fbpx
 

Category: Security Risk

SANS Critical IT Security Controls #1 – Inventory your devices
Sam AlapatiSecurity Assessments, Security RiskLeave a Comment on SANS Critical IT Security Controls #1 – Inventory your devices

Cyber attackers are constantly devising ways to hack into computer systems. You may have several test and development databases lying around across your in a semi-protected fashion. Or, your company may have recently bought and assigned a bunch of laptops. It’s essential that you patch ALL the computing devices in your environment, regardless of the purpose those devices may serve. In order to do this, however, you must first know the devices that your company owns. Even a small company […]

How Data Loss Prevention Technology Can Help You
Scott D. RosenbergAccess management, Compliance, Database security, DSS (Data Security Standard), Identity management, IT Security, Oracle database, PCI (Payment Card Industry), Risk, Security Assessments, Security Risk1 Comment on How Data Loss Prevention Technology Can Help You

Data Loss Prevention (DLP) is one of the key IT security measures a company must undertake. DLP is one of the 20 Critical IT Security Controls that the nonprofit security training agency SAN recommends. A recent news item provides a great real life of how Nationwide Insurance used DLP technology to prevent an employee’s unlawful activities. Nationwide recently installed new monitoring software to prevent unlawful transmission of data by its employees. The software snagged Qiang “Michael” Bi, a 36-year old […]

Using Oracle Database Firewall
Scott D. RosenbergAccess management, Center of Internet Security (CIS), Compliance, Contract Lifecycle management, Cost Containment/Negotiation, Database security, DSS (Data Security Standard), Enterprise Agreement, GRC (Governance, HIPAA, Identity management, IT Asset Management, IT Security, Licensing Change Alert, Microsoft Licensing Compliance, Microsoft Licensing Tip, Microsoft: News You Can Use, Miro News, Oracle database, Oracle Licensing Compliance, Oracle Licensing Tip, Oracle: News You Can Use, PCI (Payment Card Industry), Risk, Security Assessments, Security Risk, software asset management, Software audit, SQL, Uncategorized, VirtualizationLeave a Comment on Using Oracle Database Firewall

We’re all familiar with network firewalls, which prevent unauthorized access to your network from external sources. However, network firewalls don’t protect your databases from malicious attacks, which sometimes come disguised as privileged internal users. Web applications are a major source of data attacks, through stratagems such as SQL Injection, for example. Oracle’s Database Firewall (a product Oracle gained through its acquisition of Secerno, a British firm, in 2010) offers a solid defensive perimeter to monitor and enforce accepted behavior on […]

The New Ponemon Institute End Point Security Report
Scott D. RosenbergAccess management, Compliance, Database security, Identity management, IT Security, Oracle database, Risk, Security Assessments, Security RiskLeave a Comment on The New Ponemon Institute End Point Security Report

Ponemon Institute has just (Dec 2010) released a new State of Endpoint report (http://www.lumension.com/Media_Files/Documents/Marketing—Sales/Others/Ponemon—State-of-Endpoint-Risk.aspx). The study, sponsored by Lumension, reveals that a full 64 percent of the 570 respondents surveyed report that their networks are less secure than they were a year ago, or they aren’t sure. And 58 percent report that their security costs are increasing, with malware incidents being the main driver of the escalating costs. A very interesting thing to note is the fact that most IT […]

What is Oracle Data Masking?
Sam AlapatiAccess management, Center of Internet Security (CIS), Compliance, Contract Lifecycle management, Cost Containment/Negotiation, Database security, IT Security, Oracle database, Security Assessments, Security RiskLeave a Comment on What is Oracle Data Masking?

Oracle Data Masking is an Option offered for use with Oracle’s databases. Data masking provides a way to de-identify data. When might a company need to de-identify its data? Well, companies service their customers through data stored in their production databases. However, the production database isn’t the only place that sensitive data is stored. Almost every company supports its production databases with various data stores called testing, development or staging databases. Privacy and regulatory mandates call for securing and protecting […]

Oracle Advanced Security
Sam AlapatiAccess management, Compliance, Database security, DSS (Data Security Standard), HIPAA, Identity management, IT Security, Oracle database, PCI (Payment Card Industry), Risk, Security Assessments, Security RiskLeave a Comment on Oracle Advanced Security

Oracle Advanced Security (OAS) is an Option that you can purchase for your Oracle databases. What exactly can OAS do for you? There are two key things that you can do with OAS – encrypt what is called data “at rest” and data “in flight”. The data at test that OAS lets you protect is the data stored on your storage disks, whether they are in database storage or in backup storage. Since your database and backup data is stored […]

Web Application Vulnerabilities – way too common!
Sam AlapatiCenter of Internet Security (CIS), Database security, DSS (Data Security Standard), IT Security, Security RiskLeave a Comment on Web Application Vulnerabilities – way too common!

Web applications are common to practically every company that uses the internet. Even if a company uses the well-known Secure Sockets Layer (SSL) and utilizes sophisticated firewall protection, the very fact that it can’t control what users can input into their web forms, introduces several avenues that a malicious person can use to attack the company’s data. Top web application researcher and practitioner Dafydd Studdard and his colleagues have tested thousands of web applications for security assessments over the years. […]

The Recent attacks on PayPal, Visa and MasterCard
Sam AlapatiCenter of Internet Security (CIS), Database security, DSS (Data Security Standard), IT Security, PCI (Payment Card Industry), Security RiskLeave a Comment on The Recent attacks on PayPal, Visa and MasterCard

One of the interesting fallouts from the Wikileaks revelations about U.S. and international diplomatic cables that revealed the inner machinations of foreign policy operatives, secrets is the attacks by Wikileaks supporters on various financial institutions that shut off the processing of monetary contributions to the Wikileaks organization. Of the three major financial giants impacted by the mass internet attacks, PayPal, Visa and MasterCard were the most affected entities. PayPal seems to have weathered the storm pretty well, but Visa and […]

In Archive