CIS9340Chapter 20-Security and Administration.pdf

Transcript

CIS 9340
CHAPTER 20
SECURITY AND ADMINISTRATION

SECURITY AND ADMINISTRATION
The term security refers to the protection of the database against unauthorized access, either intentional or
accidental.
Database security The mechanisms that protect the database against intentional or accidental threats.

Security considerations apply to not just the data held in a database: breaches of security may affect other
parts of the system, which may in turn affect the database. Consequently, database security encompasses
hardware, software, people, and data. To effectively implement security requires appropriate controls,
defined in specific mission objectives for the system.

SECURITY AND ADMINISTRATION
A database represents an essential corporate resource that should be properly secured using
appropriate controls. We consider database security in relation to the following situations:
• theft and fraud;
• loss of confidentiality (secrecy);
• loss of privacy;
• loss of integrity;
• loss of availability.

Theft and fraud affect not only the database environment but also the entire organization. As it is people
who perpetrate such activities, attention should focus on reducing the opportunities for this occurring.
Theft and fraud do not necessarily alter data, as is the case for activities that result in either loss of
confidentiality or loss of privacy.

SECURITY AND ADMINISTRATION
Confidentiality: refers to the need to maintain secrecy over data—usually only data that is critical to the
organization—whereas privacy refers to the need to protect data about individuals. Breaches of security
resulting in loss of confidentiality could, for instance, lead to loss of competitiveness, and loss of privacy
could lead to legal action being taken against the organization.
Loss of data integrity: results in invalid or corrupted data, which may seriously affect the operation of an
organization. Many organizations are now seeking virtually continuous operation, the so-called 24/7
availability (that is, 24 hours a day, 7 days a week).

Loss of availability: means that the data, or the system, or both cannot be accessed, which can seriously
affect an organization’s financial performance. In some cases, events that cause a system to be unavailable
may also cause data corruption.
Threat: any situation or event, whether intentional or accidental, that may adversely affect a system and
consequently the organization.

SECURITY AND ADMINISTRATION
A threat may be caused by a situation or event involving a person, action, or circumstance that is likely to
bring harm to an organization. The harm may be tangible, such as loss of hardware, software, or data, or
intangible, such as loss of credibility or client confidence.
The problem facing any organization is to identify all possible threats. Therefore, as a minimum, an
organization should invest time and effort in identifying the most serious threats. Any threat must be
viewed as a potential breach of security that, if successful, will have a certain impact.

SECURITY AND ADMINISTRATION

SECURITY AND ADMINISTRATION

SECURITY AND ADMINISTRATION

SECURITY AND ADMINISTRATION

Potential threats and users

SECURITY AND ADMINISTRATION
Countermeasures—Computer-Based Controls

The types of countermeasure to threats on computer systems range from physical controls to administrative
procedures. Despite the range of computer-based controls that are available, it is worth noting that generally,
the security of a DBMS is only as good as that of the operating system, owing to their close association.
The computer-based security controls for a multi-user environment (some of which may not be available in
the PC environment):
• authorization,
• access controls,
• views,
• backup and recovery,
• integrity,
• encryption,
• RAID technology.

SECURITY AND ADMINISTRATION
Authorization
The granting of a right or privilege that enables a subject to have legitimate access to a system or a system’s
object.

Authorization controls can be built into the software and govern not only what system or object a specified
user can access, but also what the user may do with it.
The process of authorization involves authentication of subjects requesting access to objects, where “subject”
represents a user or program and “object” represents a database table, view, procedure, trigger, or any other
object that can be created within the system.

SECURITY AND ADMINISTRATION
A system administrator is usually responsible for allowing users to have access to a computer system by
creating individual user accounts. Each user is given a unique identifier, which is used by the operating system
to determine who they are. Associated with each identifier is a password, chosen by the user and known to
the operating system, which must be supplied to enable the operating system to verify (or authenticate) who
the user claims to be.
This procedure allows authorized use of a computer system but does not necessarily authorize access to the
DBMS or any associated application programs. A separate, similar procedure may have to be undertaken to
give a user the right to use the DBMS. The responsibility to authorize use of the DBMS usually rests with the
Database Administrator (DBA), who must also set up individual user accounts and passwords using the DBMS
itself. Some DBMSs maintain a list of valid

SECURITY AND ADMINISTRATION
Access Controls
The typical way to provide access controls for a database system is based on the granting and revoking of
privileges. A privilege allows a user to create or access (that is read, write, or modify) some database object
(such as a relation, view, or index) or to run certain DBMS utilities. Privileges are granted to users to
accomplish the tasks required for their jobs.
Discretionary Access Control (DAC)

Most commercial DBMSs provide an approach to managing privileges that uses SQL called Discretionary
Access Control (DAC). The SQL standard supports DAC through the GRANT and REVOKE commands. The
GRANT command gives privileges to users, and the REVOKE command takes away privileges.

