Joshua Fox
Project Lead & Chief Technologist
IBM

Wednesday 9:45am - 10:45am

Level: Data Management - Intermediate

When organizations first seek to comply with regulations with regulations such as Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) and Sarbanes-Oxley, they often prepare their metadata for analysis by gathering it into an enterprise metadata repository. The assumption is that metadata presents the clearest, most trustworthy description of the IT environment, and that analysis of this metadata will reveal the information services which pose a risk to regulatory compliance.

Yet preliminary results have been disappointing. Faced with metadata expressed in different terminologies and structures, IT managers find it impossible to get coherent results. They cannot justify dedicating the extensive human resources required for mapping, defining, and organizing the masses of disorganized metadata.

Data mining techniques provide part of the answer to this challenge. Significant technical improvements in the last decade have helped data mining to score impressive successes in areas as disparate as enterprise search and homeland security. Since metadata is just another type of data, applying data mining to metadata is technically straightforward.

This presentation will focus on practical hands-on application of standard data mining tools to issues of regulatory compliance. In an e-Government use case, we will show how to discover potential security risks as part of DIACAP validation, even where IT metadata is built on abbreviations and non-standard terminologies.