RSS

Category: Tips and Tricks

De-FUD-ing Privileged User Management

I am proud to write this column for Dark Reading. The biggest reason is I get to share two decades of stuff I’ve seen with databases and security with you, and it starts really good conversations every time I attend security conferences and meet readers face-to-face. I can share perspective, help clarify issues around database threats, and explain the pros and cons of database security products. On occasion, I even get to call BS on things I believe only confuse DBAs and…

Click for complete article >>

CISOs Share Essential Protection Tips To Help Businesses Safeguard Data

Posted June 29, 2012 by Tim Whitman in Data Breach, Database Security, Tips and Tricks with 0 comments
checklist

Who’s guiding your business’ information security program? In the wake of this month’s LinkedIn password breach, rumors began circulating on Twitter that the social network lacked a chief information security officer(CISO), leading many commentators to posit that the company hadn’t treated its information security program with sufficient respect. LinkedIn, however, quickly clarified that while it didn’t have a CISO–or synonymous chief security officer (CSO)–job title on its org chart, there was indeed a senior-level employee in charge of its information…

Click for complete article >>

When You Do Not Know Where Your Data Is…

Posted May 15, 2012 by Tim Whitman in Best Practices, Data Breach, Database Security, PCI, Tips and Tricks with 0 comments
stk22466btm

In its fifth year of publication, the Data Breach Investigation Report (DBIR) by Verizon spans 855 data breaches across 174 million stolen records. Mark Goudie, Managing Principal, Asia-Pacific – Investigative Response, Verizon Business, talked to Jasmine Desai about the latest security threats and solutions for the same Click for complete article >>

Click for complete article >>

Local Cops Should Be Part Of Data Breach Response Plan

Posted April 10, 2012 by Tim Whitman in Data Breach, Database Security, Tips and Tricks with 0 comments
good cop

When facing data breach investigations, it’s common for enterprises to call on the FBI or Secret Service, but according to a security expert who serves as a part-time police officer, state, county and local law enforcement teams can also assist during a breach. Nick Selby, a partner with Washington DC-based information security consulting firm N4Struct Inc. who became a Texas police officer two years ago, said local law enforcement should play a larger role in data breach investigations. Click for…

Click for complete article >>

You Can’t Protect What You Don’t Know AboutTeam Shatter Exclusive

The Unknown

It’s 2012. Do you know where your databases are? Most DBA’s will probably say “Sure, my ERP backend is the RAC cluster running on these servers over there, my currency trading Sybase backend is running over there, and my intranet SharePoint server has its content stored on the SQL Server under my desk.” But are these really all the database servers you have in your company? “Well yes, of course, these are all our important databases and we run regular…

Click for complete article >>

Password Management Crucial In Database Security

Posted February 20, 2012 by Tim Whitman in Best Practices, Data Breach, Database Security, Industy, Tips and Tricks with 0 comments
Password

As security experts analyze the ramifications of the nearly decade-long Nortel breach, one of the clearest lessons bubbling to the surface is that all of the encryption and vulnerability management in the world won’t keep hackers out if they already have credentials to access sensitive databases. According to many experts, poor password management practices can cause a ripple effect that puts some of an enterprise’s most sensitive databases at risk. In the case of Nortel, Chinese hackers were able to…

Click for complete article >>

Database Logging Basics For The Secure DBATeam Shatter Exclusive

Logging 101

Building a secure system requires employing multiple processes, tools and techniques. This post will take a look at how to properly configure a file-based logging process.  Logging is the process of collecting information that details what events took place on the system or what state the system is in. Logs are absolutely necessary to establish accountability, investigate system disruption, monitor for unauthorized activities, determine the extent of the damage inflicted as result of an attack, trace the source of the…

Click for complete article >>

Legendary Hacker Kevin Mitnick Shares Security Tips

Kevin Mitnick

Kevin Mitnick was once the “most wanted” computer hacker in the world. After being nabbed by the FBI and doing his time, Mitnick became one of the good guys, helping businesses understand and address information security weaknesses and threats.  Mitnick, now a leading consultant and speaker on the subject of information security, and author of the New York Times best-seller Ghost in The Wires, spoke with me about the most serious threats of which every business should be aware. Mitnick says…

Click for complete article >>

Steam Database Attack Puts Users At Risk Of Spear Phishing ScamsTeam Shatter Exclusive

Phishing Attack

Last week it was announced that attackers gained access to Steam, an online video gaming platform run by parent company, Valve. According to the information posted on Steam’s website, the first phase of this massive attack was the insertion of targeted malicious ads or “malvertising” offering to sell cheat codes for online games to users of the Steam forums. Initially, the company thought that only its forums had been infiltrated, until late last week when it was announced that its…

Click for complete article >>

Fail A Security Audit Already — It’s Good For You!

Posted October 6, 2011 by TeamSHATTER Admin in Compliance, Data Breach, Database Security, Tips and Tricks with 0 comments
Audit Fail Safer Data

Failing an audit sounds like the last thing any company wants to happen. But that’s because audits are seen by many as the goal of a security program. In reality, audits are only the means of testing whether enforcement of security matches the policies. In the broader context, though, an audit is a means to avoid a breach by learning the lesson in a “friendly” exercise rather than in the real world. If the audit is a stress-test of your…

Click for complete article >>
Powered by