The 2010 IOUG Data Security Survey was conducted by Unisphere Research and sponsored by Oracle. It surveyed 430 members of the Independent Oracle Users Group on data security practices. The survey found that fewer than 30% encrypt personally identifiable information in databases, and close to 40% send unprotected or unsurely protected live data to external parties. Also, over 75% cannot prevent privileged users from accessing application data, and almost two-thirds cannot detect privileged user abuse. Overall, two-thirds expect or are unsure about a security incident in the next year. The survey assessed data privacy, access controls, activity monitoring, and operational security at respondents' organizations.
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Ponemon Institute Data Breaches and Sensitive Data RiskFiona Lew
This document summarizes the results of a survey of 432 IT and security professionals about data breaches and sensitive data risks. Key findings include:
- The top concerns are not knowing where sensitive data is located and not knowing the data risk. A data breach is also the top security risk.
- Few respondents know the risk level of structured, unstructured, cloud, or big data, and data breach risks are seen as increasing.
- Companies use automated and classification tools to discover sensitive data and assess risk, but what is tracked is uncertain.
- Emerging trends like mobility and the "consumerization of IT" will most influence future security decision-making.
The document provides an executive summary and key findings of the 2013 (ISC)2 Global Information Security Workforce Study, which surveyed over 12,000 information security professionals worldwide. Some of the main points from the summary are:
- The information security profession is large, growing, and dynamic as it must adapt to changing IT environments and evolving threats.
- While the field remains stable, there are shortages of professionals. Knowledge and certification are important for career success.
- Application vulnerabilities are the top security concern, followed by malware and mobile devices.
- While attack response is expected to be rapid, security incident preparedness may be strained.
- Information security professionals are seen as more important than
Prof m01-2013 global information security workforce study - finalSelectedPresentations
The document summarizes key findings from a survey of over 12,000 information security professionals conducted in 2012. Some of the main findings include:
1) Application vulnerabilities, malware, and mobile devices were the top security concerns. Concern over cloud-based services also increased significantly since the previous survey in 2011.
2) Information security is seen as a stable career path, but workforce shortages persist. Knowledge and certification are important for career success and advancement.
3) While attack remediation is believed to be rapid, preparedness for security incidents showed signs of strain, with twice as many respondents saying preparedness had worsened compared to 2011.
The document discusses strategies for preventing and protecting against data breaches. It notes that the number of data breaches reached a record high in 2014, with nearly 1 million new malware threats daily. While complete security is impossible, businesses must adapt through cost-effective security solutions. The document recommends asking what is currently being done to prevent breaches, what limitations exist, and how data/systems protection is validated. It advocates layered prevention and protection strategies, including regular security assessments to identify vulnerabilities, encryption of sensitive data, effective backups that facilitate rapid recovery, and ensuring basic tasks like patch and antivirus management are properly performed.
The survey found that organizations are facing increasing endpoint security risks. 64% of respondents said their networks were not more secure than the previous year. Common incidents over the past year included virus/malware infections (98%), device theft (95%), and data loss from negligent/malicious insiders (89% and 61% respectively). The top security risks for the next year were expected to be advanced persistent threats, insider threats, and web-based malware. Current endpoint security approaches were found to be ineffective and costly. IT operating costs were rising mainly due to lost productivity and increased malware incidents.
Índice de software sin licencia en el mundo. Luis Noguera
The document is a report from BSA | The Software Alliance on global software usage trends. Some key findings:
- The rate of unlicensed software installations decreased modestly globally from 43% in 2013 to 39% in 2015.
- Despite awareness of security risks, unlicensed usage remains high in some regions and industries.
- Effective software asset management and employee education are needed to further reduce unlicensed usage and realize cost savings while mitigating security risks.
The document discusses findings from a survey of 200 IT decision makers (ITDMs) and 400 office workers on their organizations' use of cloud technologies and software-as-a-service (SaaS) applications. Some key findings include:
- On average, organizations currently spend 26.46% of their IT budget on cloud technologies, a percentage that is expected to increase to over 39% within the next 3 years.
- While data privacy and security are top concerns for moving to the cloud, cost savings and increased efficiencies are the main drivers for adoption.
- Most organizations plan to keep applications containing sensitive data like accounting and firewalls on-premises, while the use of Saa
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Ponemon Institute Data Breaches and Sensitive Data RiskFiona Lew
This document summarizes the results of a survey of 432 IT and security professionals about data breaches and sensitive data risks. Key findings include:
- The top concerns are not knowing where sensitive data is located and not knowing the data risk. A data breach is also the top security risk.
- Few respondents know the risk level of structured, unstructured, cloud, or big data, and data breach risks are seen as increasing.
- Companies use automated and classification tools to discover sensitive data and assess risk, but what is tracked is uncertain.
- Emerging trends like mobility and the "consumerization of IT" will most influence future security decision-making.
The document provides an executive summary and key findings of the 2013 (ISC)2 Global Information Security Workforce Study, which surveyed over 12,000 information security professionals worldwide. Some of the main points from the summary are:
- The information security profession is large, growing, and dynamic as it must adapt to changing IT environments and evolving threats.
- While the field remains stable, there are shortages of professionals. Knowledge and certification are important for career success.
- Application vulnerabilities are the top security concern, followed by malware and mobile devices.
- While attack response is expected to be rapid, security incident preparedness may be strained.
- Information security professionals are seen as more important than
Prof m01-2013 global information security workforce study - finalSelectedPresentations
The document summarizes key findings from a survey of over 12,000 information security professionals conducted in 2012. Some of the main findings include:
1) Application vulnerabilities, malware, and mobile devices were the top security concerns. Concern over cloud-based services also increased significantly since the previous survey in 2011.
2) Information security is seen as a stable career path, but workforce shortages persist. Knowledge and certification are important for career success and advancement.
3) While attack remediation is believed to be rapid, preparedness for security incidents showed signs of strain, with twice as many respondents saying preparedness had worsened compared to 2011.
The document discusses strategies for preventing and protecting against data breaches. It notes that the number of data breaches reached a record high in 2014, with nearly 1 million new malware threats daily. While complete security is impossible, businesses must adapt through cost-effective security solutions. The document recommends asking what is currently being done to prevent breaches, what limitations exist, and how data/systems protection is validated. It advocates layered prevention and protection strategies, including regular security assessments to identify vulnerabilities, encryption of sensitive data, effective backups that facilitate rapid recovery, and ensuring basic tasks like patch and antivirus management are properly performed.
The survey found that organizations are facing increasing endpoint security risks. 64% of respondents said their networks were not more secure than the previous year. Common incidents over the past year included virus/malware infections (98%), device theft (95%), and data loss from negligent/malicious insiders (89% and 61% respectively). The top security risks for the next year were expected to be advanced persistent threats, insider threats, and web-based malware. Current endpoint security approaches were found to be ineffective and costly. IT operating costs were rising mainly due to lost productivity and increased malware incidents.
Índice de software sin licencia en el mundo. Luis Noguera
The document is a report from BSA | The Software Alliance on global software usage trends. Some key findings:
- The rate of unlicensed software installations decreased modestly globally from 43% in 2013 to 39% in 2015.
- Despite awareness of security risks, unlicensed usage remains high in some regions and industries.
- Effective software asset management and employee education are needed to further reduce unlicensed usage and realize cost savings while mitigating security risks.
The document discusses findings from a survey of 200 IT decision makers (ITDMs) and 400 office workers on their organizations' use of cloud technologies and software-as-a-service (SaaS) applications. Some key findings include:
- On average, organizations currently spend 26.46% of their IT budget on cloud technologies, a percentage that is expected to increase to over 39% within the next 3 years.
- While data privacy and security are top concerns for moving to the cloud, cost savings and increased efficiencies are the main drivers for adoption.
- Most organizations plan to keep applications containing sensitive data like accounting and firewalls on-premises, while the use of Saa
This document discusses best practices for deploying and managing data encryption on laptops. It begins by stating that while data encryption is important for protecting data on lost or stolen devices, it can be difficult to deploy and manage successfully. It then summarizes a GAO report that found that despite directives dating back to 2006, only 30% of federal agency data was encrypted due to challenges in deployment and management. The document outlines best practices for determining objectives, selecting technology, planning projects, preparing software, and rolling out solutions. It emphasizes the importance of verification and management tools to ensure encryption is functioning properly.
The document discusses how human error is a major cause of data breaches and security incidents, despite malicious hacking being the primary threat. It notes that 97% of breaches were avoidable through basic controls and outlines strategies for organizations to help prevent accidental data leakage by employees, such as creating clear security policies, providing regular security awareness training, and avoiding overly long checklists of rules.
