Measuring Database Security
How much does it cost to secure your database, and how do you calculate that? One of the more vexing problems in security is the lack of metrics models for measuring and optimizing security efforts. Without frameworks and metrics to measure the efficiency and effectiveness of security programs, it's difficult both to improve processes and to communicate our value to nontechnical decision makers.
Oracle 0-Days
During BlackHat, David Litchfield disclosed a security issue with the Oracle 10g and 11g database platforms. The vulnerability centers on the ability to exploit low security privileges to compromise Oracle's Java implementation, resulting in a total takeover of the database. While the issue appears relatively easy to address, behind the scenes this disclosure has raised a stir in database security circles. The big issue is not the bug or misconfiguration issue, or whatever you want to call it.
Dark Reading Launches New Database Security Newsletter
One of the things we've learned in publishing Dark Reading is that a pretty wide range of people work under the title of "security professional." There are techies and managers, risk managers and privacy people, white hats and black hats. Not surprisingly, they aren't all interested in the same news and information.
Security Breach Exposes Healthcare Recipients' Data
Social Security numbers were printed on address labels used in a mass mailing sent by the California Department of Health Care Services.
Amazon's SimpleDB Not Your Typical Database
Several cloud providers offer databases specifically designed for cloud deployment. Amazon's SimpleDB, while technically a database, deviates from what most of us recognize as a database platform. Although SimpleDB is still in prerelease beta format, developers have begun designing applications for it.
Health Net Sued Over Data Breach
The insurance company is accused of failing to protect medical records, Social Security numbers, and bank account information of 446,000 customers.
|