BI, DWH and Information Security

BUSINESS INTELLIGENCE
AND
DATA WAREHOUSING
12/08/21 BI, Data Warehousing and Information Security

General Terms
• Database Management System (DBMS)
– A set of computer programs that controls the creation,
maintenance, and the use of a database.
• Relational Database Management System (RDBMS)
– A database management system (DBMS) that is based on the
relational model.
• Online Transaction Processing (OLTP)
– refers to a class of systems that facilitate and manage
transaction-oriented applications, typically for data entry and
retrieval transaction processing.
• Online Analytical Processing (OLAP)
– An approach to swiftly answer multi-dimensional analytical
queries.

OLTP systems OLAP systems
• Hold current data • Holds historical data
• Stores detailed data • Stores detailed and summarized data
• Data is dynamic • Data is largely static
• Repetitive processing • Ad hoc, unstructured, and heuristic processing
• High level of transaction throughput • Medium to low level of transaction throughput
• Predictable pattern of usage • Unpredictable pattern of usage
• Transaction-driven • Analysis driven
• Application-orented • Subject-oriented
• Supports day-to-day decisions • supports strategic decisions
• Serves large number of clerical/operation • Serves relatively how number of managerial users
users

BUSINESS INTELLIGENCE
Business Intelligence, or BI, refers to the
process by which business and companies
gather data, analyze it, and re-apply it in
order to make the best possible business
and financial model possible for their
particular instance.

History
• 1958, IBM researcher Hans Peter Luhn used the
term business intelligence.
• Intelligence
– “The ability to apprehend the interrelationships of
presented facts in such a way as to guide action
towards a desired goal."
• 1989, Howard Dresner (later a Gartner Group
analyst) proposed "business intelligence" as a
term to describe
– "concepts and methods to improve business decision
making by using fact-based support systems."

Today
• Business intelligence (BI) is a broad category of
applications and technologies for gathering,
storing, analyzing, and providing access to data to
help enterprise users make better business
decisions.
• BI applications include the activities of decision

support systems, query and reporting, online
analytical processing (OLAP), statistical analysis,
forecasting, and data mining.

Tomorrow
• Real Time Business Intelligence:
– Predict the trends of the customer base even as they shift, faster
and faster every day.
– Business intelligence itself is shifting as a process and an ideology
to conform to the faster, more demanding rigors of the modern and
future economy.
– Business Intelligence 2.0: This new sort of business intelligence
wouldn’t just gather and analyze data, but would also do it in real
time.
– Would be able to see a shift in profits or customer dynamics as it
happened.
– Technological automated systems would be built in place to
instantly move to remedy the problems that did arise.

Without BI
• Multiple versions of the truth
• Misaligned action across the
organization
• Inability to perform in-depth analysis
• Not knowing where to concentrate
efforts
• Inability to measure performance
• Unable to locate important information
With BI
• Single point of truth - avoiding Guesswork
• Historical register of virtually all transactions and important
operational events that occur in the life of an organization.
• Know about Customers - improve customers' experience
• Know about Competitors/ Market - be better informed about
actions that a company's competitors are taking.
• Sharing of information - share selected strategic information
with business partners.

Business Intelligence…examples
• A Hotel Franchise
– uses BI analytical applications
– compile statistics on average occupancy and
average room rate
– to determine revenue generated per room.
– gathers statistics on market share
– data from customer surveys from each hotel to
determine its competitive position in various
markets.
trends can be analyzed year by year, month by
month and day by day, giving the corporation a
picture of how each individual hotel is faring.

• A Bank
– bridges a legacy database with departmental databases,
– Provides branch managers and other users access to BI
applications to determine
• the most profitable customers are
• which customers they should try to cross-sell new products to.
– The use of these tools frees information technology staff

from the task of generating analytical reports for the
departments and it gives department personnel
autonomous access to a richer data source.

