bi, dwh and information security
TRANSCRIPT
-
8/7/2019 BI, DWH and Information Security
1/46
2/7/2011 BI, Data Warehousing and Information Security
BUSINESS INTELLIGENCEAND
DATA WAREHOUSING
-
8/7/2019 BI, DWH and Information Security
2/46
2/7/2011 BI, Data Warehousing and Information Security
General TermsDatabase Management System (DBMS) A set of computer programs that controls the creation,
maintenance, and the use of a database.
Relational Database Management System (RDBMS)
A database management system (DBMS) that is based on therelational model.
Online Transaction Processing (OLTP) refers to a class of systems that facilitate and manage
transaction-oriented applications, typically for data entry andretrieval transaction processing.
Online Analytical Processing (OLAP) An approach to swiftly answer multi-dimensional analytical
queries.
-
8/7/2019 BI, DWH and Information Security
3/46
2/7/2011 BI, Data Warehousing and Information Security
OLTP systems OLAP systems
Hold current data
Stores detailed data
Data is dynamic
Repetitive processing
High level of transaction throughput
Predictable pattern of usage
Transaction-driven
Application-orented
Supports day-to-day decisions
Serves large number of clerical/operation
users
Holds historical data
Stores detailed and summarized data
Data is largely static
Ad hoc, unstructured, and heuristic processing
Medium to low level of transaction throughput
Unpredictable pattern of usage
Analysis driven
Subject-oriented
supports strategic decisions
Serves relatively how number of managerial users
-
8/7/2019 BI, DWH and Information Security
4/46
2/7/2011 BI, Data Warehousing and Information Security
BUSINESS INTELLIGENCE
Business Intelligence, or BI, refers to the
process by which business and companies
gather data, analyze it, and re-apply it inorder to make the best possible business
and financial model possible for their
particular instance.
-
8/7/2019 BI, DWH and Information Security
5/46
2/7/2011 BI, Data Warehousing and Information Security
History1958, IBM researcher Hans Peter Luhn used theterm business intelligence.Intelligence
The ability to apprehend the interrelationships of presented facts in such a way as to guide actiontowards a desired goal."
1989, Howard Dresner (later a Gartner Groupanalyst) proposed "business intelligence" as aterm to describe "concepts and methods to improve business decision
making by using fact-based support systems."
-
8/7/2019 BI, DWH and Information Security
6/46
2/7/2011 BI, Data Warehousing and Information Security
TodayBusiness intelligence (BI) is a broad category of applications and technologies for gathering,storing, analyzing, and providing access to data to
help enterprise users make better businessdecisions.
BI applications include the activities of decision
support systems, query and reporting, onlineanalytical processing (OLAP), statistical analysis,forecasting, and data mining.
-
8/7/2019 BI, DWH and Information Security
7/46
2/7/2011 BI, Data Warehousing and Information Security
TomorrowReal Time Business Intelligence: Predict the trends of the customer base even as they shift, faster
and faster every day. Business intelligence itself is shifting as a process and an ideology
to conform to the faster, more demanding rigors of the modern andfuture economy.
Business Intelligence 2.0: This new sort of business intelligencewouldnt just gather and analyze data, but would also do it in realtime.
Would be able to see a shift in profits or customer dynamics as ithappened.
Technological automated systems would be built in place toinstantly move to remedy the problems that did arise.
-
8/7/2019 BI, DWH and Information Security
8/46
2/7/2011 BI, Data Warehousing and Information Security
Without BIMultiple versions of the truthMisaligned action across theorganizationInability to perform in-depth analysisNot knowing where to concentrateeffortsInability to measure performanceUnable to locate important information
-
8/7/2019 BI, DWH and Information Security
9/46
2/7/2011 BI, Data Warehousing and Information Security
With BI
Single point of truth - avoiding Guesswork
Historical register of virtually all transactions and important
operational events that occur in the life of an organization.
Know about Customers - improve customers' experience
Know about Competitors/ Market - be better informed about
actions that a company's competitors are taking.
Sharing of information - share selected strategic information
with business partners.
-
8/7/2019 BI, DWH and Information Security
10/46
2/7/2011 BI, Data Warehousing and Information Security
Business Intelligenceexamples
A Hotel Franchise uses BI analytical applications compile statistics on average occupancy and
average room rate
to determine revenue generated per room. gathers statistics on market share data from customer surveys from each hotel to
determine its competitive position in variousmarkets.
trends can be analyzed year by year, month bymonth and day by day, giving the corporation apicture of how each individual hotel is faring.
-
8/7/2019 BI, DWH and Information Security
11/46
2/7/2011 BI, Data Warehousing and Information Security
Business Intelligenceexamples
A Bank bridges a legacy database with departmental databases, Provides branch managers and other users access to BI
applications to determinethe most profitable customers arewhich customers they should try to cross-sell new products to.
The use of these tools frees information technology staff from the task of generating analytical reports for thedepartments and it gives department personnel
autonomous access to a richer data source.
-
8/7/2019 BI, DWH and Information Security
12/46
2/7/2011 BI, Data Warehousing and Information Security
Business Intelligenceexamples
A Telecommunications Company Maintains a multiterabyte decision-support
data warehouse
Uses business intelligence tools andutilities Let users access the data they need The tools set boundaries around the data
that users can access Gathers statistics on market share
-
8/7/2019 BI, DWH and Information Security
13/46
2/7/2011 BI, Data Warehousing and Information Security
Data WarehouseA Data Warehouse Is A Structured Repository of Historic Data.It Is Developed in an Evolutionary Process By Integrating DataFrom Non-integrated Legacy Systems.
It Is Usually:Subject Oriented
Data that gives information about a particular subject instead of about acompany's ongoing operations.Integrated
Data that is gathered into the data warehouse from a variety of sources andmerged into a coherent whole.
Time VariantAll data in the data warehouse is identified with a particular time period.
Non-volatileData is stable in a data warehouse. More data is added but data is never removed. This enables management to gain a consistent picture of thebusiness.
-
8/7/2019 BI, DWH and Information Security
14/46
2/7/2011 BI, Data Warehousing and Information Security
A data warehouse is a repository of an organization'sdata, where the informational assets of theorganization are stored and managed, to supportvarious activities such as reporting, analysis, decisionmaking as well as other activities such as support for optimization of organizational operational processes.
It is:
In Simple words: A d ata warehouse is a system that extracts, cleans,
conforms, an d d elivers source d ata into a d imensional d ata store an d then supports an d implementsquerying an d analysis for the purpose of d ecisionmaking.
-
8/7/2019 BI, DWH and Information Security
15/46
2/7/2011 BI, Data Warehousing and Information Security
BI Model
-
8/7/2019 BI, DWH and Information Security
16/46
2/7/2011 BI, Data Warehousing and Information Security
DATA WAREHOUSE
-
8/7/2019 BI, DWH and Information Security
17/46
2/7/2011 BI, Data Warehousing and Information Security
DW COMPONENTS1. Operational Source SystemsTo capture business transactions
2. Data Staging AreaIs both a storage area and set of ETL processes
Does not provide any query andpresentation services
3. Presentation Area Accessed through reporting tools
-
8/7/2019 BI, DWH and Information Security
18/46
2/7/2011 BI, Data Warehousing and Information Security
DIMENSIONAL MODELINGdesign technique for databases intendedto support end-user queries in a datawarehouse.Oriented around understandability andperformance.Uses the concepts of facts (measures),and dimensions (context).
-
8/7/2019 BI, DWH and Information Security
19/46
2/7/2011 BI, Data Warehousing and Information Security
Dimension Tables
Contain attributes related to business entities Customers, vendors, employees Products, materials, even invoices (attributes!) Dates and sometimes time (hours, mins, etc.)
Often employ surrogate keys Defined within the dimensional model Not the same as source system primary, alternate, or
business keys
Highly de-normalized to reduce joinsNot uncommon to have many, many columns
-
8/7/2019 BI, DWH and Information Security
20/46
2/7/2011 BI, Data Warehousing and Information Security
Fact Tables
Contain numbers and other business metrics Define the basic measures users want to analyze Numbers are then aggregated according to related
dimensionsFact tables contain dimension keys Defines relationship between measures and
dimensions using surrogate keys
Highly normalized structureTypically narrow tables, but often very large
-
8/7/2019 BI, DWH and Information Security
21/46
2/7/2011 BI, Data Warehousing and Information Security
Extract, transform, and load (ETL) is aprocess in data warehousing that involvesextracting data from outside sources,transforming it to fit business needs, andultimatelyloading it into the data warehouse.Cleaning the data to have perfect,accurate and correct data.
ETL is important, as it is the way dataactually gets loaded into the warehouse.
