Analysis and Research for a Data Warehouse System

Analysis and Research for a Data Warehouse System

"The most important part of deployment is planning. It is not possible to plan for security, however, until a full risk assessment has been performed. Security planning involves developing security policies and implementing controls to prevent computer risks from becoming reality (Benson, n.d.)."

In order to effectively execute security strategy, management should have a security minded attitude. Security planning and management involves long term strategic planning. What they would need to do next consists of doing a risk analysis. First they would need to select areas on which to focus on. Then policies and procedures can be defined as well as measurements that will be used to revise the effectiveness and efficiency of the countermeasures and security mechanisms. The resulting recommendations are then to be implemented, monitored and tested. The results of the compliance checks should eventually be used to revise the original analysis. The life cycle of security implementation needs to be supported by everyone involved.

"Most businesses depend heavily on technology and automated systems, and their disruption for even a few days could cause severe financial loss and threaten survival. The continued operations of an organization depend on management's awareness of potential disasters, their ability to develop a plan to minimize disruptions of mission critical functions, and the capability to recover operations expediently and successfully (Wold & Shriver, n.d.)."

A general risk analysis model includes an organization's assets and their value to the organization, the threats it is exposed to and its weaknesses and vulnerabilities. Subsequently, it allows for countermeasures to be set up, and codes of practice, standards and security guidelines to be formulated.

A review boundary is set up. At the core of the review are the assets; external elements to the analysis can include the public telephone network, third parties that have access to internal databases and financial systems, etc. These are supposed to be given and they cannot be modified. Assets now are subject to deliberate threats...for instance an attack and accidental threats (ex. negligence, carelessness, etc.). Assets can be hardware, software, physical, or data.

There exist dependencies between these elements and it is important to recognize them: unwanted access to one of these components can result in other crucial systems or data becoming exposed. To be exposed to a threat however means that this threat has to have an impact. Factors that can make a threat a reality and harm you have an impact are vulnerabilities. An impact requires an external or internal action to be taken or an event to take place. Unlike accidental threats, deliberate threats are triggered. You must be able to distinguish between motivation and determination:

...