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011Lumension
The State of Endpoint Risk 2011 study, conducted by the Ponemon Institute, has been published. Learn the latest endpoint protection best practices that can assist in your 2011 security planning, including:
• Increasingly sophisticated malware and the associated costs
• The top 5 applications that concern IT the most
• Third-party and Web 2.0 application usage policies and the importance of security awareness training programs
• Effective methods to communicate with senior management on evolving endpoint risk and its impact to the business
• Technologies that effectively prevent targeted malware and cyber attacks
The survey found that organizations do not feel more secure than the previous year due to ineffective endpoint security technologies. Malware incidents are increasing and driving up IT costs. Zero-day attacks, SQL injections, and exploiting old software vulnerabilities are the biggest challenges. Respondents expect the top IT security risks in the next year will be negligent or malicious insiders, mobile device threats, and advanced persistent threats. Current approaches to endpoint security are costly and ineffective at preventing the rise of malware attacks through third-party and web-based applications.
All information, data, and material contained, presented, or provided on is for educational purposes only.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners.
It is not to be construed or intended as providing legal advice.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners and are for educational purposes only.
17 U.S. Code § 107 - Limitations on exclusive rights: Fair use
Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright.
Making the Leap: Exploring the Push for Cloud AdoptionGov BizCouncil
For a growing number of public and private sector organizations, cloud is the future — a game-changer for mitigating risk, enhancing effectiveness, and initiating new capabilities. To learn more about ongoing progress and challenges associated with cloud adoption, Government Business Council and Salesforce launched an in-depth research study in May 2017.
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
This document summarizes findings from 118 security operations maturity assessments of 87 organizations in 18 countries. It finds that the median maturity level remains below the ideal level of 3, and 20% of organizations scored below the minimum level of 1. The top issue facing security operations is the shortage of skilled resources. While organizations are investing in new technologies, many neglect operational budgets and processes, resulting in immature capabilities. Visible breaches have increased focus on security from executive leadership and boards.
The document is a guide from Experian on responding to data breaches. It provides an overview of the current data breach landscape, including that data breaches are increasingly common and many companies are unprepared. It emphasizes the importance of having a comprehensive data breach response plan that is tested, practiced, and updated regularly. The guide is intended to help organizations create, implement, and improve their data breach response plans to effectively respond to and resolve a breach if one occurs.
There is a general lack of awareness and enforcement of security policies and procedures in companies today, according to new research announced by privacy and information management research firm, Ponemon Institute. The report, Trends in Insider Compliance with Data Security Policies: Employees Evade and Ignore Security Policies, was sponsored by IronKey, maker of the world's most secure flash drive, and examines the challenges facing IT professionals in securing confidential data.
Ventana Research Big Data Integration Benchmark Research Executive ReportVentana Research
Data continues to flood into today’s enterprises in ever-increasing velocity, variety and volume. This big data brings with it challenges – in storing it and in integrating it all into a form that can be used for business tasks. Many organizations try to use technology already on hand to collect, access and integrate big data. But processing manually or using legacy tools is slow and risks creating errors that undermine the value of the information and cause users to lose confidence in it. Automated processes using technology specifically designed for big data integration can overcome these issues and enable businesses to use the information to make decisions.
This document summarizes the key findings of the 2006 CSI/FBI Computer Crime and Security Survey. The survey polled over 600 security professionals and found that:
1) Virus attacks and unauthorized access continued to be the largest sources of financial loss. Financial losses from laptop theft and stolen proprietary information were also significant.
2) Unauthorized computer use slightly decreased while reported computer security incidents to law enforcement increased after previous years of decline.
3) Most organizations evaluate security investments using metrics like return on investment, but many respondents said economic and risk management issues were most critical.
4) Over 80% of organizations conduct security audits but respondents felt more investment was still needed in security awareness training.
5)
The survey of 250 cybersecurity professionals attending the 2016 Black Hat conference found that concerns about major data breaches are increasing. Nearly three-quarters felt a breach at their organization in the next year was likely, up slightly from 2015. Respondents also reported shortages in security staff, budget, and training, making it difficult to address emerging threats like phishing and targeted attacks. The survey highlights how cybersecurity risks are rising as resource constraints grow.
Intralinks Ponemon Research Report | Breaking Bad: The Risk of Unsecure File...Melissa Luongo
The document is a research report from Ponemon Institute that explores the risks of unsecure file sharing. Some of the key findings include:
- Many organizations lack visibility and control over the file sharing applications and documents employees use and share. Employees frequently engage in risky behaviors like using personal file sharing apps or accidentally sharing sensitive documents.
- Audits show that most organizations have not assessed their file sharing practices for compliance with regulations. IT departments also have limited control over the technologies employees adopt.
- The report concludes that weak security controls, lack of policies and training, and uncontrolled employee behaviors are exposing organizations to significant risks of data loss and non-compliance through file sharing activities.
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...FireEye, Inc.
The law of unintended consequences strikes again. In an effort to address security risks in enterprise IT systems and the critical data in them, numerous security standards and requirement frameworks have emerged over the years. But most of these efforts have had the opposite effect — diverting organizations’ limited resources away from actual cyber defense toward reports and compliance.
Recognizing this serious problem, the U.S. National Security Agency (NSA) in 2008 launched Critical Security Controls (CSCs), a prioritized list of controls likely to have the greatest impact in protecting organizations from evolving real-world threats. This SANS Institute survey of nearly 700 IT professionals across a range of industries examines how well the CSCs are known in government and industry and how they are being used.
For the latest threat intelligence reports, visit https://www.fireeye.com/current-threats/threat-intelligence-reports.html.
This document provides a three-step plan for healthcare providers to strengthen cybersecurity:
1) Conduct a cybersecurity risk assessment to identify vulnerabilities
2) Purchase cyber insurance to transfer some risks and costs of breaches
3) Consider moving data and IT services to a qualified cloud provider that specializes in healthcare security and compliance. Outsourcing to an experienced cloud provider can improve capabilities while potentially reducing long-term costs compared to maintaining IT systems in-house.
Junyan Wu Healthcare information security control on insider threat proposalJunyan Wu
This proposal suggests investigating the relationship between employee satisfaction levels and insider security breaches in healthcare organizations. The hypothesis is that increased employee disgruntlement, as measured by ratings on websites like Glassdoor, correlates with higher rates of insider data theft events. The proposal aims to develop controls to help monitor employees and identify psychosocial risk factors for insider threats by analyzing communications data from email and messaging tools. This could help healthcare organizations better protect sensitive patient information from disgruntled or at-risk insiders.
This document provides predictions for security issues in 2016 from Forcepoint Security Labs. It predicts that the 2016 U.S. elections will drive significant cyberattacks themed around the elections, with hackers using social media and websites to spread misinformation. It also predicts that new mobile wallet and payment technologies will introduce opportunities for credit card theft and fraud. Finally, it predicts that the addition of new generic top-level domains will provide new opportunities for cybercriminals to use domain names for social engineering and malware attacks.
From 'Being Digital' to Becoming a 'Digital Being'Cognizant
While it’s true that digital transformation requires strong top-down leadership and impeccable technical skills, high-performing organizations must also go one step further: They need to acquire, nurture and retain the talent necessary to lead the charge.
El documento describe las diferentes fases y hitos de un proyecto de investigación, incluyendo el diseño de la investigación, la recogida de información, el análisis de datos, y la síntesis y presentación de resultados.
Nuevas tecnologías de la información y la comunicación Articulo en linea, ensayo de Consuelo Belloch Ortí
Unidad de Tecnología Educativa.
Universidad de Valencia
The document discusses how communication technologies have changed rapidly and will continue to change, shaping new literacies students need to be fluent in to not be disadvantaged. It argues students need multimedia literacy in addition to traditional reading and writing. It outlines key competencies needed for students' future, including thinking skills, using language and tools, self-management, relationships, participation and lifelong learning. Educators must prepare students for massive changes in human capabilities through emerging technologies over the next decade.
O editorial discute como os programadores frequentemente se deparam com "montanhas" de trabalho ou problemas complexos, mas que ao superá-los descobrem prazer e alegria. A revista também supera "montanhas" a cada edição com a ajuda dos leitores.
This document discusses best practices for deploying and managing data encryption on laptops. It begins by stating that while data encryption is important for protecting data on lost or stolen devices, it can be difficult to deploy and manage successfully. It then summarizes a GAO report that found that despite directives dating back to 2006, only 30% of federal agency data was encrypted due to challenges in deployment and management. The document outlines best practices for determining objectives, selecting technology, planning projects, preparing software, and rolling out solutions. It emphasizes the importance of verification and management tools to ensure encryption is functioning properly.
The document discusses how human error is a major cause of data breaches and security incidents, despite malicious hacking being the primary threat. It notes that 97% of breaches were avoidable through basic controls and outlines strategies for organizations to help prevent accidental data leakage by employees, such as creating clear security policies, providing regular security awareness training, and avoiding overly long checklists of rules.
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011Lumension
The State of Endpoint Risk 2011 study, conducted by the Ponemon Institute, has been published. Learn the latest endpoint protection best practices that can assist in your 2011 security planning, including:
• Increasingly sophisticated malware and the associated costs
• The top 5 applications that concern IT the most
• Third-party and Web 2.0 application usage policies and the importance of security awareness training programs
• Effective methods to communicate with senior management on evolving endpoint risk and its impact to the business
• Technologies that effectively prevent targeted malware and cyber attacks
The survey found that organizations do not feel more secure than the previous year due to ineffective endpoint security technologies. Malware incidents are increasing and driving up IT costs. Zero-day attacks, SQL injections, and exploiting old software vulnerabilities are the biggest challenges. Respondents expect the top IT security risks in the next year will be negligent or malicious insiders, mobile device threats, and advanced persistent threats. Current approaches to endpoint security are costly and ineffective at preventing the rise of malware attacks through third-party and web-based applications.
All information, data, and material contained, presented, or provided on is for educational purposes only.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners.
It is not to be construed or intended as providing legal advice.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners and are for educational purposes only.
17 U.S. Code § 107 - Limitations on exclusive rights: Fair use
Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright.
Making the Leap: Exploring the Push for Cloud AdoptionGov BizCouncil
For a growing number of public and private sector organizations, cloud is the future — a game-changer for mitigating risk, enhancing effectiveness, and initiating new capabilities. To learn more about ongoing progress and challenges associated with cloud adoption, Government Business Council and Salesforce launched an in-depth research study in May 2017.
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
This document summarizes findings from 118 security operations maturity assessments of 87 organizations in 18 countries. It finds that the median maturity level remains below the ideal level of 3, and 20% of organizations scored below the minimum level of 1. The top issue facing security operations is the shortage of skilled resources. While organizations are investing in new technologies, many neglect operational budgets and processes, resulting in immature capabilities. Visible breaches have increased focus on security from executive leadership and boards.
The document is a guide from Experian on responding to data breaches. It provides an overview of the current data breach landscape, including that data breaches are increasingly common and many companies are unprepared. It emphasizes the importance of having a comprehensive data breach response plan that is tested, practiced, and updated regularly. The guide is intended to help organizations create, implement, and improve their data breach response plans to effectively respond to and resolve a breach if one occurs.
There is a general lack of awareness and enforcement of security policies and procedures in companies today, according to new research announced by privacy and information management research firm, Ponemon Institute. The report, Trends in Insider Compliance with Data Security Policies: Employees Evade and Ignore Security Policies, was sponsored by IronKey, maker of the world's most secure flash drive, and examines the challenges facing IT professionals in securing confidential data.
Ventana Research Big Data Integration Benchmark Research Executive ReportVentana Research
Data continues to flood into today’s enterprises in ever-increasing velocity, variety and volume. This big data brings with it challenges – in storing it and in integrating it all into a form that can be used for business tasks. Many organizations try to use technology already on hand to collect, access and integrate big data. But processing manually or using legacy tools is slow and risks creating errors that undermine the value of the information and cause users to lose confidence in it. Automated processes using technology specifically designed for big data integration can overcome these issues and enable businesses to use the information to make decisions.
This document summarizes the key findings of the 2006 CSI/FBI Computer Crime and Security Survey. The survey polled over 600 security professionals and found that:
1) Virus attacks and unauthorized access continued to be the largest sources of financial loss. Financial losses from laptop theft and stolen proprietary information were also significant.
2) Unauthorized computer use slightly decreased while reported computer security incidents to law enforcement increased after previous years of decline.
3) Most organizations evaluate security investments using metrics like return on investment, but many respondents said economic and risk management issues were most critical.
4) Over 80% of organizations conduct security audits but respondents felt more investment was still needed in security awareness training.
5)
The survey of 250 cybersecurity professionals attending the 2016 Black Hat conference found that concerns about major data breaches are increasing. Nearly three-quarters felt a breach at their organization in the next year was likely, up slightly from 2015. Respondents also reported shortages in security staff, budget, and training, making it difficult to address emerging threats like phishing and targeted attacks. The survey highlights how cybersecurity risks are rising as resource constraints grow.
Intralinks Ponemon Research Report | Breaking Bad: The Risk of Unsecure File...Melissa Luongo
The document is a research report from Ponemon Institute that explores the risks of unsecure file sharing. Some of the key findings include:
- Many organizations lack visibility and control over the file sharing applications and documents employees use and share. Employees frequently engage in risky behaviors like using personal file sharing apps or accidentally sharing sensitive documents.
- Audits show that most organizations have not assessed their file sharing practices for compliance with regulations. IT departments also have limited control over the technologies employees adopt.
- The report concludes that weak security controls, lack of policies and training, and uncontrolled employee behaviors are exposing organizations to significant risks of data loss and non-compliance through file sharing activities.
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...FireEye, Inc.
The law of unintended consequences strikes again. In an effort to address security risks in enterprise IT systems and the critical data in them, numerous security standards and requirement frameworks have emerged over the years. But most of these efforts have had the opposite effect — diverting organizations’ limited resources away from actual cyber defense toward reports and compliance.
Recognizing this serious problem, the U.S. National Security Agency (NSA) in 2008 launched Critical Security Controls (CSCs), a prioritized list of controls likely to have the greatest impact in protecting organizations from evolving real-world threats. This SANS Institute survey of nearly 700 IT professionals across a range of industries examines how well the CSCs are known in government and industry and how they are being used.
For the latest threat intelligence reports, visit https://www.fireeye.com/current-threats/threat-intelligence-reports.html.
This document provides a three-step plan for healthcare providers to strengthen cybersecurity:
1) Conduct a cybersecurity risk assessment to identify vulnerabilities
2) Purchase cyber insurance to transfer some risks and costs of breaches
3) Consider moving data and IT services to a qualified cloud provider that specializes in healthcare security and compliance. Outsourcing to an experienced cloud provider can improve capabilities while potentially reducing long-term costs compared to maintaining IT systems in-house.
Junyan Wu Healthcare information security control on insider threat proposalJunyan Wu
This proposal suggests investigating the relationship between employee satisfaction levels and insider security breaches in healthcare organizations. The hypothesis is that increased employee disgruntlement, as measured by ratings on websites like Glassdoor, correlates with higher rates of insider data theft events. The proposal aims to develop controls to help monitor employees and identify psychosocial risk factors for insider threats by analyzing communications data from email and messaging tools. This could help healthcare organizations better protect sensitive patient information from disgruntled or at-risk insiders.
This document provides predictions for security issues in 2016 from Forcepoint Security Labs. It predicts that the 2016 U.S. elections will drive significant cyberattacks themed around the elections, with hackers using social media and websites to spread misinformation. It also predicts that new mobile wallet and payment technologies will introduce opportunities for credit card theft and fraud. Finally, it predicts that the addition of new generic top-level domains will provide new opportunities for cybercriminals to use domain names for social engineering and malware attacks.
From 'Being Digital' to Becoming a 'Digital Being'Cognizant
While it’s true that digital transformation requires strong top-down leadership and impeccable technical skills, high-performing organizations must also go one step further: They need to acquire, nurture and retain the talent necessary to lead the charge.
El documento describe las diferentes fases y hitos de un proyecto de investigación, incluyendo el diseño de la investigación, la recogida de información, el análisis de datos, y la síntesis y presentación de resultados.
Nuevas tecnologías de la información y la comunicación Articulo en linea, ensayo de Consuelo Belloch Ortí
Unidad de Tecnología Educativa.
Universidad de Valencia
The document discusses how communication technologies have changed rapidly and will continue to change, shaping new literacies students need to be fluent in to not be disadvantaged. It argues students need multimedia literacy in addition to traditional reading and writing. It outlines key competencies needed for students' future, including thinking skills, using language and tools, self-management, relationships, participation and lifelong learning. Educators must prepare students for massive changes in human capabilities through emerging technologies over the next decade.
O editorial discute como os programadores frequentemente se deparam com "montanhas" de trabalho ou problemas complexos, mas que ao superá-los descobrem prazer e alegria. A revista também supera "montanhas" a cada edição com a ajuda dos leitores.
El documento habla sobre la historia reciente de Cuba, la corrupción en Chile, la desafiliación del presidente Vázquez, Gibraltar y la "memoria histórica", los cambios que trae Obama, y la agenda de guerra del nuevo orden mundial. También incluye artículos sobre para qué se reúnen en el Consejo de Seguridad de la ONU, los valores y la familia, y el salario mínimo y los legisladores.
Este documento resume la novela Rescoldo de Antonio Estrada, uno de los escritores más importantes de la literatura sobre la Segunda Rebelión Cristera en México. La novela narra las experiencias de Estrada y su familia durante este conflicto en la década de 1930 en Durango. Aunque la novela es considerada una de las mejores sobre este tema, tuvo poca difusión inicial. El documento describe los esfuerzos posteriores para revivir el interés en la obra de Estrada, incluidas nuevas ediciones del libro.