• A Telecommunications Company
– Maintains a multiterabyte decision-support
data warehouse
– Uses business intelligence tools and
utilities
– Let users access the data they need
– The tools set boundaries around the data
that users can access
– Gathers statistics on market share

Data Warehouse
A Data Warehouse Is A Structured Repository of Historic Data.
It Is Developed in an Evolutionary Process By Integrating Data
From Non-integrated Legacy Systems.
It Is Usually:
• Subject Oriented
• Data that gives information about a particular subject instead of about a
company's ongoing operations.
• Integrated
• Data that is gathered into the data warehouse from a variety of sources and
merged into a coherent whole.
• Time Variant
• All data in the data warehouse is identified with a particular time period.
• Non-volatile
• Data is stable in a data warehouse. More data is added but data is never
removed. This enables management to gain a consistent picture of the
business.

A data warehouse is a repository of an organization's
data, where the informational assets of the
organization are stored and managed, to support
various activities such as reporting, analysis, decision
making as well as other activities such as support for
optimization of organizational operational processes.
It is:
In Simple words:
A data warehouse is a system that extracts, cleans,
conforms, and delivers source data into a dimensional
data store and then supports and implements querying
and analysis for the purpose of decision making.

BI Model

DATA WAREHOUSE

DW COMPONENTS
1. Operational Source Systems
To capture business transactions
2. Data Staging Area

Is both a storage area and set of
ETL processes
Does not provide any query and
presentation services
3. Presentation Area
Accessed through reporting tools
DIMENSIONAL MODELING
• design technique for databases intended
to support end-user queries in a data
warehouse.
• Oriented around understandability and
performance.
• Uses the concepts of facts (measures),
and dimensions (context).

Dimension Tables
• Contain attributes related to business entities
– Customers, vendors, employees
– Products, materials, even invoices (attributes!)
– Dates and sometimes time (hours, mins, etc.)
• Often employ surrogate keys
– Defined within the dimensional model
– Not the same as source system primary, alternate, or
business keys
• Highly de-normalized to reduce joins
• Not uncommon to have many, many columns

Fact Tables
• Contain numbers and other business metrics
– Define the basic measures users want to analyze
– Numbers are then aggregated according to related
dimensions
• Fact tables contain dimension keys
– Defines relationship between measures and
dimensions using surrogate keys
• Highly normalized structure
• Typically narrow tables, but often very large

ETL
Extract, transform, and load (ETL) is a
process in data warehousing that
involves
• extracting data from outside sources,
• transforming it to fit business needs, and
ultimately
• loading it into the data warehouse.
• Cleaning the data to have perfect,
accurate and correct data.
ETL is important, as it is the way data

actually gets loaded into the warehouse.
GOALS
• To make an organization’s information easily
accessible
• To maintain consistency and stability in
organization’s information
• To provide a foundation for improved decision
making

DATA QUALITY
Defining Data Quality
• Correct- The values and descriptions in data describe their
associated objects truthfully and faithfully.
• Unambiguous- The values and descriptions in data can be taken to
have only one meaning.
• Consistent- The values and descriptions in data use one constant
notational convention to convey their meaning.
• Complete- There are two aspects of completeness.
– The first is ensuring that the individual values and descriptions in
data are defined (not null) for each instance.
– The second aspect makes sure that the aggregate number of
records is complete or makes sure that you didn’t somehow lose
records altogether somewhere in your information flow.

DATA QUALITY PRIORITIES
• Be Thorough
The data-cleaning subsystem is under tremendous pressure to be
thorough in its detection, correction, and documentation of the
quality of the information it publishes to the business community.
• Be Fast
The whole ETL pipeline is under tremendous pressure to process
ever growing volumes of data in ever-shrinking windows of time.
• Be Corrective
Correcting data-quality problems at or as close to the source as
possible is, of course, the only strategically defensible way to
improve the information assets of the organization—and thereby
reduce the high costs and lost opportunity of poor data quality.
• Be Transparent
The data warehouse must expose defects and draw attention to
systems and business practices that hurt the data quality of the
organization.

BENEFITS OF BI / DWH
• Organizations are able to increase revenue and lower operating
costs.
• Respond faster to new opportunities and changing demands.
• Acquire insight into customers’ buying patterns to increase

profitability.
• Reduce costs by minimizing the time required to collect relevant

business data.
• Identify and target new customers and markets.
• Optimize customer relationships and increase customer loyalty.
• Respond quickly to shifts in market demands.

BI Industry Scenario…
• According to Gartner survey of 1,400 CIOs, business intelligence was ranked the
top technology priority surpassing security.
• The BI and analytics market is currently valued at $8.5 Billion and is expected to
grow to $13 Billion over the next five years
• CFOs require 'business intelligence' systems that display accurate SKU ( Stock-
keeping unit) or customer-level P&Ls, permitting reliable channel and store
comparisons over time. Improved forecasts are vital, too!
• Gaining market share, keeping customers and controlling costs remain key
objectives. Mid-market executives and big corporate department heads rush to
cost effectively meet these complex needs. How? Through improved use of their
existing database systems.
• Data warehousing and analytical skills are combined with an understanding of

industry issues, as we refine and implement your vision.

Questions ?

Information Security
A quick Introduction

What is Information Security
Information security means protecting

information and information systems from
unauthorized access, use, disclosure,
disruption, modification, perusal,
inspection, recording or destruction.

What is Information Security
Information Security Includes
• Risk management, information security policies,

procedures.
• Standards, guidelines, baselines, information
classification, security organization & security
education.
• The objective of Information security program is
to
protect the company and its assets.

Information – Where is it?
Paper Notes Telephone Conversations
Media (CDs, Floppies, USB Drives etc)

Human Mind
Documents and spreadsheets

Printouts and Faxes

Information Security Threats
External Security Threats
 Virus Attacks
 Hacking & Intrusion
 Spoofing
 Sniffing Data in Transit
 Social Engineering

Internal Security Threats
 People with Malicious Intent

 Attempts to gain unauthorized access to
systems
 Misuse of equipment and Services
 Unauthorized use of Privileges
 Data transmission to External Parties
 Fraud, embezzlement and Theft

Physical Security Threats
 Natural Calamities like Fire, Flood and

Earthquake
 Breakdown of Communication Lines
 Improper Handling of Information
 Theft of Workstations, peripherals and
Mobile Devices
 Unattended User Equipment
 Improper Disposal of Media and Equipment
 Terror attacks

Information Security Triad
Protection of information Ensure information assets
lity
assets from unauthorized are available as and when
Av
required
tia
disclosure
ail
en
ab
f id
ilit
n
y
Co
Information Security Triad
Integrity
Protection of information assets from unauthorized modification

Where to begin ?
• A risk analysis identifies assets & discovers the
threats that put them at risk.
• Estimates the possible damage and potential loss
a
company could endure if any of these threats
becomes real.
• The results of the risk analysis help management
construct a budget and develop applicable
security policies and put controls in place.
• Security education takes this information to each
and every employee, so everyone is properly
informed work toward the same security goals.

To mitigate risk we implement one or more
of three different types of controls

Security Controls
Process Level
 Information Security Policy, Access Control

Prevent Policy, Incident Management, Clear Desk and
Clear Screen Policy
Technical Solutions
Detect
 Firewall Perimeters, Intrusion Detection
Systems, Anti-Virus Software and Access
Control through Domain Controllers
Correct

Security Controls
Personnel Security
 Background Checks, Periodical Security

Prevent Awareness and Physical Security Program
Implementation
Security Compliance
Detect
 Internal and Third Party External Security
Audits
Correct

Security Incident Management Process
What is a Security Incident?

 Any action or event which is not in Compliance to the
Org. Security Policies, Standards, Guidelines and
Procedures.
Examples
 Unauthorized use of a User ID or account
 Password compromise
 Theft of laptop
 Fraud, embezzlement or theft
 Loss of company, client or personal information
 Unauthorized disclosure, amendment or corruption of
information
 Web site defacement
What is BC and DR?
• Business Continuity: The ability of an
organization to provide service and support for
its customers and to maintain its viability before,
during, and after a business continuity event.
• Disaster Recovery: Activities and programs

designed to return the entity to an acceptable
condition. The ability to respond to an
interruption in services by implementing a
disaster recovery plan to restore an
organization's critical business functions.

