Ensuring the Integrity of the Database - High-Performance Web Databases: Design, Development, and Deployment - page 456

Databases Reference

In-Depth Information

Traditional databases and repositories differ in the following ways:

• Databases contain transaction data, where as repositories contain

data about the processing characteristics of data.

• Databases are subject to more financial risk, where- as repositories are

subject to more processing integrity risks.

• Errors and manipulation of databases pose an immediate threat,

whereas errors and manipulation in repositories can usually be de-

tected during testing and evaluation.

• Improper or unauthorized processing is a greater risk in a repository

then in a database because once such processing is introduced into

the production environment, it can occur repeatedly over long peri-

ods of time.

• Repository problems can lead to loss of processing integrity, whereas

database problems lead to loss of data integrity.

A CASE environment can be audited using the database integrity audit

program presented in this chapter, but the auditor must follow the three-

step process described in the following sections.

Step 1: Define Repository Characteristics

The auditor should first determine what type of database is used in the

repository (i.e., traditional or unique database architecture). In addition,

the auditor should establish the following:

• The repository's size.

• The indexing method used to access repository data.

• How the repository is secured.

• How the repository is used (i.e., is the primary purpose to reuse al-

ready developed capabilities throughout the organization?)

• Who generates, maintains, and controls the repository.

Step 2: Review the Database Integrity Program

On the basis of the information contained in step 1 and the similarities

and differences between databases and repositories listed in this reposi-

tory audit section, the audit program presented in this chapter should be

reviewed to determine whether the differences between a database and a

repository would alter the audit approach. For example, when reviewing

the section on database integrity concerns, the auditor should evaluate

each concern by asking the following questions:

• Is this concern affected by a difference between databases and repos-

itories? For example, a concern regarding loss of data affects both da-

tabases and repositories, whereas a concern regarding the integrity of

financial data involves only databases.

Next Page

High-Performance Web Databases: Design, Development, and Deployment

Search WWH ::

Custom Search

Home