bi, dwh and information security

8/7/2019 BI, DWH and Information Security

1/46

2/7/2011 BI, Data Warehousing and Information Security

BUSINESS INTELLIGENCEAND

DATA WAREHOUSING


2/46


General TermsDatabase Management System (DBMS) A set of computer programs that controls the creation,

maintenance, and the use of a database.

Relational Database Management System (RDBMS)

A database management system (DBMS) that is based on therelational model.

Online Transaction Processing (OLTP) refers to a class of systems that facilitate and manage

transaction-oriented applications, typically for data entry andretrieval transaction processing.

Online Analytical Processing (OLAP) An approach to swiftly answer multi-dimensional analytical

queries.


3/46


OLTP systems OLAP systems

Hold current data

Stores detailed data

Data is dynamic

Repetitive processing

High level of transaction throughput

Predictable pattern of usage

Transaction-driven

Application-orented

Supports day-to-day decisions

Serves large number of clerical/operation

users

Holds historical data

Stores detailed and summarized data

Data is largely static

Ad hoc, unstructured, and heuristic processing

Medium to low level of transaction throughput

Unpredictable pattern of usage

Analysis driven

Subject-oriented

supports strategic decisions

Serves relatively how number of managerial users


4/46


BUSINESS INTELLIGENCE

Business Intelligence, or BI, refers to the

process by which business and companies

gather data, analyze it, and re-apply it inorder to make the best possible business

and financial model possible for their

particular instance.


5/46


History1958, IBM researcher Hans Peter Luhn used theterm business intelligence.Intelligence

The ability to apprehend the interrelationships of presented facts in such a way as to guide actiontowards a desired goal."

1989, Howard Dresner (later a Gartner Groupanalyst) proposed "business intelligence" as aterm to describe "concepts and methods to improve business decision

making by using fact-based support systems."


6/46


TodayBusiness intelligence (BI) is a broad category of applications and technologies for gathering,storing, analyzing, and providing access to data to

help enterprise users make better businessdecisions.

BI applications include the activities of decision

support systems, query and reporting, onlineanalytical processing (OLAP), statistical analysis,forecasting, and data mining.


7/46


TomorrowReal Time Business Intelligence: Predict the trends of the customer base even as they shift, faster

and faster every day. Business intelligence itself is shifting as a process and an ideology

to conform to the faster, more demanding rigors of the modern andfuture economy.

Business Intelligence 2.0: This new sort of business intelligencewouldnt just gather and analyze data, but would also do it in realtime.

Would be able to see a shift in profits or customer dynamics as ithappened.

Technological automated systems would be built in place toinstantly move to remedy the problems that did arise.


8/46


Without BIMultiple versions of the truthMisaligned action across theorganizationInability to perform in-depth analysisNot knowing where to concentrateeffortsInability to measure performanceUnable to locate important information


9/46


With BI

Single point of truth - avoiding Guesswork

Historical register of virtually all transactions and important

operational events that occur in the life of an organization.

Know about Customers - improve customers' experience

Know about Competitors/ Market - be better informed about

actions that a company's competitors are taking.

Sharing of information - share selected strategic information

with business partners.


10/46


Business Intelligenceexamples

A Hotel Franchise uses BI analytical applications compile statistics on average occupancy and

average room rate

to determine revenue generated per room. gathers statistics on market share data from customer surveys from each hotel to

determine its competitive position in variousmarkets.

trends can be analyzed year by year, month bymonth and day by day, giving the corporation apicture of how each individual hotel is faring.


11/46



A Bank bridges a legacy database with departmental databases, Provides branch managers and other users access to BI

applications to determinethe most profitable customers arewhich customers they should try to cross-sell new products to.

The use of these tools frees information technology staff from the task of generating analytical reports for thedepartments and it gives department personnel

autonomous access to a richer data source.


12/46



A Telecommunications Company Maintains a multiterabyte decision-support

data warehouse

Uses business intelligence tools andutilities Let users access the data they need The tools set boundaries around the data

that users can access Gathers statistics on market share


13/46


Data WarehouseA Data Warehouse Is A Structured Repository of Historic Data.It Is Developed in an Evolutionary Process By Integrating DataFrom Non-integrated Legacy Systems.

It Is Usually:Subject Oriented

Data that gives information about a particular subject instead of about acompany's ongoing operations.Integrated

Data that is gathered into the data warehouse from a variety of sources andmerged into a coherent whole.

