| π Back to Exam Syllabus | πΊ RooCloud on YouTube | π RooCloud Practice Exams |
Database Management
This episode of the ISACA Certified Information Systems Auditor (CISA) exam prep series covers database management. It explains what a database management system does, how it is structured through its schemas and data dictionary, surveys the four classic database models including the dominant relational model and the growing NoSQL family, and describes the controls and auditor review areas that determine whether organisational data can be trusted.
What this episode covers
- DBMS role and structure β how it reduces duplication, cuts access time, and provides security, built on three schemas and a data dictionary.
- Data dictionary types β active dictionaries that enforce rules automatically versus passive dictionaries used as reference only.
- Granular access control β controlling access between users, programs, transactions, and individual data fields.
- Four classic database models β hierarchical, network, relational, and object-oriented, with their respective strengths and limitations.
- Relational model and normalization β tables, primary keys, joins, normalization rules, and referential integrity.
- NoSQL and modern databases β key-value stores, column-oriented, graph, document, time-series, and spatial stores, plus sharding and dynamic schemas.
- Database controls and auditor checklist β definition standards, access controls, concurrency, checkpoints, performance monitoring, and the fields an IS auditor reviews.
Watch the full episode above for the worked examples and detailed explanations of each concept.
Frequently Asked Questions
What does a database management system do and how is it structured?
A database management system organises, controls, and provides access to the data that applications need, reducing duplication, cutting access time, and providing basic security over sensitive information. Underneath, it rests on metadata described by three schemas: the conceptual schema, which is the overall logical view; the external schema, which is each userβs tailored view; and the internal schema, which is how data physically sits on disk. A data dictionary and directory system manages that metadata, indexing and describing every item, blocking unauthorised changes, and answering queries about data definitions.
What makes the relational database model so widely used?
The relational model organises data into simple tables of rows and columns, where each row carries its own unique identity and column values are all of the same type. Relationships between tables are defined only at retrieval time using joins that match key values, making the model dynamic and independent of physical storage, which makes it far easier to understand, modify, and secure. Most enterprise systems run on relational databases, and the model dominates because of its flexibility and the ability to query data using a high-level query language.
How does normalization keep relational data clean?
Normalization applies rules that store the minimum data needed to answer queries without redundancy. Each attribute holds just one value for a given record, every record has a primary key that uniquely identifies it, and the other attributes depend fully on that key. Referential integrity then requires that any foreign key must either be empty or point to a real row in another table, forbidding links to records that do not exist.
What should an auditor review when examining a database?
An auditor should check the logical schema to confirm entities and relationships are properly defined, and the physical schema to confirm storage and indexes match requirements. Security controls including roles, passwords, and encryption should be examined, and it should be confirmed that production data copies are authorised and masked when sensitive. Backup and disaster recovery procedures should be reviewed for availability, interfaces with other programs should be checked for integrity during import and export, and the auditor should confirm the database has an identified owner and a valid licence.
π Master the ISACA CISA Exam!
Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISACA CISA certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.
Reference: This article is based on concepts discussed in Database Management.