An Advanced Generation Model for a Security Data Warehouse

Piprani, Baba; Ernst, Denise

doi:10.1007/978-3-642-25126-9_40

An Advanced Generation Model for a Security Data Warehouse

Baba Piprani¹⁹ &
Denise Ernst²⁰

Conference paper

1226 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 7046))

Abstract

With all the modernistic web based tools available today, it is ironic that managing a security program in an organization is often relegated to a paper-pencil exercise using outdated information, with an on-going guessing game as to the status and inventory of installed controls, equipment configurations etc. Tracking the incessant onslaught of security breach attempts occurring at an ever increasing pace often is a nightmare. A Fact Based model along with a process model is presented here as a candidate for security information to be contained in a BI-style security Data Warehouse, detailing the primary facts and artifacts of an organization’s security program framework and security strategy. The model enables one to draw intelligence from security events, current state of security management and training, risk communication, security architecture and administration controls in place, standards being followed etc., and essentially promotes the concept of availability of security intelligence—data warehouse style.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Cloud Computing: Cloud Computing Security: 10 Ways to Enforce It, eWeek.com, Ziff Davis Enterprise Holdings, Inc., July 06 (2011), http://www.eweek.com/c/a/Cloud-Computing/Cloud-Computing-Security-10-Ways-to-Enforce-It-292589/?kc=EWKNLINF07132011STR1
Ottawa Citizen July 15 2011 Section A11, page 3, Foreign hackers hit Pentagon supplier, http://www.ottawacitizen.com/technology/Foreign+hackers+Pentagon+supplier/5105974/story.html
ISO/IEC 27000:2009, Information security management systems family of standards consisting of ISO/IEC 27001:2005 – Requirements, ISO/IEC 27002:2005 – Code of practice for information security management, ISO/IEC 27003 – Information security management system implementation guidance, ISO/IEC 27004:2005 – Measurement, ISO/IEC 27005:2008 – Information security risk management, ISO/IEC 27005:2008 – Information security risk management, ISO/IEC 27006:2007 – Requirements for bodies providing audit and certification of information security management systems, ISO/IEC 27007 – Guidelines for information security management systems auditing, and ISO/IEC 27011 – Information security management guidelines for telecommunications organizations based on ISO/IEC 27002
Google Scholar
DOD-STD-2167A, Military Standard: Defense System Software Development, US Department of Defense (February 1988) [S/S by MIL-STD-498]
Google Scholar
ESA training for small and medium sized enterprises, Configuration Management training materials. European Space Agency (February 2008), http://www.esa.int/esaMI/Events_Training/SEMNNWK8IOE_0.html
Piprani, B.: Using ORM-based Models as a Foundation for a Data Quality Firewall in an Advanced Generation Data Warehouse. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4278, pp. 1148–1159. Springer, Heidelberg (2006)
Chapter Google Scholar
Integration Definition for Function Modeling (IDEF0), Federal Information Processing Standard 183, National Institute of Standards and Technology (NIST) (December 1993)
Google Scholar
Nijssen, G.M., Halpin, T.A.: Conceptual Schema and Relational Database Design. Prentice Hall, Victoria (1989)
Google Scholar
Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems, National Institute of Standards and Technology, NIST Special Publication 800-30 (July 2002)
Google Scholar

Download references

Author information

Authors and Affiliations

MetaGlobal Systems, Canada
Baba Piprani
Canadian Payments Association, Canada
Denise Ernst

Authors

Baba Piprani
View author publications
You can also search for this author in PubMed Google Scholar
Denise Ernst
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

STAR Lab, Vrije Universiteit Brussel (VUB), Bldg G/10, Pleinlaan 2, 1050, Brussel, Belgium
Robert Meersman
DEBII, Curtin University of Technology, Technology Park, De Laeter Way, 6102, Bentley, WA, Australia
Tharam Dillon
Facultad de Informática, Universidad Politécnica de Madrid, Campus de Montegancedo S/N, 28660, Boadilla del Monte, Madrid, Spain
Pilar Herrero

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Piprani, B., Ernst, D. (2011). An Advanced Generation Model for a Security Data Warehouse. In: Meersman, R., Dillon, T., Herrero, P. (eds) On the Move to Meaningful Internet Systems: OTM 2011 Workshops. OTM 2011. Lecture Notes in Computer Science, vol 7046. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25126-9_40

Download citation

DOI: https://doi.org/10.1007/978-3-642-25126-9_40
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25125-2
Online ISBN: 978-3-642-25126-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics