Impact of business intelligence on incident management in the control center of a security company

ABSTRACT


INTRODUCTION
Information is a set of processed data, which brings new knowledge to the system or individual, which generates alternatives to solve problems.However, the amount of information originated worldwide generates high volumes of data not processed or properly analyzed, which causes problems and incidents in the information technology (IT) services of a company, often influencing timely decision making [1].In fact, it is evident that every day the sum of inaccurate data has been increasing from 17% to 22% in just 12 months, where it should be noted that the United States is the one with the highest percentage of inaccuracy with 25% [2]; while the highest crime incidences are present in Kenya, represented as follows: Nairobi with 6,732 incidents, Nakuru 4,525, and Kiambu 4,449 [3].Therefore, it is common for the most recent organizations to depend on IT, these being internal and external drivers of the operations of a business, where the use of IT as the growth of technological tools helps to increase the quality of operations and in obtaining competitive advantages, such as: automate solutions in the storage, analysis and processing of information, which allows solving from complex collected data, to major problems that are present when serving users [4].However, many companies, not having this technology, obtain inefficient processes and lack of reliability and integrity of the information to make decisions [5]; it should be noted that incident management is considered a key quality factor, in the social, scientific-technological, political, environmental and economic perspective in an organization, since it allows solving the incidents derived from the control and prevention of the various risks, thus reducing the negative impact on organizations [6].In this sense, it is important to keep in mind that information is a valuable asset for all companies, because it is the knowledge of the organization and has an important role in guiding business analysts to make decisions [7].It also provides relevant knowledge, within the framework of Bulletin of Electr Eng & Inf ISSN: 2302-9285  Impact of business intelligence on incident management in the control center of a security … (Alfredo Daza) 423 decisions effectively, and that, in general, requires some computer support to be analyzed in detail based on the situations that may arise based on your transactional history and that helps to choose the most effective strategy to solve risks [8].On the other hand, in the current context of Latin America, there is an alarming increase in incidents, this makes it impossible to achieve an improvement in the efficient management of information, since they do not have sophisticated technology in the information process.According to 448 opinion leaders who make up 14 nations in Latin America and the Caribbean affirm that new information technologies provide better mechanisms to design timely, accurate and relevant data [9].Based on the context explained above, various solutions have been found for the aforementioned problem, through an efficient response through data visualization, this in order to help understand both business trends and outliers in incidents summarized from data sources with results in real time and with historical information that allows to visualize the state of the company [10].In this way, business intelligence (BI) technology is used as a solution, since it allows control over information and increases user satisfaction through the support provided by the tool in the operation of the company through data [11]; because the source of information used allows quantifying, analyzing and understanding the risks, achieving the improvement of decisions by managers and streamlining information processes by reducing the workload in the face of different problems that arise [12].In Peru, incident management is present in certain business environments, where data is used to understand the context in past years [13], so proper management will facilitate the best decisions in the incidents that arise most frequently in an organization.For this reason, a BI solution will facilitate the analysis of raw data to transform it into useful information [14].Therefore, organizations need to make use of technology in the face of incidents that occur in an organization, as is the case of the national superintendence of public registries (SUNARP), a public entity of the Peruvian state, where the attention it manages is not well defined in relation to the handling of incidents, having as a consequence that the ITGO works in a disorderly manner, even the problem in the operation of the organization is not identified, such as lack of efficiency in the performance of tasks, so the waiting time is too long and sometimes they are not registered for their prompt solution, causing user dissatisfaction [15].
The study presented was carried out in a company of integral security services, where it was observed that there are problems in terms of incident management, which is evident that this is inefficient, since the information is not properly classified or controlled of these, resulting in an inadequate presentation of the reports to perform an analysis of the information, which causes reports not to be generated in a timely manner.For this reason, it takes a long time to process the information and results in inconsistent and difficult to understand reports, affecting the quality of services provided to the client and the frequency rate of incidents.With regard to indicator 1, the process is carried out as follows: the monitor reports the incident, then the analyst records the incident in a document and proceeds to analyze it, then it is decided if it needs a reinforcement group, if if so, it is verified if there are retention groups available to assign them, to proceed to verify the incident; However, if it were the case that no reinforcement group would be needed, the incident is resolved and reported, and then make a record of it, and finally, update it to the attended state, this process means that of 93 requests for incidents received, 46 are attended, which represents 49.19%.Likewise, with respect to indicator 2, the process is carried out as follows: The monitor notifies the incident, so that the analyst validates and registers it, and then analyzes the incident and categorizes it, that is where a decision is made in relation to whether it can be solved in time, if in case it is if, the incidence is assigned and resolved, however, if not, then it is investigated, a diagnosis is provided and the report is made to resolve the incident, all this to in both cases receive an incident resolution and update it; this procedure makes the incident frequency rate 125 incidents and 1392 hours worked, and the frequency rate 10.38.Therefore, this article aims to implement BI technology for the improvement of incident management in the control center of a security company.For this, the present work has been divided into: section 2 shows the related works, section 3 details the method, section 4 presents the results and discussion, and section 5 presents the conclusion of the scope of the research.

RELATED WORKS
In El Salvador and Guatemala, a solution on citizen security was proposed based on the report of complaints, through the BI tool, which showed the dimensions obtained in the time, and region.Indicators, with the result that the requirements and tools for BI systems are important, since this focus on the dimensional design, extract, transform and load (ETL) procedures, which is evidenced in a better analysis of the information and understanding of the data when processing statistics according to their dimensions, thus supporting strategic decisions [1].Likewise, Chopvitayakun conducted research in Thailand, with the aim of identifying the benefits in the IT infrastructure in the country, making use of analytical tools emphasized in decision making, through the analysis of historical data, where we worked with 470 students and used a comma-separated values (CSV) input format file for Microsoft Power BI software, which provided dynamic reports, also among its responsive and interactive features is that it easily provided a wide range of queries about the BI, through an interface that is both graphical, pleasant and effective, which helped to visualize information and filter specific findings [16].
In Russia, Krivo executed a study, whose objective was to provide effective monitoring of security incidents, through a system of key performance indicators (KPIs), which worked with a sample composed of 5,427 incident reports, where the impact of certain measures was tracked through data management tools, concluding that the BI tool allowed to obtain a set of dashboards and a visual-descriptive analysis of a wide data information [17].In addition, Reyes conducted a study in Ecuador, focused on the process of BI technology, which allowed the reduction of malicious activities in the system, for this the Ralph Kimball method was used, encompassing the ETL and online analytical processing (OLAP) process, also the sample was composed of 54 data obtained in real time, resulting in the BI managed to improve the degree of security of the institutions, through the rapid processing of information [18], which allowed the real-time visualization of incidents that may occur in the network, in order to establish control measures.Finally, in the United States, a study was conducted on government security for the prevention of criminal actions in consumers through the use of technology that helps in the prediction of crimes, taking into account 2,142,865 incidents from 2003-2017 in the United States.HUF where the results show with a reliability test of evaluators a value of 0.8, that is, the first 80 points specified as a change of high relationship with new information, it is thus that among the main conclusions it was that the BI helped to provide a figure with greater accuracy, which allowed the consultation of data to be based on the individuals [19].

METHOD
In the present study, the following hypotheses were proposed: − Percentage of service level H10: BI does not significantly improve the percentage of the service level in the control center of a security company.
H1a: BI significantly improves the percentage of the service level in the control center of a security company.
Where  is referred to the percentage of the service level before implementing BI and  is referred to the percentage of the service level after implementing BI, this to know if the technology implemented improves the indicator presented.− Incident frequency rate H20: BI does not significantly improve the frequency rate of incidents in the control center of a security company.2 0 =  −  ≤ 0 H2a: BI significantly improves the frequency rate of incidents in the control center of a security company.
Where  is referred to the incident frecuency rate before implementing BI and  is referred to the percentage of the incident frecuency rate after implementing BI, this to know if the technology implemented improves the indicator presented.Based on the above, in order to demonstrate the hypotheses raised, the BI system was developed, where the design method of the multidimensional data model used is the methodology of Ralph Kimball. Figure 1 shows the methodological process detailed:

Project planning
At this stage, the objectives, scope and purpose of the project have been determined, with the purpose being the implementation and development of BI, thus establishing an internal and external solution, which allowed the integration of information regarding indicators in incident management to avoid decisions based on outdated information, reducing response time and resources for data collection and efficient decision making in operations [20].Thus, to achieve this objective of the project, the following techniques were used: the ETL process, which allowed information to be extracted from different data sources [21].On the other hand, the dimensional data was refined and integrated, which allowed it to be processed and analyzed from different perspectives; as well as the OLAP system, which helped interactively analyze large volumes of ISSN: 2302-9285  Impact of business intelligence on incident management in the control center of a security … (Alfredo Daza) 425 information; as well as dashboards, which provided an understanding of global business conditions through the use of metrics and KPI; finally, reports were made, which generated a better visualization of the data, in order to keep managers informed about the security status of their business, in this way, BI allowed to reduce costs in the elaboration of the application with the use of open source programs [22].

Definition of requirements
In this part, the analytical needs were defined and the business requirements were identified.For this the information was collected through interviews and meetings that are immersed in the incident management process, which helped in the improvement of decision making in the organization, following with the analysis of the documents related to the business of the organization, culminating with the analysis of the information of the BI system, where the datamart helps to make decisions in the management of incidents, with the intention of reducing incidents; carrying out the monitoring and control of them.In Figure 2, the Figma tool is shown with the prototype of the dashboards for incident management, based on the requirements raised in the business model.Therefore, within the process carried out by the company in the management of incidents it was determined that there are several KPI that are fed by the data sources for quantitative indicators, based on this a database was developed in structured query language (MySQL) that served as a source of information on these indicators from spreadsheets.Table 1 shows the information needs detected.In this way, having the requirements for the development of the BI, the quality of the data was also considered, which were extracted from various sources regarding the incidents and the processes that were adopted under this framework, providing a systematic approach to improve decision making and create quality data and information.

Technological architecture design
In this phase, the technological architecture for the development of BI was carried out as shown in Figure 3. Starting with the collection of information from different data sources of the organization, proceeding with ETL process, where the data was processed and loaded into a datamart.Likewise, the data was connected with the pentaho data integration that allowed the extraction, transformation and loading, all this to have the visualization, which was made available to the end user in the form of relevant information [23].

Product selection and installation
As for the products selected for the development and implementation of BI are mostly free software, which allowed cost reduction.Within this context, there are some open source programs solutions such as Python [24].Based on this, for data preparation the pentaho data integration platform was used together with the MYSQL database manager, as well as the visualization in power BI as shown in Figure 4.

Dimensional modelling
In this phase, the data model necessary for the implementation of the BI was defined, this being the star scheme, at the same time, within the dimensions the analytical attributes of the measures were grouped, focused on the determination of analysis points that can be key to establish a similarity.On the other hand, the relationship of data and information within the transaction table and the fact table was defined to develop the dimensional design of the data [25].So, it was defined the granular level in relation to the traceability of the indicators according to the incidents, location and time, it should be noted that these were important to represent the different points of view, through which the structured information was analyzed in a hierarchical way, in the same way, the table of facts was represented with its indicators associated with a certain business process and the keys of the dimensions involved, these being the following:

Dimensions
Dimensions are stored in dimension tables made up of dimensional elements and attributes.Each dimension is composed of related items or elements.Dimensions are hierarchies of related elements.Each element represents a different level of summarization.Table 2 shows the dimensions of incident management, including: dim_empresa, dim_solicitante, dim_motivo, dim_prioridad, dim_acción dim_correctiva, dim_estado, dim_incidente, dim_analista, and dim_tiempo.The description of each of the dimensions and the information they store will be related to the fact table.

Dim_empresa
Dimension that contains the code and description of the company where the incident is carried out.Dim_solicitante Dimension containing the code and description of the requestor where the incident is made.

Dim_prioridad
Dimension that the priority where the incident is carried out.Dim_tiempo Dimension that makes the traceability of the information by day, month, year, quarter, others.

Dim_accionc Orrectiva
The dimension that contains the action of the incident.

