CHAPTER II

REVIEW OF RELATED STUDIES

2.1.1 Transaction Processing System (TPS)

The main information systems used for operational support in a business are transaction
processing systems. This type of system processes data about transactions, which are events that
have occurred that affect the business, such as the sale or purchase of goods.
A transaction processing system has 3 main purposes: keep records about the state of an
organization, process transactions that affect these records, and produce outputs that report on
transactions that have occurred. For example, an inventory control system tracks records about
inventory, processes sales and purchases of inventory, and produces reports about the amount and
value of items on hand, on order, etc.
Transaction processing systems exist in all areas of an organization, and in all types of
organizations. TPSs can be used by employees (order entry) or customers (bank ATMs). They can
use various types of hardware, software, and networks. TPSs use stored data in both files and
databases, and many types of programs.
2.1.2 Database Management System
A DBMS Database Management System is a commercial software program used to control,
manipulate and maintain the Database by enabling users to access, store, organize, modify,
retrieve, secure and provide integrity of data in a database.
A DBMS accepts request from users or applications and instructs the operating system to
transfer the appropriate data.

2.1.2.1 Database
A database, often abbreviated as DB, is a collection of information organized in such a way
that a computer program can quickly select desired pieces of data.

Records Management
Storage of records has always been a fundamental objective of information systems.
However, in the past decade managing sensitive information throughout its lifecycle, from creation
to destruction (or archival), has become of significant importance. The increasing awareness of the
impact of technology on privacy has added momentum to the need to have better enforcement of
records retention policies. Organizations today not only have to comply with regulations, but also
have to maintain a balance between operational record keeping requirements, minimizing liability
of storing private information, and customer privacy preferences. This work will not attempt to
define the term “record” in the broad context. Instead the term will be treated in all its generality
and then applied to the world of relational databases. Without attempting to differentiate terms
such as data, knowledge, information and record, it is recommended that the reader maintain a
simple but consistent definition of a record throughout this thesis.

Make Your Database More Secure

Many companies aren't able to protect mission-critical data because they simply don't
understand how all the moving parts of their database environments work. For controls to work,
IT must have a clear understanding of where the important data is, who's using it, and how it's
being used.
"You have one data store, but you might have many applications hooked into it. You
might not know who it is that's using the systems if you've given out a lot of privileges," says Mel
Shakir, CTO of Nitro Security, a database activity monitoring (DAM) and security information
and event monitoring company recently purchased by McAfee. "And you might not even know
where the critical data is if it's been copied off the system and moved to, say, test databases
somewhere else." Valuable steps include scanning for unsanctioned, rogue databases that might
have been set up on the fly by other departments, documenting privilege schemas, and classifying
a company's database assets by risk according to the type of data they hold. That can help get more
out of database security investments. Once IT teams know where all your databases are, they can
make sure they're securely configured and patched, and use vulnerability assessment to decide
what level of protection they need. For example, they can decide if they warrant constant oversight
through activity-monitoring software to track what users are doing in these data stores at all times.

Data Security

A computer security risk is any event or action that could cause loss of or damage to
computer hardware, software, data, information, or processing capability. Some breaches to
computer security are accidental, others are planned intrusions. Some intruders do no damage; they
merely access data, information or programs on the computer before logging off. Other intruders
indicate some evidence of their presence either by leaving a message or by deliberately altering or
damaging data. Computer systems are vulnerable to many threats which can inflict various types
of damage resulting in significant losses. Damage can range from minor errors which sap database
integrity to fires which destroy entire computer centers. Losses can stem from the actions of
supposedly trusted employees defrauding the system to outside hackers roaming freely through
the Internet. The exact amount of computer-related losses is unknowable; many losses are never
discovered and others are covered up to avoid unfavorable publicity.
Common Threats:
A wide variety of threats face today's computer systems and the information they process.
In order to control the risks of operating an information system, managers and users must know
the vulnerabilities of the system and the threats which may exploit them. Knowledge of the threat
environment allows the system manager to implement the most cost-effective security measures.
In some cases, managers may find it most cost-effective to simply tolerate the expected losses.