Time VariantAll data in the data warehouse is identified with a particular time period.

Non-volatileData is stable in a data warehouse. More data is added but data is never removed. This enables management to gain a consistent picture of thebusiness.


14/46


A data warehouse is a repository of an organization'sdata, where the informational assets of theorganization are stored and managed, to supportvarious activities such as reporting, analysis, decisionmaking as well as other activities such as support for optimization of organizational operational processes.

It is:

In Simple words: A d ata warehouse is a system that extracts, cleans,

conforms, an d d elivers source d ata into a d imensional d ata store an d then supports an d implementsquerying an d analysis for the purpose of d ecisionmaking.


15/46


BI Model


16/46


DATA WAREHOUSE


17/46


DW COMPONENTS1. Operational Source SystemsTo capture business transactions

2. Data Staging AreaIs both a storage area and set of ETL processes

Does not provide any query andpresentation services

3. Presentation Area Accessed through reporting tools


18/46


DIMENSIONAL MODELINGdesign technique for databases intendedto support end-user queries in a datawarehouse.Oriented around understandability andperformance.Uses the concepts of facts (measures),and dimensions (context).


19/46


Dimension Tables

Contain attributes related to business entities Customers, vendors, employees Products, materials, even invoices (attributes!) Dates and sometimes time (hours, mins, etc.)

Often employ surrogate keys Defined within the dimensional model Not the same as source system primary, alternate, or

business keys

Highly de-normalized to reduce joinsNot uncommon to have many, many columns


20/46


Fact Tables

Contain numbers and other business metrics Define the basic measures users want to analyze Numbers are then aggregated according to related

dimensionsFact tables contain dimension keys Defines relationship between measures and

dimensions using surrogate keys

Highly normalized structureTypically narrow tables, but often very large


21/46


Extract, transform, and load (ETL) is aprocess in data warehousing that involvesextracting data from outside sources,transforming it to fit business needs, andultimatelyloading it into the data warehouse.Cleaning the data to have perfect,accurate and correct data.

ETL is important, as it is the way dataactually gets loaded into the warehouse.

ETL


22/46


GOALSTo make an organizations information easilyaccessibleTo maintain consistency and stability in

organizations informationTo provide a foundation for improved decisionmaking


23/46


DATA QUALITYDefining Data Quality

Correct- The values and descriptions in data describe their associated objects truthfully and faithfully.Unambiguous- The values and descriptions in data can be taken tohave only one meaning.Consistent- The values and descriptions in data use one constantnotational convention to convey their meaning.Complete- There are two aspects of completeness. The first is ensuring that the individual values and descriptions in

data are defined (not null) for each instance. The second aspect makes sure that the aggregate number of

records is complete or makes sure that you didnt somehow loserecords altogether somewhere in your information flow.


24/46


DATA QUALITY PRIORITIESBe ThoroughThe data-cleaning subsystem is under tremendous pressure to bethorough in its detection, correction, and documentation of thequality of the information it publishes to the business community.Be Fast The whole ETL pipeline is under tremendous pressure to processever growing volumes of data in ever-shrinking windows of time.Be CorrectiveCorrecting data-quality problems at or as close to the source aspossible is, of course, the only strategically defensible way toimprove the information assets of the organizationand therebyreduce the high costs and lost opportunity of poor data quality.Be Transparent The data warehouse must expose defects and draw attention tosystems and business practices that hurt the data quality of theorganization.


25/46


BENEFITS OF BI / DWHOrganizations are able to increase revenue and lower operatingcosts.

Respond faster to new opportunities and changing demands.

Acquire insight into customers buying patterns to increaseprofitability.Reduce costs by minimizing the time required to collectrelevant business data.

Identify and target new customers and markets.

Optimize customer relationships and increase customer loyalty.

Respond quickly to shifts in market demands.


26/46


BI Industry ScenarioAccording to Gartner survey of 1,400 CIOs, business intelligence was ranked thetop technology priority surpassing security.

The BI and analytics market is currently valued at $8.5 Billion and is expected togrow to $13 Billion over the next five years

CFOs require 'business intelligence' systems that display accurate SKU ( Stock-keeping unit) or customer-level P&Ls, permitting reliable channel and store

comparisons over time. Improved forecasts are vital, too!

