The Importance of Patch Management The threat of malicious virus and worm attacks on Microsoft based systems has been increasing which is forcing businesses to reevaluate their organizations security needs to better protect their systems. Microsoft produces security patches for their system vulnerabilities and makes them available to users. Research has shown that the most efficient way to… Read More »
Leadership Role in Information Security Leadership role in an organization is to enact the values they say are important. Employees often pay more attention to what their supervisors say and do rather than directives learned in training, or from awareness aides like posters and flyers. The first thing leadership can do to promote security in an organization is… Read More »
Database Threats and Security Measures to Protect Against them The following are a few well-known threats to database and Database Management Systems (DBMS), and mitigating strategies used to help protect against them. Excessive privileges. When users or applications granted database access privileges that exceed what is needed to complete tasks opens the opportunity to abuse privileges for malicious… Read More »
Active and Passive Network Monitoring Active monitoring entails injecting test traffic onto a network and monitoring the flow of that traffic. Passive monitoring is more an observational study. Instead of injecting artificial traffic into a network, passive monitoring entails monitoring traffic that is already on the network (Sullivan, 2013). One popular passive monitoring tool is Wireshark. Wireshark technically… Read More »
Database Transactional Based Fraud, Transaction Security, and the “Halloween Problem.” Many database attacks are directed at external interfaces and intended to cause delays in accessing or using data which includes malicious transactions. The main concern with malicious transactions is danger to data integrity and availability. Currently, there is no practical mechanism that identifies attackers executing malicious transactions. Ayushi,… Read More »
Schema-Based Access Control for SQL Server Databases Database access controls are based on the principle that the users of databases should have permissions to view, modify or delete only the data in databases relevant to their job. This is also known as the principle of least privilege. No users including Database Administrators (DBA) should be exempt from this… Read More »
NoSQL Databases vs Relational Databases With relational database management systems (RDBMS), data is stored in tables and uses structured query language (SQL) for database access. You pre-define your database schema based on your requirements and set up rules to govern the relationships between fields in your tables. This model has scaling problems when it comes to expanding tables.… Read More »
Consumer Privacy Bill of Rights Introduction The Consumer Privacy Bill of Rights (CPBR) was proposed as a draft bill by President Obama on 27 February 2015. The CPBR is intended as a law that will govern the collection and dissemination of consumer data. The Obama administration re-introduced the CPBR as an enhancement to the Data Security and… Read More »
Locard’s Exchange Principle and the Daubert Test Locard’s Exchange Principle is based on the precept that when people interact within an environment, they always leave traces of their activities. This is the basic principle of forensic science. In the digital and physical world, Locard’s Exchange Principle applies in that if people attempt to steal, remove, add, alter, or… Read More »
Policies, Standards, Procedures – Information Security Governance Documents Information Security Governance documents consist of Policies, Standards, and Procedures. Policies are top-level governance documents that inform the organization of executive management’s information security direction and goals. Standards are just below policies and define the activities and actions as baselines needed to meet policy goals. Procedures are the lowest level… Read More »