Title: Lecture No. 9
1Lecture No. 9
Thats 2 to go, plus the review !
Decision Making Security Coles
2Lecture Objectives
- 1. To provide you with some contact with Decision
Making Processes and to illustrate support from
Computer Technology - 2. A few thoughts about Security (including
Database Security) will appear - 3. And we will go shopping at Coles.
3 SOME ASPECTS OF THE DECISION PROCESS
4Goedels Theorem
Mathematical statements exist for which no
systematic procedure could determine whether they
are true or false also known as undecidable
propositions Some statements This statement
is a lie We cannot prove this statement to be
true Socrates What Plato is about to say is
false Plato Socrates has spoken
truly If the statement is true then it is
false If it is false, it is true. self
referential paradoxes
5The Decision Process
Determine Conditions Requiring Management Attentio
n/Decision Develop and Analyse Possible Courses
(Alternatives) of Action Select a particular
course of action from the available alternatives
(models, QA, Projections)
INTELLIGENCE
DESIGN
CHOICE
6Decision Making
- Rules form an important part of the
decision-making environment of an organisation
(enterprise) - Rules may be
- word of mouth
- referenced in a rules manual
- embedded inn application code (DBMS Integrity)
- installed in a separate structure (e.g. law)
- Rules affect
- hiring and firing procedures
- product return policies
- sales markdown strategies (January sales ?)
- manufacturing methods
7Decision Making
- Can there be decisions without rules ?
- What conditions, agendas, goals can affect a
decision ? - Are the reasons for decisions be analysed ?
- Is there some way of knowing that the right
decision was made ? - Decisions are frequently associated with action
- Decisions may be about ? ? ?
- Goals of a corporation (enterprise) - for
instance diversification or concentration - Rules of a corporation - e.g. dress code on
Fridays to be casual (Telstra)
8Decision Making
- Another example is a decision to alter a
predictive model Business and Financial Analysts
may change the components or domains for credit
risk prediction - any recent examples spring to
mind ? - Decisions can only be implemented on things which
can be changed - Is a decision to increase sales by say selling
solar panels on Jupiter or Mars really a decision
? Can it be implemented ?
9Decision Making
- Making a decision is the function of combining
goals and predictive models - The lowering of prices of some products (e.g.
K-Mart sales) is the result of - a goal to maximise sales
- a model which relates sales to prices
- The denial of credit by a bank to a loan
applicant is the result of - a goal to minimise loan write-offs
- a predictive model which relates selected
applicant attributes (properties) with the
likelihood of a loan default
10Decision Making
- Without goals there would be difficulty in
deciding what course of action to take. - Without the goal of maximising sales, there is no
correct decision concerning product pricing - Without a predictive model which equates product
prices to product sales, there is no clear
indication which decision will be most likely to
maximise sales
11Decision Making
Consider these decision making challenges 1.
The need to automate some decision-making
functions 2. The need to ensure consistent
decisions 3. Difficulties in analysing how a
decision was made 4. Complexities in the
predictive model 5. Difficulties in interpreting
stated goals (which may change) 6. Instability in
the goals 7. Interpersonal dynamics (know any
recent examples ?) 8. Fluctuations in the
predictive models 9. Conflict between data-driven
and model-driven understanding or knowledge
(beliefs)
12Decision Making
Business-rule automation tools focus on 1. The
need to automate some decision-making
functions 2. The need to ensure consistent
decisions Decision analysis tools focus on 3.
Difficulties in analysing how a decision was
made 4. Complexities in the predictive model 5.
Difficulties in interpreting stated goals (which
may change) 6. Instability in the goals Group
decision-support tools focus on 7. Interpersonal
dynamics
13Decision Making
And items 8 and 9 ? 8. Fluctuations in the
predictive models 9. Conflict between data-driven
and model-driven understanding or knowledge
(beliefs) more on these later on. Business
rules connect to transaction systems and help to
automate decision-making processes which were
previously the function and responsibility of
persons - the goals are fixed and are explicit.
14Decision Making
- Decision-analysis tools (software)
- Decisions are based on multiple predictive models
- There are complex measures of uncertainty or
imprecision - The goals may be variable
- Decision analysis is related to operations
research - the area where - mutually exclusive goals
- shared scarce resources
- The intention is to maximise profit, stability
15Decision Making
- Group decision support tools
- Consider the situation of many managers of an
organisation attempting to arrive at a common
decision to - fire 300 staff
- increase sales to justify no firings
- increase sales and increase the number of staff
- reduce staff but maintain existing sales or
improve sales - Interpersonal / political challenges
- Anonymous electronic meeting environment
- Vote on merit of ideas rather than on identities
16The Decision Process
- Stage Description
- 1. Determine objectives, problems
- 2. Identify courses of action available to
- achieve / rectify
- 3. Collect Information to assess available
options - 4. Select criteria for evaluation purposes
- 5. Evaluate information acquired
- 6. Select preferred course of action /
strategy - 7. Implement chosen option / strategy
- 8. Monitor results - post analysis
17Decision Support Systems
- Characteristics
- Interactive Computer Base Information Systems
- Decision Models - Statistical Forecasting,
Profiling ... - Management Data Base
- OUTPUTS Information tailored to SUPPORT
specific - decisions faced by Managers ( Car Industry,
- Manufacturing Industry, Farming Industry,
- Financial, Accounting etc ...)
18Decision Support Systems Components
- Data Base
- Report Writer
- Graphics
- Computing Facilities - Processor, Storage,
I/O Devices - Communications
- Human Skills
- Objectivity Communication
- Clear Thinking Analytical Ability
- Lateral Thinking Computer Literacy
- Adaptability Tenacity
-
19The Decision Makers
- Who are The Decision Makers ?
- In the early days of decision support, the
Decision Makers were a small group of high-level
executives (does this sound familiar ?) - Since then however, the business intelligence
industry has helped push data-drive decisions to
a much wider user environment
20The Decision Makers
- Today, the decision makers are business people
who are closest to the point where an action
needs to be taken. - This can be
- in the supply chain
- when in contact with a customer (email, web-mail,
telephone, (fax ?) - at a strategic executive meeting
21Business Intelligence
Business Intelligence addresses Synthesising
or constructing useful knowledge from large sets
of data It involves integration summarisatio
n abstractions ratios trends allocations
22Business Intelligence
It addresses comparing generalisations based
on data with model- based assumptions reconcili
ng these when they differ creative thinking
supported by data using data carefully underst
anding how to calculate derived data continual
learning modifying goals
23Business Intelligence
- The functions which support Business Intelligence
are - data collection
- data storage (why ?)
- data translations - time, currencies
- dimensional structuring (allows for extractions
on a number of bases) - access models
- predictive models
- model verification
- knowledge sharing
- resource allocation scenarios
- decision implementation strategies
24Decision Support Systems
- Provide a quick response to SIMULATED problems
(software support) - Generally LESS COSTLY than real life exercises
- Variety of business decision models
- - linear programming
- - decision trees
- - simulation
- - queueing
- - financial analysis DCF, EMV, NPV
- - forecasting / projections Which
one(s) - - risk analysis best
suit the - - sensitivity analysis
conditions ?
25Decision Support Systems Software
- Model Building
- Relationships between parameters
- What-if Incremental Assumptions
- Highly useful aspects
- Backward Iteration
- Establish a Target and work back - ( ?
regression) - Risk Analysis
- Use probability distributions to assess outcomes
- Statistical Analysis and Management Science
Models - Regression Time Series Analyses
- Financial Functions
- Depreciation Methods Return on Investment
26Decision Support Systems
- Programmable Tasks Rules / Procedures Known
- Clear Rules
- Rules can be built into a software program
- All required data is available
- The Decision Maker is supported by software
processes - Complex situations may indicate a very deep
but - modular and / or progressive structure
- Some Examples
- Mergers, Takeovers, Off-Loadings
- Plant Expansion
- New Products
- Portfolio Management Marketing
27Decision Support Systems
- Non-Programmable Tasks
- Unstructured No Definable Rules
- Does not permit software programs to be
developed - Cannot determine
- - Objectives
- - Trade Offs
- - Relevant Information
- - Methods for analyses
28Decision Support
- Some Offsets
- Managers tend to be busy and highly paid
- This will normally lead to a reluctance to
learn the special features of a software
package - OR to understand the problem which the software
BEST addresses - A brief and cursory understanding may lead to
- lack of understanding of limitations
- lack of clarity in interpretation of results
29Decision Support
- Related Matters
- Economic models invariably are developed for
- General Cases
- Quality of Information Used
- Some models have default values/options - may
not be suitable for specific instances
30Decision Support
- Uncertainties - types and sources of
- - effects on decision making
- A few examples
- response to direct mailings
- Internet home page accesses
- default rates for loans
- sales reports
- sales reports - doubts - are ALL sales reflected
? - - how is
missing data handled - 0 ? - - is the
program 100 error free ? - Can such doubts be quantified ? Should they be ?
31Business Intelligence
Data uncertainty can be predictions
historical Budgeting, marketing are widely
analysed using spreadsheets. Uncertainties are
handled (generally) with a single valued
estimate. Next years sales may include a single
estimate in the budgeting exercise. Healthcare
(as in Medicare) may be based on a single value
for doctors productivity (or hospital case-mix).
32Business Intelligence
- Lets look at a company which is trying to float
a new product, or increase its sales of an
existing product. - 5 possible promotional methods are available
- radio
- newspaper (local, local/country, local/interstate
?) - television advertising
- direct mail
- an all-bells presence on the World Wide Web
- There is a hidden agenda - what is the
Competition doing or how is it going to react
?
33Business Intelligence
- There could be
- no competition
- low competition
- medium competition
- high competition
- multiple competitor competition (e.g. car
industry) - and what is low, medium, high ?
- A decision analysis tool will accommodate a
probabilistic component. - The unknown is a spreadsheet model is the range
of likelihood of competitive promotions, and of
course their effect on sales
34Business Intelligence
- A decision analysis tool will simulate a number
of scenarios based on the specified
probabilities, and will indicate the decision
which will (in this case) have the best
likelihood of maximising profit. - And the past ? - meaning legacy or historical
data ? - Quality of data is important here
- Customer code structures - any changes over 3 to
5 years / - Customer name spelling ?
- Incorrect replication
- Regional boundary alterations ? - are we able to
compare oranges to oranges ?
35Business Intelligence
- What about missing data - is it shown as zero ?
- Should it be zero ? (is this accurate ?)
- Data in the wrong field - a name in an address
field ? - The number of items on an invoice the number
actually received ? - Deliberate errors on response cards - age,
income, number of people living at an address,
types of goods normally purchased etc. - And finally, does software assume for example an
even distribution of error ?
36Business Intelligence
- And the next stage ?
- Business Performance Management
- A total view which ignores operational category
boundaries - Efficiency and profitability boost
- Key goals - reduced costs, higher productivity,
faster cycle times - Aligns corporate strategy with line operations
- Uses predictive techniques
- Control of out of control growth in data
storage
37Decision Support
- Results and Real Life
- Most simulators and models produce numeric,
character and objects based results - There may be a hidden component which has
biased the result(s) - It is advisable to associate
- - Sensitivity testing,
- - Reliability testing,
- - Risk analysis to provide a sound
basis for results
38Database Security
39Database Access Security
- In a multi-user environment, security is
important, if not essential - Without security, malicious users could ( ?
would) - invade a database,
- view confidential information
- make unauthorised alterations
40Database Access Security
- The major forms of security are
- 1. User Management and Authentication
- 2. Privilege Management and Roles
- 3. Database Resource Limits
- 4. User Password Management
- 5. Database Auditing
- 6. Special Security features
-
41Database Security
- DATABASE SECURITY is the protection of a
database from - unauthorised access
- unauthorised modification
- destruction
- PRIVACY is the right of individuals to have some
control over information about themselves - INTEGRITY refers to the correctness, completeness
and consistency of stored data -
42Database Access Security
- 1. User Management and Authentication
- A user must have a username (create user )
- The DBMS will authenticate that a connect attempt
should proceed to connection, or not.
43Database Access Security
- 2. Privilege Management
- After the create user process, a user needs
privileges to perform specific database functions - A user cannot connect unless a Create Session
system privilege is allocated - A user cannot create a table in the user schema
unless the create table system privilege is
allocated - A user cannot delete rows from a table in a
different schema unless the user has the delete
object privilege for the table
44Security
- Some Random Ideas
- Physical Access controls - badges, closed circuit
TV, guards... - Terminal Authentication User I/Ds, Passwords
- (System Level and Database Level)
- Authorisation - Authorisation Rules
- (which users can access what information
- What operation users can invoke
- Read Only, Read/Write, Update, Delete
- User Views - non updatable access, but access to
latest - level of information
45Security
User
user name
Application
Security Table
Authority Checks (grants)
Database
Access authority
46Server Security
- 1. First layer - LAN or Host Computer Operating
System - (1) Login / valid username / password
- (2) Privileges / permissions on directories
- and files (read/write/execute/delete)
- Operating System controls
47Server Security
- 2. Second Layer - Database Server
- (1) Valid user accounts / password
- (some servers use operating system
authentication - - eliminates a level of security
checking) - (2) Privileges / permissions
- Database Administrator - GRANT and REVOKE
- commands
- Examples Create, Alter, Drop database
objects ..... - (Databases, Tables, Views,
Procedures ..)
