Data Warehousing and Security

1
Data Warehousing and Security

• ISM3011

2
What Were Going to do Today

• Announcements
• MIDTERM
• QA
• Alphabet soup
• MIS in the professions
• Data warehousing
• Security

3
Midterm Exam

• Fifty multiple choice questions
• Class discussions
• Textbook readings
• Podcasts
• Taken in class

4
Alphabet Soup

• Spyware
• Technology that gathers information about a
  person/organization without their knowledge.
  Typically software that is secretly installed on
  a computer and relays information to a third
  party.
• XML
• Extensible markup language
• A markup language that defines the format and the
  content of data, unlike HTML which only specifies
  format. XML specifies what an item of data is,
  not just how it should be formatted. It can be
  used to both store and exchange data.

5
XML Example

• lt?xml version"1.0" encoding"ISO-8859-1"?gt ltnote
  date"12/11/2002"gt lttogtJoelt/togt
  ltfromgtSallylt/fromgt
• lt/notegt

6
MIS in the Professions Fingerhut

• 2 billion (US) business
• Catalog sales of over 15,000 items
• Mailed almost 500 million catalogs in 1997
• Has 40 statistical scientists who examine data in
  data warehouses
• Uses warehouse to segment customers into groups
  large enough to justify printing and mailing
  specialty catalogs

7
Data Warehousing
8
The Need for Data Warehousing

• Traditionally, databases have supported
  transactions.
• So, DBs are often optimized for transaction
  processing.
• Today, we also need DBs for decision support
• Transaction processing design may not be good for
  decision support

9
Need for DW (contd)

• Organizations collect huge volumes of data
  through transactions (and other means)
• Need to take advantage of this data
• Use for decision support, planning, etc
• DB design to support TP doesnt work well for DS
• Whats the solution???

10
The Solution!

• Have two databases
• Transaction-oriented
• Decision support
• Transaction databases Create data
• Decision support DBs Warehouse data
• Thus the term data warehousing

11
Data Warehousing Defined

• Data warehousing is a process
• Goal is to gain value from informational assets
• Using data warehouses
• Data warehouse
• Copy of transactional data formatted so that its
  useful for query and analysis (decision support)

12
Data Warehouse Characteristics

• Collection of DBs designed for decision support
• DBs are subject-oriented
• Organized around particular subjects
• Data in DW are integrated from a variety of
  internal and external sources
• Data are usually transformed from original format
• Data are non-volatile (in theory)

13
DATA WAREHOUSE FUNDAMENTALS

• Data Warehouse Model

14
DW Process Overview
15
DW in Action Fingerhut

• 2 billion (US) business
• Catalog sales of over 15,000 items
• Mailed almost 500 million catalogs in 1997
• Has 40 statistical scientists who examine data in
  data warehouses
• Uses warehouse to segment customers into groups
  large enough to justify printing and mailing
  specialty catalogs

16
Fingerhut (contd)

• Customers who move
• triple their purchasing in the 12 weeks after the
  move
• purchasing peaks in the first 4 weeks
• buy furniture, telephones, and decorations
• do NOT buy jewelry or home electronics
• Fingerhut created a Movers Catalog
• Stopped sending other specialty catalogs during
  12 week window.

17
Other Topics from Ch. 8

• These are testable but were not talking about
  them in class.
• Disaster recovery/business continuity
• Adaptable systems

18
Information Security
19
The First Line of Defense - People

• Organizations have to let certain people access
  information.
• People the biggest info security issue
• 33 of security incidents originate within the
  organization
• Insiders legitimate users who purposely or
  accidentally misuse their access to the
  environment and cause some kind of
  business-affecting incident

20
The First Line of Defense - People

• First line of defense (people)
• Information security policies identify the
  rules required to maintain information security
• Information security plan details how an
  organization will implement the information
  security policies

21
The First Line of Defense - People

• Five steps to creating an information security
  plan
• Develop the information security policies
• Communicate the information security policies
• Identify critical information assets and risks
• Firewall hardware and/or software that guards a
  private network by analyzing the information
  leaving and entering the network
• Intrusion detection software (IDS) searches out
  patterns in network traffic to indicate attacks
  and quickly respond to prevent harm
• Test and reevaluate risks
• Obtain stakeholder support

22
The First Line of Defense - People

• Hackers frequently use social engineering to
  obtain password
• Social engineering using ones social skills to
  trick people into revealing access credentials or
  other information valuable to the attacker

23
The Second Line of Defense - Technology

• Three primary information security areas
• Authentication and authorization
• Prevention and resistance
• Detection and response

24
AUTHENTICATION AND AUTHORIZATION

• Authentication Are you who you say you are?
• The most secure type of authentication involves a
  combination of the following
• Knowledge (password)
• Possession
• Trait

Most common, but also relatively ineffective
25
PREVENTION AND RESISTANCE

• Downtime can cost an organization anywhere from
  100 to 1 million per hour
• Technologies available to help prevent and build
  resistance to attacks include
• Content filtering
• Encryption
• Firewalls

26
Content Filtering

• Content filtering technologies
• Filter e-mail and prevent e-mails containing
  sensitive information from transmitting, and
• Stop spam and viruses from spreading.
• Spam a form of unsolicited e-mail

27
Encryption Concepts

• Encryption the secret decoder ring idea

• Scrambles data so nobody without the proper key
  can read

Decryption key
Encryption key
Four score And seven Years ago
Four score And seven Years ago
Cipher text
Gpvstdpsf Boetfwfo Zfbstbhp.
Plain text Plain text
28
FIREWALLS

• Firewall analyzes traffic into and out of a
  network.

29
DETECTION AND RESPONSE

• If prevention and resistance strategies fail and
  there is a security breach, an organization can
  use detection and response technologies to
  mitigate the damage
• Antivirus software is the most common type of
  detection and response technology

30
DETECTION AND RESPONSE

• Some of the most damaging forms of security
  threats to e-business sites include
• Malicious code includes a variety of threats
  such as viruses, worms, and Trojan horses
• Hoaxes attack computer systems by transmitting
  a virus hoax, with a real virus attached
• Spoofing the forging of the return address on
  an e-mail so that the e-mail message appears to
  come from someone other than the actual sender
• Sniffer a program or device that can monitor
  data traveling over a network