This page is powered by Blogger.


 
  corner   



HOME

ARCHIVES

SEARCH

Contacting Us
Recommendations
Mike Tarrani
Linda Zarate
Kate Hartshorn

Who We Are
TEAM Zarate-Tarrani

Our main weblog
Notes from the Field

Our other pages
Mike's home page
Linda's home page
Kate's home page

Forums
Simpatico [we]blogs
Dan Gilmore
Robert X. Cringely
Jakob Nielsen
Julian Bond
Deborah Branscum
Lisa Rein
CamWorld
Ed Yourdon

 

Tuesday, March 05, 2002

 

Target of Opportunity. Mike's new theme of enterprise architectures gives me an opportunity to keep the spotlight on security while complementing his entries. I've compiled resources that pertain to data and information security, which is a nice intersection of the two topic areas. The tie-in is data itself, and it's a target of opportunity. An awareness of database security techniques is the first step towards changing an opportunity to a barrier to those whom you want to keep out of your data and information. I also chose this topic because it showcases Kate Hartshorn's specialty, business and competitive intelligence (a.k.a. legal corporate espionage).

Fortress Database. A surprising number of databases are insecure. Many DBAs take painstaking care to develop views and access controls, yet overlook exposures to statistical attacks. The collection of PowerPoint presentations on data security issues contains four presentations that address many facets of data and database security, and also address security vulnerabilities inherent in SQL even when access controls and views are carefully implemented.

The presentations only provide a ten-thousand foot view. The following documents, most in PDF format, drill down into the problem and solution sets:

At the more theoretical level the following documents cover advanced challenges and issues in database security:Related. Well defined roles and responsibilities are imperative for any well managed assurance and/or security initiative. Effective Data Warehouse Organizational Roles and Responsibilities provides excellent guidance for data warehouse managers and stakeholders in both IT and business domains.