Data Warehouse in CISSP Exam Prep – 01



Data Warehouse and Data Mining

Data Warehouse – repository of information from heterogeneous databases that is available for users to make queries.

n  Data is normalized and redundant data is removed.

n  Data warehouse and mining can be applied to audit logs and other info to find system anomalies.

 

Data mining:  Objective is to find relationships that were unknown up until now among data in warehouse. Searching for correlations

Metadata:  Correlations or data about data

Data mart: Metadata is not stored in data warehouse.  Metadata usually stored in a separate system.

 

Data Dictionary

n  Database system for developers

n  Records all data structures used by an application

 

Application Controls

 

Application Control Type Accuracy Security Consistency
Preventative Data Checks, custom screens, validity checks, contingency planning and backups Firewalls, reference monitors, sensitivity labels, traffic padding, encryption, data classification, one-time passwords, separate test and development environments Data Dictionary, programming standards, DBMS
Detective Cyclic redundancy checks, structured walk throughs, hash totals, reasonableness checks IDS, and audit trails Comparison tools, relationship tests, reconciliation controls
Corrective Backups, control reports, before and after imaging reports, checkpoint restarts Emergency response, and reference monitor Programs comments, database controls

 

 

Service Level Agreements

n  Guarantees the level and quality of service

n  Metrics in SLAs

n  Turn around times

n  Average response times

n  Number of on-line users

n  System utilization rates

n  System up times

n  Volume of transactions

n  Production problems

 

Distributed Systems

n  Pose special challenges to security

n  Security for distributed systems should include:

n  Access control

n  Identification

n  Authentication

n  Intrusion detection

n  Emergency response

n  Logs

n  Audit trails

 

Client/Server – is a type of distributed system

Agent – surrogate program performs services on behalf of another

Proxy – acts on behalf of principal but may hide the principal

Applets – small applications in Java or C++, mobile code

n  Applets can be downloaded from the web into a web browser.  Applet can execute in the network browser

Java

n  Designed to run on constrained space

n  Java is an object-oriented, distributed, interpreted (not compiled), architecture-neutral, multithreaded, general purpose programming language

Thread – lightweight process

Interpreted language executes one line at a time, run-time biding

Compiled language is translated into machine code, binding at compile time

Active X – can download mobile code in BASIC and C++

n  Establishes trust between client and server with digital certificates

 

Malicious Mobile Code Defenses

Ie : Java and ActiveX code downloaded into a Web browser from the WWW.

n  Configure firewall to screen applets

n  Configure Web Browser to restrict or prevent applets

n  Configure Web Browser to restrict or prevent applets from trusted servers

n  Provide user awareness training on mobile code threats

 

Centralized Architecture

Centralized is easier to protect than distributed.

 

Real Time Systems

n  Operate by acquiring data from sensors and transducers in real time and make real time decisions

n  Example: “Fly by wire” control of supersonic aircraft

n  Availability is crucial

n  Addressed through RAID – disk mirroring

n  Fault Tolerant Systems – has to detect and take action to recover from faults

 

Others:

Black-box testing observes the system external behavior.

White-box testing is a detailed exam of a logical path, checking the possible conditions.

Compiled code poses more risk than interpreted code because malicious code can be embedded in the compiled code and can be difficult to detect.

Regression testing is the verification that what is being installed does not affect any portion of the application system already installed. It generally requires the support of automated process to repeat tests previously undertaken.

Code comparison is normally used to identify the parts of the source code that have changed.

Integration testing is aimed at finding bugs in the relationship and interfaces between pairs of components. It does not normally test all functions.

Unit testing is the testing of a piece of code. It will only detect errors in the piece of code being tested.

Leave a Reply

Your email address will not be published. Required fields are marked *