Dim_estado
Dimension that contains the status of the incident.Dim_analista Dimension contained in the incident analyst.Dim_motivo Dimension contained in the reason for the incident.

Dim_incidente
Dimension containing the cost, days lost from the incident.

Facts
Table 3 shows the choice of the fact according to the selection of the business processes to be analyzed.Whose content was established by transactional data and each line was determined by the business process, these being the following: number of incidents, total cost of incidents, incident index and number of incidents attended.At the same time, Figure 5 shows the logical model of the proposal, elaborated through the use of the MYSQL tool, property of free software, within which the relationships between the group of measures, the table of facts and the assigned dimensions were established.

Physical model
After making the dimensional scheme, divided into the following components: data source and analysis structure, we proceeded to design the star model as shown in Figure 6.dimensions in the fact table and the process flow, and then proceed to the ETL process using the pentaho data integration tool, where the data was processed and loaded into a data mart, for which, the information sources were stored in a MYSQL database manager and then the incidents in the sheets were calculated, in xls format.

Design and development of extract, transform, and load (ETL)
For this phase, the data flow and its structure were established, as shown in Figure 7, where the ETL process was carried out using the pentaho data integration tool, which began with the extraction of data from the online transaction processing (OLTP) database by selecting tables with the required information.In Figure 8, the migration of the data is observed, after having been stored and organized in the OLAP database, for its respective creation of dimension tables.On the other hand, Figure 9, shows the data of the 429 dim_tiempo, which were made in order to obtain data for the day, quarter, semester, month, year and date.Later in Figure 10, the flow of integration, transformation and loading of the incident dimension is observed.Then, as can be seen in Figure 11, the flow of integration, transformation and loading of the analyst dimension was carried out.Finally, the fact table was combined with the dimensions: dim_empresa, dim_analista, dim_accion, dim_motivo, dim_estado, dim_solicitante, dim_prioridad, dim _incidencia, as presented in Figure 12, taking each primary key substitute from the dimension tables to achieve the connection of the relevant data.

Online analytical processing cube design
After migrating the data using pentaho data integration, in this phase we used the mondrian software to create the dimensions, hierarchies and the construction of the olap cube, according to the requirements of the company, also we made the processing of the rolap type in which it was stored in the mysql database.The defined schema performad in the cube is shown in Figure 13 with its respective fields, which was published on the pentaho business analytics server.

Business intelligence application development
This phase focused on the development of BI, whose data presentation was done through dashboards in the power BI desktop tool, which allowed access to the data necessary for the creation of visualization and analysis environments, as shown in Figure 14.Where some columns were developed, additional tables, metrics, and filters to make data analysis more robust and consequently more intuitive.In the same way, two detailed analyses were created, as shown in Figure 15, showing the index of incidents according to the companies that have suffered the incidents, which allowed analyzing the evolution in the number of incidents presented by a given month or year.

Implementation and growth
In this part, the final solution was implemented, which was divided into three phases: i) testing of the prototype to ensure proper functioning, data quality and integrity between the different connections; ii) implementation of BI, and iii) training for analysts, which allowed them to learn how to manage the program and understand the visualization of data throughout the incident process.In Figure 16, information about the number of incidents in the company (locations) and the frequency of incidents according to their reason is shown by their response time.Figure 17 shows the user interface with the reports of the reasons for the incident, which included all the details of the actionable report, for which tests were carried out to ensure that the datamart is suitable for the organization, and can be the solution to existing problems.

Deployment
In this phase the reports generated in the implementation stage based on the requirements of the company are deployed to production locally or on the web, where those responsible for the area analyze

RESULTS AND DISCUSSION
This section shows the results obtained in relation to the service level percentage indicator and the frequency index percentage indicator, with respect to the current situation of the company as well as after applying our proposal, where you can see the improvement of each of the indicators mentioned above, as shown in Figure 18 and Figure 19 respectively, below we show the results obtained for each indicator.

