Data management technologies
This presentation is the property of its rightful owner.
Sponsored Links
1 / 71

Data Management Technologies PowerPoint PPT Presentation


  • 41 Views
  • Uploaded on
  • Presentation posted in: General

Data Management Technologies. Ohm Sornil Department of Computer Science National Institute of Development Administration. Information Architecture. Web-Survey System. Survey Creation. Create New Questions. Create Question (Multi-choice). Multi-choice Question. Create Question (Matrix).

Download Presentation

Data Management Technologies

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Data management technologies

Data Management Technologies

Ohm Sornil

Department of Computer Science

National Institute of Development Administration


Information architecture

Information Architecture


Web survey system

Web-Survey System


Survey creation

Survey Creation


Create new questions

Create New Questions


Create question multi choice

Create Question (Multi-choice)


Multi choice question

Multi-choice Question


Create question matrix

Create Question (Matrix)


Matrix question

Matrix Question


Databases

Databases

  • is a structured collection of records or data that is stored in a computer so that a computer program can consult it to answer queries

  • The computer program used to manage and query a database is known as a database management system (DBMS).


Database design and e r diagram

Database Design and E-R Diagram


Data management technologies

SQL

  • It is the standard language for relational systems

  • Supports

    • Data definition

      • CREATE TABLE, ALTER TABLE

    • Data manipulation

      • SELECT, INSERT, DELETE, UPDATE


Business intelligence bi

Business Intelligence (BI)

  • Make use of enterprise-wide data to enable strategic decision making


Data warehousing

Data Warehousing

  • A database

    • is designed and optimized) to record

    • Using complex SQL queries takes a lot of time on such a system

  • A data warehouse

    • is designed (and optimized) to respond to analysis questions that are critical for your business (i.e., read-optimized)


Data management technologies

E-R Diagram (DB Data Model)

Dimension Model (DW Data Model)


Data warehousing1

Data Warehousing

  • Separate from application databases ensure that business intelligence (BI) solution is scalable

  • Answer questions far more efficiently and frequently

    • Reduces the 'cost-per-analysis'


Data management technologies

Other

sources

Extract

Transform

Load

Operational

DBs

Multi-Tiered Architecture

OLAP Server

Analysis

Query

Reports

Data mining

Serve

Data

Warehouse

Data Sources

Data Storage

OLAP Engine

Front-End Tools


A data warehouse

A Data Warehouse

  • is a subject-oriented, integrated, time-variant, non-updatable collection of data used in support of management decision-making processes

    (W.H. Inmon, 1980)


Data warehouse implementation

Data Warehouse Implementation

  • Dimension modeling

  • Extraction

  • Transformation

  • Data Quality

  • Loading


Extraction transformation loading etl

Extraction, Transformation, Loading (ETL)


Extraction issues

Extraction Issues


Transformation issues

Transformation Issues

  • Format Revisions

  • Decoding of Fields

  • Calculated and Derived Values

  • Splitting of Single Fields

  • Merging of Information

  • Character Set Conversion

  • Conversion of Units of Measurements

  • Date/Time Conversion

  • Summarization

  • Key Restructuring

  • Deduplication


Loading issues

Loading Issues

  • Initial Load: populating all the data warehouse tables for the very first time

  • Incremental Load: applying ongoing changes as necessary in a periodic manner

  • Full Refresh: completely erasing the contents of one or more tables and reloading with fresh data (initial load is a refresh of all the tables)


Loading issues1

Loading Issues

(Paulraj Ponniah, 2001)


Data quality

Data Quality

  • Accuracy

  • Domain Integrity

  • Consistency

  • Redundancy

  • Conformance to Business Rules

  • Structural Definiteness

  • Data Anomaly

  • Clarity

  • Timely

  • Usefulness


Data management technologies

OLAP

  • Is a category of software technology that enables analysts, managers and executives to gain insight into data through fast, consistent, interactive access in a wide variety of possible views of information that has been transformed from raw data to reflect the real dimensionality of the enterprise as understood by the user

(The OLAP council)


Multidimensional concept

Multidimensional Concept


A multidimensional view

A Multidimensional View


Olap tool

OLAP Tool


Olap tool1

OLAP Tool


Thought process and olap

Thought Process and OLAP


Another olap session

Another OLAP Session


Computer security

Computer Security

  • Processes and technologies that ensure confidentiality, integrity, and availability (CIA) of information-system assets

  • Assets

    • Hardware, software, firmware, and information being processed, stored, and communicated


How are computers and networks attacked

How Are Computers and Networks Attacked?

  • Take advantages of vulnerabilities inside operating systems, applications, protocols, communication channels, and human


Motivations of attackers

Motivations of Attackers

  • Money

  • Entertainment

  • Entrance to social groups/status

  • Cause/malice

Source: Kilger M., Arkin O. and Stutzman J., Profiling. In The honeynet project know your

enemy: learning about security threats (second edition). Boston: Addison, 2004.


Internal security attacks

Internal Security Attacks

  • Far greater cost per occurrence and total potential cost than attacks from outside

  • Employees, ex-employees, contractors and business partners

  • Trust and physical access

  • Motives

    • Challenge/curiosity

    • Revenge

    • Financial gain

Source: Kristin Gallina Lovejoy (April 2006)

http://www.csoonline.com/read/040106/caveat041206_pf.html


Common internal attacks

Common Internal Attacks

  • Sabotage of information or systems

  • Theft of information or computing assets

  • Introduction of bad code: time bombs or logic bombs

  • Viruses

  • Installation of unauthorized software or hardware

  • Manipulation of protocol design flaws

  • Manipulation of operating system design flaws

  • Social engineering

Source: Kristin Gallina Lovejoy (April 2006)

http://www.csoonline.com/read/040106/caveat041206_pf.html


Attacking phases

Attacking Phases


Ipp printer overflow attack

IPP Printer Overflow Attack


Ipp printer overflow attack1

IPP Printer Overflow Attack


Ipp printer overflow attack2

IPP Printer Overflow Attack


Malicious programs

Malicious Programs


Virus structure

Virus Structure


Compression viruses

Compression Viruses


Data management technologies

Inherent Technology Weaknesses

  • Many of these problems can be traced back to weaknesses in the technology

  • Hackers have exploited many vulnerabilities found in network protocols

    • For example (TCP/IP)

      • Inability to verify the identity of communicating parties

      • Inability to protect the privacy of data on a network

  • Some products also have inherent security weaknesses (because not all product developers make security a design priority)


Configuration weaknesses

Configuration Weaknesses

  • Insecure user accounts (such as guest logins or expired user accounts)

  • System accounts with widely known default, unchanged passwords

  • Misconfigured Internet services

  • Insecure default settings within products


Data management technologies

Policy Weaknesses

  • Policy is a set of rules by which we operate computer systems

  • Generally include

    • Physical access controls

    • Logical access controls

    • Security administration

    • Security monitoring and audit

    • Software and hardware change management

    • Disaster recovery and backup

    • Business continuity

  • No single solution should be viewed as providing all the protection you need


Goals of computer security

Goals of Computer Security

  • Confidentiality

  • Integrity

  • Availability

  • Two additional requirements from electronic commerce

    • Authentication

    • Nonrepudiation


Planning for security

Planning for Security

  • Security is more about process than technology

  • Chief Security Officer (CSO)

  • Plan-Protect-Respond (PPR) cycle


Security planning

Security Planning

  • Risk Analysis

  • Establish policies considering

    • Risk analysis

    • Corporate business goals

    • Corporate technology strategy

  • Actions

    • Selecting technology

    • Procedures to make technology effective


Risk assessment

Risk Assessment


Operational model of computer security

Operational Model of Computer Security

Protection = Prevention + (Detection + Response)

Response:

  • Backups

  • Incident response Teams

  • Computer forensics

Prevention:

  • Access control

  • Firewalls

  • Encryption

Detection:

  • Audit logs

  • Intrusion Detection Systems

  • Honeypots


Layered security

Layered Security

Physical Security

Access cards, biometric authentication

Network Security

Firewall (Prevention)

Network Security

Intrusion Detection Systems (Detection)

Host Security

Access Controls

Host Security

Audit Logs (Detection)


Common network architecture

Common Network Architecture


Public key infrastructure pki

Public Key Infrastructure (PKI)

  • Data Encryption

  • Digital Signature

  • Certificate Authority


Digital signature

Digital Signature


Intrusion detection system premise

Intrusion Detection System Premise


Responding

Responding

  • Planning for response

  • Incident detection and determination

    • Procedures for reporting suspicious situations

    • Determination that an attack really is occurring

    • Description of the attack

  • Containment and recovery

    • Containment: stop the attack

    • Repair the damage

  • Punishment

    • Forensics

    • Prosecution

  • Fixing the vulnerability that allowed the attack


Business continuity planning

Business Continuity Planning


Trends of security attacks

Trends of Security Attacks

  • Scott Berinato in CIO magazine

    • “today's sloppiness will become tomorrow's chaos”

    • In 2010 alone, 100,000 new software vulnerabilities

    • Incidents worldwide will swell to about 400,000 a year

    • Another half-a-billion users are connected to the Internet.

    • A few of them will be bad guys, and they'll be able to pick and choose which of those 2 million bugs they feel like exploiting.

  • Stallings [2005]

    • More sophisticated attacks while less knowledge required

  • Panko [2004]

    • Growing attack frequency

    • Growing randomness in victim selection

    • Growing malevolence

    • Growing attack automation


Trends of security mechanisms

Trends of Security Mechanisms

  • Integrates solutions

  • Intelligent mechanisms

  • Outsourcing security services


Managed security service provider mssp

Managed Security Service Provider (MSSP)

Firm

MSSP

2.

Encrypted &

Compressed

Log Data

MSSP Logging

Server

3.

Analysis

5.

Vulnerability

Test

Log File

4.

Small Number of Alerts

Security Manager


Thailand s security weaknesses

Thailand’s Security Weaknesses

  • Budgeting

  • Management supports

  • Low awareness of potential danger

  • Laws and enforcements

  • Human competency development

  • Limited number of security research projects

  • Security curriculum

Source: A Brain Storming Session on ICT Security Planning, Ministry of ICT, May 8, 2006.


Thailand s ict security plan

Thailand’s ICT Security Plan

Scope

  • Information security policy

  • National PKI management

  • Cryptographic technology development

  • Advanced system and network security technology development

  • Information security technology standardization

  • Standards for government agency security

  • IT security product evaluation

  • Response to hacking and virus attacks

  • Security consulting service for critical information infrastructure

  • Manpower capacity building

  • Game online management


  • Login