In this article, I am going to cover essential points you need to examine from Database Security of CISSP Exam
Difference Between OLTP vs OLAP
- OLTP = OLTP is a kind of data processing that focused on transaction-oriented tasks.
- It maintains data integrity in multi-access environments, and their effectiveness is evaluated by the total number of transactions they can carry out in a single second.
OLTP ACID Test
An Online Transaction Processing (OLTP) system is used to monitor for problems such as processes that stop functioning. Its main goal is to prevent transactions that don’t happen properly or are not complete from taking effect. An ACID test ensures that each transaction has the following properties before it is committed:
- Atomicity: Either whole operations are complete, or the database changes are rolled back.(All or Nothing)
- Consistency: The transaction follows an integrity process that ensures that data is consistent in all places where it exists. (Guaranteed without any fraud)
- Isolation: A transaction make sure occur independently (Independent)
- Durability: Committed transactions should be completely recoverable in all case (committed)
OLTP is used in industries that rely heavily on the efficient processing of a large number of client transactions, e.g., the banking sector.
- A test in which an Online Transaction Processing system is used to monitor for problems such as processes that stop functioning. Its main goal is to prevent transactions that don’t happen properly or are not complete from taking effect. An ACID test ensures that each transaction has specific properties before it is committed.
Examples of OLTP Transactions
- Let us take an example of an OLTP system with the ATM center. Consider that two friends have a joint account with a bank. One day both simultaneously reach different ATM stations at the same time and want to withdraw the total amount present in their bank account. However, the person that done with the authentication process first will be able to get money.
OLAP = OLAP is a kind of software that enables users to analyze information from various database systems at the same time
- It is a technology that allows analysts to extricate and view business data from different points of view. This technology provides an analyst with the expertise to formulate queries, based on the result of queries, to illustrate further queries.An analyst can collect information by roaming through stored data.
Summary in terms of Difference between OLTP VS OLAP
Data mining is the method of analyzing large volumes of data to determine previously unknown or hidden information.
- Inference occurs when someone has access to information at one level that allows them to infer information about another level. The main mitigation technique for inference is polyinstantiation. It prevents low-level database users from inferring the existence of higher-level data.
- Aggregation is defined as collecting Non Sensitive data from different classification levels to make it sensitive information. The main Mitigation Technique for Aggregation attack is Polymorphism
Inference vs Aggregation
Aggregation attack as an individual used his access to specific pieces of information to piece together a larger picture than he/she is authorized to access. An inference as the attacker used several pieces of generic nonsensitive information to determine or learn specific sensitive value.
Database Security Mechanism
- Metadata Control
- Data Contamination Control implement for well-formed transacto
- Cell Suppression hiding cells containing sensitive information
- Data Control Language = Used to Implement DAC and NDAC Control
- Logical Partitioning of Database Schema
- Implement Data Anonymization to Prevent Data Privacy Breach
Exam Note – :
- Your application or business requirement may have to use data mining techniques such as inference and aggregation in order to properly analyze the data. Be careful to not inadvertently disclose any sensitive data obtained from these techniques
- Correlation of Data sets from Different Data source leads to data privacy Breach. That is one of the biggest concerns we have.