IBEW, Utility Industry Meet in the Middle - Marc Aisenjeremyreeds
In June, the Nielsen work force voted 14 to 6 in favor of union representation by Jersey City, N.J., Local 164. Lead Organizer Marc Aisen worked with Region 1 Coordinator Steve Rockafellow and Local 164 Organizer Steve Clay on the campaign.
Jorge Ontalba es un fotógrafo español nacido en 1976 que inició su carrera a principios de los años 90. Su estilo fotográfico se centra en retratar músicos, artistas y celebridades en blanco y negro de manera clásica y austera. A lo largo de más de una década ha trabajado para importantes bandas de rock españolas.
Las mariposas son insectos con tres partes principales en su cuerpo - cabeza, tórax y abdomen. Tienen seis patas, dos pares de alas cubiertas de escamas, y una boca en forma de tubo. La hembra deposita entre 25 y 10,000 huevos en la planta en la que se alimentan sus larvas. Las mariposas pasan por un ciclo de vida que incluye las etapas de oruga, crisálida y adulto, y pueden vivir en cualquier lugar del mundo, aunque prefieren las regiones cálidas.
Driving Business Excellence through Innovative IT Service ManagementCognizant
IT service management is increasingly becoming a top priority for CIOs as it is the interface that drives business-IT alignment. To succeed, IT organizations need to innovate service intake management by enabling self-service, utilizing service catalogs, and adopting outcome-based delivery models. This involves left-shifting service activities, leveraging integrated technologies, and focusing on customer experience through a skilled workforce.
Soluciones de comunicaciones orientadas a la reducción de costes y al aumento...Agustin Argelich Casals
Soluciones de comunicaciones orientadas a la reducción de costes y al aumento de la productividad. Comunicaciones unificadas. Gestión de costes en telecomunicaciones.
Este documento resume las propuestas del Ministerio de Sanidad y Consumo para regular el acceso a medicamentos en situaciones especiales. La norma pretende facilitar el acceso de pacientes a medicamentos en investigación o en condiciones no autorizadas cuando no hay alternativas disponibles. También agilizará los trámites para importar medicamentos extranjeros no disponibles en España. La nueva norma permitirá solicitar el uso compasivo de medicamentos en investigación de forma individual o acogiéndose a protocolos autorizados para grupos de pacientes.
This user guide provides instructions for using key features of Blackboard, including:
- Turning edit mode on/off to view or edit a course
- Using the Control Panel to access course tools, evaluation, users/groups, customization, and help
- Customizing the courses displayed on the My Blackboard page
- Adding, modifying, removing, and moving menu items
- Copying materials from a previous course
- Combining multiple course sections into a single Blackboard course using CLIPS
- Importing an archived course package
- Enrolling and modifying user roles
El documento resume las principales recomendaciones sobre el uso de cascos y conducción segura de motocicletas. Recomienda usar cascos integrales o gafas, ajustar bien el casco, cambiarlo después de golpes, y llevarlo abrochado. También cubre las obligaciones de los conductores de asegurar que los pasajeros usen casco, y las multas por no hacerlo. Resalta que las lesiones en la cabeza son la principal causa de muerte en accidentes de motocicleta.
The document summarizes the key findings of the 2011 Global Information Security Workforce Study conducted by Frost & Sullivan. Some of the main points from the summary include:
1) Application vulnerabilities were reported as the number one threat to organizations, with over 20% of security professionals reporting involvement in software development.
2) Mobile devices were the second highest security concern, despite most professionals having policies and tools in place to defend against mobile threats.
3) A skills gap exists as new technologies like cloud computing and social media are being adopted without sufficient security training for professionals. Over 70% needed new skills for cloud security.
4) The information security workforce is projected to grow significantly from 2.28 million in 2010
The Post-Relational Reality Sets In: 2011 Survey on Unstructured DataMarkLogic Corporation
The "Big Data" influx is upon us—terabytes and gigabytes of bits and bytes that are overwhelming IT infrastructures. This growth is unprecedented and much of it consists of unstructured information, which is creating new types of challenges in terms of governance, management and security practices. A new survey finds that companies are only beginning to grasp the complexities created by all this new unstructured data. Even the most mature organizations that acknowledge they depend on unstructured data still do not have effective governance or best practices in place. The survey results imply that companies are missing the opportunity to leverage the full value of this unstructured data. Download the complete survey report.
Assessing and Managing IT Security RisksChris Ross
Data privacy and protection has become the gold standard in IT. Scale Venture Partners and Wisegate share what they learned from over 100 IT professionals questioned about the risks and technology trends driving their security programs. Read about the move towards data centric security and the need for improvement in automated security controls and metrics reporting.
This document discusses the results of Ernst & Young's 2010 Global Information Security Survey. Some key findings include:
- 60% of respondents perceived an increase in risk due to new technologies like social media, cloud computing, and mobile devices.
- 46% planned to increase spending on information security.
- Increased workforce mobility and data leakage were significant challenges for many organizations.
- Many organizations are taking steps to address mobile security risks through policies, encryption, and identity management controls.
IRJET- Data Leak Prevention System: A SurveyIRJET Journal
This document proposes a Data Leak Prevention System architecture to help organizations securely regulate access to private data and identify parts of the system vulnerable to hacking or insider attacks. The architecture focuses on preventing massive data leaks by logging all sensitive data access to an external system unaffected by attackers. It discusses how data leaks can occur intentionally or unintentionally, and reviews common causes like natural disasters, software errors, viruses and malicious attacks. The document also outlines several methods for implementing a Data Leak Prevention system, such as using a centralized program, evaluating resources, conducting a data inventory, implementing in phases, creating a data classification system, and establishing data handling and remediation policies.
This document is a website security statistics report from 2015 that analyzes vulnerability data from tens of thousands of websites. Some of the key findings include:
- Compliance-driven organizations have the lowest average number of vulnerabilities but the highest remediation rates, while risk reduction-driven organizations have more vulnerabilities but fix them faster.
- Feeding vulnerability results back to development teams significantly reduces vulnerabilities, speeds up fixes, and increases remediation rates.
- Performing static code analysis more frequently is correlated with faster vulnerability fix times.
- Ad hoc code reviews of high-risk applications appear to be one of the most effective activities at reducing vulnerabilities.
- There is no clear evidence that any particular "best practice"
This document discusses how life insurance companies can leverage big data analytics across their value chain. It begins by explaining how data sources have expanded dramatically in recent years due to factors like the growth of digital devices and the internet of things. It then outlines how big data can be used in various parts of the insurance lifecycle from product development to claims processing. The document presents a four stage framework for life insurers to adopt big data analytics and provides examples of how some companies have realized benefits. It concludes by noting that while insurers recognize big data's potential, many challenges remain in analyzing diverse and voluminous unstructured data.
The document discusses the top ten insider threats that companies need to monitor to prevent insider data theft and security breaches. It provides examples of each threat, such as unauthorized access to USB storage devices that can enable accidental or malicious data leakage. It emphasizes the importance of monitoring event logs, access attempts, and applying thresholds and alerts to detect anomalous behavior in real time that could indicate an insider threat. Implementing event log monitoring and management is presented as an effective and cost-efficient approach to help prevent costly insider attacks.
2013 Data Protection Maturity Trends: How Do You Compare?Lumension
This document summarizes a presentation on data protection trends and maturity. It discusses evolving threats like BYOD and advanced persistent threats. A survey found that most organizations struggle with administrative, technical, and motivational controls related to data protection. A maturity model was presented with levels ranging from ad hoc to optimal for areas like security policies, enforcement, and employee education. Recommendations included creating comprehensive policies, implementing robust technical controls, and providing ongoing security training.
This document analyzes database security breaches at YONS Ltd and evaluates security options. It finds that YONS Ltd implemented basic security measures which were insufficient. Reasons for breaches included a low priority on database security, lack of integration among security solutions, and lack of staff training. The document recommends YONS Ltd implement a comprehensive strategy including basic, intermediate, and advanced security measures following a three pillar approach of foundation, detection, and prevention. This would proactively protect data from internal and external attacks by securing all databases.
Pdf wp-emc-mozyenterprise-hybrid-cloud-backuplverb
This document discusses hybrid backup architectures that use both on-premises and cloud-based technologies for data protection. A hybrid approach protects data in the data center locally but also uses the cloud to back up data from remote offices and mobile devices. This provides comprehensive data protection while reducing management burdens. The document recommends looking for a hybrid solution that ensures recoverability, is manageable by IT, supports remote workers, and increases productivity through secure access to files from any device.
This document summarizes the key findings of Kaspersky Lab's 2014 IT Security Risks Survey. Some of the main points include:
1) Protection of confidential data against targeted attacks was the top priority for 38% of IT managers surveyed, compared to not being a priority in previous years.
2) 94% of companies encountered cybersecurity issues originating outside their networks, up from 91% in 2013. About 12% faced targeted attacks, up from 9% previously.
3) The average cost of a data security incident was estimated at $720,000, while a successful targeted attack could cost over $2.5 million. Losses often included internal data, client data, and financial information.
Big data analytics and its impact on internet usersStruggler Ever
Big Data Analytic tools are promising techniques for a future prediction in many aspects of our life. The need for such predictive techniques has been exponentially increasing. even though, there are many challenges and risks are still of concern of researchers and decision makers, the outcome from the use of these techniques will considerable revolutionize our world to a new era of technology.
The document provides background on a research project investigating the data breach at the U.S. Office of Personnel Management in 2015. The project aims to interview OPM executives to understand the breach and analyze the relationship between cyber attacks and upgrades to the agency's technology. The researcher plans to enter the OPM for 3 weeks to conduct interviews and examine how often software/hardware patches are implemented each year.
An Improved Method for Preventing Data Leakage in an OrganizationIJERA Editor
Data is one of the most important assets an organisation has since it denes each organisations unique- ness.It
includes data on members and prospects, their inter- ests and purchases, your events, speakers, your content,
social media, press, your staff, budget, strategic plan, and much more. As organizations open their doors to
employees, part- ners, customers and suppliers to provide deeper access to sensitive information, the risk
sassociated with business increase. Now, more than ever, within creasing threats of cyber terrorism, cor- porate
governance issues, fraud, and identity theft, the need for securing corporate information has become paramount.
Informa- tion theft is not just about external hackers and unauthorized external users stealing your data, it is also
about managing internal employees and even contractors who may be working within your organization for
short periods of time. Adding to the challenge of securing information is the increasing push for corporate
governance and adherence to legislative or regulatory requirements. Failure to comply and provide privacy,
audit and internal controls could result in penalties ranging from large nes to jail terms. Non-compliance can
result in not only potential implications for executives, but also possible threats to the viability of a corporation.
Insiders too represent a sign cant risk to data security. The task of detecting malicious insiders is very
challenging as the methods of deception become more and more sophisticated. There are various solutions
present to avoid data leakage. Data leakage detection, prevention (DLPM) and monitoring solutions became an
inherent component of the organizations security suite.DLP solutions monitors sensitive data when at rest, in
motion, or in use and enforce the organizational data protection policy.These solutions focus mainly on the data
and its sensitivity level, and on preventing it from reaching an unauthorized person. They ignore the fact that an
insider is gradually exposed to more and more sensitive data,to which she is authorized to access. Such data
may cause great damage to the organization when leaked or misused. Data can be leaked via emails, instant
messaging, le transfer etc. This research is focusing on email data leakage monitoring, detection and
prevention. It is proposed to be carried out in two phases: leakage detection through mining and prevention
through encryption of email content.
Potential Advantages Of An Insider AttackSusan Kennedy
The document discusses the potential advantages of an insider attack from an organization's perspective. Some key points discussed include:
- With an insider attack, the organization may not immediately know they are under attack since it is an internal issue rather than external. This makes the attack harder to control and identify.
- There is often less obvious evidence of an insider attack, which makes it more difficult to investigate but also keeps the attack more contained and private.
- Insider attacks can be kept more contained since the attacker has internal access and operations are more covert than an external hack. This allows compromised information to "bleed" out at a quicker rate since the organization does not immediately know they are under attack.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
2010 report data security survey
1. 2010 IOUG DATA SECURITY SURVEY
By Joseph McKendrick, Research Analyst
Produced by Unisphere Research, a division of Information Today, Inc .
September 2010
Sponsored by
Produced by
2. 2
TABLE OF CONTENTS
Executive Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Data Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Access Control to Data and Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Database Activity Monitoring and Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Operational Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
3. 3
EXECUTIVE SUMMARY
Information security is top of mind for all organizations today.
Companies recognize that there are severe repercussions to
ignoring or undervaluing data security, and most are increasing
their investment in security and putting in place measures to
protect their information. But are those measures sufficient? And,
do those measures really provide the safeguards organizations
think they do? According to this year’s survey of 430 members of
the Independent Oracle Users Group (IOUG), the answer to both
of these questions is “no,” leaving organizations more at risk than
they are aware. This study of IOUG members’ information security
practices was first conducted in 2008, and then again in 2009.
This year’s survey,1 conducted in May 2010 by Unisphere
Research, a division of Information Today, Inc., and sponsored by
Oracle Corporation, uncovered the following troubling findings:
■ Fewer than 30 percent of respondents are encrypting
personally identifiable information in all their databases.
Although slightly up from last year, this finding is startling
given the number of existing data privacy and protection
mandates that specifically call for data-at-rest encryption.
■ Close to two out of five of respondents’ organizations ship
live production data out to development teams and outside
parties. However, more than one-third admit that the data is
unprotected, or don’t know if it is protected. In many cases,
the data consists of sensitive or confidential information.
■ Three out of four organizations do not have a means to
prevent privileged database users from reading or tampering
with HR, financial or other business application data in their
databases. Many of those who responded that they could
“prevent” such activity indicated that they did so by relying
on auditing and recovery process, and were reacting rather
than preventing.
■ In fact, two out of three respondents admit that they could
not actually detect or prove that their database administrators
1
and other privileged database users were not abusing their
privileges.
■ However, database administrators and other IT professionals
aren’t the only people that can compromise data security from
the inside. An end user with common desktop tools can also
gain unauthorized direct access to sensitive data in the databases.
Close to half of respondents say that this either could happen in
their organizations, or that they don’t know if it could.
■ Almost 64 percent indicate that they either do not monitor
database activity, do so on an ad hoc basis, or don’t know
if anyone is monitoring. Less than one-third of those
monitoring are watching sensitive data reads and writes.
As a result, 40 percent of respondents indicate that they are
unsure as to how long it would take them to detect and
correct unauthorized changes to their data or their databases.
■ Overall, two-thirds of companies either expect a data security
incident they will have to deal with in the next 12 months, or
simply don’t know what to expect.
What is the greatest risk? “Our greatest risk is probably that
of a rogue employee running amok,” says one respondent.
“We’d know about it soon enough, but it might be too late to
avoid serious damage.” This is a sentiment echoed by many other
respondents.
Some data managers feel that their data is secure mainly
because databases are not connected to the Internet—a false
comfort that may lead to a rude awakening, especially considering
that a majority of organizations admit that they do not apply
Critical Patch Updates intended to address security vulnerabilities
in a timely manner, or take steps to ensure that all their Internetfacing applications are not subject to SQL injection attacks.
On the following pages, the detailed survey results are
presented by key areas: data privacy, access control, activity
monitoring and auditing, and operational security.
The survey consisted of email messages to IOUG members directing them to a
Web-based survey instrument. Respondents were encouraged to provide openended responses to further explore the nature of their data security adoption
strategies.
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
4. 4
OVERVIEW
Data managers and professionals in this survey have a range
of responsibilities, and come from a range of company sizes.
Nine out of 10 respondents have some role to play in
corporate data security, and one-third of respondents categorize
this role as “extensive.” Respondents also run numerous multiple
databases at their sites—one out of five, in fact, runs more than
500 instances of databases. (See Figures 1–5.)
Many organizations move data out to outsourcers for
application development, testing and administration.
In the current environment, the lines between “insiders” and
“outsiders” have blurred. Organizations rely on third-party
organizations and contractors to manage and develop systems
and applications. More than one-third report that they outsource
or offshore their database or application administration
functions to an outside provider. (See Figure 6.)
Even larger numbers of respondents report that their
companies outsource database development and testing. Close to
half of respondents, 47 percent, report that they either extensively
outsource development or test functions, or they do so on a
limited basis. (See Figure 7.)
This poses unique challenges in terms of enforcing
appropriate controls to sensitive and regulated data.
Organizations are increasing investments in data security.
The research shows that data security efforts are recovering
from the recent economic downturn. Forty-three percent of
companies have increased their IT security-related spending, up
from 28 percent in last year’s survey and 41 percent in the 2008
survey. Only nine percent say spending has actually decreased.
(See Figure 8.)
Although funding is improving, most IT security programs
fail to address the threats to databases.
While half of respondents would consider their company’s level
of commitment to be “high,” close to one out of six—17 percent—
represent their company’s commitment to database security as low
or simply aren’t aware of a commitment. Another one-third rank
IT security as a lukewarm “medium.” (See Figure 9.)
Database security often doesn’t receive organizations’ full
attention as an IT security function. In close to half of the
companies surveyed, database security falls outside the
purview of the IT security function.
Typically, the job of database security falls on the database
group, as reported by more than three out of four survey
respondents. Just over half of the organizations in this survey
indicated that they have a dedicated security group that oversees
their database security requirements. (See Figure 10.)
Many of the respondents also indicated that they are in
regulated businesses, which creates greater urgency for
addressing data security.
More than half of the organizations in the survey are charged
with fulfilling requirements associated with Sarbanes-Oxley Act
(SOX), and more than one-third must comply with state-level
data protection laws and HIPAA/HITECH mandates. (See
Figure 11.)
Figures 1–5: Data managers and professionals in this survey have a range of responsibilities, and come from a range of
company sizes.
Figure 1: Respondents’ Roles in Data Security
Extensive role 33%
Limited or
supporting role 58%
No role in data security
at this time 9%
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
5. 5
Figure 2: Respondents’ Job Roles
Professional/Staff
Database Administrator (DBA)
49%
Programmer/Developer
8%
Analyst/Systems Analyst
6%
Data Architect
4%
Systems Administrator
4%
Applications Administrator
2%
IT Consultant for IT Service/Integration Firm
2%
IT Consultant/Independent Contractor
2%
IT Management/Business Management
Director/Manager of IS/IT
7%
CIO/CTO/Vice President of IT
2%
IT Operations Manager
3%
Project Manager
6%
Executive Management Level for the Business
1%
Other
4%
0
20
40
60
80
100
Figure 3: Respondents’ Companies By Number of Employees
(Includes all locations, branches, and subsidiaries)
1 to 100 employees
11%
101 to 500 employees
15%
501 to 1,000 employees
10%
1,001 to 5,000 employees
19%
5,001 to 10,000 employees
13%
More than 10,000
28%
Decline to answer
4%
0
20
40
60
80
100
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
6. 6
Figure 4: Respondents’ Primary Industries
IT Services/Consulting/Sys. Integration
21%
Utility/Telecommunications/Transport
11%
Education (all levels)
10%
Government (all levels)
10%
Financial Services
7%
Healthcare/Medical
6%
Manufacturing
6%
Software/Application Development
5%
Business Services
4%
Retail/Distribution
4%
Consumer services
3%
High-Tech manufacturing
3%
Insurance
3%
Other
8%
0
20
40
60
80
100
80
100
Figure 5: By Number of Databases Run Within Respondents’
Companies
<10
16%
11 to 100
35%
101 to 500
19%
501 to 1,000
7%
>1,000
13%
Don’t know/unsure
10%
0
20
40
60
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
7. 7
Figures 6 & 7: Many organizations move data out to outsourcers for application development, testing and administration.
Figure 6: Outsource or Offshore Database/Application
Administrative Functions?
Yes, but on a limited basis 26%
Yes, extensively 8%
Don’t know/unsure 5%
No 61%
Figure 7: Outsource or Offshore Database/Application
Development or Test Functions?
Yes, but on a limited basis 36%
Yes, extensively 11%
Don’t know/unsure 6%
No 48%
Total: 101% due to rounding
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
8. 8
Figure 8: Organizations are increasing investments in data security.
Figure 8: Change in IT Security Spending Over the Past Year
2008
2009
2010
100
80
60
43% 28%
41%
40
20
0
9%
Increased
13%
4%
Decreased
Figure 9: Although funding is improving, most IT security programs fail to address the threats to databases.
Figure 9: Where Database Security Falls in Terms of IT
Security Priorities
Medium 34%
Don’t know/unsure 10%
Low 7%
High 50%
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
9. 9
Figure 10: Database security often doesn’t receive organizations’ full attention as an IT security function. In close to half of
the companies surveyed, database security falls outside the purview of the IT security function.
Figure 10: Who is Responsible for Database Security?
Database Group
77%
Security Group
56%
Systems Management Group
37%
Application Group
24%
Development Group
19%
No one
2%
Don't know/unsure
4%
Other
4%
0
20
40
60
80
100
Figure 11: Many of the respondents also indicated that they are in regulated businesses, which creates greater urgency for
addressing data security.
Figure 11: Mandates Organizations Must Comply With
Sarbanes-Oxley Act (SOX)
52%
Local state data protection laws
35%
HIPAA/HITECH
32%
Payment Card Industry (PCI)
22%
SAS 70
10%
Other
8%
0
20
40
60
80
100
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
10. 10
DATA PRIVACY
Data encryption is still an elusive strategy for many.
Despite regulatory requirements specifically calling for data
encryption of personally identifiable information (PII) such as
Social Security, credit card, and national identifier numbers,
fewer than 30 percent of respondents say they uniformly encrypt
PII stored in their databases. (See Figure 12.) A similar
percentage of respondents also admit that data in transit to their
database is not uniformly encrypted. (See Figure 13.)
Most organizations are still not encrypting backups even
when those backups are sent offsite.
Despite lost backups containing sensitive data making headlines
on a regular basis over the past decade, more than half of the
survey group, 53 percent, report they either don’t encrypt or don’t
know if data that is being backed up or exported is encrypted. (See
Figure 14.) In addition, close to one-third admit that they send
unencrypted database backups or exports offsite, to storage
facilities, business partners, or other data centers. (See Figure 15.)
Organizations need to only look as far as their development
and test environments for data breaches.
PII and other sensitive production data is often found in
these typically insecure environments. Close to two out of five
organizations ship live production data, often containing
sensitive or confidential information, to development teams.
Thirty-seven percent admit to actually using live production
data within non-production environments, such as staging and
development environments. (See Figure 16.) Close to half still
use old production data, which offers little assurance if that
data contains PII such as Social Security numbers or credit card
numbers. In two out of five cases, it either does contain this
kind of data, or respondents aren’t sure of the data content.
(See Figure 17.)
There is increasing awareness around the risk of these
practices. However, most organizations have a long way to go
in terms of best practices.
As shown in Figure 16, about one-third of respondents
indicate that they employ simulated data, or de-identified
production data in non-production environments, up from past
years. Thirty percent use de-identified data, up from 26 percent
in the previous 2009 and 2008 surveys. The use of simulated data,
at 34 percent, is also up from 24 percent a year ago.
Strategies such as data de-identification are not integrated into
data security processes. When it comes to de-indentifying data,
most respondents indicated they resort to ad hoc efforts on a
case-by-case basis.
Among the 30 percent of respondents that do de-identify their
production data before it is sent out, most employ manual or ad
hoc processes. Thirty-one percent, for example, use custom
scripts, while 15 percent report they de-identify on an ad hoc
basis. These approaches are costly and error-prone. Another
42 percent either do not de-identify data at all, or simply don’t
know if their companies do so. (See Figure 18.)
Tracking all sensitive data is difficult, even for data
managers.
While most respondents report they are in charge of IT and
data security, only about half have a grasp of where all the
sensitive data resides across their enterprises. (See Figure 19.)
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
11. 11
Figures 12 & 13: Data encryption is still an elusive strategy for many.
Figure 12: Is Personal Identity Information Encrypted?
(e.g., Social Security numbers, credit card, national identifier numbers)
Yes, in all databases 29%
Yes, in some databases 34%
No 22%
Don’t know/unsure 16%
Total: 101% due to rounding
Figure 13: Application Data Encrypted on Network to/from
Database?
Yes, all database traffic is encrypted 23%
Don’t know/unsure 14%
No, database traffic
is not encrypted 21%
Some database traffic
is encrypted 42%
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
12. 12
Figures 14 & 15: Most organizations are still not encrypting backups even when those backups are sent offsite.
Figure 14: Encrypt All Online and Offline Database Backups
and Exports?
Don’t know/unsure 19%
Yes, all database backups/exports
are encrypted 16%
Some database backups/exports
are encrypted 32%
No, database backups/exports
are not encrypted 34%
Total: 101% due to rounding
Figure 15: Send Unencrypted Database Backups or Exports
Offsite?
(Storage facilities, business partners,
other data centers, etc.)
Yes 32%
Don’t know/unsure 24%
No 44%
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
13. 13
Figures 16 & 17: Organizations need to only look as far as their development and test environments for data breaches.
Figure 16: Data Used Within Non-Production Environments
(Such as staging and development environments)
“Old” or outdated production data
48%
“Live” production data
37%
Simulated data
34%
De-identified production data
30%
Sample data provided by the app.
vendor or developer
24%
Don’t know/unsure
6%
Other
0%
0
20
40
60
80
100
Figure 17: Does Live or Old Production Data Used Contain
Sensitive Information?
(Among respondents using production data within non-production environments. Includes credit card
numbers, Social Security numbers, or customer/employee/partner personal identifiable information)
Yes 28%
Don’t know/unsure 11%
Not applicable 18%
No 44%
Total: 101% due to rounding
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
14. 14
Figure 18: There is increasing awareness around the risk of these practices. However, most organizations have a long way
to go in terms of best practices.