SECURITY AND ADMINISTRATION
Mandatory Access Control (MAC)
Mandatory Access Control is based on system-wide policies that cannot be changed by individual users.
In this approach each database object is assigned a security class and each user is assigned a clearance
for a security class, and rules are imposed on reading and writing of database objects by users. The
DBMS determines whether a given user can read or write a given object based on certain rules that
involve the security level of the object and the clearance of the user.
A popular model for MAC is called Bell–LaPadula model (Bell and LaPadula, 1974), which is described in
terms of objects (such as relations, views, tuples, and attributes), subjects (such as users and programs),
security classes, and clearances. Each database object is assigned a security class, and each subject is
assigned a clearance for a security class.

SECURITY AND ADMINISTRATION
Bell–LaPadula model
A popular model for MAC is called Bell–LaPadula model (Bell and LaPadula, 1974), which is described in terms
of objects (such as relations, views, tuples, and attributes), subjects (such as users and programs), security
classes, and clearances.

Each database object is assigned a security class, and each subject is assigned a clearance for a security class. The
security classes in a system are ordered, with a most secure class and a least secure class.
For our discussion of the model, we assume that there are four classes:
top secret (TS),
secret (S),
confidential (C),
unclassified (U),
we denote the class of an object or subject A as class (A). Therefore for this system, TS. S. C. U, where A. B
means that class A data has a higher security level than class B data.

SECURITY AND ADMINISTRATION
The Bell–LaPadula model imposes two restrictions on all reads and writes of database objects:
(1) Simple Security Property: Subject S is allowed to read object O only if class (S) .5 class (O). For example, a
user with TS clearance can read a relation with C clearance, but a user with C clearance cannot read a relation
with TS classification.
(2) *_Property: Subject S is allowed to write object O only if class (S) ,5 class (O). For example, a user with S
clearance can only write objects with S or TS classification. If discretionary access controls are also specified,
these rules represent additional restrictions. Thus, to read or write a database object, a user must have the
necessary privileges provided through the SQL GRANT command.

SECURITY AND ADMINISTRATION
Multilevel Relations and Polyinstantiation

In order to apply mandatory access control policies in a relational DBMS, a security class must be assigned
to each database object. The objects can be at the granularity of relations, tuples, or even individual
attribute values. Assume that each tuple is assigned a security class. This situation leads to the concept of
a multilevel relation, which is a relation that reveals different tuples to users with different security
clearances.
A view is the dynamic result of one or more relational operations operating on the base relations to
produce another relation. A view is a virtual relation that does not actually exist in the database, but is
produced upon request by a particular user, at the time of request.

The view mechanism provides a powerful and flexible security mechanism by hiding parts of the database
from certain users. The user is not aware of the existence of any attributes or rows that are missing from
the view. A view can be defined over several relations with a user being granted the appropriate privilege
to use it, but not to use the base relations.

SECURITY AND ADMINISTRATION
Backup

The process of periodically copying of the database and log file (and possibly programs) to offline storage media.
A DBMS should provide backup facilities to assist with the recovery of a database following failure. It is always
advisable to make backup copies of the database and log file at regular intervals and to ensure that the copies
are in a secure location. In the event of a failure that renders the database unusable, the backup copy and the
details captured in the log file are used to restore the database to the latest possible consistent state.
Journaling
The process of keeping and maintaining a log file (or journal) of all changes made to the database to enable
recovery to be undertaken effectively in the event of a failure. A DBMS should provide logging facilities,
sometimes referred to as journaling, which keep track of the current state of transactions and database changes,
to provide support for recovery procedures. The advantage of journaling is that in the event of a failure, the
database can be recovered to its last known consistent state using a backup copy of the database and the
information contained in the log file. If no journaling is enabled on a failed system, the only means of recovery is
to restore the database using the latest backed up version of the database.

SECURITY AND ADMINISTRATION
Integrity
Integrity constraints also contribute to maintaining a secure database system by preventing data from
becoming invalid, and hence giving misleading or incorrect results.

