Data management technologies
Download
1 / 71

Data Management Technologies - PowerPoint PPT Presentation


  • 65 Views
  • Uploaded on

Data Management Technologies. Ohm Sornil Department of Computer Science National Institute of Development Administration. Information Architecture. Web-Survey System. Survey Creation. Create New Questions. Create Question (Multi-choice). Multi-choice Question. Create Question (Matrix).

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Data Management Technologies' - arthur-norris


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Data management technologies

Data Management Technologies

Ohm Sornil

Department of Computer Science

National Institute of Development Administration










Databases
Databases

  • is a structured collection of records or data that is stored in a computer so that a computer program can consult it to answer queries

  • The computer program used to manage and query a database is known as a database management system (DBMS).



Data management technologies
SQL

  • It is the standard language for relational systems

  • Supports

    • Data definition

      • CREATE TABLE, ALTER TABLE

    • Data manipulation

      • SELECT, INSERT, DELETE, UPDATE


Business intelligence bi
Business Intelligence (BI)

  • Make use of enterprise-wide data to enable strategic decision making


Data warehousing
Data Warehousing

  • A database

    • is designed and optimized) to record

    • Using complex SQL queries takes a lot of time on such a system

  • A data warehouse

    • is designed (and optimized) to respond to analysis questions that are critical for your business (i.e., read-optimized)


Data management technologies

E-R Diagram (DB Data Model)

Dimension Model (DW Data Model)


Data warehousing1
Data Warehousing

  • Separate from application databases ensure that business intelligence (BI) solution is scalable

  • Answer questions far more efficiently and frequently

    • Reduces the 'cost-per-analysis'


Data management technologies

Other

sources

Extract

Transform

Load

Operational

DBs

Multi-Tiered Architecture

OLAP Server

Analysis

Query

Reports

Data mining

Serve

Data

Warehouse

Data Sources

Data Storage

OLAP Engine

Front-End Tools


A data warehouse
A Data Warehouse

  • is a subject-oriented, integrated, time-variant, non-updatable collection of data used in support of management decision-making processes

    (W.H. Inmon, 1980)


Data warehouse implementation
Data Warehouse Implementation

  • Dimension modeling

  • Extraction

  • Transformation

  • Data Quality

  • Loading




Transformation issues
Transformation Issues

  • Format Revisions

  • Decoding of Fields

  • Calculated and Derived Values

  • Splitting of Single Fields

  • Merging of Information

  • Character Set Conversion

  • Conversion of Units of Measurements

  • Date/Time Conversion

  • Summarization

  • Key Restructuring

  • Deduplication


Loading issues
Loading Issues

  • Initial Load: populating all the data warehouse tables for the very first time

  • Incremental Load: applying ongoing changes as necessary in a periodic manner

  • Full Refresh: completely erasing the contents of one or more tables and reloading with fresh data (initial load is a refresh of all the tables)


Loading issues1
Loading Issues

(Paulraj Ponniah, 2001)


Data quality
Data Quality

  • Accuracy

  • Domain Integrity

  • Consistency

  • Redundancy

  • Conformance to Business Rules

  • Structural Definiteness

  • Data Anomaly

  • Clarity

  • Timely

  • Usefulness


Data management technologies
OLAP

  • Is a category of software technology that enables analysts, managers and executives to gain insight into data through fast, consistent, interactive access in a wide variety of possible views of information that has been transformed from raw data to reflect the real dimensionality of the enterprise as understood by the user

(The OLAP council)








Computer security
Computer Security

  • Processes and technologies that ensure confidentiality, integrity, and availability (CIA) of information-system assets

  • Assets

    • Hardware, software, firmware, and information being processed, stored, and communicated


How are computers and networks attacked
How Are Computers and Networks Attacked?

  • Take advantages of vulnerabilities inside operating systems, applications, protocols, communication channels, and human


Motivations of attackers
Motivations of Attackers

  • Money

  • Entertainment

  • Entrance to social groups/status

  • Cause/malice

Source: Kilger M., Arkin O. and Stutzman J., Profiling. In The honeynet project know your

enemy: learning about security threats (second edition). Boston: Addison, 2004.


