by: Asna Ishrat
The common factor in today’s global economy where most of the business is done electronically via B2B [Business to Business] or via B2C [business to consumer] or other more traditional methods’ is electronic transfer and storage of data. This very electronic data is the organization main information assets. A compromise of this data could knock the business out or delay in the processing this data could lead to customer satisfaction issues and loss of market share.
No matter how we look into this conundrum, it is utmost important from the viewpoint of the custodian of that electronic data to have it in a secure form that is readily accessible to the applications that are authorized to access and manipulate it.
In the interest of best practice as well as to keep this electronic data secure in the databases, here is a tool that adds value and highlights issues before they could be exploited. We are talking about Secure Audit. Rest of this paper will talk about the challenges in this area and how Secure Audit could be used to mitigate those.
Compliance with Regulation
In the United States, the Gramm-Leach-Bliley Act requires companies to notify consumers of their privacy policies and to provide opt-out provisions for consumers who do not want their personal information distributed beyond the company. In addition, the Gramm-Leach-Bliley Act protects nonpublic financial data. Data stored on a computer that has even a remote possibility of containing information such as social security numbers, credit card and financial account numbers, account balances, and investment portfolio information must be protected.
The use and disclosure of patient medical information originally was protected by a patchwork of U.S. state laws, leaving gaps in the protection of patients’ privacy and confidentiality. The United States Congress also recognized the need for national patient record privacy standards in 1996 when it enacted the Health Insurance Portability and Accountability Act of 1996 (HIPAA), protecting all medical records and other individually identifiable health information used or disclosed by a covered entity in any form, whether electronically, on paper, or orally. In addition to the legal ramifications of a security breach, independent research firm, Computer Economics has substantiated that malicious attacks result in actual financial costs, decreases in revenue, and an incredible impact on productivity.
In the last several years, there has been a substantial growth in cyber crimes. Now days more and more hacker are targeting enterprise applications and database servers. Most large organizations have already installed antivirus software, firewalls and even intrusion detection systems (IDSs) to protect their networks and host operating systems, but fail to give proper attention to enterprise database servers, on the assumption that they are protected by firewalls and other defenses at the network perimeter. Yet these databases are the major reason enterprises invest in IT in the first place, and the data they contain are often the enterprise’s most valuable assets. Indeed, an enterprise without database security is like a bank with locks on the doors and armed guards by every entrance, but no vault.
Why hackers attack database servers
If we look closely we will see why the hackers love to hack the database server.
• Most of the database servers are configures with default usernames and passwords. Etc user Scott password Tiger or user system password manager.
• Most of the database servers are using default setting which was set by manufacturers. Etc by default public have privilege to execute.
• Database servers are not patched properly.
If you like to test your Oracle database using an Auditing tool Secure Ora Auditor http://www.secure-bytes.com/soa.php having world’s maximum number of checks in it. It detects the vulnerabilities of your database according to their categories and risk types and then recommends the fixes for each security hole.
Secure you database before its too late.
About The Author
We offer Information Security Software Solution for System Auditing, Risk Management Tools, Vulnerability Scanners, Auditing Tools, Penetration Testing Tools, Forensics Utilities and Regulatory Compliance.
http://www.secure-bytes.com
Wednesday, April 29, 2009
Tuesday, April 28, 2009
The Joy Of Computer Storage
by: Dr. Jim Anderson
I'm currently out in Las Vegas attending the EMC World 2008 tradeshow. If you've never heard of this one, then you probably aren't a part of the world of computer storage. EMC is a $15B company that grew large by providing the storage that Yahoo, Google, the government, etc. use to store each and every bit of information that they mange. This year the show has been a real eye opener for me.
I dabble in the world of storage when I have a need. The folks who I've talked to at the show, on the other hand, REALLY get involved in storage on a daily basis. There are about 9,300 folks attending this show (see -- I told you that it was a big deal).
What I've observed about this mass of IT professionals is that they all seem to be engaged and motivated. Now I can't say what will happen when they get back to the shop, but at least for the few days that they are out here in the desert they seem to be satisfied with both their jobs as well as their companies. If only you could capture this feeling and bottle it!
How did they get this way? I think that it has a lot to do with the simple fact that they are among peers who share the same technical knowledge that they do. This allows them to remember that they are not alone. It also helps that EMC spends the entire show telling them that they are important parts of their company and that the future rests on their shoulders.
Perhaps this type of environment can be captured and used back at home. Within you firm is there any way to set up a birds-of-feather group for technical professionals who share the same types of knowledge but who don't normally have an opportunity to work together? Be careful that this doesn't turn into a complaint club, but if managed and directed, it can become a powerful reason why IT workers join and don't leave your company.
About The Author
Dr. Jim Anderson understands what it is like to both work in an IT department as an employee as well as a manager. Dr. Anderson explains how to attract, motivate, and retain top IT staff.
Get more information on both Dr. Anderson and mangement skills at: http://www.theaccidentalitleader.com
Oh, and if you want to follow Dr. Anderson on Twitter, he can be found at: http://twitter.com/drjimanderson
I'm currently out in Las Vegas attending the EMC World 2008 tradeshow. If you've never heard of this one, then you probably aren't a part of the world of computer storage. EMC is a $15B company that grew large by providing the storage that Yahoo, Google, the government, etc. use to store each and every bit of information that they mange. This year the show has been a real eye opener for me.
I dabble in the world of storage when I have a need. The folks who I've talked to at the show, on the other hand, REALLY get involved in storage on a daily basis. There are about 9,300 folks attending this show (see -- I told you that it was a big deal).
What I've observed about this mass of IT professionals is that they all seem to be engaged and motivated. Now I can't say what will happen when they get back to the shop, but at least for the few days that they are out here in the desert they seem to be satisfied with both their jobs as well as their companies. If only you could capture this feeling and bottle it!
How did they get this way? I think that it has a lot to do with the simple fact that they are among peers who share the same technical knowledge that they do. This allows them to remember that they are not alone. It also helps that EMC spends the entire show telling them that they are important parts of their company and that the future rests on their shoulders.
Perhaps this type of environment can be captured and used back at home. Within you firm is there any way to set up a birds-of-feather group for technical professionals who share the same types of knowledge but who don't normally have an opportunity to work together? Be careful that this doesn't turn into a complaint club, but if managed and directed, it can become a powerful reason why IT workers join and don't leave your company.
About The Author
Dr. Jim Anderson understands what it is like to both work in an IT department as an employee as well as a manager. Dr. Anderson explains how to attract, motivate, and retain top IT staff.
Get more information on both Dr. Anderson and mangement skills at: http://www.theaccidentalitleader.com
Oh, and if you want to follow Dr. Anderson on Twitter, he can be found at: http://twitter.com/drjimanderson
Subscribe to:
Posts (Atom)