Encryption
The encoding of the data by a special algorithm that renders the data unreadable by any program without the
decryption key. If a database system holds particularly sensitive data, it may be deemed necessary to encode it
as a precaution against possible external threats or attempts to access it. Some DBMSs provide an encryption
facility for this purpose. The DBMS can access the data (after decoding it), although there is a degradation in
performance because of the time taken to decode it. Encryption also protects data transmitted over
communication lines. There

SECURITY AND ADMINISTRATION
Cryptosystem
To transmit data securely over insecure networks requires the use of a cryptosystem, which includes:
• an encryption key to encrypt the data (plaintext);
• an encryption algorithm that with the encryption key transforms the plaintext into ciphertext;
• a decryption key to decrypt the ciphertext;
• a decryption algorithm that with the decryption key transforms the ciphertext back into plaintext.
One technique, called symmetric encryption, uses the same key for both encryption and decryption and
relies on safe communication lines for exchanging the key. However, most users do not have access to a
secure communication line, and to be really secure, the keys need to be as long as the message (Leiss,
1982). However, most working systems are based on user keys shorter than the message.

SECURITY AND ADMINISTRATION
Data Encryption Standard (DES)
One schema used for encryption is the Data Encryption Standard (DES), which is a standard encryption
algorithm developed by IBM. This scheme uses one key for both encryption and decryption, which must be kept
secret, although the algorithm need not be. The algorithm transforms each 64-bit block of plaintext using a 56-bit
key. The DES is not universally regarded as being very secure, and some authors maintain that a larger key is
required. For example, a scheme called PGP (Pretty Good Privacy) uses a 128-bit symmetric algorithm for bulk
encryption of the data it sends. Keys with 64 bits are now probably breakable by major governments with special
hardware, albeit at substantial cost.

However, this technology will be within the reach of organized criminals, major organizations, and smaller
governments in a few years. Although it is envisaged that keys with 80 bits will also become breakable in the
future, it is probable that keys with 128 bits will remain unbeakable for the foreseeable future. The terms “strong
authentication” and “weak authentication” are sometimes used to distinguish between algorithms that to all
intents and purposes cannot be broken with existing technologies and knowledge (strong) from those that can be
(weak).

SECURITY AND ADMINISTRATION
Asymmetric encryption
Another type of cryptosystem uses different keys for encryption and decryption, and is referred to as
asymmetric encryption. One example is public key cryptosystems, which use two keys, one of which is
public and the other private. The encryption algorithm may also be public, so that anyone wishing to send a
user a message can use the user’s publicly known key in conjunction with the algorithm to encrypt it.
Only the owner of the private key can then decipher the message. Public key cryptosystems can also be used
to send a “digital signature” with a message and prove that the message came from the person who claimed to
have sent it.
RSA
The most well known asymmetric encryption is RSA (the name is derived from the initials of the three
designers of the algorithm).

SECURITY AND ADMINISTRATION
RAID (Redundant Array of Independent Disks)
The hardware that the DBMS is running on must be fault-tolerant, meaning that the DBMS should continue to operate
even if one of the hardware components fails. This suggests having redundant components that can be seamlessly
integrated into the working system whenever there is one or more component failures. The main hardware
components that should be fault-tolerant include disk drives, disk controllers, CPU, power supplies, and cooling fans.
Disk drives are the most vulnerable components, with the shortest times between failure of any of the hardware
components.
One solution is the use of Redundant Array of Independent Disks (RAID) technology. RAID originally stood for
Redundant Array of Inexpensive Disks, but more recently the “I” in RAID has come to stand for Independent. RAID
works on having a large disk array comprising an arrangement of several independent disks that are organized to
improve reliability and at the same time increase performance. Performance is increased through data striping: the data
is segmented into equalsize partitions (the striping units), which are transparently distributed across multiple disks.

SECURITY AND ADMINISTRATION
There are a number of different disk configurations with RAID, termed RAID levels. A brief description of
each RAID level is given here, with a diagrammatic representation for each of the main levels in. In this figure
the numbers represent sequential data blocks and the letters indicate segments of a data block.
RAID 0—Nonredundant. This level maintains no redundant data and therefore has the best write
performance, as updates do not have to be replicated. Data striping is performed at the level of blocks. A
diagrammatic

• RAID 1—Mirrored. This level maintains (mirrors) two identical copies of the data across different disks. To
maintain consistency in the presence of disk failure, writes may not be performed simultaneously. This is the
most expensive storage solution.
• RAID 0+1—Nonredundant and Mirrored. This level combines striping and mirroring.
• RAID 2—Memory-Style Error-Correcting Codes. With this level, the striping unit is a single bit and
Hamming codes are used as the redundancy scheme.
.

