Managing vulnerabilities during the development of a secure ETL processes

Vulnerabilities in information systems (ISs) are high-value assets to a cybercriminal. These vulnerabilities can be targeted for exploitation which results in unauthorised access to the IS. Due to the increasing demand of preventing cyber-crimes, decisional systems should focus on extract, transform, and load (ETL) processes security which is one of the most critical and complex issues considered during DW development. The intent of this paper is to provide a structured method for managing vulnerabilities that can affect ETL processes throughout its development (preventive) and along its exploitation (corrective). We anticipate and evaluate vulnerabilities by defining an impact of severity score measured based on CVSS standard and two scores presented the required preventive and corrective actions based on the COSMIC method. We propose an algorithm to order and prioritise these vulnerabilities using the defined scores. The prioritisation algorithm helps and assists the ETL designers in ensuring security.