Abstract
With all the modernistic web based tools available today, it is ironic that managing a security program in an organization is often relegated to a paper-pencil exercise using outdated information, with an on-going guessing game as to the status and inventory of installed controls, equipment configurations etc. Tracking the incessant onslaught of security breach attempts occurring at an ever increasing pace often is a nightmare. A Fact Based model along with a process model is presented here as a candidate for security information to be contained in a BI-style security Data Warehouse, detailing the primary facts and artifacts of an organization’s security program framework and security strategy. The model enables one to draw intelligence from security events, current state of security management and training, risk communication, security architecture and administration controls in place, standards being followed etc., and essentially promotes the concept of availability of security intelligence—data warehouse style.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Cloud Computing: Cloud Computing Security: 10 Ways to Enforce It, eWeek.com, Ziff Davis Enterprise Holdings, Inc., July 06 (2011), http://www.eweek.com/c/a/Cloud-Computing/Cloud-Computing-Security-10-Ways-to-Enforce-It-292589/?kc=EWKNLINF07132011STR1
Ottawa Citizen July 15 2011 Section A11, page 3, Foreign hackers hit Pentagon supplier, http://www.ottawacitizen.com/technology/Foreign+hackers+Pentagon+supplier/5105974/story.html
ISO/IEC 27000:2009, Information security management systems family of standards consisting of ISO/IEC 27001:2005 – Requirements, ISO/IEC 27002:2005 – Code of practice for information security management, ISO/IEC 27003 – Information security management system implementation guidance, ISO/IEC 27004:2005 – Measurement, ISO/IEC 27005:2008 – Information security risk management, ISO/IEC 27005:2008 – Information security risk management, ISO/IEC 27006:2007 – Requirements for bodies providing audit and certification of information security management systems, ISO/IEC 27007 – Guidelines for information security management systems auditing, and ISO/IEC 27011 – Information security management guidelines for telecommunications organizations based on ISO/IEC 27002
DOD-STD-2167A, Military Standard: Defense System Software Development, US Department of Defense (February 1988) [S/S by MIL-STD-498]
ESA training for small and medium sized enterprises, Configuration Management training materials. European Space Agency (February 2008), http://www.esa.int/esaMI/Events_Training/SEMNNWK8IOE_0.html
Piprani, B.: Using ORM-based Models as a Foundation for a Data Quality Firewall in an Advanced Generation Data Warehouse. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4278, pp. 1148–1159. Springer, Heidelberg (2006)
Integration Definition for Function Modeling (IDEF0), Federal Information Processing Standard 183, National Institute of Standards and Technology (NIST) (December 1993)
Nijssen, G.M., Halpin, T.A.: Conceptual Schema and Relational Database Design. Prentice Hall, Victoria (1989)
Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems, National Institute of Standards and Technology, NIST Special Publication 800-30 (July 2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Piprani, B., Ernst, D. (2011). An Advanced Generation Model for a Security Data Warehouse. In: Meersman, R., Dillon, T., Herrero, P. (eds) On the Move to Meaningful Internet Systems: OTM 2011 Workshops. OTM 2011. Lecture Notes in Computer Science, vol 7046. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25126-9_40
Download citation
DOI: https://doi.org/10.1007/978-3-642-25126-9_40
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25125-2
Online ISBN: 978-3-642-25126-9
eBook Packages: Computer ScienceComputer Science (R0)