48Server Security
- More examples Create, Alter, Drop Database
Users - Start Up and Shut Down the Database Server
- Customise Specific Jobs or Locations Privileges
- Different Administrators and Different Functions
49Server Security
- OBJECT PRIVILEGES
- All database servers control access to
- Tables, Views, Procedures with Object
Privileges - Examples Select, Insert, Update, Delete
privileges on - tables and views
- References privilege (associated with
referential - integrity
constraints and Rules/Procedures - Execute - controls the ability
to execute a Procedure
50Server Security
- A result of the application of attribute lists
and object privileges. - IF a server cannot insert a value for a not-null
attribute, AND the attribute does not have a
default attribute value, all INSERT statements on
the table will - (a) be suspended
Y/N - (b) override the not-null condition Y/N
- (c) fail
Y/N
51Oracle Security
- Security Manager (software)
- Menu Options
-
- - Create (a new user)
- - Create Like (an existing user)
- - Remove
- - Revoke Privilege (remove a selected
privilege) - - Add Privilege to user
- - Change Account Status (enable/disable
access)
52Oracle Security
- Role
- - Create (create a role)
- - Create Like (an existing role)
- - Remove (delete nominated role)
- - Revoke Privilege
- - Add Privilege
53And Microsoft Access ?
There are a number of privileges available to the
System Administrator. They are similar in
application to the Security features of DB2,
SQLServer and Oracle, but are more
limited. Access in Network mode offers more
security features.
54Database Access Security
- There are 3 techniques
- 1. Password Authentication
- 2. Operating System Authentication - the
Operating System forwards the user account
details to the DBMS to determine if the user has
database access. Used where direct connection to
the database server is set up - 3. Global User Authentication - used in network
environments where users access multiple
databases, and the network is not necessarily
secure - Accounts may be locked or unlocked by the
Database Administrator or the System Administrator
55Database Access Security
- There are 2 major types of Privileges -
- System privileges
- Object privileges
- A system privilege gives a user the ability to
perform system-wide operations - Create Session system privilege gives a user
connection to the database server, and permits a
database session to be established. - Create Table system privilege gives a user the
ability to create a table, or many tables, in the
users schema
56Database Access Security
- Create Any Table system privilege allows a user
to create a table in any schema of the database - Create Any Type gives a user the privilege to
create types and associated type bodies in any
schema in the database - Select Any Table means the user can query any
table in the database - Execute Any Procedure - a user can execute any
stored procedure, stored function or packaged
component in the database - Execute Any Type - a user can reference and
execute methods of any type in the database
57Database Access Security
- The ALTER DATABASE system privilege (which allows
alteration to any table in a database) is
normally restricted to the Database
Administrator. - Developers normally have create table, create
view, and create type system privileges - Every authorised user (including query users)
would normally have the create session privilege
58Database Access Security
- An Object Privilege gives a user the ability to
perform a specific type of operations on a
specific database object such as a table, view,
or stored procedure - The Select object privilege for a view named
Extract for instance would allow the select
function to execute the view. - The Insert object privilege for say the
Customer table would allow the user to insert
new rows into the table - The Execute privilege for an object type, for
example Address, would permit a user to use
this type when creating other database objects,
and the use of the types methods.
59Database Access Security
- In an Invoicing or Ordering application a user
may be granted the privileges of - Select, Insert, Update, Delete for say the
Customers, Orders and Items tables, - and could have the Select and Update privileges
for the Parts table - Privileges are granted to nominated users, or
groups of users - and are revoked to remove the privilege(s)
- The DBA or SA is normally the agent for these
functions
60Database Access Security
- Privilege Management and Roles.
- These are bundles of privileges which can be
granted to many users who need the privileges to
do their work.This is better than allocating
individual privileges to each user - - it is less time consuming
- - modifications affect all users simultaneously
- - number of different roles can be created
depending on the nature of the
application and the requirements for each user - - roles can be enabled and disabled as required
- Roles can be made default and subject to
authentication -
61Database Access Security
- Resource Limitation
- Typical Areas
- Tablespace Quotas - set as a number of bytes
- Resource Limit Profiles - this is a set of
resource limit settings such as - CPU time per session or per statement
Logical disk I/O, per session or
statement - Concurrent database sessions
per user - Maximum amount of connect time and idle time
per session - Maximum amount of server memory available to
a - multithreaded server
session
62Database Access Security
- Resource Limit Profiles can also be used to
enforce - the number of consecutive failed connection
attempts - the user account password lifetime
- the number of days an expired account can be used
before the account is
locked - the amount of elapsed before a previously used
password can be reused (or never) - obvious account password control (e.g. family
name)
63Database Access Security
- Database Auditing
- Selective Auditing
- the database can generate an audit record each
time a user issues a drop table statement - the database can generate an audit record each
time a user makes use of the select any table
system privilege to query a table in the database - the database can generate an audit record each
time a user deletes a record from a nominated
table
64Database Access Security
- Each audit record includes information about the
audited statement - the operation, the user, data
and time - These records are stored in an audit trail. Its
a storage area. - The audit records can be stored in either the
database audit trail, or the audit trail of the
operating system which is resident in the Server.