Figure 18: Strategies for De-Identifying Data
Using custom scripts
31%
De-identified as part of process
22%
Automated
16%
De-identified on ad hoc basis
15%
Using third-party tools
8%
Ad hoc
7%
We do not de-identify data
20%
Don’t know/unsure
22%
Other
0%
0
20
40
60
80
100
Figure 19: Tracking all sensitive data is difficult, even for data managers.
Figure 19: Aware of all the Databases in Organization that Contain
Sensitive Information?
No 48%
Yes 52%
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
15. 15
ACCESS CONTROL TO DATA AND DATABASES
There is awareness that “internal” hackers originating
attacks from within the firewall or legitimate users abusing
their privileges represent the greatest risk, threat, or
vulnerability at this time.
Twenty-two percent cite internal hacker threats and another
12 percent see abuse of privileges as high-risk threats, compared
to 13 percent that cite the outside hacker threat. Twelve percent
see the lack of management commitment and lax procedures as
the biggest risk to data in that current issues will not be
addressed. Often, management is concerned about moving
applications and systems as rapidly as possible, with little or no
consideration given to data security. (See Figure 20.)
earlier data on a lack of knowledge of all databases that contain
sensitive data.
Three out of four organizations do not have, or are not
aware of, a means to prevent privileged users from tampering
with or compromising data from the inside. Even more
revealing is that many respondents who believe that they have
such a means are in fact relying on detection and recovery,
rather than prevention and real-time enforcement.
About one out of four respondents say they take measures to
prevent database administrators and other privileged database
users from reading or tampering with sensitive information in
financial, HR, or other business applications. (See Figure 21.)
When asked to provide the strategies or techniques used to
prevent privileged users from tampering with sensitive data,
some respondents indicated they were using integrated database
security solutions such as Oracle Database Vault. However, a
majority indicated that they rely on auditing to detect and
recover or “undo” the damage done from such a data breach.
Although preventing tampering from ultimately being successful,
this approach does not actually provide real-time prevention
against access or tampering of data in the first place.
However, when asked for specific techniques, most cite
after-the-fact measures that would remedy such incidents,
but say they could not actually prevent them in real time.
As one respondent described it, such incidents could be rolled
back within 24 hours (but, again, not prevented): “Our DBA GUI
tool requires confirmation before dropping objects, but this can
be bypassed via SQL Plus. This is somewhat mitigated by nightly
backups. All production changes go through change control
process, which requires that back-out procedures to undo the
changes be specified.”
Another respondent reports that in their organization, the
“drop” command has simply “been banned.”
To complicate matters, most companies don’t protect audit
data from unauthorized access so a privileged user could
tamper with audit data to hide their tracks, making even
detection and recovery impossible.
Overall, 57 percent of respondents say that they do not
consolidate—or know if database audit data is consolidated—to
a central secure location to protect it from unauthorized access
or potential tampering by privileged database users. (See Figure
22.) Although 30 percent indicate that they are protecting audit
data from some of their databases, this is not heartening given
Any database user armed with often very simple tools such
as spreadsheets can also be the source of data breaches.
Database administrators and other IT professionals aren’t the
only people that can compromise data security from the inside.
A database user with common desktop tools can also gain
unauthorized access to sensitive data. Close to half of respondents
say this either could happen in their organizations, or that they
don’t know if it could.
One out of four respondents admitted that database users can
bypass applications and gain access to application data within the
One out of four respondents say there are no safeguards, or
that they aren’t aware of safeguards, to prevent accidental data
breaches.
Not all data breaches are malicious, of course—many are the
result of accidents. In fact, about one out of four respondents
also say that they have safeguards to prevent a database
administrator from accidentally dropping a table or
unintentionally causing harm to critical application databases.
(See Figure 23.)
In fact, two out of three respondents cannot prove or
document that super-users are not abusing their privileges.
Only about one-third of respondents say that they have the
means of proving that database administrators and other
privileged database users at their companies are not abusing
their super-user privileges. (See Figure 24.)
▲
▲
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
16. 16
database directly using ad hoc tools. Another 20 percent simply
don’t know if such access is possible in their organizations. (See
Figure 25.)
A number of respondents admitted that such ad hoc tools
were common within their organizations, especially in desktop
applications such as Microsoft Access or Microsoft Excel
spreadsheets which can be used to access databases. One
respondent observed that such access is permitted for nonsensitive data but cannot be enforced effectively allowing access
to both sensitive and non-sensitive data. As another respondent
reported: “We have some application administrators who have
some limited SQL skills from report writing who could
conceivably access the databases without going through the
application.”
Another respondent reported the problem discussed in the
previous section: that data made available to development teams
becomes vulnerable. “In staging and development environments,
developers have full access to the data during development. In
important environments like production, they don’t have access
to anything.”
Figure 20: There is awareness that “internal” hackers originating attacks from within the firewall or legitimate users
abusing their privileges represent the greatest risk, threat, or vulnerability at this time.
Figure 20: Greatest Risks, Threats, Vulnerabilities
(Respondents rating vulnerability as “high”)
Internal hackers or unauthorized users
22%
Malicious code/viruses
10%
Outside hackers
13%
Abuse of privileges by IT staff
12%
Lack of management commitment/
lax procedures
12%
Lack of auditability of access and changes
11%
Loss of hardware or media—e.g., disks,
tapes, laptops
10%
Abuse by outside partners/suppliers
4%
Fines/lawsuits resulting from inadequate
data or security procedures
4%
0
20
40
60
80
100
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
17. 17
Figure 21: Three out of four organizations do not have a means to prevent privileged users from tampering with or
compromising data from the inside. Even more revealing is that many respondents who believe that they have such a
means are in fact relying on detection and recovery, rather than prevention and real-time enforcement.
Figure 21: Can Respondents Prevent DBAs/Privileged Database
Users from Reading/Tampering With Sensitive Data in
Financial, HR, or Other Business Applications?
Yes 24%
No 44%
Don’t know/unsure 32%
Figure 22: To complicate matters, most companies don’t protect audit data from unauthorized access so a privileged user
could tamper with audit data to hide their tracks, making even detection and recovery impossible.
Figure 22: Consolidate Database Audit Data to Central Secure
Location?
For some databases 30%
Yes, for all databases 13%
No 36%
Don’t know/unsure 21%
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
18. 18
Figure 23: Close to four out of five respondents say there are no safeguards, or that they aren’t aware of safeguards, to
prevent accidental data breaches. However, when asked for specific techniques, most cite after-the-fact measures that
would remedy such incidents, but say they could not actually prevent them in real time.
Figure 23: Have Safeguards to Prevent Unintentional Changes or
Breaches by Privileged Users?
Don’t know/unsure 23%
No 54%
Yes 23%
Figure 24: In fact, two out of three respondents cannot prove or document that super-users are not abusing their privileges.
Figure 24: Can Respondents Prove Super-User Privilege Not
Abusing Privileges?
Yes 32%
No 39%
Don’t know/unsure 28%
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
19. 19
Figure 25: Any database user armed with often very simple tools such as spreadsheets can also be the source of data
breaches.
Figure 25: Can Users Bypass Applications and Gain Direct Access
to Data Using Ad Hoc Tools?
Yes 25%
No 56%
Don’t know/unsure 20%
Total: 101% due to rounding
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
20. 20
DATABASE ACTIVITY MONITORING AND AUDITING
Seventy percent of respondents rely on native auditing
capabilities—however, no one is really looking at the data.
A majority report they are using native database auditing
solutions to monitor database activity on at least some of their
databases. (See Figure 26.)
Only one out of four have automated tools to monitor
databases for security issues on a regular basis.
At this time, only 25 percent have automated database security
monitoring capabilities. This has not changed since the first
survey was conducted in 2008. (See Figure 27.)
Even among companies monitoring for data security issues,
not enough is being done. Most don’t monitor who is looking at
sensitive data, or who is updating sensitive data.
For those respondents that are monitoring production
databases in some capacity, only about one-third are tracking
who is reading or updating sensitive data stored in their
databases. Close to half of respondents aren’t monitoring all
privileged user activities, even new account creation or structural
database changes despite numerous regulations that specifically
require such controls. (See Figure 28.)
In one out of four organizations, no one would know if an
unauthorized database change occurred.
In 24 percent of companies in this survey, respondents report
they would not know at all if someone made an unauthorized
database change to their system. Only 30 percent can track
unauthorized changes across their entire portfolio. (See Figure 29.)
For a majority, it may take some time to detect and correct
an unauthorized database change.
Two out of five say they simply don’t know how long it
would take, while 16 percent say it would take more than a
day. Only 12 percent could catch such incidents with the hour,
presumably before a lot of damage could be done. (See Figure 30.)
Likewise, database audits are not something most
organizations are prepared to do.
