To Download the FREE PDF of MindMaps
Your information will remain 100% private. Unsubscribe with 1 click.
Hey, I’m Rob Witcher, and I’m here to help YOU pass the CISSP exam. We are going to go through a review of the major topics related to databases in Domain 8, to understand how they interrelate, and to guide your studies.
This is the second of two videos for domain 8. I have included links to the other MindMap videos in the description below.
Components of a Database Management System (DBMS)
We’ll start by looking at the components of a Database Management System, and then we’ll get into the relational components of a database.
The first component of a DMBS is hardware. The DBMS needs to run on a server that provides sufficient processing power and storage space.
The next component is the software, we first need an operating system, and then DBMS software itself that will run on the operating system. Examples of Database Management Systems include MySQL, Oracle RDBMS, IBM DB2, Microsoft SQL Server, Amazon RDS, among many others.
The DBMS software enables the control of the database.
Relational databases are made up of one or more tables containing rows and columns of data.
Rows = Tuples / Records
If you want to roll with the cool database kids you can refer to rows as Tuples or Records. I think I have demonstrated how uncool I am but uttering that last sentence
Columns = Attributes
Columns can also be referred to as Attributes
And the intersection of a Tuple and an Attribute is a Field. A cell of data in the table.
Primary & Foreign Keys
As I mentioned with a relational database, you can relate data in one table to data in another table. This is done through the use of Primary and Foreign Keys.
A Primary key is a unique identifier for a specific record or row of data. A Primary key for a person could be something like their Social Insurance Number, Passport Number, or in this case their Student ID.
A Foreign Key is how we link, how we form a relationship to another table. The foreign key is a column in a table whose values correspond to primary keys in another table. In this case we have a course registration table, and there is a row for each course that a student is registered in, and that row contains their student ID as the foreign key. We can therefore link which courses a student is registered in by using their student ID.
The language we use communicate with, to control, our relational Database Management System, is known as Structured Query Language. SQL.
User’s or processes can send SQL commands to the DBMS to store new data, modify data, delete data, and so forth
And rather obviously, the final major component of our DBMS is all the data that we store in it.
Maintaining Integrity of Data
A database will be of little use to an organization if the data it contains is inaccurate. Thus, we must have controls in place to ensure the integrity of data.
In a modern, high-performance database, we typically allow multiple transactions to run concurrently, in parallel. A transaction is a unit of work, typically encapsulating several operations including reads, writes, acquiring locks, etc.
It makes it significantly more difficult to maintain the integrity of the data in a database when multiple users or processes are executing multiple transactions concurrently.
One of the major controls we use to Prevent data corruption when multiple transactions are running concurrently are: locks. A record (a tuple) can be locked meaning that only one user or process may update the record until the lock is released by either committing the update or rolling back.
A - Atomicity
To further ensure the integrity of the data, we should also enforce a standard set of properties, known as ACID, that guarantee database transactions are processed reliably.
The A in ACID is Atomicity which means that all changes being made as part of a transaction take affect or None
C - Consistency
The C in ACID is Consistency which means updates to the database are consistent with the rules. The rules are enforced
I - Isolation
The I in ACID is for Isolation which means transactions are Invisible to other users until complete
D - Durability
And the D in ACID is durability which means Completed transactions will not be Lost – they are durable.
A major type of attack against databases, that you definitely need to understand for the exam, is SQL injection. An attacker can inject SQL code through a web application to control the database behind. Something that we as security professionals should always work to prevent. I’ll talk about SQL injection attacks in detail in Domain 3 and link to that video.
And that is an overview of Databases within Domain 8, covering the most critical concepts to know for the exam.
If you found this video helpful you can hit the thumbs up button and if you want to be notified when we release additional videos in this MindMap series, then please subscribe and hit the bell icon to get notifications.
I will provide links to the other MindMap videos in the description below.
Thanks very much for watching! And all the best in your studies!