HeaderSIS.jpg

IS480 Team wiki: 2018T1 analyteaka research

From IS480
Revision as of 02:28, 16 August 2018 by Solomon.teo.2016 (talk | contribs)
Jump to navigation Jump to search
Analyteaka Header.png


HOME

ABOUT US

PROJECT OVERVIEW

PROJECT MANAGEMENT

DOCUMENTATION




Analyteaka Research.png

Data security

Under PDPA’s guidance, we are not legally obligated to care for personal data. However, we would follow the best practice tips by exploring

1. Set out how the personal data in custody may be well-protected.

2. Classify the personal data to better manage housekeeping

3. Set clear timelines for the retention of the various personal data and cease to retain documents containing personal data that is no longer required for business or legal purposes.

4. For the transfer of personal data overseas, including the use of contractual agreements with the organizations involved in the transfer to provide a comparable standard of protection overseas.


The above classification is based on our interpretation of Federal Information Processing Standards (FIPS) publication 199 published by the National Institute of Standards and Technology as stated by Carnegie Mellon University to reflect the level of impact to the company if confidentiality, integrity or availability is compromised.


Potential Impact table

Security Objective Low Moderate High
Confidentiality Leakage of information could be expected to have a limited adverse effect on the company’s operation, assets or individuals. Leakage of information could be expected to have a serious adverse effect on the company’s operation, assets or individuals. Leakage of information could be expected to have a severe or catastrophic adverse effect on the company’s operation, assets or individuals.
Integrity Unauthorized modification or destruction of information could be expected to have a limited adverse effect on the company’s operation, assets or individuals. Unauthorized modification or destruction of information could be expected to have a serious adverse effect on the company’s operation, assets or individuals. Unauthorized modification or destruction of information could be expected to have a severe or catastrophic adverse effect on the company’s operation, assets or individuals.
Availability The disruption of the information or system could be expected to have a limited adverse effect on the company’s operation, assets or individuals. The disruption of the information or system could be expected to have a serious adverse effect on the company’s operation, assets or individuals. The disruption of the information or system could be expected to have a severe or catastrophic adverse effect on the company’s operation, assets or individuals.

Based on the above tips and impact. We decided to split the data into 5 different class.

  • Class 1 contain at least 2 high impact
  • Class 2 contain at least 1 high impact
  • Class 3 contain at least 1 moderate impact
  • Class 4 contain at least 2 low impact
  • Class 5 contain 0 impact
CLass Level Description Example Action
1 Highly confidential data CVV code, credit card number Never stored or process.
2 Uniquely personally identifiable information. Fingerprints, eye scan, session token, NRIC, password Never stored, process and discard.
3 Personally identifiable information DoB, email, address Store only hashed value. 4 non-Personally identifiable information State, city, region, subzone Can be stored as is it
5 public website available content Item details, category, item price Can be stored as is it


Data Analytics is the process of examining data sets in order to draw conclusions about the information they contain, increasingly with the aid of specialized systems and software.

Typical mechanisms: Database (only Data)

Typical timeframe: Offline

The outcome of analytics is informed business decisions to verify or disprove scientific models, theories and hypotheses. The typical goals is to improve efficiency, optimize processes, increase revenues etc.

The hardest part of analytics project is asking the question. As Robert Half once mentioned, "Asking the right questions takes as much skill as giving the right answers." - Robert Half

Descriptive analytics Insight into the past:
  • Uses data aggregation and data mining to provide insight into the past and answer: “What has happened?”.
  • It is typically used to summarise raw data and make it interpretable by humans.

Data operations:

  • Report card of data, used for spotting potential issues when you need to understand at an aggregate level what is going on
  • When you want to summarize and describe different aspects of your business.
Predictive analytics Understanding the future:
  • Uses statistical models and forecasts techniques to understand the future and answer: “What could happen?”
  • Provides estimates about the likelihood of a future outcome
  • Foundation of predictive analytics is based on probabilities
Prescriptive analytics Advise on possible outcomes:
  • Uses optimization and simulation algorithms to advice on possible outcomes and answer: “What should we do?”
  • Attempts to quantify the effect of future decisions in order to advise on possible outcomes before the decisions are actually made
  • Uses a combination of techniques and tools such as business rules, algorithms, machine learning and computational modelling procedures
  • Anytime you need to provide users with advice on what action to take.

Based on the above details our modules are split into the respective section



Descriptive:

  • Customer Profile module
  • Store Profile
  • Staff profile

Predictive:

  • Machine Learning

Prescriptive:

  • Data visualisation module
  • Analytics and reporting module