: Key benefits of relational databases vs traditional file system?
It’s easier for user to understand and implement
It’s easier to convert from other database structures
it’s easier to implement projection and join operations
It’s easier to create new relations for applications
It’s easier to implement access controls over sensitive data
It’s easier to modify the database
Source: CISA Review Manual
Ming Hu says
Q: List risks associated with database management systems (DBMS)
Legitimate privilege abuse – users may abuse legitimate database privileges for unauthorized purposes
Database injection attacks – SQL injections and NoSQL injections
Malware
Storage media exposure
Exploitation of vulnerable databases – it generally takes organizations months to patch databases, during which time they remain vulnerable
The human factor
Source: https://www.shrm.org/resourcesandtools/hr-topics/risk-management/pages/top-database-security-threats.aspx
Joshua Tarlow says
I like that you listed the human factor on your list. Human error is always a risk regardless of how the data is stored. A system may reduce the error, but it is impossible to eliminate completely. I’ve looked throw a lot of DBMS that have errors that were most likely human.
Liang Yao says
Correct, one area IT auditor should always review is the IT team’s education, experience and training program.
Jianhui Chen says
Agree, the risk you listed is the really we need to concern. For those of you who prefer to get more technical, here are a few examples of exploits. More are fleshed out in the full paper. Consider the following situation: A PHP application has a login mechanism where the username and password are sent from the user’s browser via HTTP POST. This vulnerability is applicable to HTTP GET, as well.
Mansi Paun says
A3 The most common risks associated with database management systems can be listed as :
• Abuse of excessive privileges
• Database injection attacks
• Malware
• Storage media exposure
• Vulnerability due to delayed patching
• Unmanaged sensitive data
• Security incidents due to human negligence
Source : https://www.shrm.org/resourcesandtools/hr-topics/risk-management/pages/top-database-security-threats.aspx
Daniel Warner says
1 Key Characteristics of RDMS
• RDMS’s are created to store large amounts of data that the applications of the business will use in their day-to-day activities.
• Data is stored in tables.
• The rows of the table identify a record, and the columns of the table identify a characteristic of that record
• A Data Dictionary that identifies how the database is formatted, such as data type, or the configuration but doesn’t say anything about the data itself.
– Tables have a primary key that is a unique identifier for that record and then can contain foreign keys which show association via a primary key to another table.
Daniel Warner says
2. Key Benefits of relational databases vs. traditional file system.
– I think a major benefit of a relational database is the ability to query and manipulate data as opposed to a traditional file system or flat file.
– A user can utilize SQL to run queries to get the results of the data that the user needs.
– Many users have access to the information, but users can have different security preferences. In a traditional file system, everyone who is accessing data has the same privileges with this data.
– Less redundancy in data. Primary to foreign key relationships reduce the amount of data redundancy in comparison to a traditional file system.
Daniel Warner says
3. List risks associated with database management systems (DBMS)
-A DBMS is in contact with several different business applications, thus if data is corrupted in a record then that piece of corrupted data can flow over to many different applications that are using that record from the database.
-Large amounts of sensitive data are stored in a DBMS. If a hacker gains access to the DBMS he has access to a lot of information that can harm a company.
-SQL Injection attacks can occur where a person could alter the database by entering in SQL into a field in an application currently using the database, and the database would respond to the SQL script.
Liang Yao says
Prepare to discuss controls should be in place to mitigate those risks…
Ariana Levinson says
At least towards the issue concerning hackers, there are all sorts of vulnerability management tools out there to help businesses control their risk and patch known vulnerabilities (Qualys, Nessus, Imperva, etc.) If I were to implement a vulnerability management program as a control to prevent hacking, it would involve continuous scanning, patching critical vulnerabilities within 30 days of their being discovered (on a rolling basis), implementing patches and updates within 30 days of their being released, and also scanning for simple configuration changes that could be made to harden/secure the database.
Seunghyun (Daniel) Min says
Q3: List risks associated with database management systems (DBMS)
Although DBMS brings up considerable advantages to an organization, it also carries some flaws. Examples are as follows:
1. Increased costs: Since Database systems require sophisticated hardware and software and highly skilled personnel, the cost of maintaining the hardware, software, and personnel required to operate and manage a database system can be substantial.
2. Management complexity: Database systems interface with many different technologies and have a significant impact on a company’s resources and culture. The changes introduced by the adoption of a database system must be properly managed to ensure that they help advance the company’s objectives. Given the fact that database systems hold crucial company data that are accessed from multiple sources, security issues must be assessed constantly.
3. Maintaining currency: To maximize the efficiency of the database system, you must keep your system current. Therefore, you must perform frequent updates and apply the latest patches and security measures to all components. Because database technology advances rapidly, personnel training costs tend to be significant.