SECURITY AND ADMINISTRATION
RAID 3—Bit-Interleaved Parity. This level provides redundancy by storing parity information on a single disk in
the array. This parity information can be used to recover the data on other disks should they fail. This level uses
less storage space than RAID 1, but the parity disk can become a bottleneck.
RAID 4—Block-Interleaved Parity. With this level, the striping unit is a disk block—a parity block is maintained on
a separate disk for corresponding blocks from a number of other disks. If one of the disks fails, the parity block
can be used with the corresponding blocks from the other disks to restore the blocks of the failed disk.
RAID 5—Block-Interleaved Distributed Parity. This level uses parity data for redundancy in a similar way to RAID
3 but stripes the parity data across all the disks, similar to the way in which the source data is striped. This
alleviates the bottleneck on the parity disk.
RAID 6—P+Q Redundancy. This level is similar to RAID 5, but additional redundant data is maintained to protect
against multiple disk failures.

SECURITY AND ADMINISTRATION
Security in Microsoft Office Access DBMS
SQL can be used to control access to a database through the SQL GRANT and REVOKE statements;
however, Microsoft Office Access 2010 does not support these statements, but instead provides the
following methods for securing a database:
• splitting the database;
• setting a password for the database;
• trusting (enabling) the disabled content in a database;
• packaging, signing, and deploying the database.

SECURITY AND ADMINISTRATION
Splitting the database

The most secure way to protect data in a database is to store the database tables separately from the
database application objects such as forms and reports.
This action is referred to as “splitting” the database; Office Access 2010 provides a Database Splitter
Wizard, available through the Access Database button of the Tools options in the Move Data section.
Clicking the Access Database button displays the Database Splitter window.
The location of the backend database is specified and once copied to the new location, the backend
database can be further protected by assigning a password as described in the following section.

SECURITY AND ADMINISTRATION
Setting a password for the database
A simple way to secure a database is to set a password for opening the database. Setting a password is
available through the Encrypt with Password option in the File/Info section.
Once a password has been set, a dialog box requesting the password will be displayed when the database is
opened. Only users who type the correct password will be allowed to open the database. This method is
secure, as Microsoft Access encrypts the password so that it cannot be accessed by reading the database
file directly.

SECURITY AND ADMINISTRATION
Trusting (enabling) the disabled content in a database

The Trust Center is a dialog box that can be used to trust (enable) the disabled content in a database.
The Trust Center can be used to create or change trusted locations and to set security options for Office
Access 2010 databases. Those settings affect how new and existing databases behave when they are opened in
that instance of Access.
Packaging, signing, and deploying the database
The Package-and-Sign feature places the database is an Access Deployment (.accdc) file, signs the package, and
then places the code-signed package to the desired location.

SECURITY AND ADMINISTRATION
Oracle provides two types of security: system security and data security.
As with Office Access, one form of system security used by Oracle is the standard user name and
password mechanism, whereby a user has to provide a valid user name and password before access can be
gained to the database, although the responsibility to authenticate users can be devolved to the operating
system.
A privilege is a right to execute a particular right to execute a particular type of SQL statement or to
access another user’s objects. Some examples of Oracle privileges include the right to:
• connect to the database (create a session);
• create a table;
• select rows from another user’s table.
In Oracle, there are two distinct categories of privileges:
• system privileges;
• object privileges.
System privileges A system privilege is the right to perform a particular action or to perform an action on
any schema objects of a particular type.

SECURITY AND ADMINISTRATION
Object privileges
An object privilege is a privilege or right to perform a particular action on a specific table, view,
sequence, procedure, function, or package. Different object privileges are available for different types
of object. For example, the privilege to delete rows from the Staff table is an object privilege.
Roles
A user can receive a privilege in two different ways:
(1) Privileges can be explicitly granted to users. For example, a user can explicitly grant the privilege
to insert rows into the PropertyForRent table to the user Beech: GRANT INSERT ON
PropertyForRent TO username;
(2) Privileges can also be granted to a role (a named group of privileges), and then the role granted
to one or more users. For example, a user can grant the privileges to select, insert, and update
rows from the PropertyForRent table to the role named Assistant, which in turn can be granted
to the selected user. A user can have access to several roles, and several users can be assigned
the same roles.