ETL
-
8/7/2019 BI, DWH and Information Security
22/46
2/7/2011 BI, Data Warehousing and Information Security
GOALSTo make an organizations information easilyaccessibleTo maintain consistency and stability in
organizations informationTo provide a foundation for improved decisionmaking
-
8/7/2019 BI, DWH and Information Security
23/46
2/7/2011 BI, Data Warehousing and Information Security
DATA QUALITYDefining Data Quality
Correct- The values and descriptions in data describe their associated objects truthfully and faithfully.Unambiguous- The values and descriptions in data can be taken tohave only one meaning.Consistent- The values and descriptions in data use one constantnotational convention to convey their meaning.Complete- There are two aspects of completeness. The first is ensuring that the individual values and descriptions in
data are defined (not null) for each instance. The second aspect makes sure that the aggregate number of
records is complete or makes sure that you didnt somehow loserecords altogether somewhere in your information flow.
-
8/7/2019 BI, DWH and Information Security
24/46
2/7/2011 BI, Data Warehousing and Information Security
DATA QUALITY PRIORITIESBe ThoroughThe data-cleaning subsystem is under tremendous pressure to bethorough in its detection, correction, and documentation of thequality of the information it publishes to the business community.Be Fast The whole ETL pipeline is under tremendous pressure to processever growing volumes of data in ever-shrinking windows of time.Be CorrectiveCorrecting data-quality problems at or as close to the source aspossible is, of course, the only strategically defensible way toimprove the information assets of the organizationand therebyreduce the high costs and lost opportunity of poor data quality.Be Transparent The data warehouse must expose defects and draw attention tosystems and business practices that hurt the data quality of theorganization.
-
8/7/2019 BI, DWH and Information Security
25/46
2/7/2011 BI, Data Warehousing and Information Security
BENEFITS OF BI / DWHOrganizations are able to increase revenue and lower operatingcosts.
Respond faster to new opportunities and changing demands.
Acquire insight into customers buying patterns to increaseprofitability.Reduce costs by minimizing the time required to collectrelevant business data.
Identify and target new customers and markets.
Optimize customer relationships and increase customer loyalty.
Respond quickly to shifts in market demands.
-
8/7/2019 BI, DWH and Information Security
26/46
2/7/2011 BI, Data Warehousing and Information Security
BI Industry ScenarioAccording to Gartner survey of 1,400 CIOs, business intelligence was ranked thetop technology priority surpassing security.
The BI and analytics market is currently valued at $8.5 Billion and is expected togrow to $13 Billion over the next five years
CFOs require 'business intelligence' systems that display accurate SKU ( Stock-keeping unit) or customer-level P&Ls, permitting reliable channel and store
comparisons over time. Improved forecasts are vital, too!
Gaining market share, keeping customers and controlling costs remain keyobjectives. Mid-market executives and big corporate department heads rush to costeffectively meet these complex needs. How? Through improved use of their existing database systems.
Data warehousing and analytical skills are combined with an understanding of industry issues, as we refine and implement your vision.
-
8/7/2019 BI, DWH and Information Security
27/46
2/7/2011 BI, Data Warehousing and Information Security
Questions ?
-
8/7/2019 BI, DWH and Information Security
28/46
2/7/2011 BI, Data Warehousing and Information Security
Information Security
A quick Introduction
-
8/7/2019 BI, DWH and Information Security
29/46
2/7/2011 BI, Data Warehousing and Information Security
What is Information Security
Information security means protectinginformation and information systems fromunauthorized access, use, disclosure,disruption, modification, perusal,inspection, recording or destruction.
-
8/7/2019 BI, DWH and Information Security
30/46
2/7/2011 BI, Data Warehousing and Information Security
What is Information Security
Information Security Includes
Risk management, information security policies,
procedures.Standards, guidelines, baselines, informationclassification, security organization & securityeducation.
The objective of Information security program istoprotect the company and its assets.