4. Vendor dependence: Given the heavy investment in technology and personnel training, companies might be reluctant to change database vendors. As a consequence, vendors are less likely to offer pricing point advantages to existing customers, and those customers might be limited in their choice of database system components.
5. Frequent upgrade/replacement cycles: DBMS vendors frequently upgrade their products by adding new functionality. Such new features often come bundled in new upgrade versions of the software. Some of these versions require hardware upgrades. Not only do the upgrades themselves cost money, but it also costs money to train database users and administrators to properly use and manage the new features.
Source: http://www.myreadingroom.co.in/notes-and-studymaterial/65-dbms/462-advantages-and-disadvantages-of-dbms.html
Liang Yao says
What’s another important reason to maintaining currency of a database system?
Victoria A. Johnson says
Very detailed summary Daniel. DBMS is considered the more efficient option because reading line by line is not required and specific control mechanisms are already in place.
Joshua Tarlow says
Key benefits of relational databases vs traditional file system?
Traditional file systems store data in files, as opposed to a relational database which stores data in tables with rows and columns. As a result, relational databases allow for more sophisticated data organization and retrieval. Key organizational benefits to relational databases are less redundancy/inconsistency, and more data integrity. Because relevant data is often stored in separate files with different people maintaining them it becomes difficult to enforce consistency and reduce redundancy between files. Often creates many silos as each file is subject to an individual user.
Data retrieval is also more difficult in a traditional file system because of the data silos and formatting inconsistencies. Files may not have any inter-relationship, regardless of their relevancy to one another. A relational database address these issues by using a table format, and serving as a single data source for multiple users. Because there is one source, standards can be applied and enforced which will reduce inconsistencies and redundancy. As a result, there are less resources wasted, while data can be organized and retrieved faster.
Last, security is an important benefit for relational databases. Access controls can be implemented for relational databases, so users can only see data they are allowed to. Traditional file systems do not have this feature because there are maintained on an ad hoc bases over a long period of time. Users will likely have access to data that should be restricted in some form.
Fred Zajac says
What are key characters of relational database management systems?
1. Data Storage – Data is organized and stored in tables (Columns & Rows).
2. Rules – Can set up thresholds to limit the data input and/or access
3. Triggers – Allows for a reaction from an initial action.
4. Storage – program specific procedures to store data (Saved or Updated) and where to save the data
5. View – The interface is customizable and can be tailored to the company / industry.
Fred Zajac says
Key benefits of relational databases vs traditional file system?
1. Data Independence – This allows for the data structure, in a database management system to be changed without changing the other fields. An example of this is data mapping for program customization. You may want to change a phone number with a separate field for the area code, into one field. This feature allows for you to change how the phone number looks without affecting the other data.
2. Reduction of Data Redundancy – This reduces the amount of times the same data is stored on the network. This will reduce the amount of drive space on your network. Data Redundancy should be avoided locally and backed-up to a cloud environment.
3. Maximize Data Consistency – This allows for data to be used and updated across different platforms, close to real-time. An example of this would be the operations department changing the items list in one program that populates the new items to the accounting department for invoicing.
4. Data Sharing – This is when the data is accessible by multiple users. It is a centralized location, allowing for multiple access by different users. The centralized database reduces costs associated with maintaining separate databases and possibly redundant data.
5. Security – The system allows for the setting of group policies and controls. You have the ability to limit access to data based on user rights and privileges. Confidential document data can be encrypted locally to protect data transfers between different programs.
6. Data Integrity – The accuracy of the data stored will increase by only allowing certain data fields to be changed, moved, or added. The database is only as good as the data. The data should be complete, consistent, and accurate for a system to be effective.
Victoria A. Johnson says
Fred, great post. You were very detailed in your explanation in order to understand the key benefits of both systems.
Fred Zajac says
List risks associated with database management systems (DBMS)
1. Configuring or setting security controls on users – This give the user access to otherwise restricted data and/or granting administrator privileges to move, add, or change data.
2. Securing the system from hackers – Malware may be installed on the server, granting access to the entire database.
3. Disasters – Natural or Man initiated disaster may cause data to be corrupted or lost.
Shizhong Yang says
Question: Key benefits of relational databases vs traditional file system?
The biggest single difference is database systems actually know the data and the structure of the data they manage at a very deep level, while the lowest-level data item for file systems is typically the page (Paging).
At the lowest level, there is a lot of cross-pollination between db engine storage layers and file systems, particularly in areas like transactions and recovery (Journaling file system), where concepts such as Transaction logs are used by most DB engine storage systems and many modern file systems.
That said, since DB engines have very detailed knowledge of their data that file systems don’t have, they often have big differences at the storage layer:
Base data and indexes are often managed very, very differently, and db engines often have several Cache algorithms for different situations. File systems typically are less complex at this layer since they don’t have the same level of visibility into the access patterns of the data.
DB engines often have to deal with heavy update concurrency, so they have complex lock managers to manage concurrent updates. Lock (database). File systems don’t have this type of requirement.
