Tuesday, March 05, 2002
Target of Opportunity. Mike's new theme of enterprise architectures gives me an opportunity to keep the spotlight on security while complementing his entries. I've compiled resources that pertain to data and information security, which is a nice intersection of the two topic areas. The tie-in is data itself, and it's a target of opportunity. An awareness of database security techniques is the first step towards changing an opportunity to a barrier to those whom you want to keep out of your data and information. I also chose this topic because it showcases Kate Hartshorn's specialty, business and competitive intelligence (a.k.a. legal corporate espionage).
Fortress Database. A surprising number of databases are insecure. Many DBAs take painstaking care to develop views and access controls, yet overlook exposures to statistical attacks. The collection of PowerPoint presentations on data security issues contains four presentations that address many facets of data and database security, and also address security vulnerabilities inherent in SQL even when access controls and views are carefully implemented.
The presentations only provide a ten-thousand foot view. The following documents, most in PDF format, drill down into the problem and solution sets:At the more theoretical level the following documents cover advanced challenges and issues in database security:Related. Well defined roles and responsibilities are imperative for any well managed assurance and/or security initiative. Effective Data Warehouse Organizational Roles and Responsibilities provides excellent guidance for data warehouse managers and stakeholders in both IT and business domains.