-
8/7/2019 BI, DWH and Information Security
31/46
2/7/2011 BI, Data Warehousing and Information Security
Information Where is it?Paper Notes Telephone Conversations
Media (CDs, Floppies, USB Drives etc)Human Mind
Documents and spreadsheets
Printouts and Faxes
-
8/7/2019 BI, DWH and Information Security
32/46
2/7/2011 BI, Data Warehousing and Information Security
External Security Threats
V irus Attacks
Hacking & IntrusionSpoofing
Sniffing Data in Transit
Social Engineering
Information Security Threats
-
8/7/2019 BI, DWH and Information Security
33/46
2/7/2011 BI, Data Warehousing and Information Security
Internal Security Threats
People with Malicious Intent
Attempts to gain unauthorized access tosystems
Misuse of equipment and Services
Unauthorized use of Privileges
Data transmission to External PartiesFraud, embezzlement and Theft
Information Security Threats
-
8/7/2019 BI, DWH and Information Security
34/46
2/7/2011 BI, Data Warehousing and Information Security
Physical Security Threats
Natural Calamities like Fire, Flood andEarthquake
Breakdown of Communication Lines
Improper Handling of Information
Theft of Workstations, peripherals andMobile Devices
Unattended User EquipmentImproper Disposal of Media and Equipment
Terror attacks
Information Security Threats
-
8/7/2019 BI, DWH and Information Security
35/46
2/7/2011 BI, Data Warehousing and Information Security
Integrity
Information Security Triad
Protection of informationassets from unauthorizeddisclosure
Protection of information assets from unauthorized modification
Ensure information assetsare available as and whenrequired
Information Security Triad
-
8/7/2019 BI, DWH and Information Security
36/46
2/7/2011 BI, Data Warehousing and Information Security
Where to begin ?A risk analysis identifies assets & discovers the
threats that put them at risk.Estimates the possible damage and potential lossacompany could endure if any of these threatsbecomes real.The results of the risk analysis help managementconstruct a budget and develop applicablesecurity policies and put controls in place.
Security education takes this information to eachand every employee, so everyone is properlyinformed work toward the same security goals.
-
8/7/2019 BI, DWH and Information Security
37/46
2/7/2011 BI, Data Warehousing and Information Security
To mitigate risk we implement one or more
of three different types of controls
-
8/7/2019 BI, DWH and Information Security
38/46
2/7/2011 BI, Data Warehousing and Information Security
Process Level
Information Security Policy, Access ControlPolicy, Incident Management, Clear Desk and
Clear Screen Policy
Technical Solutions
Firewall Perimeters, Intrusion DetectionSystems, Anti-Virus Software and AccessControl through Domain Controllers
Prevent
Detect
Correct
Security Controls
-
8/7/2019 BI, DWH and Information Security
39/46
2/7/2011 BI, Data Warehousing and Information Security
Personnel Security
Background Checks, Periodical Security Awareness and Physical Security Program
Implementation
Security Compliance
Internal and Third Party External Security Audits
Security Controls
Prevent
Detect
Correct
-
8/7/2019 BI, DWH and Information Security
40/46
2/7/2011 BI, Data Warehousing and Information Security
What is a Security Incident?Any action or event which is not in Compliance to theOrg. Security Policies, Standards, Guidelines andProcedures.
ExamplesUnauthorized use of a User ID or accountPassword compromiseTheft of laptopFraud, embezzlement or theft
Loss of company, client or personal informationUnauthorized disclosure, amendment or corruption of
informationWeb site defacement
Security Incident Management Process
-
8/7/2019 BI, DWH and Information Security
41/46
2/7/2011 BI, Data Warehousing and Information Security
What is BC and DR?
Business Continuity: The ability of anorganization to provide service and support for its customers and to maintain its viability before,during, and after a business continuity event.
Disaster Recovery: Activities and programsdesigned to return the entity to an acceptablecondition. The ability to respond to an
interruption in services by implementing adisaster recovery plan to restore anorganization's critical business functions.
-
8/7/2019 BI, DWH and Information Security
42/46
2/7/2011 BI, Data Warehousing and Information Security
Need for Business Continuity PlanningContractual &Contractual &
Legal obligationsLegal obligations
Market ShareMarket Share
CustomerCustomerServiceService
SalesSales
RegulatoryRegulatoryRequirementsRequirements
COMPLIANCE
Brand Image &Brand Image &ReputationReputation
Cash flow andCash flow andFinancial PerformanceFinancial Performance
LiabilityLiabilityExposureExposure
Employees HealthEmployees Health& Safety& Safety
-
8/7/2019 BI, DWH and Information Security
43/46
2/7/2011 BI, Data Warehousing and Information Security
Standards and Regulations
ISO 17799ISO 14000ISO 15000
AS/ NZS 4360NFPA 1600SAS 70PAS-56TR19SS507
Sarbanes and Oxley Act
Basel II AccordMASHKMABNMFFIEC
ISO 25999Data Protection ActHIPAA
-
8/7/2019 BI, DWH and Information Security
44/46
2/7/2011 BI, Data Warehousing and Information Security
Basic Concepts of BC-DR
The 5 Rs cycle Response Resume Recover Restore Return
Recovery Time Objective (RTO)
Recovery Point Objective (RPO)
-
8/7/2019 BI, DWH and Information Security
45/46
2/7/2011 BI, Data Warehousing and Information Security
Questions ?
-
8/7/2019 BI, DWH and Information Security
46/46
2/7/2011 BI, Data Warehousing and Information Security
Thanks