Musings on Database Security

Slavik’s Blog

Friday, June 8th, 2007

Chronicle of a Breach Foretold

About a month ago I posted about breaches at educational institutions, and suggested that rectifying the problem could start by simply not hoarding PII (personally identifiable information) unnecessarily.
Today I read about this breach at Northwestern University (not the first data breach for them) where social security numbers of 4,000 individuals may have been compromised, including [...]

1 Comment » - Posted in breach, privacy, universities by Slavik

---

Monday, May 7th, 2007

Breach at University of Western Florida: Are academic institutions sitting ducks?

While it’s not headline news yet (and may never achieve such lofty status), a recent database breach at UWF was exposed and later reported in local news. What exactly happened and how many records were compromised is, as usual in such cases, unknown.
This made me think: We hear of breaches at universities all too frequently. [...]

4 Comments » - Posted in breach, insider threat, privacy, security, universities by Slavik

---

Tuesday, May 1st, 2007

So what really happened at TJX?

What better way to start a blog about database security than to discuss what is possibly the biggest data breach ever?
It now seems that several banks are suing TJX over claimed losses of tens of millions of dollars - so negligence in data protection carries a cash penalty, not just nebulous damage to reputation. Gross [...]

No Comments » - Posted in TJX, breach, credit cards, encryption, insider threat, monitoring by Slavik

---

• Tags

  bind_variables breach breach-notification compliance conference database-monitoring database-security database_security DBA educational_institutions hedgehog hipaa insider threat insider_threat intrusion monitoring MS SQL Server off-topic Oracle oracle_database_security oracle_security patching PCI Personal personally_identifiable_information pii presentation privacy regulatory-compliance sarbanes-oxley sb1386 security segregation_of_duties social_security_numbers SQL injection sql_injection technical technical tips TJX ukoug universities user identity visa vulnerability webcast

• Categories

  • breach
  • compliance
  • credit cards
  • DBA
  • encryption
  • insider threat
  • Java
  • monitoring
  • MS SQL Server
  • Oracle
  • OUG
  • patching
  • PCI
  • Personal
  • privacy
  • sb1386
  • security
  • SQL injection
  • technical tips
  • TJX
  • Uncategorized
  • universities
  • user identity

• Blogroll

  • Educational Security Incidents (ESI)
  • Julian Dyke
  • Oracle Chemist
  • Pete Finnigan’s Oracle security weblog
  • Peter Swire
  • Phat4Oracle
  • Security Incite
  • Securosis
  • Sentrigo
  • Tanel Poder

• Meta

  • Register
  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

•  

  August 2008

  M	T	W	T	F	S	S
  « Jun
  				1	2	3
  4	5	6	7	8	9	10
  11	12	13	14	15	16	17
  18	19	20	21	22	23	24
  25	26	27	28	29	30	31

Musings on Database Security is powered by WordPress 2.5.1 and delivered to you in 0.933 seconds using 20 queries.
Theme: Connections Reloaded v1.5 by Ajay D'Souza. Derived from Connections.