Page 1423 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1423
Establishing Databases and Data
Warehousing
Almost every modern organization maintains some sort of database
that contains information critical to operations—be it customer
contact information, order-tracking data, human resource and
benefits information, or sensitive trade secrets. It’s likely that many of
these databases contain personal information that users hold secret,
such as credit card usage activity, travel habits, grocery store
purchases, and telephone records. Because of the growing reliance on
database systems, information security professionals must ensure that
adequate security controls exist to protect them against unauthorized
access, tampering, or destruction of data.
In the following sections, we’ll discuss database management system
(DBMS) architecture, including the various types of DBMSs and their
features. Then we’ll discuss database security considerations,
including polyinstantiation, Open Database Connectivity (ODBC),
aggregation, inference, and data mining.
Database Management System Architecture
Although a variety of database management system (DBMS)
architectures are available today, the vast majority of contemporary
systems implement a technology known as relational database
management systems (RDBMSs). For this reason, the following
sections focus primarily on relational databases. However, first we’ll
discuss two other important DBMS architectures: hierarchical and
distributed.
Hierarchical and Distributed Databases
A hierarchical data model combines records and fields that are related
in a logical tree structure. This results in a one-to-many data model,
where each node may have zero, one, or many children but only one
parent. An example of a hierarchical data model appears in Figure
20.7.
