Dark Reading
Protect The Business - Enable Access
 |
Data security and privacy: A holistic approach Download here |
Dark Reading's Database Security Tech Center is your portal to all the news, product information, technical data, and other information related to the topic of database security. Written for database administrators and businesspeople as well as security and IT professionals, the Database Security Tech Center is a single community dedicated to protecting one of the most sensitive assets in cyberspace: the company database.
Breaking News
Poisoning The Data Well
A Q&A with Forrester's John Kindervag about how encryption makes data worthless to the criminals
Federal Reserve Bank Contractor Arrested For Alleged Code Theft
Suspect admitted to stealing U.S. Treasury Dept.-owned program from the bank for use in his own private business
Oracle CPU Contains Lowest Number Of Database Fixes Ever
Database security community concerned about Oracle's patch bottleneck
More Stories:
- Does NoSQL Mean No Security?
- AntiSec Hacks Signal Same Old, Same Old In Database Insecurity
- Latest SQL Injection Campaign Infects 1 Million Web Pages
- Saudi Hackers Steal, Leak Israeli Credit Card Accounts
- App And Database Security: Two Halves Of A Whole| 1 Comments
- 7 Housekeeping Duties For Better Database Security In 2012| 2 Comments
- Internet Explorer To Get 'Silent' Updates
- Five Big Database Breaches Of 2011's Second Half| 2 Comments
MORE NEWS >>>
By The Numbers
SQL Injection Protections Remain Spotty
According to a survey conducted among IOUG members, only a little over a third of them could definitively say they've taken steps to prevent SQL injection attacks.
Source: Unisphere Research/Oracle/IOUG
Around The Web
CIO
Plans To Migrate LAPD To Google's Cloud Apps Dropped
Google and systems integrator Computer Science Corp. were unable to meet the stringent security requirements of the FBI's Criminal Justice Information Systems
HEALTHDATA MANAGEMENT
Laptop Stolen, 1,500 Patients Affected
In another failure of the human-factor of database security, a laptop containing two large databases of patient information was stolen from a clinic at the University of Mississippi
PCWORLD
Dazzlepod Offers Stratfor Customers A Way To Check On Anonymous Hack
Malaysia-based Web development company Dazzlepod has released an online tool designed to check email addresses against a database of compromised addresses so that customers of recently attacked Stratfor can find out if their information was lost
ITPROPORTAL
Rift Developer Trion Worlds Hacked
Trion Worlds, developer of the MMO Rift, has revealed that its entire database, including encrypted passwords, names, dates of birth, and fragmented credit-card data was taken
WASHINGTON EXAMINER
Virginia Database With Social Security Numbers Available To Public For 10 Years
State claims that the info has not been used in a criminal manner, since the database was never indexed on a search engine
GOVINFOSECURITY
Different Degrees Of Breach Response
The ruling of a federal appeals court that individuals affected by the 2007 Hannaford data breach can sue individually and seek compensation for nonfraud-related damages has left CIOs with a cold feeling in their stomachs
EWEEK
Stratfor Denies Anonymous Compromised Client List
Stratfor representatives have claimed that, instead of a privileged client list, Anonymous was successful only in getting the personal information of individuals who bought their publications in the past
NEW YORK TIMES TECHNOLOGY BLOG
Insurance Against Cyber Attacks Expected To Boom
Massive data breaches suffered by major corporations cost big bucks, even more so once the lawsuits start to fly
Database Security Reports
Ensuring Secure Database Access
Role-based access control based on least user privilege is one of the most effective ways to prevent the compromise of corporate data. But proper provisioning is a growing challenging, due to the proliferation of "big data," NoSQLdatabases, and cloud-based data storage.
Stop SQL Injection: Don't Let Thieves in Through Your Web Apps
Think your corporate website isn't vulnerable to a SQL injection attack? Start rethinking. SQL injection is among the most prevalent -- and most dangerous -- techniques for exploiting Web applications and attacking back-end databases that house critical business information at companies of every size. And it persists despite relatively simple and effective countermeasures. Here, we explain how SQL injection works, and how to secure your Web apps and databases against it.
Database Breaches: Lessons Learned From Real-World Attacks
Recently, there's been a rash of major database breaches, including those at Gawker.com, McDonald's and Walgreens. All the companies had solid resources at their disposal, so what went wrong? In this Tech Center report, we profile five database breaches?and extract the lessons to be learned from each. Plus: A rundown of six technologies to reduce your risk.
Other reports from the Database Security Tech Center:
- The Long Arm Of Database Security
- DB2 Gets Safer: IBM Makes Security a Priority
- Database Security: Oracle Offers New Tools to Counter Threats
- You've Been Breached: Responding to a Database Compromise
- Beyond the Database: Protecting Unstructured Data
- Protecting Databases from Web Applications
- Database Activity Monitoring: Emerging Technology Keeps Tabs on Assets
- SQL Injection: A Major Threat to Data Security
- Protecting Your Databases From Careless End Users
- A Database Administrator's Guide to Security
- Why Your Databases Are Vulnerable To Attack - And What You Can Do About It
Related Content
| Sponsored by: |  |
Data security and privacy: A holistic approach
This paper examines the complex data security and privacy threat landscape; compliance and regulatory requirements; and, the IBM InfoSphere portfolio of integrated solutions designed to help you stay focused on meeting your organization's business goals, achieving compliance and reducing risk. IBM InfoSphere solutions for data security and privacy support a holistic approach ensuring the protection and integrity of your data.
Ten Database Activities Enterprises Need to Monitor
Enterprises are paying too little attention to security risks associated with their databases. Auditors, security/risk professionals and data owners need to watch for behaviors that may indicate database security problems. Learn the 10 critical database activities & behaviors enterprises should audit now.
The Forrester Wave: Database Auditing And Real-Time Protection
Database auditing has become critical as enterprises deal with regulatory compliance and security requirements. Learn why Forrester Research named IBM InfoSphere Guardium a Leader with #1 scores in all 3 top-level categories: Current Offering, Strategy and Market Presence.
Look Beyond Native Database Auditing to Improve Database Security
This Forrester Consulting study provides real-world findings from in-depth interviews with enterprises that have implemented database auditing and real-time protection solutions to ensure comprehensive auditing, real-time monitoring and protection of critical database and enterprise applications from internal and external attacks.
HOWTO Safeguard Against the Latest Cyber-Threats
2010 saw 27% rise in new vulnerabilities with the largest category being Web Application vulnerabilities. Tom Cross discusses these security events from the "IBM X-Force 10 Trend and Risk Report." Learn more about APTs, virtualization and cloud security threats.
Database Security Newsfeed
- Survey Of Security And Audit Pros, DBAs Reveals Responsibility Disconnect, Lack Of Management Commitment Impedes Database Security Efforts
- Vormetric Announces Record Revenues For 2011
- SharePoint Users Develop Insecure Habits
- New Secure Mobile App Developer Credential Planned By CompTIA And viaForensics
- Imperva Rolls Out IPv6 Support
- Qualys Launches New Version Of Web Application Scanner
MORE NEWSFEED >>>
