Measurement and Metrics in Secure Software Development

Measurement and Metrics in Secure Software Development Security metrics are measurements that can be applied to software development as a way to improve the security characteristics of the software being developed. Guidance on software measurement and analysis can be found in the International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) 15939 (Software Measurement Process standard), the Capability… Read More »

Greg Palmer

Importance of Patch Management in Microsoft Systems

The Importance of Patch Management The threat of malicious virus and worm attacks on Microsoft based systems has been increasing which is forcing businesses to reevaluate their organizations security needs to better protect their systems. Microsoft produces security patches for their system vulnerabilities and makes them available to users. Research has shown that the most efficient way to… Read More »

Greg Palmer

Leaderships Role in Information Security

Leaderships Role in Information Security Leaderships role in an organization is to enact the values they say are important. Employees often pay more attention to what their supervisors say and do rather than directives learned in training, or from awareness aides like posters and flyers. The first thing  leadership can do to promote security in an organization is… Read More »

Greg Palmer

Database Threats and Security Measures to Protect Against Them

Database Threats and Security Measures to Protect Against them The following are a few well-known threats to database and Database Management Systems (DBMS), and mitigating strategies used to help protect against them. Excessive privileges. When users or applications granted database access privileges that exceed what is needed to complete tasks opens the opportunity to abuse privileges for malicious… Read More »

Greg Palmer

Active and Passive Network Monitoring

Active and Passive Network Monitoring Active monitoring entails injecting test traffic onto a network and monitoring the flow of that traffic. Passive monitoring is more an observational study. Instead of injecting artificial traffic into a network, passive monitoring entails monitoring traffic that is already on the network (Sullivan, 2013). One popular passive monitoring tool is Wireshark. Wireshark technically… Read More »

Greg Palmer

Database Transaction Security and the “Halloween Problem.”

Database Transactional Based Fraud, Transaction Security, and the “Halloween Problem.” Many database attacks are directed at external interfaces and intended to cause delays in accessing or using data which includes malicious transactions. The main concern with malicious transactions is danger to data integrity and availability.  Currently, there is no practical mechanism that identifies attackers executing malicious transactions.  Ayushi,… Read More »

Greg Palmer

Schema-Based Access Control for SQL Server Databases

Schema-Based Access Control for SQL Server Databases Database access controls are based on the principle that the users of databases should have permissions to view, modify or delete only the data in databases relevant to their job. This is also known as the principle of least privilege. No users including Database Administrators (DBA) should be exempt from this… Read More »

Greg Palmer

How NoSQL Databases are Different From Relational Databases

NoSQL Databases vs Relational Databases With relational database management systems (RDBMS), data is stored in tables and uses structured query language (SQL) for database access. You pre-define your database schema based on your requirements and set up rules to govern the relationships between fields in your tables. This model has scaling problems when it comes to expanding tables.… Read More »

Greg Palmer

Consumer Privacy Bill of Rights

Consumer Privacy Bill of Rights   Introduction The Consumer Privacy Bill of Rights (CPBR) was proposed as a draft bill by President Obama on 27 February 2015. The CPBR is intended as a law that will govern the collection and dissemination of consumer data. The Obama administration re-introduced the CPBR as an enhancement to the Data Security and… Read More »

Greg Palmer