Percentage of service level
In Figure 18 and Table 4 shows the results of the service level percentage of 49.19% (pre test) and 77.61% (post test).Therefore, it indicates an improvement in a before and after the implementation of BI.Likewise,

Frequency index
In Figure 19 and Table 7 shows the results of the frequency index of incidents in the pre-test was 10.38, while in the post-test the value of the mean was 7.76.Therefore, it indicates a significant reduction in the frequency of incidents in a before and after the implementation of BI.Similarly, Table 8 show the normality test of indicator 2 about the frequency index after the implementation of the BI, which obtained the following results: in the pre-test a sig.value of 0.060 (greater than 0.05) in the post-test a sig.value of 0.005 (less than 0.05), evidencing that it has a normal distribution.As shown in Table 9, the Mann-Whitney U test was used, with a 95% confidence interval, which obtained a p=0.003<ȧ=0.05,which was chosen to accept alternative hypothesis (Ha), therefore, BI significantly improved the incidence frequency index in the control center of a security company.

CONCLUSION
It is concluded that by implementing BI it helps in the improvement of incident management for the security company, achieving the purpose of the study.The Ralph Kimball method was carried out following the phases: in project planning, the objective and scope were determined; in the definition of requirements, the analytical needs of the organization were obtained; in the design of technological architecture, where the technological components used for this solution are described; in the dimensional modeling a star scheme was made with 9 dimensions and 1 table made, in the physical design it was implemented in the MySQL management system and in the ETL development the pentaho data integration was used, which allowed the migration, transformation and cleaning of the data in the OLTP database to the OLAP database, that allowed to build the solution in the right way.Likewise, when implementing BI, the percentage of service level in the security entity improved, obtaining a value p=0.000<0.05,which accepts the alternative hypothesis, evidenced that before performing the test a value of 49.19% was achieved and after implementing the BI was 77.61%, being the difference of improvement of 28.42%.In the same way, with respect to the second indicator, when implementing BI helped to raise the degree of frequency of incidents of the security company, being the value-p=0.003<0.05,accepting the research hypothesis.This is evident that before the test it reached a value of 10.38 and after implementing it a 7.76 was obtained, improving by 25%.Finally, after observing the results obtained, it can be said that these were beneficial in the indicators of the research, since when implementing the business intelligent providing a positive effect by achieving an improvement when managing the incidents of the security company.

Figure 2 .
Figure 2. Prototype of the dashboard in Figma

Figure 5 .
Figure 5. Logical model of the proposal

Figure 6 .
Figure 6.Star model Impact of business intelligence on incident management in the control center of a security … (Alfredo Daza)


ISSN: 2302-9285 Bulletin of Electr Eng & Inf, Vol. 13, No. 1, February 2024: 422-435 432 adequately in real time with respect to the indicators percentage of service level and frequency index for the improvement of decision making and this helps the institution to reduce time and save costs.

Figure 16 .Figure 17 .
Figure 16.The general summary of the

Figure 18 .Figure 19 .
Figure 18.Service level percentage of incidents generated before and after implementing BI

Table 1 .
Description of the need Description of the need Incident indicators grouped by priority, reason and period of the incident Number of incidents per company.Number of corrective actions of incidents for reasons in companies.Incident Rate by company and by reason.Number of incidents per reason and per applicant in a given period.Number of analyst incidents in a given period.Number of incident statuses for a given period grouped by companies and reasons.Number of incidents for reasons grouped by given period of time and incident applicant.Number of incidents grouped by given period.Number of incidents by priorities grouped by given period of time.

Table 3 .
Fact table

Table 4 .
Table 5show the normality test of indicator 1 on the percentage of the service level after the 433 implementation of the BI, which obtained the results: in the pre-test a sig.value of 0.171 (greater than 0.05) in the post-test a sig.value of 0.010 (less than 0.05), evidencing that it has a normal distribution.As shown in Table6, the t-student test was used, with a 95% confidence interval, which obtained a p=0.000<ȧ=0.05,which was chosen to accept alternative hypothesis (Ha), therefore BI significantly improved the percentage of the service level in the control center of a security company.Descriptive statistic of the percentage of service (PNS) indicator Impact of business intelligence on incident management in the control center of a security … (Alfredo Daza)

Table 6 .
T-student test for service level percentage

Table 7 .
IF Descriptive statistic of the IF indicator

Table 9 .
IF indicator Mann-whitney u test