Above the storage layer, things get much different. DB engines have lots of Metadata describing the structure of their data, and they use it to support both querying and organizing the data.
File systems have much less app-provided metadata, typically just a file name and the actual file bytes from the app. File systems maintain their own metadata about files, but this is generally restricted to where the bytes are in the file system. There is no need for file systems to know things like table FOO’s third column is an integer and has a hash index on it.
Paul M. Dooley says
What are key characters of relational database management systems?
Data in the relational databases must be represented in tables, with values in columns within rows. Data within a column must be accessible by specifying the table name, the column name, and the value of the primary key of the row. The DBMS must support missing and inapplicable information in a systematic way, distinct from regular values and independent of data type. The DBMS must support an active on-line catalog. The DBMS must support at least one language that can be used independently and from within programs and supports data definition operations, data manipulation, constraints, and transaction management. Views must be updatable by the system. The DBMS must support insert, update, and delete operations on sets. The DMBS must support logical data independence. The DBMS must support physical data independence. Integrity constraints must be stored within the catalog, separate from the application.
http://it.toolbox.com/blogs/enterprise-solutions/characteristics-of-relational-databases-24134
Paul M. Dooley says
Key benefits of relational databases vs traditional file system?
Tradition file system is designed around a single table. File may contain many fields, often with duplicate data that are prone to data corruption and duplicates. Relational databases leverages multiple tables that work together. The relationships between table data can be collated, merged and displayed in database forms. This allows to share data across networks, over the internet, with other devices and software systems. Also relational databases allow for more robust reporting.
http://www.databasedev.co.uk/flatfile-vs-rdbms.html
Wen Ting Lu says
You are correct that rational databases control redundancy. DBMS approach whereby a pool of related data is shared by multiple application programs. System developers and database designers often use data normalization to minimize data redundancy. Whereas traditional file system duplicate data in separate files. In addition, rational database software allows data to be accessed in a variety of ways (through various key fields), by using several programming languages.
Paul M. Dooley says
List risks associated with database management systems (DBMS)
Easily guessed passwords
Missing patches
Misconfigurations
Excessive privileges
Web application attacks
Insider mistakes
Weak or non-existent audit controls
Social engineering
Source: Class presentation.
Tamer Tayea says
I would add authentication, authorization , in addition to data integrity to list of DBMS risks.
Jianhui Chen says
What are key characters of relational database management systems?
A relational database is a collection of data items organized as a set of formally described tables from which data can be accessed easily. A relational database is created using the relational model. The software used in a relational database is called a relational database management system (RDBMS).
The Relational database management system are created for fast storage and recovery of large quantities of data. Provides data to be stored in tables. The advantages of RDMS is that it removes duplicate data and allows easy accessibility to information from other users, as well as makes it easier to update data. The RDBMS will Increase cost, management difficulty, maintaining Currency, and upgrade and Frequency
Source: https://equizine.wordpress.com/2012/10/22/advantage-ans-disadvantages-of-database-management-system/comment-page-1/
Jianhui Chen says
Key benefits of relational databases vs traditional file system?
There are several benefits of relational databases management system. Few of them are as follows:
1. Data is only stored once. In the previous example, the city data was gathered into one table so now there is only one record per city. The advantages of this are
No multiple record changes needed
More efficient storage
Simple to delete or modify details.
All records in other tables having a link to that entry will show the change.
2. Complex queries can be carried out. A language called SQL has been developed to allow programmers to ‘Insert’, ‘Update’, ‘Delete’, ‘Create’, ‘Drop’ table records. These actions are further refined by a ‘Where’ clause. For example
SELECT * FROM Customer WHERE ID = 2
This SQL statement will extract record number 2 from the Customer table. Far more complicated queries can be written that can extract data from many tables at once.
3. Better security. By splitting data into tables, certain tables can be made confidential. When a person logs on with their username and password, the system can then limit access only to those tables whose records they are authorized to view. For example, a receptionist would be able to view employee location and contact details but not their salary. A salesman may see his team’s sales performance but not competing teams.
4. Cater for future requirements. By having data held in separate tables, it is simple to add records that are not yet needed but may be in the future. For example, the city table could be expanded to include every city and town in the country, even though no other records are using them all as yet. A flat file database cannot do this.
http://www.teach-ict.com/as_as_computing/ocr/H447/F453/3_3_9/database_design/miniweb/pg8.htm
Jianhui Chen says
List risks associated with database management systems (DBMS)
Easily guessed passwords
Missing Patches
Misconfigurations
Excessive Privileges
Web application attacks (SQL-injection)
Insider mistakes
Weak or non-existent audit controls
Social engineering
Tamer Tayea says
Jianhui , Nice recap of DBMS risks , it is important to log DBMS activities to remote syslog facility for purpose of spotting misconfigurations and excessive privilege access.