1 / 17

New Data Access Model – Briefing for Internal Audit Personnel

New Data Access Model – Briefing for Internal Audit Personnel. Pat Burns, VP for IT Thom Hadley, Dir. of Fin. & Strategic Srvcs , CVMBS Don Hesser, Director of IS Ken Johnston, Assoc. Director of IS. Business Intelligence.

maude
Télécharger la présentation

New Data Access Model – Briefing for Internal Audit Personnel

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. New Data Access Model – Briefing for Internal Audit Personnel Pat Burns, VP for IT Thom Hadley, Dir. of Fin. & Strategic Srvcs, CVMBS Don Hesser, Director of IS Ken Johnston, Assoc. Director of IS New Data Access Model

  2. Business Intelligence • Analyzing pertinent data in an appropriate format, to inform decisions that result in improved business management • A strategic imperative that must be balanced against privacy and IT security concerns • A ‘hot’ topic at the spring 2008 strategic planning meeting New Data Access Model

  3. Data Access - Distinction • Official System of Record reporting – Institutional Research and Systems of Record functional units • Maintain ‘business as usual’ • Business Intelligence – individuals in units throughout the University • This is the focus of today’s discussion New Data Access Model

  4. Current Data Access Model • Apply for access, using a hardcopy form • Approval of department head • 4 central signatures required, usually with very little direct knowledge of need • SIS, HR, ACNS (eID), and IS (implementation) • Currently, there are in excess of 1,600 individuals who have access to massive amounts of central data • After access is authorized, typically • Large data sets are downloaded to local storage and manipulated thereafter New Data Access Model

  5. Current Data Access Model • We manage access to our data • Need is generally not questioned during the application process • Annual review of access privileges is conducted by department heads • We do not do a good job of managing users’ behaviors associated with data access • A significant vulnerability New Data Access Model

  6. Proposal for a New, Managed, Decentralized Model for Data Access • Institute a new, improved, ‘managed decentralized’ model for • Granting access to University data and • Managing users who have access to University data New Data Access Model

  7. Elements of the New Model • Centralized data repositories/services • eThority • ODS • System of Record Data Stewards (DSs) • Define data access privileges • Data Access Managers (DAMs) • One per VP/Dean (more if specifically needed) • Data Users (DUs) • Coordinated by the VP for IT New Data Access Model

  8. System of Record Data Stewards • For each System of Record, Data Stewards (or designates) will define data elements and scope: • Default data – access can be granted to data users by Data Access Managers (DAMs) • Protected data – DAM must petition DS for access by Data User (DU) • Private data – data not to be shared, e.g. SSNs, CCN’s, etc. New Data Access Model

  9. Data Access Managers • Understand need for data access • Brief Data User on proper behaviors • Obtain signature on data access application • Approve access to default data • Petition for access to protected data • Coordinate training and communications • Recognize and communicate changes in roles that would trigger a reevaluation of access privileges • Refer inappropriate behavior to department head, Data Steward, and VP for IT New Data Access Model

  10. A Specific Example • College Business Officer (CBO) is trained and trusted • CBO has access to all college data • CBO grants default, partitioned access to department level analysts • Department-level analysts authorized to view only their unit’s data • Department-level analysts who desire access to ‘protected’ data must be authorized by CBO and then system’s Data Steward New Data Access Model

  11. Internet Data Users eThority or Oracle Discoverer Web Access Data Feeds - Examples eThority or ODS Data Authorization can be distributed at any level of granularity Database & Database Server Data can be partitioned at any level of granularity Oracle or SQL– Data Mart Financial Research Foundation SIS Purchasing HR New Data Access Model

  12. eThority - Framework - Beta Trial - Steady-state model New Data Access Model

  13. Financial Information • Financial Transactions (2003 – Present) • Financial Summary by Account (1992 – Present) • Foundation Summary by Account • Human Resources • Employee Demographics Data • Employee Restricted Data (Salary, DOB, Gender, etc) • Research • Pre-Proposal Grant Information • Proposal Grant Information • Funded/Approved Grant s • Purchasing • Vendor Information • SciQuest Invoice Header Information • SciQuest Invoice Detail Information • Student/Class • Course Catalog • Class Demographics (Enrollment, Instructor, etc) • Clinical • Procedures (1992 – Present) • Invoice Information (Payments, Credits, Transfers, etc) • Inventory (Pharmacy and Central Supply) Current Data Feeds to the eThority Data Mart New Data Access Model

  14. The College of Veterinary Medicine and Biomedical Sciences will host the system on CVMBS servers (security approved by ACNS) Access to data will be authorized by the data custodians for each individual participating in the beta test Training and support will be provided by the College of Veterinary Medicine and Biomedical Sciences The beta test will be conducted for at least six months Proposed Beta Trial for eThority New Data Access Model

  15. Steady-state Model for eThority • Servers will be in secure, main data facility, behind the administrative systems’ firewall • ACNS/IS will operate and manage • The firewall, hardware, OS & DB • Data feeds, in cooperation with CVMBS • CVMBS will operate and manage • Data feeds, in cooperation with IS • The application • Training users • Supporting users New Data Access Model

  16. Current Approach • Parallel projects • eThority beta trial • Oracle Discoverer access to IS’ central data warehouse • We feel both will be beneficial to the institution, and we need to gain additional experience with both approaches to determine a model for user access to each system New Data Access Model

  17. IA Feedback Solicited • We seek IA’s approval for the concept of the new data access model • We request IA’s participation as we ‘flesh out’ additional details • Policies, procedures and operations • Any concerns with the Current Approach? • eThority beta trial • Oracle Discoverer access to central data New Data Access Model

More Related