Dark Reading
Protect The Business - Enable Access
 |
Data security and privacy: A holistic approach Download here |
Five Big Database Breaches Of 2011's Second Half
Healthcare breaches dominate since the summer, with plenty of lessons learned By Ericka Chickowski, Contributing EditorDark Reading
1. The Breach Victim: Nemours
Assets Stolen/Affected: Names, addresses, dates of birth, Social Security numbers, insurance data, medical treatment data, and bank account information for 1.6 million patients, vendors, and employees.
Three unencrypted tapes containing a mother lode of personal information on patients, vendors, and employees were lost amid the dust of a facility remodel project when a cabinet that held them since 2004 went missing.
Lessons Learned: Database backups are often the Achilles' heel in enterprise database security. Because of their portability and longevity, database backup tapes are frequently lost in transit or in these types of relocation scenarios. Encryption of data is key to ensuring security even when tapes can't be physically secured.
[ From healthcare to game companies to trusted third-party security companies, a number of significant breaches were reported in 2011. See Slide Show: The Year In Data Theft. ]
2. The Breach Victim: Tricare/SAIC
Assets Stolen/Affected: Protected health information from 5.1 million patients of U.S. military hospitals and clinics.
Another day, another backup tape gone missing. In September, Tricare announced that an employee for one of its contractors, Science Applications International Corp. (SAIC), was driving around with a backup tape containing patient data from 1992 all the way through 2011 for San Antonio-area military treatment facilities. The tapes were stolen from the car, exposing Social Security numbers, addresses, phone numbers, clinical notes, lab test results, prescriptions, and other medical information.
Lessons Learned: In addition to the lessons about backup tape protection, this case shows how important third-party contractor security procedures are to an organization. Enterprises and government agencies alike must be aware of how contractors are touching database information and whether they're employing best practices with regard to how that data is handled.
Next Page: Sutter Physicians Services and Sutter Medical Foundation
1 | 2 | Next Page »
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
Subscribe to RSSDatabase Security Reports
Securing The Data Warehouse
Many enterprises are building data warehouses to centralize the ever-increasing information flowing through their organizations into useful repositories. This makes good business sense, but it opens up a slew of concerns from a security standpoint. IT professionals can apply many of the same security best practices used with databases, but there are new lessons to be learned as well.
Defend Your Data From Malicious Insiders
The biggest threat to your company?s most sensitive data may be the employee who has legitimate access to corporate databases but less-than-legitimate intentions. And while the incidence of insider data breaches has decreased, external attacks often imitate them--and do serious damage. Follow our advice to mitigate the risk.
Ensuring Secure Database Access
Role-based access control based on least user privilege is one of the most effective ways to prevent the compromise of corporate data. But proper provisioning is a growing challenging, due to the proliferation of "big data," NoSQLdatabases, and cloud-based data storage.
Other reports from the Database Security Tech Center:
- Stop SQL Injection: Don't Let Thieves in Through Your Web Apps
- Database Breaches: Lessons Learned From Real-World Attacks
- The Long Arm Of Database Security
- DB2 Gets Safer: IBM Makes Security a Priority
- Database Security: Oracle Offers New Tools to Counter Threats
- You've Been Breached: Responding to a Database Compromise
- Beyond the Database: Protecting Unstructured Data
- Protecting Databases from Web Applications
- Database Activity Monitoring: Emerging Technology Keeps Tabs on Assets
- SQL Injection: A Major Threat to Data Security
- Protecting Your Databases From Careless End Users
- A Database Administrator's Guide to Security
- Why Your Databases Are Vulnerable To Attack - And What You Can Do About It
Related Content
| Sponsored by: |  |
Establishing a Strategy for Database Security is No Longer Optional
As databases continue to grow in size, complexity and importance, enterprises struggle to identify the most appropriate controls regarding their use and misuse. The report identifies best practices, including: Implementing database activity monitoring to mitigate the high levels of risk from database vulnerabilities, and address audit findings in areas such as database segregation of duties and change management; using data security measures, such as data masking and data encryption; and monitoring privileged-user access and access to critical data.
Database Activity Monitoring Is Evolving Into Database Audit and Protection
In this report, Gartner writes that "Database audit and protection (DAP) represents an evolutionary advance in database activity monitoring tools." DAP suites provide comprehensive, cross-platform support in heterogeneous database environments to protect sensitive data from inappropriate use. Organizations are increasingly concerned with optimizing database security and mitigating risks associated with database vulnerabilities.
Protecting Against Database Attacks and Insider Threats: Top 5 Scenarios
Data security presents a multi-dimensional challenge in today's complex IT environment. Multiple access paths and permission levels have resulted in a broad array of security threats and vulnerabilities. We invite you to read this new eBook: "Protecting against database attacks and insider threats" to learn the top five scenarios and essential best practices for preventing database attacks and insider threats.
Demo: Distributed Database Security with Real-time Monitoring and Audit Protection
Organizations across the globe continue to experience compromised data caused by malicious attacks, web application vulnerabilities or unauthorized changes. View this demo and learn how IBM InfoSphere Guardium? database activity monitoring can help protect your sensitive data in distributed DBMS environments with a holistic approach to data security and compliance.
Look Beyond Native Database Auditing To Improve Security, Audit Visibility, And Real-Time Protection
Today's attacks on enterprise databases are more sophisticated than ever, and they occur so fast that it's often difficult to stop them in real time. Despite significant efforts to protect enterprise databases, the number of records breached has grown each year - due to all types of internal and external attacks and violations of corporate policy.
Database Security Newsfeed
- Cyber-Ark Partners With Carahsoft To Deliver IT Security Solutions To Government Sector
- Guidance Software Launches Encas App Central
- Varonis Research Uncovers What IT Security Wants Most From Big Data
- Check Point Report: More Than Half Of Targeted Attacks Driven By Financial Fraud
- Veracode Infographic On Cybersecurity Risks In Public Companies
- Digital Defense Identifies Vulnerability On Epicor Software Interface
MORE NEWSFEED >>>
- Creating an Agile, Flexible Cloud Computing Model
- Why Bad Guys Write Malware– And What You Can Do About It
- Techniques for Next-Gen Data Protection using Next-Gen Computing
- Videoconferencing: Business & the Big Picture
- Insurance Workforce Optimization: How To Work Smarter To Benefit Your Customers, Employees and the Bottom Line
- How to Secure Your Virtualized Data Center
- IDC white paper: Delivering an Integrated Infrastructure for the Cloud
- Hardware vs. software deduplication: finding what's right for you
- Enterprise Strategy Group: The Next Wave of Data Deduplication
- ESG whitepaper: Defining Tier One Storage in the Modern Data Center
