The document discusses database security and common threats. It notes that database breaches exposing personally identifiable information increased significantly in 2013, with over 822 million records exposed. Common causes of database breaches included hacking, which accounted for over 59% of reported incidents and 72% of exposed records. Specific large breaches discussed included those affecting Adobe, Target, and the US National Security Agency. The document stresses that database security presents ongoing challenges given the emergence of new threats and no database is completely secure.
Part of a joint presentation with Midori Harris comparing OWL (Web Ontology Language) and OBO (Open Biomedical Ontologies) as ontology languages, This presentation concentrates on OWL, Midori Harris presented OBO.
A good digital citizen gives accurate and reliable information and is genuine and helpful when online. It is the responsibility of all students to collaborate in a friendly and courteous manner to develop and share online.
Open source grid middleware packages – Globus Toolkit (GT4) Architecture , Configuration – Usage of Globus – Main components and Programming model - Introduction to Hadoop Framework - Mapreduce, Input splitting, map and reduce functions, specifying input and output parameters, configuring and running a job – Design of Hadoop file system, HDFS concepts, command line and java interface, dataflow of File read & File write.
The presentation discusses about plagiarism, reasons for plagiarism cases, why knowledge about plagiarism is so important, the repercussion of wrong writing practices, penalties, ways to avoid plagiarism, and what are anti-plagiarism software available.
INTELLIGENT DISK SUBSYSTEMS – 2, I/O TECHNIQUES – 1
Caching: Acceleration of Hard Disk Access; Intelligent disk subsystems; Availability of disk subsystems. The Physical I/O path from the CPU to the Storage System; SCSI.
I/O TECHNIQUES – 2, NETWORK ATTACHED STORAGE
Fibre Channel Protocol Stack; Fibre Channel SAN; IP Storage. The NAS Architecture, The NAS hardware Architecture, The NAS Software Architecture, Network connectivity, NAS as a storage system.
This presentation looks in detail at SPARQL (SPARQL Protocol and RDF Query Language) and introduces approaches for querying and updating semantic data. It covers the SPARQL algebra, the SPARQL protocol, and provides examples for reasoning over Linked Data. We use examples from the music domain, which can be directly tried out and ran over the MusicBrainz dataset. This includes gaining some familiarity with the RDFS and OWL languages, which allow developers to formulate generic and conceptual knowledge that can be exploited by automatic reasoning services in order to enhance the power of querying.
SS2 DATA PROCESSING PRACTICAL EXAMINATION (FIRST TERM)Ejiro Ndifereke
This is the first term S2 Data Processing Practical Examination strictly on Microsoft Access (Database). It is NECO and WAEC SSCE standard question to prepare the student.
The Semantic Web #9 - Web Ontology Language (OWL)Myungjin Lee
This is a lecture note #9 for my class of Graduate School of Yonsei University, Korea.
It describes Web Ontology Language (OWL) for authoring ontologies.
This is my first term examination for SS3 D.P. It is well detailed as it covers every part of the scheme. It contains three parts namely; Objective, Theory, Test of Practical a normal standard WAEC Examination.
IMPACT OF COMPUTING ON HUMANITY (IN EVERY ASPECT: DOMESTIC, SOCIAL AND PROFES...Rauf Khalid
IMPACT OF COMPUTING ON HUMANITY (IN EVERY ASPECT: DOMESTIC, SOCIAL AND PROFESSIONALLY) RELATING FROM IT TO CS TO SE.
Definition – What does Computing mean?
Computing is the process of using computer technology to complete a given goal-oriented task.
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
NetIQ was a Platinum sponsor for “Plugging the Leaks: Finding and Fixing the IT Security Holes in Your Enterprise,” a virtual trade show (VTS) produced by Information Week Magazine and Dark Reading.
This was our presentation deck: "Proven Practices to Protect Critical Data" presented by Matt Mosley, Senior Product Manager, and Matt Ulery, Director of Product Management during a live presentation. They explored some of the most significant problems facing security teams tasked with protecting critical data. And, they will reveal some of the most effective approaches and technology that can be used to quickly identify real threats.
