Assalamualaikum..
Since posting for Week 6 is about the title of our final year project, I just want to update my working title.
After I went through a discussion with my supervisor just now, my working title and focus will change.
Still don't have the exactly working title. But Insya-Allah I will focus on a "Corrective Action in Dealing with SQL Injection". Taking a corrective action to manage the SQL injection will be my new focus instead of focusing on the corrective action plan for the data recovery since the scope is too big.
That's all for today, thank you. Assalamualaikum..
Wednesday 26 October 2011
Monday 24 October 2011
Week 6 Progress - Knocking the Door! [PART 2]
Assalamualaikum..
Just want to update my research background..
Just want to update my research background..
Data is a collection of facts which play a critical role in the business operation for any organizations whether it is big or small organization. It is like an engine for a car. Without the engine, the car can't move. The same goes to the data. Without data, organization may suffer a lot of problems. In the information technology era, the usage of database management systems becomes wider. In the same time, the data growth rate is rapidly increasing. Nowadays, business processes are operating 24x7 and the availability of data must be there in order to support the daily operations.
Data corruption or data loss may lead to several problems. Business processes may be interrupted, inconsistent data and etc. There are a lot of causes why the data may loss. For example, hardware and system malfunction, human error, and also natural disaster. According to ONTRACK Data Recovery, Inc. (1995), their experience in the ONTRACK Data Recovery professional labs, the threats to the data integrity which is human error contribute to 32% chances of data loss. The result shows that, errors by human are occur frequently. The errors by human may be done on purpose or accidentally. After they commit the transaction, it must be rolled back on order to correct the problem. Regarding to the inconsistency state of the database, the corrective action must be taken in order to put the database back to the consistent state.
Corrective action means the process to take an action regarding to the product's problem, customer complaints, or other nonconformities and fix them up. Oracle stated that committing a transaction means making a permanent changes which is performed by the SQL statement that is executed within the transaction. Meanwhile, unauthorized committed database transaction means that the transaction was committed by the users with the legal authentication but doing something that may change the content of the database accidentally or purposely.
The corrective action involve in the database level of the information system and may also include the process flow in the organization needed to be followed in order to implement the corrective action.
Corrective action is important to bring the database back to the consistency state because the data is the value of the organization. Losing data or information means losing the money. Therefore the policy of the corrective action is very essential in order to maintain the data availability.
As a result, there must be a corrective action plan in order to recover the faulty data in the context of using Oracle database. It may undo the operation and turn to the original value of data. Log management or audit trail play an important role of auditing and monitoring the operations that have been done. For example, updating the table in the database, creating the table, and etc.
Feel free to leave any comments, thank you.
P/S : posting the blog in sleepy mode, something may go wrong.
Sunday 23 October 2011
Week 6 Progress - Knocking the Door!
Assalamualaikum..
Just for the additional knowledge. Before I changed my working title, the title is about 'Instance Recovery'. Based on this blog, instance recovery means the action that performed by the Oracle when the database is restarted after it suffered from the instance failure or shutdown abort or startup force.
Back to my working title "Corrective Action for Unauthorized Committed Database Transaction". For the progress, actually it is quite hard to find the corrective action taken by the companies in order to recover the inconsistency state of the database. On the Internet, there is an article from R. M. Baldwin, Inc. and the title is "Preventive/Corrective Actions (CAPA) Guidelines". CAPA is more focused on FDA, ISO 9000, Automotive and Aerospace industries. However, it is a good article for me to give brief explanation about what the corrective action is. According to the article, corrective action means the process to take an action regarding to the product's problem, customer complaints, or other nonconformities and fix them up. Corrective action may involved these processes:
Just for the additional knowledge. Before I changed my working title, the title is about 'Instance Recovery'. Based on this blog, instance recovery means the action that performed by the Oracle when the database is restarted after it suffered from the instance failure or shutdown abort or startup force.
Back to my working title "Corrective Action for Unauthorized Committed Database Transaction". For the progress, actually it is quite hard to find the corrective action taken by the companies in order to recover the inconsistency state of the database. On the Internet, there is an article from R. M. Baldwin, Inc. and the title is "Preventive/Corrective Actions (CAPA) Guidelines". CAPA is more focused on FDA, ISO 9000, Automotive and Aerospace industries. However, it is a good article for me to give brief explanation about what the corrective action is. According to the article, corrective action means the process to take an action regarding to the product's problem, customer complaints, or other nonconformities and fix them up. Corrective action may involved these processes:
- review & define problem
- find cause of problem
- develop action plan
- implement plan
- evaluate effectiveness of the correction
I will put the clearer picture on the CAPA later, in the next post insyaAllah.
REVISING THE PROBLEM STATEMENT AND RESEARCH BACKGROUND
Problem Statement : still waiting for the conformation from the PSMB
Research Background :-
What : corrective action means the process to take an action regarding to the product's problem, customer complaints, or other nonconformities and fix them up.
Oracle stated that committing a transaction means making a permanent changes which is performed by the SQL statement that is executed within the transaction.
Meanwhile, unauthorized committed database transaction means that the transaction was committed by the users with the legal authentication but doing something that may change the content of the database accidentally or purposely.
Where : the corrective action involve in the database level of the information system and may also include the process flow in the organization needed to be followed in order to implement the corrective action.
Why : corrective action is important to bring the database back to the consistency state because the data is the value of the organization. Losing data or information means losing the money. Therefore the policy of the corrective action is very essential in order to maintain the data availability.
That's all for my post this time. InsyaAllah there will be more from me. Thank you.
Assalamualaikum..
Monday 17 October 2011
Week 5 Progress - Starting the Journey
Assalamualaikum..
I have discussed with my supervisor Dr.Ariza last week.. Already got a more appropriate term for my working title.. and currently my working title is "Corrective Action for Unauthorized Committed Database Transaction" but it is still a temporary title since there are still a lot of things to read..
Got a journal on the database security and it tells a lot of what students need to know about it. It covers six areas which are:
Source: Journal of Information technology Education: Innovations in Practice
Title: Database Security: What Students Need to Know
By: Meg Coffin Murray, Kennesaw State University, Kennesaw, GA, USA
I have discussed with my supervisor Dr.Ariza last week.. Already got a more appropriate term for my working title.. and currently my working title is "Corrective Action for Unauthorized Committed Database Transaction" but it is still a temporary title since there are still a lot of things to read..
Got a journal on the database security and it tells a lot of what students need to know about it. It covers six areas which are:
- Access control
- Row level security
- Application security as portrayed in a security matrix
- SQL injections
- Database inference
- Database auditing
The interactive software modules developed to support the study of database security concepts is freely available at Animated Database Courseware. Please visit it :)
Source: Journal of Information technology Education: Innovations in Practice
Title: Database Security: What Students Need to Know
By: Meg Coffin Murray, Kennesaw State University, Kennesaw, GA, USA
Also got a new knowledge on the type of user threat for the database.
- Authorized user
- Legitimate user
- Illegitimate user
- Unauthorized user
- Not granted user
- Phantom
- Hacker
- Intruder
Thursday 13 October 2011
First Post
Assalamualaikum.. this is my first post..
Currently still thinking the suitable terms to be used in my project..
Currently still thinking the suitable terms to be used in my project..
Subscribe to:
Posts (Atom)