Leadership Role in Information Security

Leadership Role in Information Security Leadership role in an organization is to enact the values they say are important. Employees often pay more attention to what their supervisors say and do rather than directives learned in training, or from awareness aides like posters and flyers. The first thing  leadership can do to promote security in an organization is… Read More »

Greg Palmer

Database Threats and Security Measures to Protect Against Them

Database Threats and Security Measures to Protect Against them The following are a few well-known threats to database and Database Management Systems (DBMS), and mitigating strategies used to help protect against them. Excessive privileges. When users or applications granted database access privileges that exceed what is needed to complete tasks opens the opportunity to abuse privileges for malicious… Read More »

Greg Palmer

Active and Passive Network Monitoring

Active and Passive Network Monitoring Active monitoring entails injecting test traffic onto a network and monitoring the flow of that traffic. Passive monitoring is more an observational study. Instead of injecting artificial traffic into a network, passive monitoring entails monitoring traffic that is already on the network (Sullivan, 2013). One popular passive monitoring tool is Wireshark. Wireshark technically… Read More »

Greg Palmer

Database Transaction Security and the “Halloween Problem.”

Database Transactional Based Fraud, Transaction Security, and the “Halloween Problem.” Many database attacks are directed at external interfaces and intended to cause delays in accessing or using data which includes malicious transactions. The main concern with malicious transactions is danger to data integrity and availability.  Currently, there is no practical mechanism that identifies attackers executing malicious transactions.  Ayushi,… Read More »

Greg Palmer

Schema-Based Access Control for SQL Server Databases

Schema-Based Access Control for SQL Server Databases Database access controls are based on the principle that the users of databases should have permissions to view, modify or delete only the data in databases relevant to their job. This is also known as the principle of least privilege. No users including Database Administrators (DBA) should be exempt from this… Read More »

Greg Palmer

How NoSQL Databases are Different From Relational Databases

NoSQL Databases vs Relational Databases With relational database management systems (RDBMS), data is stored in tables and uses structured query language (SQL) for database access. You pre-define your database schema based on your requirements and set up rules to govern the relationships between fields in your tables. This model has scaling problems when it comes to expanding tables.… Read More »

Greg Palmer

Consumer Privacy Bill of Rights

Consumer Privacy Bill of Rights   Introduction The Consumer Privacy Bill of Rights (CPBR) was proposed as a draft bill by President Obama on 27 February 2015. The CPBR is intended as a law that will govern the collection and dissemination of consumer data. The Obama administration re-introduced the CPBR as an enhancement to the Data Security and… Read More »

Greg Palmer

Locard’s Exchange Principle and the Daubert Test

Locard’s Exchange Principle and the Daubert Test Locard’s Exchange Principle is based on the precept that when people interact within an environment, they always leave traces of their activities. This is the basic principle of forensic science. In the digital and physical world, Locard’s Exchange Principle applies in that if people attempt to steal, remove, add, alter, or… Read More »

Greg Palmer

Information Security Policies, Standards, Procedures

Policies, Standards, Procedures – Information Security Governance Documents Information Security Governance documents consist of Policies, Standards, and Procedures. Policies are top-level governance documents that inform the organization of executive management’s information security direction and goals. Standards are just below policies and define the activities and actions as baselines needed to meet policy goals. Procedures are the lowest level… Read More »

Greg Palmer

Online Terms of Service Agreements in Contract Law

The Importance of Online Terms of Service Agreements in Contract Law Online Terms of Service agreements (TOS) found in contracts must have the following elements to be considered legal and enforceable: Parties to the contract must have the legal ability to enter a contract known as contractual capacity.  A contract can only be used for transactions that are… Read More »

Greg Palmer