SECURITY AND ADMINISTRATION
Object privileges
An object privilege is a privilege or right to perform a particular action on a specific table, view,
sequence, procedure, function, or package. Different object privileges are available for different types
of object. For example, the privilege to delete rows from the Staff table is an object privilege.
Roles
A user can receive a privilege in two different ways:
(1) Privileges can be explicitly granted to users. For example, a user can explicitly grant the privilege
to insert rows into the PropertyForRent table to the user Beech: GRANT INSERT ON
PropertyForRent TO username;
(2) Privileges can also be granted to a role (a named group of privileges), and then the role granted
to one or more users. For example, a user can grant the privileges to select, insert, and update
rows from the PropertyForRent table to the role named Assistant, which in turn can be granted
to the selected user. A user can have access to several roles, and several users can be assigned
the same roles.

SECURITY AND ADMINISTRATION

Internet communication

It relies on TCP/IP as the underlying protocol. However, TCP/IP and HTTP were not designed with security in
mind. Without special software, all Internet traffic travels “in the clear” and anyone who monitors traffic can read
it. This form of attack is relatively easy to perpetrate using freely available “packet sniffing” software, as the Internet
has traditionally been an open network. Consider, for example, the implications of credit card numbers being
intercepted by unethical parties during transmission when customers use their cards to purchase products over
the Internet. The challenge is to transmit and receive information over the Internet while ensuring that:

• it is inaccessible to anyone but the sender and receiver (privacy);
• it has not been changed during transmission (integrity);
• the receiver can be sure it came from the sender (authenticity);
• the sender can be sure the receiver is genuine (nonfabrication);
• the sender cannot deny he or she sent it (nonrepudiation). However, protecting the transaction solves only part
of the problem.

SECURITY AND ADMINISTRATION
Proxy Servers
In a Web environment, a proxy server is a computer that sits between a Web browser and a Web server. It
intercepts all requests to the Web server to determine whether it can fulfill the requests itself. If not, it forwards
the requests to the Web server. Proxy servers have two main purposes: to improve performance and filter
requests. Improve performance Because a proxy server saves the results of all requests for a certain amount of
time, it can significantly improve performance for groups of users.
For example, assume that user A and user B access the Web through a proxy server. First, user A requests a
certain Web page and, slightly later, user B requests the same page. Instead of forwarding the request to the Web
server where that page resides, the proxy server simply returns the cached page that it had already fetched for
user A. Because the proxy server is often on the same network as the user, this is a much faster operation. Real
proxy servers, such as those employed by Compuserve and America Online, can support thousands of users. Filter
requests Proxy servers can also be used to filter requests.

SECURITY AND ADMINISTRATION
Advantages
Improve performance
Because a proxy server saves the results of all requests for a certain amount of time, it can significantly
improve performance for groups of users. For example, assume that user A and user B access the Web
through a proxy server. First, user A requests a certain Web page and, slightly later, user B requests the same
page. Instead of forwarding the request to the Web server where that page resides, the proxy server simply
returns the cached page that it had already fetched for user A. Because the proxy server is often on the same
network as the user, this is a much faster operation.

Filter requests
Proxy servers can also be used to filter requests. For example, an organization might use a proxy server to
prevent its employees from accessing a specific set of Web sites.

SECURITY AND ADMINISTRATION
A firewall
It is a system designed to prevent unauthorized access to or from a private network. Firewalls can be
implemented as both hardware and software or a combination of both. They are frequently used to prevent
unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All
messages entering or leaving the intranet pass through the firewall, which examines each message and blocks
those that do not meet the specified security criteria.
There are several types of firewall technique:

• Packet filter, which looks at each packet entering or leaving the network and accepts or rejects it based on
user-defined rules. Packet filtering is a fairly effective mechanism and transparent to users, but can be difficult to
configure. In addition, it is susceptible to IP spoofing.
(IP spoofing is a technique used to gain unauthorized access to computers in which the intruder sends messages
to a computer with an IP address indicating that the message is coming from a trusted source.