More than one-third of respondents simply do not know how
long it would take to prepare for a database audit, while another
third say it would take more than a day to prepare all the
necessary reports. Only a handful could audit their databases
within an hour, if needed. (See Figure 31.)
While respondents indicated that they rely heavily on audits
to detect and remedy database security breaches, such audits
are few and far between.
Close to one-third, in fact, only do a database audit once a
year. Almost two out of five say that they either never audit their
databases, or simply don’t know when or if such audits happen.
Only 16 percent say they are done at least once a month. As
one respondent put it: “Every few years we bring in a consulting
company to audit us.” (See Figure 32.)
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
21. 21
Figure 26: Seventy percent of respondents rely on native auditing capabilities—however, no one is really looking at the data.
Figure 26: Use Native Database Auditing to Monitor Database
Activity?
Yes, on most databases 37%
No 13%
On some databases 35%
Don’t know/unsure 14%
Total: 99% due to rounding
Figure 27: Only one out of four have automated tools to monitor databases for security issues on a regular basis.
Figure 27: Monitor All Production Databases for Security Issues?
Manually monitor on ad hoc basis
15%
Run tools on an ad hoc basis
15%
Manually monitor on regular basis
11%
Run tools on a regular basis
25%
No
17%
Don’t know/unsure
17%
0
20
40
60
80
100
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
22. 22
Figure 28: Even among companies monitoring for data security issues, not enough is being done. Most don’t monitor who is
looking at sensitive data, or who is updating sensitive data.
Figure 28: Production Database Activities Monitored
All privileged user activities
54%
Failed logins
50%
Login/logout
41%
New account creation
40%
Database definition changes
(new tables, etc.)
39%
Writes to sensitive tables/columns
37%
Read of sensitive tables/columns
28%
Don't know/unsure
23%
Other
2%
0
20
40
60
80
100
Figure 29: In one out of four organizations, no one would know if an unauthorized database change occurred.
Figure 29: Would Unauthorized Database Change be Detected?
Yes, on most databases 30%
On some databases 46%
No 24%
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
23. 23
Figure 30: For a majority, it may take some time to detect and correct an unauthorized database change.
Figure 30: Length of Time to Detect Unauthorized Database Change
< 1 hour
12%
1 to 24 hours
33%
1 to 5 days
10%
> 5 days
Don’t know/unsure
6%
39%
0
20
40
60
80
100
80
100
Figure 31: Likewise, database audits are not something most organizations are prepared to do.
Figure 31: Length of Time to Prepare for Database Security
Assessment/Audit
< 1 hour:
7%
1 to 24 hours
22%
1 to 5 days
22%
> 5 days
14%
Don’t know/unsure
35%
0
20
40
60
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
24. 24
Figure 32: While respondents indicated that they rely heavily on audits to detect and remedy database security breaches,
such audits are few and far between.
Figure 32: Number of Database Security Assessments/Audits
Per Year
A few times a month
4%
At least once a month
12%
Quarterly
16%
Annually
30%
Never
Don't know/unsure
Other
8%
27%
2%
0
20
40
60
80
100
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
25. 25
OPERATIONAL SECURITY
The primary modus operandi employed by hackers is SQL
injection attacks via Web applications. Two out of three data
managers in this survey report they are not prepared or don’t
know if they are prepared to fend off such attacks.
The Verizon 2010 Data Breach Investigations Report 2 notes
that more than 90 percent of all breached records are due to Web
applications involving SQL injection attacks. While this represents
a major risk for most organizations, only about one-third of
respondents say their organizations have taken steps to ensure their
applications are not subject to SQL injection attacks. (See Figure 33.)
To make matter worse, many organizations are not applying
Critical Patch Updates (CPUs) in timely fashion, increasing the
risk that an attacker will get a foothold.
An important way to mitigate the threat of security breaches is
by applying security patches—or Critical Patch Updates—as soon
as they become available. However, a majority of respondents do
not apply such patches right away—63 percent report they are at
least a cycle late with CPUs, with 17 percent stating they either
don’t apply patches at all or are unsure when they are applied.
(See Figure 34.)
Figure 33: Taken Steps to Prevent SQL Injection Attacks?
No 22%
Don’t know/unsure 44%
Yes 35%
Total: 101% due to rounding
2
2010 Data Breach Investigations Report, Wade Baker, Mark Goude, et al., Verizon
Corp., 2010. http://www.verizonbusiness.com/resources/reports/rp_2010-databreach-report_en_xg.pdf
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
26. 26
Figure 34: To make matter worse, many organizations are not applying Critical Patch Updates (CPUs) in timely fashion,
increasing the risk that an attacker will get a foothold.
Figure 34: How Quickly are Critical Patch Updates Applied to
All Systems?
Typically before the next CPU released
(within 1–3 months)
37%
One cycle late (3–6 months)
17%
Two cycles late (6–9 months)
9%
Three cycles late (9–12 months)
3%
Four or more cycles late (more than 1 year)
7%
Within 1 year
4%
We have never applied a CPU
1%
Don't know/unsure
Other
16%
5%
0
20
40
60
80
100
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
27. 27
CONCLUSION
Many enterprises are not addressing data security
proactively and are unable to prevent unauthorized access to
data in real-time. They are taking measures, often on an ad hoc
basis, to detect suspicious database activity in the hope of being
able to remedy a security problem after the fact. Unfortunately,
that approach is often too little, too late—the data has left the
building!
This survey of 430 members of the Independent Oracle Users
Group finds awareness of internal threats to data, but little being
done to mitigate the risks.
Most organizations in this survey do not effectively track
or monitor the activities of their privileged database users, let alone
prevent data breaches by these insiders. There is a false sense of
security that unauthorized database activity can be “prevented” by
auditing and recovery processes. However, database audits are ad
hoc—and recovery is not always possible or comes at a steep cost.
Many are aware that their organizations have been lucky so
far, but that luck has its limits.
Close to two-thirds of companies either expect to have a data
security incident that they will have to deal with in the next 12
months, or simply don’t know what to expect.
Respondents are aware that there’s a good chance the data will
be compromised, breached, or tampered with. Close to one-third,
31 percent, of the respondents to this survey say that they are
likely to experience a data breach over the coming year. Another
34 percent simply don’t know what the likelihood of a security
incident will be in their organizations. (See Figure 35.)
A number of respondents say that their information is “safe”
because it is not of interest to hackers.
That leaves more than one-third of the respondents, 36
percent, who say they do not expect to experience security
incidents within their data environments. Why not? In comments
related to this question, respondents seemed to rely on the fact
that their databases are not accessible directly from the Internet.
This is a false comfort that may lead to a rude awakening given
the increasing rate of database attacks originating from within the
firewall through SQL injections, malware, and stolen credentials.
But even seemingly uninteresting data may have value in the
wrong hands. As one respondent admitted: “We think we have
thoroughly investigated our outside support providers as well
as our internal support folks. However, one place we see as a
vulnerability is the ability of various people to see what is paid
for different items. If they were to develop a cozy relationship
with a supplier, we feel that the pricing info might be passed on,
thereby weakening our ability to negotiate a lower price on the
goods we purchase.”
In most cases, respondents have either been lucky or have not
been made aware of any data breaches that may have occurred
within their organizations over the past year. (See Figure 36.)
But how long can their luck hold out?
Figure 35: Likelihood of a Data Breach Over the Next 12 Months
Highly unlikely
13%
Somewhat unlikely
23%
Somewhat likely
26%
Inevitable
Don’t know/unsure
5%
34%
0
20
40
60
80
100
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you’re not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
28. 28
Figure 36: Enterprise Data Breached, Compromised or Tampered
With Over the Past Year?
Yes 6%
Not aware of any incidents
in past year 79%
Don’t know/unsure 16%
Total: 101% due to rounding
2010 IOUG Data Security Survey was produced by Unisphere Research and sponsored by Oracle. Unisphere Research is the market research unit of Unisphere Media, a division of Information
Today, Inc., publishers of Database Trends and Applications magazine and the 5 Minute Briefing newsletters. To review abstracts of our past reports, visit www.dbta.com/research. Unisphere Media,
229 Main Street, Chatham, NJ 07928. Tel: 973-665-1120, Fax: 973-665-1124, Email: Tom@dbta.com, Web: www.dbta.com.
Join the IOUG—If you're not already an IOUG member and would like to continue receiving key information like this, visit the IOUG at w3.ioug.org/join/today for information on how to join
this dynamic user community for Oracle applications and database professionals.
Data collection and analysis performed with SurveyMethods.
The information in this report has been gathered through Web-based surveys of member and prospective member lists provided by the IOUG, through interviews with knowledgeable
participants in the computer industry and through secondary research of generally available documents, reports and other published media, as well as from earlier studies conducted by
Unisphere Research. Unisphere Research has relied on the accuracy and validity of all information so obtained. Unisphere Research assumes no liability for inaccurate or omitted information