Gaining market share, keeping customers and controlling costs remain keyobjectives. Mid-market executives and big corporate department heads rush to costeffectively meet these complex needs. How? Through improved use of their existing database systems.

Data warehousing and analytical skills are combined with an understanding of industry issues, as we refine and implement your vision.


27/46


Questions ?


28/46


Information Security

A quick Introduction


29/46


What is Information Security

Information security means protectinginformation and information systems fromunauthorized access, use, disclosure,disruption, modification, perusal,inspection, recording or destruction.


30/46


What is Information Security

Information Security Includes

Risk management, information security policies,

procedures.Standards, guidelines, baselines, informationclassification, security organization & securityeducation.

The objective of Information security program istoprotect the company and its assets.


31/46


Information Where is it?Paper Notes Telephone Conversations

Media (CDs, Floppies, USB Drives etc)Human Mind

Documents and spreadsheets

Printouts and Faxes


32/46


External Security Threats

V irus Attacks

Hacking & IntrusionSpoofing

Sniffing Data in Transit

Social Engineering

Information Security Threats


33/46


Internal Security Threats

People with Malicious Intent

Attempts to gain unauthorized access tosystems

Misuse of equipment and Services

Unauthorized use of Privileges

Data transmission to External PartiesFraud, embezzlement and Theft



34/46


Physical Security Threats

Natural Calamities like Fire, Flood andEarthquake

Breakdown of Communication Lines

Improper Handling of Information

Theft of Workstations, peripherals andMobile Devices

Unattended User EquipmentImproper Disposal of Media and Equipment

Terror attacks



35/46


Integrity

Information Security Triad

Protection of informationassets from unauthorizeddisclosure

Protection of information assets from unauthorized modification

Ensure information assetsare available as and whenrequired

Information Security Triad


36/46


Where to begin ?A risk analysis identifies assets & discovers the

threats that put them at risk.Estimates the possible damage and potential lossacompany could endure if any of these threatsbecomes real.The results of the risk analysis help managementconstruct a budget and develop applicablesecurity policies and put controls in place.

Security education takes this information to eachand every employee, so everyone is properlyinformed work toward the same security goals.


37/46


To mitigate risk we implement one or more

of three different types of controls


38/46


Process Level

Information Security Policy, Access ControlPolicy, Incident Management, Clear Desk and

Clear Screen Policy

Technical Solutions

Firewall Perimeters, Intrusion DetectionSystems, Anti-Virus Software and AccessControl through Domain Controllers

Prevent

Detect

Correct

Security Controls


39/46


Personnel Security

Background Checks, Periodical Security Awareness and Physical Security Program

Implementation

Security Compliance

Internal and Third Party External Security Audits

Security Controls

Prevent

Detect

Correct


40/46


What is a Security Incident?Any action or event which is not in Compliance to theOrg. Security Policies, Standards, Guidelines andProcedures.

ExamplesUnauthorized use of a User ID or accountPassword compromiseTheft of laptopFraud, embezzlement or theft

Loss of company, client or personal informationUnauthorized disclosure, amendment or corruption of

informationWeb site defacement

Security Incident Management Process


41/46


What is BC and DR?

Business Continuity: The ability of anorganization to provide service and support for its customers and to maintain its viability before,during, and after a business continuity event.

Disaster Recovery: Activities and programsdesigned to return the entity to an acceptablecondition. The ability to respond to an

interruption in services by implementing adisaster recovery plan to restore anorganization's critical business functions.


42/46


Need for Business Continuity PlanningContractual &Contractual &

Legal obligationsLegal obligations

Market ShareMarket Share

CustomerCustomerServiceService

SalesSales

RegulatoryRegulatoryRequirementsRequirements

COMPLIANCE

Brand Image &Brand Image &ReputationReputation

Cash flow andCash flow andFinancial PerformanceFinancial Performance

LiabilityLiabilityExposureExposure

Employees HealthEmployees Health& Safety& Safety


43/46


Standards and Regulations

ISO 17799ISO 14000ISO 15000

AS/ NZS 4360NFPA 1600SAS 70PAS-56TR19SS507

Sarbanes and Oxley Act

Basel II AccordMASHKMABNMFFIEC

ISO 25999Data Protection ActHIPAA


44/46


Basic Concepts of BC-DR

The 5 Rs cycle Response Resume Recover Restore Return

Recovery Time Objective (RTO)

Recovery Point Objective (RPO)


45/46


Questions ?


46/46


Thanks