🏠 Back to Exam Syllabus πŸ“Ί RooCloud on YouTube 🌐 RooCloud Practice Exams

CISSP 20.2 - Establishing Databases & Data Warehousing (Part 2 of 2)

This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series turns to the security threats and controls that live inside databases themselves, continuing Domain 8. It examines how databases defend the data they hold, so protection stays intact even when every individual query looks perfectly legitimate.

What this episode covers

Watch the full episode above for the worked examples and detailed explanations of each concept.

Frequently Asked Questions

How do you secure a database holding many classification levels?

A multilevel security database stores information at several classification levels and must check each user’s clearance before returning only what they are cleared to see. The central danger is database contamination, where data of different classifications gets mixed together improperly. Administrators often place a trusted front end between users and a weak system, and a database view, a stored query that presents data as if it were its own table, restricts what each user sees without handing over the raw tables.

How does concurrency protect data during simultaneous edits?

Concurrency, also called edit control, is a preventive mechanism that keeps stored data correct when multiple processes touch it at once. Without it, a lost update happens when two processes update unaware of each other, and a dirty read happens when one process reads from a transaction that never committed. Concurrency solves this with a lock that lets one user change data while blocking others, then an unlock once done, and paired with auditing it can become a detection control.

What are aggregation and inference attacks?

An aggregation attack gathers many low-value facts and combines them into something of higher sensitivity, as when a clerk uses aggregate functions to count troops from routine transfers. An inference attack relies on human deduction instead, combining nonsensitive pieces to conclude something classified, such as deducing one salary from a daily total and hire dates. Defenses include tight permissions, blurring data, and partitioning the database.

How do you defend against aggregation and inference structurally?

Several architectural defenses help. Database partitioning splits one database into parts with distinct security levels so no single view exposes too much. Polyinstantiation lets two rows share the same apparent primary key while holding different data for different clearance levels, such as a decoy ship record hiding a classified location. Noise and perturbation inserts false or misleading data to thwart confidentiality attacks, applied carefully so it never corrupts real operations.

What do non-relational databases change?

As data grows and stops fitting neatly into tables, many organizations turn to non-relational databases that use models other than the relational one. A key-value store pairs a unique key with a data value, ideal for high speed and very large datasets. A graph database stores data as nodes and connecting edges, perfect for networks. A document store keeps richer, structured documents indexed by keys. Because their security models differ sharply, learn the features of whatever you use.

πŸ“š Master the ISC2 CISSP Exam!

Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.


Reference: This article is based on concepts discussed in CISSP 20.2 - Establishing Databases & Data Warehousing (Part 2 of 2).