This is the third of our multi-part series on applying information security approaches to data modeling. The series uses a simple data model, something to manage social clubs and interest groups, to provide the content we look to secure. Later we will address modeling for authorization and user management, as well as other parts of a secure database implementation.In social situations, it’s common to “read between the lines” – deducing the unspoken assumptions and assertions in a conversation. The same occurs in creating software and storing data in a database. Invoices are enumerated with the customer ID embedded, and how many data entities use a date-time as part of the key? It’s hard to imagine thoroughly documenting or structuring everything without some type of omission. But in our last instalment, we went through exactly that exercise. We were able to ascribe sensitivity to several parts of our social club database. But to quantify and manage that sensitivity, we must augment the structure of our data model in order to make the sensitive data and its relationships clear.
Early in the movie “The Fellowship of the Ring”, the wizard Gandalf asks the hero Frodo this question:“Is it secret? Is it safe?”We may not have a magic ring to protect, but we’re asking the same question. But we’re talking about information.This is the second in a multi-part series on how to apply information security principles and techniques as part of data modeling. This series uses a simple data model designed to manage non-commercial clubs as an example of security approaches. In later articles, we will address modeling for fine-grained access controls, auditing, authentication, and other key aspects of secure database implementation.
In my second article about an online forum, I mentioned that there might be several more advanced features to be added:Forumcategoriesand sub-categories where each category has a subject, several moderators and additional information like creation date of the category.Apostmight have asubjectin addition to the content.We might want to allow users tovote upandvote downon threads and posts.To be able to grasp the model more easily, we have prepared an example of such a forum with categories, threads, posts, etc. We hope that this makes it easier to understand things:
Database design is the process of producing a detailedmodelof a database. The start of data modelling is to grasp the business area and functionality being developed.Before Modeling: Talk to the Business PeopleThis is a key principle in information technology. We must remember that we provide a service and mustdeliver value to the business. In data modeling that means solving a business problem from the data-side such that the required data is available in a responsive and secure way.
In my first article about an online forum, I mentioned that there might be several more advanced features to add:Moreformal details about the userinstead of a single “name” field. You may want the user’s first name, last name and username or nickname. A nice forum would also allow users to have a profile picture, email, roles, status (to allow users to be blocked), and other information like when they last visited the forum.
In this final article in a four-part series, I complete the design for an online survey database to provide flexibility for multiple surveys, question re-use, multiple choice answers, ordering of questions, conditional jumps in the survey based on responses, and control over the users’ access to surveys via groups of survey owners.IntroductionIn the conclusion to Part 3 of this series of articles, I mentioned that I would be adding more advanced features in this article. Those advanced features are:
Welcome! This is my first blog entry. I would like to invite you to explore the world of Scrum and databases. I’m a professional Scrum master. During my work, I’ve frequently encountered difficulties when collaborating with others to model a database. I would like to present crucial elements of applying Scrum. I will prove that Scrum is a perfect solution for plenty of teams.A Long Time Ago, in a Galaxy Far Far Away – Waterfall
When writing a blog post on database modeling, you must be prepared that your abstract model doesn’t meet the needs of most readers. The reason is simple. Real-life database models are usually created in close relation to specific business and development requirements while the blog models are not.For the last few weeks, I have been writing blog posts about creating database models. Topics ranged from a general approach to database modeling
Database design is the process of producing a detailedmodelof a database. This model contains the necessary logical (table names, column names) and physical (column datatypes, foreign keys) choices to translate the design into a data definition language (aka SQL), which can be used to create the actual physical database.When I need to create the design for a new database, in other words, thedata layerfor an application, I follow a fewmentalsteps that I think can help others when they need to go through the same process. And, to be honest, for me, I progress through the first steps mentally without actually working on the technical details – and sometimes at a more subconscious level.
An online discussion forum is a site wherepeoplecan holdconversationsin the form of postedmessages. Discussion forums allow conversations to take place when people are not on-line, and messages may be temporarily archived. Also, depending on the forum set-up, a message might need to be approved by a moderator before it becomes visible to other users. Forums have a specific set of terms, for example, a single conversation is generally referred to as a “thread”. Threads can be replied to by as many people as would like to. Most forums require users to register and subsequently log in to post messages. However, on most forums, users do not have to log in to read existing messages.
So you want to create your first database model but you don’t know how to start? Read on!I assume you already know a little about tables, columns, and relationships. If you don’t, watch our video tutorials before you continue.Start With a System DescriptionYou should always start creating a database model with a description of a system. In a classroom situation, a system description is given to you by a teacher. In real life, preparing a description is a