Part of a joint presentation with Midori Harris comparing OWL (Web Ontology Language) and OBO (Open Biomedical Ontologies) as ontology languages, This presentation concentrates on OWL, Midori Harris presented OBO.
A good digital citizen gives accurate and reliable information and is genuine and helpful when online. It is the responsibility of all students to collaborate in a friendly and courteous manner to develop and share online.
Open source grid middleware packages – Globus Toolkit (GT4) Architecture , Configuration – Usage of Globus – Main components and Programming model - Introduction to Hadoop Framework - Mapreduce, Input splitting, map and reduce functions, specifying input and output parameters, configuring and running a job – Design of Hadoop file system, HDFS concepts, command line and java interface, dataflow of File read & File write.
The presentation discusses about plagiarism, reasons for plagiarism cases, why knowledge about plagiarism is so important, the repercussion of wrong writing practices, penalties, ways to avoid plagiarism, and what are anti-plagiarism software available.
INTELLIGENT DISK SUBSYSTEMS – 2, I/O TECHNIQUES – 1
Caching: Acceleration of Hard Disk Access; Intelligent disk subsystems; Availability of disk subsystems. The Physical I/O path from the CPU to the Storage System; SCSI.
I/O TECHNIQUES – 2, NETWORK ATTACHED STORAGE
Fibre Channel Protocol Stack; Fibre Channel SAN; IP Storage. The NAS Architecture, The NAS hardware Architecture, The NAS Software Architecture, Network connectivity, NAS as a storage system.
This presentation looks in detail at SPARQL (SPARQL Protocol and RDF Query Language) and introduces approaches for querying and updating semantic data. It covers the SPARQL algebra, the SPARQL protocol, and provides examples for reasoning over Linked Data. We use examples from the music domain, which can be directly tried out and ran over the MusicBrainz dataset. This includes gaining some familiarity with the RDFS and OWL languages, which allow developers to formulate generic and conceptual knowledge that can be exploited by automatic reasoning services in order to enhance the power of querying.
SS2 DATA PROCESSING PRACTICAL EXAMINATION (FIRST TERM)Ejiro Ndifereke
This is the first term S2 Data Processing Practical Examination strictly on Microsoft Access (Database). It is NECO and WAEC SSCE standard question to prepare the student.
The Semantic Web #9 - Web Ontology Language (OWL)Myungjin Lee
This is a lecture note #9 for my class of Graduate School of Yonsei University, Korea.
It describes Web Ontology Language (OWL) for authoring ontologies.
This is my first term examination for SS3 D.P. It is well detailed as it covers every part of the scheme. It contains three parts namely; Objective, Theory, Test of Practical a normal standard WAEC Examination.
IMPACT OF COMPUTING ON HUMANITY (IN EVERY ASPECT: DOMESTIC, SOCIAL AND PROFES...Rauf Khalid
IMPACT OF COMPUTING ON HUMANITY (IN EVERY ASPECT: DOMESTIC, SOCIAL AND PROFESSIONALLY) RELATING FROM IT TO CS TO SE.
Definition – What does Computing mean?
Computing is the process of using computer technology to complete a given goal-oriented task.
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
NetIQ was a Platinum sponsor for “Plugging the Leaks: Finding and Fixing the IT Security Holes in Your Enterprise,” a virtual trade show (VTS) produced by Information Week Magazine and Dark Reading.
This was our presentation deck: "Proven Practices to Protect Critical Data" presented by Matt Mosley, Senior Product Manager, and Matt Ulery, Director of Product Management during a live presentation. They explored some of the most significant problems facing security teams tasked with protecting critical data. And, they will reveal some of the most effective approaches and technology that can be used to quickly identify real threats.
New regulations and the evolving cybersecurity technology landscapeUlf Mattsson
As the cyber threat landscape continues to evolve, organizations worldwide are increasing their spend on cybersecurity technology. We have a transition from 3rd party security providers into native cloud security services. The challenge of securing enterprise data assets is increasing. What’s needed to control Cyber Risk and stay Compliant in this evolving landscape?
We will discuss evolving industry standards, how to keep track of your data assets, protect your sensitive data and maintain compliance to new regulations.
What I learned at the Infosecurity ISACA North America Conference 2019Ulf Mattsson
The 2019 Infosecurity ISACA North America Expo and Conference was held in New York City’s Javits Convention Center on November 20-21. With more than 50 sessions spanning 5 tracks, this conference offered the best-in-class educational content ISACA members and certification holders depend on, plus unprecedented access to leaders in the security industry.
Join Ulf Mattsson, Head of Innovation at TokenX for a conference recap webinar on the biggest takeaways
The Threats Posed by Portable Storage DevicesGFI Software
In a society where the use of portable storage devices is commonplace, there is a real risk to business. The threat that these devices pose to corporations and organizations is often ignored. This white paper examines the nature of the threat that devices such as iPods, USB sticks, flash drives and PDAs present and the counter-measures that organizations can adopt to eliminate them.
Data loss prevention by using MRSH-v2 algorithm IJECEIAES
Sensitive data may be stored in different forms. Not only legal owners but also malicious people are interesting of getting sensitive data. Exposing valuable data to others leads to severe Consequences. Customers, organizations, and /or companies lose their money and reputation due to data breaches. There are many reasons for data leakages. Internal threats such as human mistakes and external threats such as DDoS attacks are two main reasons for data loss. In general, data may be categorized based into three kinds: data in use, data at rest, and data in motion. Data Loss Prevention (DLP) are good tools to identify important data. DLP can do analysis for data content and send feedback to administrators to make decision such as filtering, deleting, or encryption. Data Loss Prevention (DLP) tools are not a final solution for data breaches, but they consider good security tools to eliminate malicious activities and protect sensitive information. There are many kinds of DLP techniques, and approximation matching is one of them. Mrsh-v2 is one type of approximation matching. It is implemented and evaluated by using TS dataset and confusion matrix. Finally, Mrsh-v2 has high score of true positive and sensitivity, and it has low score of false negative.
How to protect the cookies once someone gets into the cookie jarJudgeEagle
A new and innovative software solution designed to protect sensitive data stored in a company's database from breaches that goes beyond mere data encryption and significantly increases the level of protection of their sensitive data.
Who is the next target proactive approaches to data securityUlf Mattsson
The landscape of threats to sensitive data is changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to react properly to the shifts around them. What's needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
This webinar will provide more information on the importance of information security and how you can take security well beyond compliance, an approach on building strong information security, privacy and data governance programs, and the importance of strong data governance in relation to privacy and information security requirements.
The webinar covers
• Information Security
• Importance Of Information Security Today
• Taking Information Security Beyond A Compliance First
• Importance Of Data Governance In Information Security
• Privacy
• Changing And Evolving Privacy Requirements
• Importance Of Data Governance In Privacy
• Data Governance And Data Privacy
• Data Privacy - Data Processing Principles
Presenters:
Moji is a Senior Business Process Analyst working with GemaltoThales, a leading firm in the IT industry. Moji has over fifteen years of experience in leading projects to improve processes, create and implement processes leading to increased revenue generation and eliminate redundancies.
She has a zeal for adding value and increasing revenue for organizations. Moji is very passionate about Data Privacy and its application in business and consumer rights.
Hardeep Mehrotara has 20+ years of senior leadership experience in Information Technology and Cyber Security working for public and private organizations building security programs from the ground up. He has been featured on Canadian television as a cyber expert and provided advice to various communities on implementing cybersecurity strategy, best practices and controls. He has been a co-author on numerous leading industry security control frameworks, technical benchmarks and industry best practice standards.
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/aQcS5-RFIEY
Website link: https://pecb.com/
An assessment of UK cyber resilience across the commercial sector. The report highlights information disclosure, as used by hackers to construct attack intelligence.
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
Data Leak Protection Using Text Mining and Social Network AnalysisIJERD Editor
Data Leak prevention is a research field which deals with study of potential security threats to
organizational data and strategies to prevent such threats. Data leaks involve the release of sensitive information
to an untrusted third party, intentionally or otherwise while data loss on the other hand is disappearance or
damage of data, inwhich a correct data copy isno longer available to the organization.Thesecorrespond toa
compromise of data integrity oravailability. Data leak/loss has led to huge loss of revenue in the affected
organisation and a threat to their continued existence. All organisations using electronic data storage are
vulnerable to this attack. This research work is targeted at organisations with sensitive datasuch as Bank,
Manufacturing industries, GSM operators, research centres, Military, Higher Educational Institutions and so
on.The authorsanalyse the possible threats to organisational data and the parties that are involved in such threat,
the impact of successful attack on an organisation,and current approaches to DLP.The authorsalso design a DLP
modelusing “text mining” and “social network analysis”, and suggested further research into “text mining” and
“social network analysis”for effective future solution to DLP problems.In conclusion, implementation of this
design with adherence to good data security practices and proactive strategies suggested in thispaper will
significantly reduce the risk of such security threats.
90 % av alla dataintrång fokuserar på data i databaser. Det är där ditt företags känsliga och åtråvärda information finns. I 38 % av dessa intrång tar det minuter att få ut känsligt data, samtidigt som det för hälften av intrången tar månader eller mer innan de upptäcks. Dave Valovcin, från IBM WW Guardium Sales, berättar om hur du kan skydda din känsliga data.
Privacy Engineering: Enabling Mobility of Mental Health Services with Data Pr...CREST
This presentation describes privacy engineering for mobile health apps. it revealed that top-ranked apps lack fundamental data protection mechanisms, and that explicit and understandable consent in apps is needed for data access/sharing within or across organisations
We all have good and bad thoughts from time to time and situation to situation. We are bombarded daily with spiraling thoughts(both negative and positive) creating all-consuming feel , making us difficult to manage with associated suffering. Good thoughts are like our Mob Signal (Positive thought) amidst noise(negative thought) in the atmosphere. Negative thoughts like noise outweigh positive thoughts. These thoughts often create unwanted confusion, trouble, stress and frustration in our mind as well as chaos in our physical world. Negative thoughts are also known as “distorted thinking”.
The Indian economy is classified into different sectors to simplify the analysis and understanding of economic activities. For Class 10, it's essential to grasp the sectors of the Indian economy, understand their characteristics, and recognize their importance. This guide will provide detailed notes on the Sectors of the Indian Economy Class 10, using specific long-tail keywords to enhance comprehension.
For more information, visit-www.vavaclasses.com
The Art Pastor's Guide to Sabbath | Steve ThomasonSteve Thomason
What is the purpose of the Sabbath Law in the Torah. It is interesting to compare how the context of the law shifts from Exodus to Deuteronomy. Who gets to rest, and why?
This is a presentation by Dada Robert in a Your Skill Boost masterclass organised by the Excellence Foundation for South Sudan (EFSS) on Saturday, the 25th and Sunday, the 26th of May 2024.
He discussed the concept of quality improvement, emphasizing its applicability to various aspects of life, including personal, project, and program improvements. He defined quality as doing the right thing at the right time in the right way to achieve the best possible results and discussed the concept of the "gap" between what we know and what we do, and how this gap represents the areas we need to improve. He explained the scientific approach to quality improvement, which involves systematic performance analysis, testing and learning, and implementing change ideas. He also highlighted the importance of client focus and a team approach to quality improvement.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
How to Create Map Views in the Odoo 17 ERPCeline George
The map views are useful for providing a geographical representation of data. They allow users to visualize and analyze the data in a more intuitive manner.
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
1. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
Introduction to Information Technology
INT-1010
Prof C
Luis R Castellanos
1
07.4
Databases:
Databases and Security Issues
2. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
2
Data and
Databases
Before
Databases
Relational
Model
Databases and
security
Database
concepts
Database
design
3. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
3
Data Security Data Breaches Threats
Databases and
security
Vulnerabilities Protect PII
4. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
4
Data Security
Databases
5. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
5
It is the confidentiality, integrity, and
availability (CIA) of the data in a
database that need to be protected.
Confidentiality can be lost if an
unauthorized person gains entry or
access to a database, or if a person who
is authorized to view selected records
in a database accesses other records he
or she should not be able to view.
If the data is altered by someone who is
unauthorized to do so, the result is a
loss of data integrity.
6. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
6
And if those who need to have access to the
database and its services are blocked from
doing so, there is a resulting loss of
availability.
Security of any database is significantly
impacted by any one or more of these basic
components of CIA being violated.
There are various reasons for spending
money, time, and effort on data protection.
The main reason is reducing financial loss,
followed by compliance with regulatory
requirements, maintaining high levels of
productivity, and meeting customer
expectations
7. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
7
Both businesses and home computer users
should be concerned about data security. The
information stored in databases—client
information, payment information, personal
files, bank account details, and more—can be
hard to replace, whether the loss results from
• physical threats such as a fire or a significant power
outage
• human error that results in errors in the processing
of information or unintended deletion of data, or
from erroneous input
• corporate espionage, theft, or malicious activity.
Loss of this data is potentially dangerous if it
falls into the wrong hands
8. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
8
It is in these three areas that a risk
assessment of the database’s security and
protection of the data should focus.
Is there a backup procedure that would
allow access to the data if the primary
database is destroyed by a physical
threat?
That same backup procedure might be
important in case the CIA of the database
is inadvertently affected by human error.
And what safeguards can/should be put in
place to prevent incidents of espionage,
theft, or other malicious activity?
9. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
9
Data Security Data Breaches Threats
Databases and
security
Vulnerabilities Protect PII
10. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
10
How Common
Are Database
Breaches?
Databases
11. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
11
Just how prevalent are the threats against
databases?
Is it worth the time, money, and personnel
effort to ensure that the database is
safeguarded?
Remember the Target and Neiman Marcus
problems that surfaced in late 2013?
And the continuing saga of Edward Snowden
and the NSA leaks?
These may have been the most widely
publicized data breaches of 2013.
But they were definitely just two of many such
database breaches.
12. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
12
In 2013, Edward Snowden, a former
intelligence contractor for the U.S. National
Security Agency (NSA), revealed the existence
of previously highly classified intelligence-
gathering surveillance programs run by the
NSA and the U.K.’s equivalent, the GCHQ.
While working at the NSA, Snowden began
accumulating information on NSA surveillance
programs and activities while contracted there
from 2009 to 2013.
He gave information to “The Guardian”, was
charged with espionage and had to leave the
US.
https://www.whistleblowers.org/whistleblowers/edward-snowden/
13. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
13
In 2021 a ransomware attack was made
against Colonial Pipeline.
Colonial Pipeline, which operates the biggest
gasoline conduit to the East Coast, said it has
no estimate on when it could restart the 5,500-
mile pipeline that it shut Friday after a
cyberattack. The 5,500-mile conduit carries
2.5 million barrels a day to the East Coast, or
45% of its supply of diesel, gasoline and jet
fuel. (May 2021).
14. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
14
Wells Fargo accidentally leaks
50,000 clients' records
Wells Fargo accidentally leaked thousands of
sensitive documents, it just inadvertently sent 1.4
gigabytes of files to a former financial adviser
who subpoenaed the company as part of a
lawsuit against one of its current employees.
While 1.4GB of files doesn't seem that big, the
collection includes at least 50,000 customers'
names, Social Security numbers and sensitive
financial info.
Wells Fargo discloses another
data breach in 2021
In a replay of similar incidents over the past
3 years, Wells Fargo began to notify people
about the potential compromise of their
personal information. Letters are going to
an undisclosed number of employees whose
personal information was contained in a
computer and a hard disk stolen from the
trunk of a locked vehicle belonging to an
employee of an auditing firm.
https://www.computerworld.com/article/2547477/
wells-fargo-discloses-another-data-breach.html
https://www.engadget.com/2017-07-22-wells-
fargo-accidentally-leaks-client-info.html
15. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
15
Database breaches are the exposure of database records containing personally
identifiable information (PII) or other sensitive information to unauthorized
viewers.
Risk-Based Security (RBS), a group of consultants and founders of the Open
Security Foundation (OSF), reported that 2013 saw a record number of data
records exposed via data breaches.
Open Security Foundation (OSF) operated from 2005 to 2016, as a non-profit public
organization.
