Sister CISA CISSP:

DataManagement


March 6, 2010  3:59 AM

Wyndham’s 3 Breaches in 1 Year = PR Nightmare



Posted by: Arian Eigen Heald
Data Breaches, DataManagement, Eigen's Rules of Thumb, information security, TCM

The Wyndham chain of hotels includes Ramada, Days Inn, Super8, Howard Johnson and Travelodge. None of which I have stayed at in the last year, and frankly, I am really glad. Not one, not two but three breaches have been disclosed to the public by Wyndham management in the last year. Because they...

February 26, 2010  7:25 PM

Health Care Breaches and Third Party Associates



Posted by: Arian Eigen Heald
Data Breaches, DataManagement, Identity theft, information security, information security policy, medical identity theft

The Department of Health and Human Services has posted a list of the covered entities, (i.e., those that come under HIPAA regulations) that have reported health information data breaches...


April 10, 2009  8:28 PM

A DAM Good Idea



Posted by: Arian Eigen Heald
Admins and Auditors, Database, DataManagement, Tools for Auditing and Security

(Sorry, I apologize for using an acronym, but I couldn't resist.) Whenever the subject comes up of logging activity in a database, immediately the complaints of "Too much overhead!" can be heard. Everybody thinks it's a good idea in theory, but from a practical standpoint, it adds a lot of...


December 20, 2008  2:11 AM

Thank you, Federal Trade Commission…



Posted by: Arian Eigen Heald
Data Breaches, Database security, DataManagement, Identity theft, Security, Tearing My Hair Out

For saying the blindingly obvious: "Companies and schools should find new ways to authenticate the identities of customers, employees and students that do not involve social security numbers, a U.S. consumer protection agency said on Wednesday as part of recommendations to fight identity...


December 11, 2008  5:27 PM

More on ATMs – The Daily Store Owner Log



Posted by: Arian Eigen Heald
Automatic Theft Machines, DataManagement, Hardware & InfoSec, Identity theft, Security Devices, Stupid Technology

Did you know that a store that puts in an ATM for customer use also provides a daily log of transactions to the owner? The log includes the Bank name, last four numbers of the account, the customer name, and the transaction. So if I do an account balance request, that comes up in the log. ...


November 5, 2008  12:01 AM

Still Up in the Cloud(s)



Posted by: Arian Eigen Heald
DataCenter, DataManagement, Security

Per my previous post, it seems that there is suddenly a lot of discussion in the security blogosphere about cloud computing and the security (or lack) thereof. Seems a number of people have taken note of Microsoft's entry (Azure) into Data Center business development. A lot of really good questions...


October 30, 2008  3:33 PM

Don’t Be Seduced Just Yet



Posted by: Arian Eigen Heald
Admins and Auditors, DataManagement, Development, Microsoft Windows, Security, Storage, Virtualization

I had a co-worker ask me yesterday what my opinion on "cloud computing" is, and whether it should be something they could recommend to clients. He had seen announcements about cloud computing from Microsoft According to a 2008 paper...


August 21, 2008  3:48 PM

How to Audit Databases: Part I



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, Database, Database security, DataManagement, Identity theft, IT audit, Oracle, PCI DSS, SAP, SAS 70, Security, SOX, SQL Server

Databases are enormous, powerful repositories of data. They can hold payroll, HR personnel data (think social security numbers) stock prices, Accounts Receivable, Client Relationship Management, and customer information. Banks can't live without them. Most medium and many small sized businesses...


August 19, 2008  1:20 PM

I Can Make Your Database Lie to You



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, Database, Database security, DataManagement, Identity theft, IT audit, Oracle, PCI DSS, SAP, SAS 70, Security, SOX, SQL Server

So many financial auditors, CEOs, CFOs and others rely on electronic data to understand the complexities of General Ledger, Accounts Payable, etc. In this era of SAP, ADP, electronic time clocks, etc., the one common denominator is the database underlying each application. Applications...


August 13, 2008  1:53 AM

Monitoring Insider Access to Databases



Posted by: Arian Eigen Heald
Admins and Auditors, Data Breaches, Database, Database security, DataManagement, Security

The recent report on the Countrywide data theft got me thinking again about how to monitor insider access to databases. The story is that the thief had access to the...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: