Sister CISA CISSP:

Database security


June 25, 2010  5:11 PM

A Freebie for Auditing Your Web Application for SQL flaws



Posted by: Arian Eigen Heald
Admins and Auditors, Data Breaches, Database security, free tools, SQL Injection

I ran across a mention of this tool in a SANS newsbite. Scrawl latest version requires information Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL...

April 26, 2010  4:29 PM

Paying Attention To Statistics



Posted by: Arian Eigen Heald
Data Breaches, Database security

We get a lot of information about what security issues are important from various sources on the Internet. Most of them we know about from one source or another. But here's one that jumped right out at me: According to the Privacy Rights Organization, of the top 10 data breaches in 2009,...


February 25, 2010  6:39 PM

Universities and Colleges Are Being Hammered



Posted by: Arian Eigen Heald
Data Breaches, data security, Database security, information security

I've visited any number of schools, higher education and universities in the last five years that have been suffering from the "Open Campus" syndrome. Fundamentally, it's an attitude on the part of students, teachers/professors and management that their environment won't be "really" damaged by...


January 13, 2009  3:34 PM

The Purpose of Audit



Posted by: Arian Eigen Heald
Admins and Auditors, Data Breaches, Database security, IT audit

Bruce Schneier's last cryptogram contained a discussion about the purpose of audit. He was commenting on the fact that Barack Obama's phone records, passport file and aunt's immigration status was inappropriately accessed by employees...


December 24, 2008  7:14 PM

Getting What You Pay For…..2008



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Database security, HIPAA, IT audit, SAS 70, Security, Tearing My Hair Out

In my travels as an auditor this year, I've visited 15 states and seen approximately 20 different networks, both LAN and WAN. I've audited hospitals, lotteries, racetracks, banks, small businesses, large online retailers, metal fabricators, telco service bureaus and health care service...


December 20, 2008  2:11 AM

Thank you, Federal Trade Commission…



Posted by: Arian Eigen Heald
Data Breaches, Database security, DataManagement, Identity theft, Security, Tearing My Hair Out

For saying the blindingly obvious: "Companies and schools should find new ways to authenticate the identities of customers, employees and students that do not involve social security numbers, a U.S. consumer protection agency said on Wednesday as part of recommendations to fight identity...


September 19, 2008  7:37 PM

Auditing MS SQL – Roles, and Why They Matter



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Database, Database security, Development, IT audit, Microsoft Windows, Security, SQL Server, Steps to an Easy Audit, Tools & Tricks of the Trade, Tools for Auditing and Security

SQL "Server" runs on top of MS Windows, and it has groups inside of it that are not seen on the Windows server or even the Windows Domain. That's why we have to check and make sure that inappropriate users don't have complete access to everything inside the database. Not everyone should be...


September 16, 2008  5:58 PM

FREE Tools for Auditing MS SQL Server



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Database, Database security, free tools, IT audit, Microsoft Windows, PCI DSS, Security, SOX, SQL Server, Steps to an Easy Audit, Tools for Auditing and Security

There's a lot of really nice application tools to audit SQL databases out there. They have lots of bells and whistles and write out a really nice report with professional formatting. If you've got one of those, LUCKY YOU. But most of us Admins and Auditors have to scrounge for what we can find...


September 12, 2008  2:14 PM

Inside the Database Server – MS SQL



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Database, Database security, IT audit, Security, SQL Server, Tools for Auditing and Security

The first question to answer is: "Is the SQL system patched?" You or a DBA can confirm this inside Enterprise Manager (the software client that runs on SQL or from a remote installation of it) by right-clicking the primary database icon and selecting Properties. You can also run a query inside...


August 25, 2008  6:33 PM

European Hotel Chain Has Their Customer Data For the Past Year Accessed



Posted by: Arian Eigen Heald
Data Breaches, Database, Database security, Identity theft, Security, Security Devices

Visited Europe in the last year and used a Best Western Hotel? Your credit card, expiration date, the company that employs you, your name, address and future bookings may be in the possession of a Russian Mafia website. An enterprising Scottish newspaper, the Sunday Herald, noticed on Thursday...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: