Abstract. With all the modernistic web based tools available today, it is ironic that managing a security program in an organization is often relegated to a paper-pencil exercise using outdated information, with an on-going guessing game as to the status and inventory of installed controls, equipment configurations etc. Tracking the incessant onslaught of security breach attempts occurring at an ever increasing pace often is a nightmare. A Fact Based model along with a process model is presented here as a candidate for security information to be contained in a BI-style security Data Warehouse, detailing the primary facts and artifacts of an organization’s security program framework and security strategy. The model enables one to draw intelligence from security events, current state of security management and training, risk communication, security architecture and administration controls in place, standards being followed etc., and essentially promotes the concept of availability of security intelligence---data warehouse style.
Denise Ernst, Canadian Payments Association (Canada