Data Processing Paper 2, May/June 2015

Question 4

  1. Define:
  2. (i) Data security (ii)Data risk assessment        
  3.  (i)  Explain the term access control in database security
  4. (ii) List two access control methods in database security

  5. State three roles of a database administrator.

Observation

The expected answers were:

(a)  (i) Data security is the protection/safety of data from destruction, corruption or unauthorized access
(ii)    Data risk assessment is the process of determining/identifying the level of security of stored data
OR
Data risk assessment is the process of determining the safety of stored data
OR
The process of evaluating/measuring the potential risks of data

   (b) (i)  Access control is a mechanism put in place to allow users have different levels of access to the database.  OR
Access control is a process that allows users to have resources that they are authorised to use.          OR
Access control is a mechanism to control data that is accessible to given users                                                                                                                                            
(ii)

      • Username and Password
      • Role based Access control
      • Mandatory Access Control
      • Rule Based Access Control
      • Discretionary Access Control
      • Organisation Based Access Control
      • Responsibility Based Access Control
      • Identity Based Access Control
      • Authentication
      • Biometric verification/Facial Recognition/Voice Recognition/Eyes/Iris/Retina Recognition/Finger Print Recognition
      • Physical control/Use of Lock/Burglary Proof/Metal Protector
      • Personal Identification number (PIN)

                                                                                                         
(c)

  • Maintaining users
  • Backup database
  • Managing data security and privacy
  • Modifying/editing/updating the database structure
  • Managing data integrity
  • Monitoring and optimizing the performance of the database
  • Database recovery
  • Generation of reports/outputs
  • Installs, Configures and Create Database
  • Creating Users/ ID (Credentials)
  • Deleting Users
Candidate’s inability to differentiate between the definition of  a concept and the explanation of a concept was recorded. Candidates demonstrated poor knowledge of the roles of database administrator.