Internal security attacks
Internal Security Attacks

  • Far greater cost per occurrence and total potential cost than attacks from outside

  • Employees, ex-employees, contractors and business partners

  • Trust and physical access

  • Motives

    • Challenge/curiosity

    • Revenge

    • Financial gain

Source: Kristin Gallina Lovejoy (April 2006)

http://www.csoonline.com/read/040106/caveat041206_pf.html


Common internal attacks
Common Internal Attacks

  • Sabotage of information or systems

  • Theft of information or computing assets

  • Introduction of bad code: time bombs or logic bombs

  • Viruses

  • Installation of unauthorized software or hardware

  • Manipulation of protocol design flaws

  • Manipulation of operating system design flaws

  • Social engineering

Source: Kristin Gallina Lovejoy (April 2006)

http://www.csoonline.com/read/040106/caveat041206_pf.html









Data management technologies

Inherent Technology Weaknesses

  • Many of these problems can be traced back to weaknesses in the technology

  • Hackers have exploited many vulnerabilities found in network protocols

    • For example (TCP/IP)

      • Inability to verify the identity of communicating parties

      • Inability to protect the privacy of data on a network

  • Some products also have inherent security weaknesses (because not all product developers make security a design priority)


Configuration weaknesses
Configuration Weaknesses

  • Insecure user accounts (such as guest logins or expired user accounts)

  • System accounts with widely known default, unchanged passwords

  • Misconfigured Internet services

  • Insecure default settings within products


Data management technologies

Policy Weaknesses

  • Policy is a set of rules by which we operate computer systems

  • Generally include

    • Physical access controls

    • Logical access controls

    • Security administration

    • Security monitoring and audit

    • Software and hardware change management

    • Disaster recovery and backup

    • Business continuity

  • No single solution should be viewed as providing all the protection you need


Goals of computer security
Goals of Computer Security

  • Confidentiality

  • Integrity

  • Availability

  • Two additional requirements from electronic commerce

    • Authentication

    • Nonrepudiation


Planning for security
Planning for Security

  • Security is more about process than technology

  • Chief Security Officer (CSO)

  • Plan-Protect-Respond (PPR) cycle


Security planning
Security Planning

  • Risk Analysis

  • Establish policies considering

    • Risk analysis

    • Corporate business goals

    • Corporate technology strategy

  • Actions

    • Selecting technology

    • Procedures to make technology effective



Operational model of computer security
Operational Model of Computer Security

Protection = Prevention + (Detection + Response)

Response:

  • Backups

  • Incident response Teams

  • Computer forensics

Prevention:

  • Access control

  • Firewalls

  • Encryption

Detection:

  • Audit logs

  • Intrusion Detection Systems

  • Honeypots


Layered security
Layered Security

Physical Security

Access cards, biometric authentication

Network Security

Firewall (Prevention)

Network Security

Intrusion Detection Systems (Detection)

Host Security

Access Controls

Host Security

Audit Logs (Detection)



Public key infrastructure pki
Public Key Infrastructure (PKI)

  • Data Encryption

  • Digital Signature

  • Certificate Authority




Responding
Responding

  • Planning for response

  • Incident detection and determination

    • Procedures for reporting suspicious situations

    • Determination that an attack really is occurring

    • Description of the attack

  • Containment and recovery

    • Containment: stop the attack

    • Repair the damage

  • Punishment

    • Forensics

    • Prosecution

  • Fixing the vulnerability that allowed the attack



Trends of security attacks
Trends of Security Attacks

  • Scott Berinato in CIO magazine

    • “today's sloppiness will become tomorrow's chaos”

    • In 2010 alone, 100,000 new software vulnerabilities

    • Incidents worldwide will swell to about 400,000 a year

    • Another half-a-billion users are connected to the Internet.

    • A few of them will be bad guys, and they'll be able to pick and choose which of those 2 million bugs they feel like exploiting.

  • Stallings [2005]

    • More sophisticated attacks while less knowledge required

  • Panko [2004]

    • Growing attack frequency

    • Growing randomness in victim selection

    • Growing malevolence

    • Growing attack automation


Trends of security mechanisms
Trends of Security Mechanisms

  • Integrates solutions

  • Intelligent mechanisms

  • Outsourcing security services


Managed security service provider mssp
Managed Security Service Provider (MSSP)

Firm

MSSP

2.

Encrypted &

Compressed

Log Data

MSSP Logging

Server

3.

Analysis

5.

Vulnerability

Test

Log File

4.

Small Number of Alerts

Security Manager


Thailand s security weaknesses
Thailand’s Security Weaknesses

  • Budgeting

  • Management supports

  • Low awareness of potential danger

  • Laws and enforcements

  • Human competency development

  • Limited number of security research projects

  • Security curriculum

Source: A Brain Storming Session on ICT Security Planning, Ministry of ICT, May 8, 2006.


Thailand s ict security plan
Thailand’s ICT Security Plan

Scope

  • Information security policy

  • National PKI management

  • Cryptographic technology development

  • Advanced system and network security technology development

  • Information security technology standardization

  • Standards for government agency security

  • IT security product evaluation

  • Response to hacking and virus attacks

  • Security consulting service for critical information infrastructure

  • Manpower capacity building

  • Game online management