Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT

Francisco Xavier Reyes-Mena, Walter Marcelo Fuertes-Díaz, Carlos Enrique Guzmán-Jaramillo, Ernesto Pérez-Estévez, Paúl Fernando Bernal-Barzallo, César Javier Villacís-Silva


This study aimed at designing a potential solution through Business Intelligence for acquiring data and information from a wide variety of sources and utilizing them in the decision-making of the vulnerability analysis of an Academic CSIRT (Computer Security Incident Response Team). This study was developed in a CSIRT that gathers a variety of Ecuadorian universities. We applied the Action-Research methodology with a qualitative approach, divided into three phases: First, we qualitatively evaluated two intrusion detection analysis tools (Passive Scanner and Snort) to verify their advantages and their ability to be exclusive or complementary; simultaneously, these tools recorded the real-time logs of the incidents in a MySQL related database. Second, we applied the Ralph Kimball's methodology to develop several routines that allowed applying the "Extract, Transform, and Load" process of the non-normalized logs that were subsequently processed by a graphical user interface. Third, we built a software application using Scrum to connect the obtained logs to the Pentaho BI tool, and thus, generate early alerts as a strategic factor. The results demonstrate the functionality of the designed solution, which generates early alerts, and consequently, increases the security level of the CSIRT members.


business intelligence; cybersecurity; decision making; early alerts; electronic data processing; ETL; vulnerability analysis

Full Text:



M. Letho, "Cyber Security Education and Research in the Finland's Universities and Universities of Applied Sciences," International Journal of Cyber Warfare and Terrorism (IJCWT), vol. 6(2), pp. 15-31, Apr. 2016. DOI:

P. Cichonski, T. Millar, T. Grance, and K. Scarfone, "Computer security incident handling guide," NIST Special Publication 800-61, 2012

M. West-Brown, et al. “Handbook for computer security incident response teams (CSIRTS),” No. CMU/SEI-2003-HB-002. Carnegie-Mellon Univ Pittsburgh PA software engineering institute, 2003.

P. Coughlan, and D. Coghlan, "Action research for operations management," International journal of operations & production management, vol. 22(2), pp. 220-240, 2002. DOI:

R. Bouman, and J. V. Dongen. Pentaho solutions: Business Intelligence and Data warehousing with Pentaho and MySQL. Wiley Publishing, 2009.

R. Kimball, M. Ross, J. Mundy, and W. Thornthwaite. The kimball group reader: Relentlessly practical tools for data warehousing and BI remastered collection. John Wiley & Sons, 2015. DOI:

P. Valladares, W. Fuertes, F. Tapia, T. Toulkeridis, and E. Pérez, "Dimensional data model for early alerts of malicious activities in a CSIRT," in International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS), Seattle, 2017. DOI:

R. Gaddam, and M. Nandhini, "An analysis of various snort based techniques to detect and prevent intrusions in networks proposal with code refactoring snort tool in Kali Linux environment," in International Conference on Inventive Communication and Computational Technologies (ICICCT), Coimbatore, 2017. DOI:

S. Dongkyun, and K. Lee, "Comparing security vulnerability by operating system environment," International Journal of Services Technology and Management, vol. 23 (1-2), pp. 154-164, 2017.

H. Elshoush, and I. Osman, "An improved framework for intrusion alert correlation," Proceedings of the World Congress on Engineering, vol. 1, 2012.

R. Kimball, and R. Margy, The data warehouse toolkit: The definitive guide to dimensional modelling. John Wiley & Sons, 2013.

I. Sharafaldin, et al., "Towards a Reliable Intrusion Detection Benchmark Dataset," Software Networking, vol. 1 (1), pp. 177-200, 2017. DOI:

J.L Pereira, and M. Costa, "Decision Support in Big Data Contexts: A Business Intelligence Solution," New Advances in Information Systems and Technologies, vol. 444, pp. 983-992, 2016. DOI:

S. Few, “Information Dashboard Design. The Effective Visual Communication of Data,” NY: O'Reilly, 2006.

M. S. Gounder, V. V. Iyer, and A. A. Mazyad, "A survey on business intelligence tools for university dashboard development," in 3rd MEC International Conference on Big Data and Smart City (ICBDSC), Muscat, 2016. DOI:

J. Pajares, et al., "Project Management Methodologies in the Fourth Technological Revolution," Advances in Management Engineering. Springer International Publishing, pp. 121-144, 2017. DOI:

R. O’Connor, V. Elger, and P. Clarke. "Continuous software engineering—A micro services architecture perspective," Journal of Software: Evolution and Process, vol. 29 (11), pp. e1866, Nov. 2017. DOI:

Article Metrics

Abstract Views

Metrics Loading ...


  • There are currently no refbacks.

Copyright (c) 2018 Revista Facultad de Ingeniería

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.


Revista Facultad de Ingeniería (Rev. Fac. Ing.) - ISSN: 0121-1129 - ISSN: 2357-5328 (Online)

Indexed and registered by: Emerging Sources Citation IndexSciELORedalycPublindex(Categoría C)REDIBDOAJDialnetSHERPA/RoMEOLatindex.



Licencia de Creative Commons

This work is licensed under a Creative Commons Attribution 4.0 International

Sede Central Tunja–Boyacá–Colombia
Avenida Central del Norte 39-115
PBX: (57+8) 7405626 Comentarios de este sitio
Horario de atención y servicio telefónico
8:00 a.m. a 12:00 m y 2:00 p.m a 6:00 p.m.

Atención al Ciudadano
Línea Gratuita: 01 8000 942024
Tel: (57+8) 7428263
Notificaciones Judiciales
Notificaciones de aviso

Institución de Educación Superior sujeta a inspección y vigilancia por el Ministerio de Educación Nacional
Sistema OJS - Metabiblioteca |