Security Management Strategies for the CIO
Email Alerts
-
Information security book excerpts and reviews
Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
-
Quiz: Database defenses for a new era of threats
Take this five-question quiz to evaluate your knowledge of the material presented by expert Rich Mogull in this Data Protection Security School lesson. Quiz
-
Information theft and cryptographic attacks
The third tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Guide to Protecting Business Internet Usage published by R... Book Chapter
-
Attacks targeted to specific applications
This is the fourth tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guide to Protecting Business Internet Usage," pu... Book Chapter
-
PING with Suzanne Hall
In this exclusive interview with Information Security magazine, Suzanne Hall, AARP director of IT operations and security, examines how security professionals can enable telecommuters and mobile workers while keeping their data secure. Information Security maga
-
Implementing Database Security and Auditing: Trojans
An excerpt from Chapter 9 of "Implementing Database Security and Auditing," by Ron Ben Natan. Book Chapter
-
More from SearchSecurity -- October 2005
Highlights from the October 2005 issue of Information Security magazine. Monthly Magazine Highligh
-
SAP Security Learning Guide
This guide pulls SAP security information from both SearchSecurity.com and its sister site, SearchSAP.com, to provide the most comprehensive resource around for all aspects of making your SAP system bulletproof. Learning Guide
-
Lesson/Domain 6 -- Security School: Training for CISSP Certification
Security School webcasts are focused on CISSP training. Each lesson corresponds to a specific domain in the CISSP exam's "Common Body of Knowledge." School
-
Infosec Know IT All Trivia: Database security
How much do you know about securing a database? Find out with these trivia questions. Quiz
-
Oracle security advisory addresses Black Hat database flaw disclosure
A privilege escalation flaw, which prominent security researcher David Litchfield disclosed at Black Hat, can be exploited to gain system privileges. News | 13 Aug 2012
-
Black Hat 2012: David Litchfield slams Oracle database indexing
At Black Hat 2012, longtime Oracle thorn David Litchfield presents working exploits targeting Oracle database indexing vulnerabilities. News | 26 Jul 2012
-
Password database inventory required following LinkedIn breach
Many organizations have acquired legacy applications over the years, storing password data and other information in clear text, according to one noted security expert. News | 25 Jun 2012
-
Database security assessment vital to password protection, experts say
Hashing and salting passwords help deter cybercriminals from cracking them, but the goal should be to keep attackers out of the database, say security experts. News | 12 Jun 2012
-
Analysis: Oracle trips on TNS zero-day workaround
Oracle's refusal to patch a zero-day in its flagship database management system is another example of how it carelessly exposes customers to risk. News | 02 May 2012
-
Oracle won’t patch four-year-old zero-day in TNS listener
Despite the accidental release of attack code for a bug in Oracle’s database, the company won’t change the code for fear of “regression.” News | 01 May 2012
-
McAfee strikes first deal under Intel for database monitoring software
The security giant is expanding into the database security market, announcing its intention to acquire Sentrigo. The terms of the deal were not released. Article | 23 Mar 2011
-
Database security: Top 10 database vulnerabilities list
New vulnerabilities list outlines the most common database problems that could lead to a costly data breach. News | 03 Jun 2010
-
Oracle buys database firewall vendor Secerno
Oracle said the deal adds the Secerno database activity monitoring functionality to its line of database server security technologies. Article | 20 May 2010
-
Database activity monitoring lacks security lift
IBM's acquisition of Guardium does not validate DAM as a viable security market segment. The market has been hyped, says security expert Eric Ogren. Column | 10 Dec 2009
- See More: News on Database Security Management
-
SAP security overview: Server-side request forgery attack mitigation
Expert Michael Cobb provides an SAP security overview, including steps enterprises can take to defend against server-side request forgery attacks. Tip
-
Using the network to prevent an Oracle TNS Listener poison attack
Expert Michael Cobb details the Oracle TNS Listener poison attack and tells how enterprises can use the network to defend vulnerable applications. Tip
-
Security event log management, analysis needs effective ways to search log files
Search is a key discipline for security log management. John Burke explains how to better search log files to improve security event log management. Tip
-
Best practices for enterprise database compliance
Successful enterprise database compliance means, for starters, access must be tightly controlled and monitored. Charles Denyer covers key database compliance essentials. Tip
-
Database security best practices: Tuning database audit tools
Database auditing requires more than just the right tools: Those tools also have to be properly configured to offer the information that's needed and database performance that's required. Learn more about tuning database audit tools in this tip. Tip
-
Database application security: Balancing encryption, access control
Database applications are often the epicenter of a company's sensitive data, so security is paramount, but maintaining a balance between security and business use can be tricky. In this tip, Andreas Antonopoulos discusses encryption strategies for da... Tip
-
Content-aware IAM: Uniting user access and data rights
In the world of IT security, IAM and data protection have generally kept to their separate corners. That trend, however, may be shifting with the onset of content-aware IAM that merges granular user access with advanced data protection. Tip
-
Understanding transparent data encryption in SQL Server 2008
Transparent data encryption can go a long way toward meeting compliance and security standards. Learn what TDE can do for you, with details on the considerations that should be made before it's implemented. Tip
-
The ins and outs of database encryption
While pundits and gurus may say the "easy" data protection option is for an enterprise to encrypt its entire database, the truth is it's much harder than many realize. In this tip, database security expert Rich Mogull examines the two primary use cas... Tip
-
Look before leaping into database encryption
Encryption is the ultimate mechanism for data protection, but the process of developing an encryption strategy can be daunting. In this tip, contributor James C. Foster explains the database encryption options available and offers guidance for ensuri... Tip
- See More: Tips on Database Security Management
-
Monitor outbound traffic: Full-packet capture or only capture network flow data?