Over 822 million such records were made available
to persons who had no authority to view these
records (Risk Based Security, 2014).
16. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
16
But remember, the number of reported
database breaches does not reflect the
total number of breaches that
occurred.
Some companies do not report
breaches in order to protect their
reputations or to prevent customers
from abandoning the company.
17. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
17
The following is a shortlist of what RBS discovered:
• The business sector accounted for 53.4% of reported
incidents, followed by government (19.3%), medical
(11.5%), education (8.2%), and unknown (7.6%).
• Hacking was the cause of 59.8% of reported incidents,
accounting for 72.0% of exposed records.
• Of the reported incidents, 4.8% were the result of web-
related attacks, which amounted to 16.9% of exposed
records.
• Four incidents in 2013 alone secured a place on the Top
10 All-Time Breaches list:
• Adobe—152 million records. Customer IDs, encrypted
passwords, debit or credit card numbers, and other
information relating to customer orders was
compromised.
18. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
18
• Unknown organizations—140 million records.
North Korean hackers exposed e-mail addresses
and identification numbers of South Korean
individuals.
• Target—110 million records. The information
included customer names, addresses, phone
numbers, e-mail addresses, credit/debit card
numbers, PINs, and security codes.
• Pinterest—70 million records. A flaw in the site’s
application programming interface (API) exposed
users' e-mail addresses.
19. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
19
Even if you were not impacted by any of these data breaches, if you have used a
credit card, made an airline reservation, subscribed to a magazine, been a
patient in a hospital, or shopped at a chain store (supermarket or department
store), or if you are a member of an online social media site, your personally
identifiable information (PII) is stored in a database.
How vulnerable is your PII?
20. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
20
What Are the Most Common
Causes of Database Breaches?
As evidenced by the NSA Snowden
leaks and the Target breach, no
database, and no government agency,
company, or business is as secure as
the owners of that database think.
It is difficult for database
administrators and security managers
to keep pace with the new threats and
vulnerabilities that continually emerge.
21. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
21
And to compound the issues, every
company/business/government has
different security issues, making it a
particularly hard challenge to
standardize any one solution that fits
all.
However, there are some common
threats and vulnerabilities that seem to
occur repeatedly.
22. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
22
Data Security Data Breaches Threats
Databases and
security
Vulnerabilities Protect PII
24. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
24
A cyber or cybersecurity threat
is a malicious act that seeks to
damage data, steal data, or
disrupt digital life in general.
https://www.upguard.com/blog/cyber
-threat
25. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
25
Unauthorized Access by Insiders
The malicious insider with approved access to
the system is one of the greatest threats to
database security.
People attack computers because that's where
the information is, and in our hyper-competitive,
hi-tech business and international environment,
information increasingly has great value.
Some alienated individuals also gain a sense of
power, control, and self-importance through
successful penetration of computer systems to
steal or destroy the information or disrupt an
organization's activities.
26. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
26
Another scenario might involve employees affected
by a workforce reduction who take customer account
lists, financial data, or strategic plans with them
when they leave.
Proprietary information could end up in the hands of
competitors or be widely disseminated online (Data
Loss Prevention).
Insiders may also be a threat to database security if
they are granted database access privileges that go
beyond the requirements of their job function, abuse
legitimate database privileges for unauthorized
purposes, or convert access privileges from those of
an ordinary user to those of an administrator.
27. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
27
Accidental Breaches Resulting from
Incorrect—but Not Malicious—Usage
The data breach is not always the result of a
deliberate attempt to subvert data security;
sometimes it is an unintended consequence.
For example, employees might export data from the
parent database system at work and send it, typically
unencrypted, to personal e-mail addresses so they
can work from home.
The data then might be subsequently compromised
on someone’s home computer.
28. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
28
Or a data mining application might
contain flaws that allow a user without
the correct access credentials to
stumble upon database records
inadvertently.
(If the user deliberately continues to
access the data without permission,
this situation becomes a malicious
insider threat.)
30. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
30
Unprotected Personal Hardware
Collection
It is becoming increasingly common
for data to be transferred to other
personal mobile devices—USB flash
drives, smartphones, tablets, and the
like.