Need for Business Continuity Planning
Contractual
Contractual && Employees
Employees Health
Health
Legal
Legal obligations
obligations && Safety
Safety
Market Liability
Liability
Market Share
Share
Exposure
Exposure
Customer
Customer Cash
Cash flow
flow and
and
Service
Service Financial
Financial Performance
Performance
Sales Brand
Brand Image
Image &&
Sales
Reputation
Reputation
Regulatory
Regulatory
Requirements
Requirements
COMPLIANCE

Standards and Regulations
• ISO 17799 • Sarbanes and Oxley
Act
• ISO 14000
• Basel II Accord
• ISO 15000
• MAS
• AS/ NZS 4360
• HKMA
• NFPA 1600
• BNM
• SAS 70
• FFIEC
• PAS-56
• ISO 25999
• TR19
• Data Protection Act
• SS507
• HIPAA
Basic Concepts of BC-DR
• The 5 R’s cycle
– Response
– Resume
– Recover
– Restore
– Return
• Recovery Time Objective (RTO)
• Recovery Point Objective (RPO)

Questions ?

Thanks

BI, DWH and Information Security

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BI, DWH and Information Security

Uploaded by

Copyright:

Available Formats

BUSINESS INTELLIGENCE

12/08/21 BI, Data Warehousing and Information Security

12/08/21 BI, Data Warehousing and Information Security

• Hold current data • Holds historical data

• Stores detailed data • Stores detailed and summarized data

• Data is dynamic • Data is largely static

• Repetitive processing • Ad hoc, unstructured, and heuristic processing

• High level of transaction throughput • Medium to low level of transaction throughput

• Predictable pattern of usage • Unpredictable pattern of usage

• Transaction-driven • Analysis driven

• Supports day-to-day decisions • supports strategic decisions

12/08/21 BI, Data Warehousing and Information Security

12/08/21 BI, Data Warehousing and Information Security

12/08/21 BI, Data Warehousing and Information Security

• BI applications include the activities of decision

12/08/21 BI, Data Warehousing and Information Security

12/08/21 BI, Data Warehousing and Information Security

with business partners.

12/08/21 BI, Data Warehousing and Information Security

12/08/21 BI, Data Warehousing and Information Security

– The use of these tools frees information technology staff

12/08/21 BI, Data Warehousing and Information Security

12/08/21 BI, Data Warehousing and Information Security

12/08/21 BI, Data Warehousing and Information Security

12/08/21 BI, Data Warehousing and Information Security

12/08/21 BI, Data Warehousing and Information Security

12/08/21 BI, Data Warehousing and Information Security

2. Data Staging Area

12/08/21 BI, Data Warehousing and Information Security

12/08/21 BI, Data Warehousing and Information Security

12/08/21 BI, Data Warehousing and Information Security

ETL is important, as it is the way data

12/08/21 BI, Data Warehousing and Information Security

12/08/21 BI, Data Warehousing and Information Security

12/08/21 BI, Data Warehousing and Information Security

• Respond faster to new opportunities and changing demands.

• Acquire insight into customers’ buying patterns to increase

• Reduce costs by minimizing the time required to collect relevant

• Identify and target new customers and markets.

• Optimize customer relationships and increase customer loyalty.

• Respond quickly to shifts in market demands.

12/08/21 BI, Data Warehousing and Information Security

• Data warehousing and analytical skills are combined with an understanding of

12/08/21 BI, Data Warehousing and Information Security

12/08/21 BI, Data Warehousing and Information Security

12/08/21 BI, Data Warehousing and Information Security

Information security means protecting

12/08/21 BI, Data Warehousing and Information Security

• Risk management, information security policies,

12/08/21 BI, Data Warehousing and Information Security

Media (CDs, Floppies, USB Drives etc)

Documents and spreadsheets

12/08/21 BI, Data Warehousing and Information Security

External Security Threats

12/08/21 BI, Data Warehousing and Information Security

Internal Security Threats

 People with Malicious Intent

12/08/21 BI, Data Warehousing and Information Security

Physical Security Threats

 Natural Calamities like Fire, Flood and

12/08/21 BI, Data Warehousing and Information Security

Protection of information Ensure information assets

Information Security Triad

Protection of information assets from unauthorized modification