65(No Transcript)
66A Shopping Trip
- We are now going to visit Coles to look at
some of the Technology, and Management
Information which is generated - You have probably visited Coles and bought a
wide a variety of goods. - The Company (Coles Myer Ltd) operates about 80
stores in the Melbourne area and there are other
stores in the Regional areas (Geelong, Ballarat,
Bendigo) and large Country cities such as
Warragul, Colac, Traralgon, Benalla, Shepparton,
Ararat .. - They also operate Interstate
67Coles Myer Ltd
- The Company is updating its Customer outlet
scanning equipment, but like most Companies
cannot do this all at once or all at the same
time - any suggestions why this is so ? - As Coles refurbishes their stores, they are
equipped with state of the art equipment - Does this conflict with lower sales/ profits and
a fluctuating share price ?
68Coles Myer Ltd
- The equipment consists of
- multi dimensional laser scanners, which have
built in scale (weighing) facilities - 2 LCD screens per lane. Full colour and high
resolution - The Operators screen is a touch screen (also
colour) - The printer - high speed thermal printer
69Coles Myer Ltd
- If you watch carefully you will notice that
printing does not does not occur until the items
have been paid for (any reason for this ?) - Payments may be made by
- credit / debit card
- cash
- shareholder discount cards
- vouchers
- cheque
- CML gift vouchers
- Fly Buy credits are also active.
70Coles Myer Ltd
- Each check out consists of the devices mentions
plus a PC - There is a LAN in each store (for what purpose
?) - The checkouts will operate in a standalone mode
if a network failure occurs (what about the
credit cards ?) - Fail safe Each store has a standby generator,
Uninterruptable Power Supply (UPS) and battery
backup emergency lighting
71Coles Myer Ltd
- Prices are maintained in 2 databases
- Each store has a price look up local database
- Each Point of Sale unit has a copy of the
database prices in case the unit has to operate
on a stand-alone basis -
72Coles Myer Ltd
- Price changes are maintained in a central
database (Coles System Reference), and this is
sent to all stores once a week via
communications. - Individual stores use this new data to update
item shelf prices (and of course for customer
purchases)
73Coles Myer Ltd
- Store devices
- Point of Sale
- Client
- Point of Sale Server
- Back Office Servers
- are Pentium PCs running on Windows NT
- Central Processing is on Alpha Mainframes (as is
Oracle here at Monash)
74Coles Myer Ltd
- The retail stores are divided
- into State operations
- then 2 geographic regions within each State
except South Australia and Tasmania - then into areas of 6 to 10 stores
75Coles Myer Ltd
- State Operations
- Victoria New South Wales West Australia
- Region 1 Region 2
- S1 S2 S3 S4 S5 . S10
-
-
76Coles Myer Ltd
- Information ?
- Hourly sales
- Customer counts are available in all
stores - Customer Resource Management ?
- Yes. Captured at Point of Sale
- Numerically via transactions
- Quantitatively via the Fly Buys program
(Coles NAB Shell Qantas/Ansett)
77Coles Myer Ltd
- Seasonal variations in Items
- Soups and chocolate biscuits are in demand
during the cooler months - Fruit juices, frozen drink demand drops off in
the same period - Item popularity
- Management of popular items - these are
determined by the customers - and reported to the
store manager. - Success items stay on show - less successful
or non successful items are withdrawn - replaced
by new lines
78Coles Myer Ltd
- There are also promotions and special analyses
are made of the item performance during the
promotion and for some time after the promotion. - Item Procurement
- Item suppliers are generally locally based, but
may also be part of an International Business
(can you think of one ?) - Suppliers are required to respond to tenders. A
supplier might provide many items (fruit juices,
butter, meat, vegetables) and there can be
specialist suppliers - for instance organic
products, health products.
79(No Transcript)