If an enterprise can't afford to implement full-packet capture, expert Mike Chapple recommends trying to capture network flow data instead. Answer
-
OpenStack security analysis: Pros and cons of open source cloud software
Expert Michael Cobb examines the open source cloud computing platform OpenStack and relevant OpenStack security issues. Answer
-
Comparing relational database security and NoSQL security
In this introduction to database security, expert Michael Cobb explains the differences between relational database and NoSQL security. Answer
-
Is full-disk server encryption software worth the resource overhead?
While encrypting production servers may seem like a good security move, according to Anand Sastry, doing so may not be worth the resources it uses. Answer
-
What is SQL Server Atlanta?
Have you heard about Microsoft’s cloud-based SQL Server Atlanta service? Expert Michael Cobb discusses how Atlanta can help improve performance and security. Answer
-
Prevent a privilege escalation attack with database security policy
Privilege escalation attacks are dangerous wherever they occur, but can be particularly harmful if run in a database. Learn more from threats expert Nick Lewis. Ask the Expert
-
DBMS security: Data warehouse advantages
Are there data warehouse advantages in regard to security? Without question. Michael Cobb explains. Ask the Expert
-
Tips for writing secure SQL database code
Writing secure code is always a challenge, but it is particularly necessary for SQL databases that would otherwise be vulnerable to SQL injection attacks. Get tips on how to write secure SQL database code in this expert response. Ask the Expert
-
What is the best database patch management process?
Michael Cobb reviews how to handle database patches in the enterprise. Ask the Expert
-
Is credit card tokenization a better option than encryption?
Platform security expert Michael Cobb reviews alternatives to encryption that will help protect sensitive data. Ask the Expert
- See More: Expert Advice on Database Security Management
-
data encryption/decryption IC
A data encryption/decryption IC is a specialized integrated circuit (IC) that can encrypt outgoing data and decrypt incoming data... Definition
-
link encryption (link level or link layer encryption)
Link encryption (sometimes called link level or link layer encryption) is the data security process of encrypting information at the data link level as it is transmitted between two points within a network. Definition
-
MD4
MD4 is an earlier version of MD5, an algorithm used to verify data integrity through the creation of a 128-bit message digest from data input (which may be a message of any length) that is claimed to be as unique to that specific data as a fingerprin... Definition
-
MD2
MD2 is an earlier, 8-bit version of MD5, an algorithm used to verify data integrity through the creation of a 128-bit message digest from data input (which may be a message of any length) that is claimed to be as unique to that specific data as a fin... Definition
-
MD5
MD5 is an algorithm that is used to verify data integrity through the creation of a 128-bit message digest from data input (which may be a message of any length) that is claimed to be as unique to that specific data as a fingerprint is to the specifi... Definition
-
International Data Encryption Algorithm (IDEA)
IDEA (International Data Encryption Algorithm) is an encryption algorithm developed at ETH in Zurich, Switzerland. Definition
-
Countdown: The top 5 things you can do to lock down your database right now
Implementing security measures to secure database installations is an important, but overwhelming task. This expert podcast will provide you with a practical guide of immediate steps that you can take to eliminate common vulnerabilities found in data... Podcast
-
Fact or fiction: Pros and cons of database encryption
According to our latest survey of more than 608 enterprise security pros, 80% of enterprises say protecting data is more important in 2007 than last year, and 72% admit they need a better strategy. SearchSecurity.com is responding to this growing ne... Podcast
-
Countdown: Plugging the dam -- Understanding where and how content leaks
This expert Podcast counts down the top 5 different use cases in which data can leak as a result of outdated data handling policies, and what you can do to make sure these situations don't put your organization in an exposed position. Podcast
-
SAP security overview: Server-side request forgery attack mitigation
Expert Michael Cobb provides an SAP security overview, including steps enterprises can take to defend against server-side request forgery attacks. Tip
-
Oracle security advisory addresses Black Hat database flaw disclosure
A privilege escalation flaw, which prominent security researcher David Litchfield disclosed at Black Hat, can be exploited to gain system privileges. News
-
Using the network to prevent an Oracle TNS Listener poison attack
Expert Michael Cobb details the Oracle TNS Listener poison attack and tells how enterprises can use the network to defend vulnerable applications. Tip
-
Black Hat 2012: David Litchfield slams Oracle database indexing
At Black Hat 2012, longtime Oracle thorn David Litchfield presents working exploits targeting Oracle database indexing vulnerabilities. News
-
Password database inventory required following LinkedIn breach
Many organizations have acquired legacy applications over the years, storing password data and other information in clear text, according to one noted security expert. News
-
Database security assessment vital to password protection, experts say
Hashing and salting passwords help deter cybercriminals from cracking them, but the goal should be to keep attackers out of the database, say security experts. News
-
Analysis: Oracle trips on TNS zero-day workaround
Oracle's refusal to patch a zero-day in its flagship database management system is another example of how it carelessly exposes customers to risk. News
-
Oracle won’t patch four-year-old zero-day in TNS listener
Despite the accidental release of attack code for a bug in Oracle’s database, the company won’t change the code for fear of “regression.” News
-
Security event log management, analysis needs effective ways to search log files
Search is a key discipline for security log management. John Burke explains how to better search log files to improve security event log management. Tip
-
Monitor outbound traffic: Full-packet capture or only capture network flow data?
If an enterprise can't afford to implement full-packet capture, expert Mike Chapple recommends trying to capture network flow data instead. Answer
- See More: All on Database Security Management
About Database Security Management
Get the latest database security news, tips and information about Oracle, IBM DB2, and Microsoft's SQL Server and more. Get information about database security gateways. Understand database encryption and learn about the simple steps that can eradicate database vulnerabilities.