Archive for May, 2007
Tuesday, May 22nd, 2007
Propagating Middle-Tier and Application Users to the DBMS (Part 1 of 3)
Well, I threatened to post something more technical, and here we are. I’ve just come back from a business trip to the US, meeting some prospects and customers. As always, I was asked a lot of technical questions. One of the frequent questions I encounter is - how can we propagate the application user and [...]
3 Comments » - Posted in Oracle, technical tips, user identity by Slavik
Monday, May 14th, 2007
Compliance and the Illusion of Security
Recent opinions about PCI-DSS and whether it should or should not be softened made me think of a wider issue I often come across: The illusory equivalence of regulatory compliance with “security”.
I would therefore like to try and argue that compliance cannot equate security, and it never will. The reasons for this are inherent to [...]
3 Comments » - Posted in compliance, security by Slavik
Monday, May 7th, 2007
Breach at University of Western Florida: Are academic institutions sitting ducks?
While it’s not headline news yet (and may never achieve such lofty status), a recent database breach at UWF was exposed and later reported in local news. What exactly happened and how many records were compromised is, as usual in such cases, unknown.
This made me think: We hear of breaches at universities all too frequently. [...]
4 Comments » - Posted in breach, insider threat, privacy, security, universities by Slavik
Tuesday, May 1st, 2007
So what really happened at TJX?
What better way to start a blog about database security than to discuss what is possibly the biggest data breach ever?
It now seems that several banks are suing TJX over claimed losses of tens of millions of dollars - so negligence in data protection carries a cash penalty, not just nebulous damage to reputation. Gross [...]