Blog Posts Tagged with "Databases"

B451da363bb08b9a81ceadbadb5133ef

Analysis of the April 2012 CPU for the Oracle Database

April 23, 2012 Added by:Alexander Rothacker

It’s mid-April, so it’s Oracle CPU fallout time again. This CPU contains 88 fixes. Thirty-three in this CPU are for vulnerabilities that are remotely exploitable without authentication. In other words, anybody on the network can exploit these vulnerabilities...

Comments  (0)

B451da363bb08b9a81ceadbadb5133ef

Pain Comes Immediately – Secure Development Takes Time

April 17, 2012 Added by:Alexander Rothacker

Once a patch to a vulnerability is released, the vendor should give as much guidance as possible to its customer base so that they can make an informed decision on how to mitigate — may it be a workaround, such as disabling some functionality, configuring compensating controls...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

On Data Breach Containment

April 12, 2012 Added by:Rafal Los

You've heard us say for a while now that information security isn't about reaching some mythical state of 'secure' but rather a constant battle on the ever-changing front lines of your organization to minimize any damage that the evil hackers can do once they find an in...

Comments  (0)

82ac4cd789b46af43c0cde730625317e

Data Classification: Why it is Important for Information Security

April 02, 2012 Added by:Christopher Rodgers

Once you know which data needs the most protection, you can properly allocate funds and resources to defend those assets. Employing a proper data classification scheme is cost effective, as it allows a business to focus on protecting its higher risk data assets...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Examining the Top Ten Database Threats

March 14, 2012 Added by:PCI Guru

Most attacks are perpetrated inside the perimeter, so protection from an inside attack is important. Once an attacker is on the inside, it is easy to use SQL injection or other techniques to obtain data. Organizations are just beginning to understand the insider threat...

Comments  (0)

Ebe141392ea3ebf96ba918c780ea1ebe

In Fifty Gigabytes, Turn Left: Data-Driven Security

March 08, 2012 Added by:Wendy Nather

If you break security events down, you're generally looking for two things: normal activities that are being done by the wrong people, or abnormal activities being done by the right people. And by people I also mean systems, but it's sometimes hard to tell the difference...

Comments  (0)

E973b16363b3de77b360563237df7e32

Choosing Secure Data Storage - A Difficult Dance

February 20, 2012 Added by:Bozidar Spirovski

There are multiple pros and cons across our storage systems parameters, but at first glance, the enterprise storage systems have the upper hand. Bear in mind though, such systems always come with exorbitant pricing, especially on any upgrades after the initial purchase...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Encryption: A Buzzword, Not a Silver Bullet

February 16, 2012 Added by:Danny Lieberman

Encryption, buzzword, not a silver bullet for protecting data on your servers. In order to determine how encryption fits into server data protection, consider four encryption components on the server side: passwords, tables, partitions and inter-tier socket communications...

Comments  (0)

3750d420f6c2a9844b529978894dc0be

Database Security TLAs Make Me LOL

February 15, 2012 Added by:Josh Shaul

I can only imagine what folks go through when they’re shopping for solutions to improve databases security. Do you want DAM? DAP? DAMP? DSP? DLP? WAF? To improve the security of your databases, you’re probably going to need some or all of the following capabilities...

Comments  (0)

A88973e7d0943d295c99820ab9aeed27

Data at Rest: Dormant But Dangerous

February 10, 2012 Added by:Simon Heron

Data is considered to be either ‘at rest’, ‘in transit’ or ‘in use.’ When putting security measures in place, it is important to consider all three states and address risks associated with each. This article examines data at rest and proposes strategies to minimize dangers...

Comments  (0)

9259e8d30306ac2ef4c5dd1936e67634

Difference Between Recovery Time and Recovery Point Objectives

February 08, 2012 Added by:Dejan Kosutic

What do RTO and RPO have in common? They are both crucial for business impact analysis and for business continuity management. Without determining them properly, you would be just guessing – and guessing is the best way to ensure you never recover from a disaster...

Comments  (0)

3750d420f6c2a9844b529978894dc0be

It's Time to Evolve How We Protect Our Data

January 24, 2012 Added by:Josh Shaul

Advanced systems for protecting databases have been available for several years now, and have become mature and reliable technology. Databases can be locked down with secure configurations, strong access controls, and effective patch management strategies...

Comments  (0)

5e402abc3fedaf8927900f014ccc031f

Email Preferences or Security Invasion?

January 24, 2012 Added by:Allan Pratt, MBA

Where do I draw the line about providing personally identifiable information? And what happens to the information I provide? Will the retailer ever sell the information – and what happens if the company’s database is hacked? All we need to do is remember Zappos...

Comments  (0)

B451da363bb08b9a81ceadbadb5133ef

TeamSHATTER: Analysis of the January 2012 Oracle CPU

January 18, 2012 Added by:Alexander Rothacker

This time ere are only TWO fixes. This is the lowest number ever since the CPU program has started in 2005. Oracle, what happened? Did you throw in the towel on DBMS fixes? I know it’s not because the Database is finally fixed for good and is now suddenly secure...

Comments  (0)

3750d420f6c2a9844b529978894dc0be

2012 Has Delivered Her First Giant Data Breach

January 17, 2012 Added by:Josh Shaul

We consumers need to pressure business to change their practices and protect our information. By asking questions, we’ll force organizations to recognize the importance of effective security, and to either do it properly or lose customers to a competitor who will...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Zappos.com Hack: 24 Million Customer Records Breached

January 15, 2012 Added by:Headlines

A source has provided Infosec Island with a copy of a message they received while logging in to their account regarding a "security update". The message advises customers to change their password, but makes no mention of the massive data loss event...

Comments  (2)

Page « < 1 - 2 - 3 - 4 - 5 > »