SECURITY AND ADMINISTRATION
• Application gateway, which applies security mechanisms to specific applications, such as FTP and Telnet
servers. This is a very effective mechanism, but can degrade performance.
• Circuit-level gateway, which applies security mechanisms when a TCP or UDP (User Datagram Protocol)
connection is established. Once the connection has been made, packets can flow between the hosts without
further checking.
• Proxy server, which intercepts all messages entering and leaving
Digital Certificates

A digital certificate is an attachment to an electronic message used for security purposes, most commonly to
verify that a user sending a message is who he or she claims to be and to provide the receiver with the
means to encode a reply. An individual wishing to send an encrypted message applies for a digital

SECURITY AND ADMINISTRATION
Secure Sockets Layer and Secure HTTP Many large Internet product developers agreed to use an encryption
protocol known as Secure Sockets Layer (SSL) developed by Netscape for transmitting private documents
over the Internet. SSL works by using a private key to encrypt data that is transferred over the SSL
connection.
The Secure Electronic Transactions (SET) protocol is an open, interoperable standard for processing
credit card transactions over the Internet, created jointly by Netscape, Microsoft,Visa, Mastercard, GTE, SAIC,
Terisa Systems, and VeriSign. SET’s goal is to allow credit card transactions to be as simple and secure on the
Internet as they are in retail stores. To address privacy concerns, the transaction is split in such a way that the
merchant has access to information about what is being purchased, how much it costs, and whether the
payment is approved, but no information on what payment method the customer is using. Similarly, the card
issuer (for example,Visa) has access to the purchase price but no information on the type of merchandise
involved.

SECURITY AND ADMINISTRATION
Java
Safety and security are integral parts of Java’s design, with the “sandbox” ensuring that an untrusted and possibly
malicious application cannot gain access to system resources. To implement this sandbox, three components are
used: a class loader, a bytecode verifier, and a security manager.
The safety features are provided by the Java language and the Java Virtual Machine (JVM), and enforced by the
compiler and the runtime system; security is a policy that is built on top of this safety layer. Two safety features
of the Java language relate to strong typing and automatic garbage collection. In this section we look at two other
features: the class loader and the bytecode verifier.

SECURITY AND ADMINISTRATION

The class loader, as well as loading each required class and checking it is in the correct format, additionally checks
whether the application/applet violates system security by allocating a namespace. Namespaces are hierarchical and
allow the JVM to group classes based on where they originate (local or remote). A class loader never allows a class
from a less protected namespace to replace a class from a more protected namespace.
In this way, the file system’s I/O primitives, which are defined in a local Java class, cannot be invoked or indeed
overridden by classes from outside the local machine. An executing JVM allows multiple class loaders, each with its
own namespace, to be active simultaneously. As browsers and Java applications can typically provide their own class
loader, albeit based on a recommended template from Sun Microsystems, this may be viewed as a weakness in the
security model.

SECURITY AND ADMINISTRATION
The Byte code verifier

Before the JVM will allow an application/applet to run, its code must be verified. The verifier assumes
that all code is meant to crash or violate system security and performs a series of checks, including
the execution of a theorem prover, to ensure that this is not the case. Typical checks include verifying
that:
• compiled code is correctly formatted;
• internal stacks will not overflow/underflow;
• no “illegal” data conversions will occur (for example, integer to pointer)—this ensures that variables
will not be granted access to restricted memory areas;
• bytecode instructions are appropriately typed;
• all class member accesses are valid.

SECURITY AND ADMINISTRATION

The Data Administration (DA) and Database Administrator (DBA) are responsible for managing and
controlling the activities associated with the corporate data and the corporate database, respectively.
The DA is more concerned with the early stages of the lifecycle, from planning through to logical
database design. In contrast, the DBA is more concerned with the later stages, from application/physical
database design to operational maintenance.

SECURITY AND ADMINISTRATION
The Database Administration

The management of the data resource, which includes database planning, development, and maintenance of
standards, policies and procedures, and conceptual and logical database design. Data administration The DA
is responsible for the corporate data resource, which includes noncomputerized data, and in practice is often
concerned with managing the shared data of users or application areas of an organization. The DA has the
primary responsibility of consulting with and advising senior managers and ensuring that the application of
database technologies continues to support corporate objectives. In some enterprises, data administration is
a distinct functional area; in others it may be combined with database administration.

SECURITY AND ADMINISTRATION

SECURITY AND ADMINISTRATION
Database administration
The management of the physical realization of a database system, which includes physical
database design and implementation, setting security and integrity controls, monitoring system
performance, and reorganizing the database, as necessary. The database administration staff are
more technically oriented than the data administration staff, requiring knowledge of specific
DBMSs and the operating system environment. Although the primary responsibilities are
centered on developing and maintaining systems using the DBMS software to its fullest extent,
DBA staff also assist DA staff in other areas, as indicated in Table 20.4. The number of staff
assigned to the database administration functional area varies, and is often determined by the
size of the organization.

SECURITY AND ADMINISTRATION

SECURITY AND ADMINISTRATION
Comparison

Data administration staff tend to be much
more managerial, whereas the database
administration staff tend to be more
technical.