Title: Managing vulnerabilities during the development of a secure ETL processes

Authors: Salma Dammak; Faiza Ghozzi; Asma Sellami; Faiez Gargouri

Addresses: Mir@cl Laboratory, Department of Information Systems, Sfax University, B.P. 3023, Sfax, Tunisia ' Mir@cl Laboratory, Department of Information Systems, Sfax University, B.P. 3023, Sfax, Tunisia ' Mir@cl Laboratory, Department of Information Systems, Sfax University, B.P. 3023, Sfax, Tunisia ' Mir@cl Laboratory, Department of Information Systems, Sfax University, B.P. 3023, Sfax, Tunisia

Abstract: Vulnerabilities in information systems (ISs) are high-value assets to a cybercriminal. These vulnerabilities can be targeted for exploitation which results in unauthorised access to the IS. Due to the increasing demand of preventing cyber-crimes, decisional systems should focus on extract, transform, and load (ETL) processes security which is one of the most critical and complex issues considered during DW development. The intent of this paper is to provide a structured method for managing vulnerabilities that can affect ETL processes throughout its development (preventive) and along its exploitation (corrective). We anticipate and evaluate vulnerabilities by defining an impact of severity score measured based on CVSS standard and two scores presented the required preventive and corrective actions based on the COSMIC method. We propose an algorithm to order and prioritise these vulnerabilities using the defined scores. The prioritisation algorithm helps and assists the ETL designers in ensuring security.

Keywords: ETL processes; security; measure; vulnerabilities; cost; COSMIC; common vulnerability scoring system; CVSS.

DOI: 10.1504/IJICS.2022.122914

International Journal of Information and Computer Security, 2022 Vol.18 No.1/2, pp.75 - 104

Received: 13 Nov 2018
Accepted: 04 Aug 2019
Published online: 17 May 2022 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article