(a) The adoption of database systems as a way of managing information systems is gaining popularity in most organisations. Some industries such as the banking industry are replicating the databases at various sites that is distributing the databases to the sites.
(i) Name and explain four possible benefits and challenges of replicating or distributing databases to various sites. (8 marks)
(ii) State and explain three factors that can influence an organisation’s decision to distribute or not to distribute databases. (6 marks)
(b) State two methods of enforcing security in each of the following areas:
(ii) Database management systems.
(iii) Operating system.
(i) Benefits of replicating or distributing databases to various sites:
1. Reduction Of System Vulnerability
When the central database is duplicated at various sites, the system vulnerability to failure is reduced because the system is more fault tolerant due to the replication at various sites.
2. Increased Service And Responsiveness To Local Users
Since the data is held locally at the various sites, data retrieval and processing is fast for local transactions.
3. Reduction In Hardware Costs
Distributed systems usually run on small less expensive computers which are far much cheaper than the mainframes required for a centralized system.
4. Easy Management Of Local Transactions
With partitioned distributed databases each location has its own unique records which makes updating and searching very easy since only the local database in question is involved.
1. Vulnerability Of The Distributed System To The Communication Links Distributed systems are usually reliant on high-quality telecommunication lines which themselves are vulnerable (e.g. to sabotage, equipment failure, etc)
2. Management And Coordination Of Transactions
Distributed systems make it possible for many processes to share data from one database. These challenges arise in ensuring that there are no transaction deadlocks and in ensuring that updates to records are well coordinated.
Distributed database systems pose a security challenge because they widely distribute access to sensitive data. For such systems, complex security mechanisms have to be included in their design.
4. Harmonizing of Data Standard and Definitions
Distributed databases systems pose the challenge of ensuring that local databases adhere to central data standards and definitions.
b) Factors that influence an organization‘s decision to distribute or not to distribute data:
1. Transition Costs
The cost of moving from a centralized to a distributed database environment largely determines an organization‘s decision to distribute its databases. Where such costs are high, there have to be substantial benefits to be derived from decentralizing or else an organization chooses to remain centralized.
2. Size of The Organization
Large-scale organizations are most suitable for and tend to benefit the most form distributed database systems. Such organizations usually cover large geographical areas and can thus distribute the database amongst several locations. Small-scale organizations are most suitable for centralized database systems. Usually such organizations don‘t cover a large geographical area and thus there is no need to distribute the company‘s database.
Distributed database systems pose security problems because they widely distribute access to sensitive data. Centralized database systems on the other hand, pose fewer security risks and thus they may be favoured an organization.
4. Fault Tolerance of The Current System
If the current system is vulnerable to system failure, then an organization will tend to distribute the system‘s data so as to reduce the system‘s vulnerability and thus increase its fault tolerance.
5. Ease of Management of the Current or Intended Database System
If the organization finds it easier to administer security, manage database updates and carry out backup of data on a centralized database then it‘s likely to maintain that setup.
However, if the organization could cope with the extra challenge of administering security, managing updates and carrying out backup of data on a data that is distributed then it could consider distributing its data.
6. Nature of the Database Transactions
Real-time transactions may require a centralized system which only has one view of the database as compared to distributed systems which have a local view and a holistic view of the entire distributed database system. Where such views differ due to a pending update on the central database, then the integrity of the data held is compromised and thus the transaction integrity is also compromised.
a Use of bolting door locks on doors leading to computer rooms b Use of combination door locks in computer rooms
c Manual logging of all visitors to a company d Biometric door locks for computer rooms
e Electronic logging for biometric and electronic access systems f Video cameras
g Security guards
h Bonded personnel – all service contract personnel such as cleaning people and off-site storage devices should be bonded to limit the financial exposure of the organization.
9. Not advertising the location of sensitive facilities such as computer rooms. The building or department directory should only identify the general location of the information sharing facility.
10. Computer terminal locks, which lock the device to the desk, prevent the computer from being turned on or disengage keyboard recognition preventing use.
11. Controlled single entry point- controlled entry point monitored a receptionist should be used all incoming personnel. Multiple entry points increase the risk of unauthorized entry. Unnecessary or unused entry points should be eliminated or deadlocked.
Database Management Systems Measures:
1. Usernames and passwords to prevent unauthorized access.
2. Encryption of database contents.
3. User rights and privileges- rights to update a company‘s database should be given only to staff who need to e.g. accountants when updating accounts records and personnel department staff when updating employee records.
4. Locking of open records to prevent multiple updates on the records.
Operating systems Measures:
1. Usernames and passwords.
2. User rights and privileges- these provide a limit to the actions that are permitted a user
e.g. a user may only be allowed to read, write and update his files but may not be allowed to read, write and update the files of another user on the same computer.
3. Audit trails
4. Data encryption