IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
S 2.130 Ensuring the integrity of a database
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Administrator; staff responsible for the
individual IT applications
The integrity of a database needs to be monitored and secured in order to
ensure the correctness of the related data and the consistency of the database
state. The following techniques must be employed to avoid the occurrence of
incorrect data and inconsistent states in a database:
- Access control
Access control implies the protection of the database against unauthorised
access by assigning corresponding access rights as described in S 2.129
Controlling access to database information. This prevents manipulations
of the data and database objects (such as tables).
The database administrator is responsible for implementing access control.
A detailed description of access control has been omitted here, as it is
provided in S 2.129 Controlling access to database information.
- Synchronisation control
Synchronisation control is intended to prevent inconsistencies which could
arise through parallel access to the same data. Several techniques are
available for this purpose, including the locking of database objects and the
allocation of timestamps.
The persons in charge of individual IT applications are responsible for
implementing synchronisation control, insofar as a mechanism exceeding
the scope of the database management system needs to be provided
additionally.
A detailed description has been left out here, as synchronisation control is
performed by most database management systems. We strongly advise
against the use of a database management system which does not offer this
feature.
- Integrity control
This involves the avoidance of semantic errors and semantically
inconsistent database states through the observance and monitoring of
database integrity constraints. These can pertain to individual relations or
to groups of several mutual relations (referential integrity). Examples here
are the specification of a primary key for a relation, definition of value
ranges for individual attributes, and formulation of special constraints by
means of an assertion clause.
Integrity control can be carried out by the database management system
automatically by means of a monitor created using triggers or stored
procedures. In principle, this allows any type of transaction to be
performed; however, the database management system rejects those
transactions which would impair the consistency of the database.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000