Thursday, July 5th, 2007
DBAs are not the enemy, but they too need watching
Back after a short and much needed hiatus, I came across this piece by security analyst Eric Ogren on Computerworld’s website. He discusses how DBAs have become public enemy number one because of compliance mandates to exercise segregation of duties, and how this has been blown out of proportion to other, greater risks.
A few days [...]
3 Comments » - Posted in DBA, breach, insider threat, monitoring, security by Slavik
Monday, May 14th, 2007
Compliance and the Illusion of Security
Recent opinions about PCI-DSS and whether it should or should not be softened made me think of a wider issue I often come across: The illusory equivalence of regulatory compliance with “security”.
I would therefore like to try and argue that compliance cannot equate security, and it never will. The reasons for this are inherent to [...]
3 Comments » - Posted in compliance, security by Slavik
Monday, May 7th, 2007
Breach at University of Western Florida: Are academic institutions sitting ducks?
While it’s not headline news yet (and may never achieve such lofty status), a recent database breach at UWF was exposed and later reported in local news. What exactly happened and how many records were compromised is, as usual in such cases, unknown.
This made me think: We hear of breaches at universities all too frequently. [...]