It is rare now to find an employee who
never uses a mobile device—personal
or company-supplied—for business
purposes.
31. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
31
However, mobile devices continue to
be a significant source of data
breaches, stemming from a range of
circumstances, including loss or theft
of the devices, failure to install
antimalware tools on the devices, or
failing to password-protect a device
being used for business purposes.
Data is at risk if an employee stores
any proprietary information on such a
device or if that device is used to access
a company's network and/or database.
32. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
32
Stolen Laptops
Forgetful or careless laptop owners
whose equipment is taken expose data
on that laptop to persons not
authorized to have access to the data.
This can also happen if a laptop is
replaced and the hard drive on the
original machine is not properly erased
or destroyed.
33. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
33
Weak Authentication
A legitimate database user typically is
required to submit an ID and password in
order to gain access to a protected database.
Authentication is the process (internal to the
database program itself) by which the
credentials of the user are verified and access
may be granted.
If the process of authentication is weak, an
attacker can assume the identity of a
legitimate user by stealing or obtaining login
credentials.
34. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
34
Credentials may be illegitimately
obtained by various means:
• Credential theft. The attacker accesses
password files or finds a paper on which the
legitimate user has written down the ID and
password.
• Social engineering. The attacker deceives
someone into providing the login ID and
password by posing as a supervisor, IT
maintenance personnel, or other authority.
• Brute-force attacks. Have you ever been
locked out of an account after attempting to
log in more than 3 times with an incorrect
password? If so, this is the simplest (and
least effective) means of blocking a brute
force attack.
35. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
35
However, not all password-protected systems, databases,
or files block you from access after 3 attempts. For
example, if you have put a lock on a file on your computer,
you most likely have not set a limit on the number of
attempts on that file.
A brute-force attack is a password-guessing approach in
which the attacker attempts to discover a password by
systematically testing every combination of letters,
numbers, and symbols until the correct combination is
found. Depending upon the password's length and
complexity, this can be a very difficult task to complete.
However, there are widely available tools that hackers can
use to find the password, and it can be difficult to block all
the means by which hacker will try to find the password.
38. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
38
Exploiting Weaknesses in an Operating
System or Network
Worms, viruses, or Trojan horses could be introduced
into an unprotected or poorly protected operating
system or computer network that supports the
database, leading to potential unauthorized database
access (loss of confidentiality), data corruption (loss
of integrity), or denial of service (DOS), a loss of
access to legitimate users.
A DOS may be achieved by causing a server to stop
functioning, or “crash,” flooding a network with
message traffic or overloading resources on the
computer, forcing it to stop handling additional tasks
or processing.
39. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
39
Theft of Database Backup Tapes
or Hard Drives
Database backups typically do not have
the same security measures in place
that the primary database employs.
These backups may not be encrypted,
and the media on which backups are
stored are also unprotected.
Theft of the backup media may
allow the attacker full access to
the data stored within the
backup.
40. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
40
Data Security Data Breaches Threats
Databases and
security
Vulnerabilities Protect PII
41. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
41
Vulnerabilities
Databases
42. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
42
A vulnerability is a weakness
that can be exploited by
cybercriminals to gain
unauthorized access to a
computer system.
https://www.upguard.com/blog/
vulnerability
43. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
43
There are other means by which
databases are exposed to security
breaches, and these are considered
vulnerabilities that may subject a
database to a security breach. These
are more passive, but they can do as
much harm as direct threats:
• Data at rest (unencrypted information)
that is passively residing in storage within
the boundaries of company computers,
perhaps waiting to be moved to a secure
database. Data at rest typically is not as well
protected as data that has been entered into
the database and enjoys the database
security measures.
44. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
44
• Data in motion is information that is being electronically
transmitted outside the company’s protected network via e-
mail or other communication mediums. For example, the
data might be transferred to a backup facility that is not
part of the internal storage media used for daily work. Or if
the company uses the cloud for data storage backups, the
transfer might take place outside of the company’s
protected network. This can lead to a loss of sensitive data if
there is a malicious attack via malware during the transfer
process or during the execution of a flawed business process
that allows unauthorized persons to view or obtain the data.
(This is not the same as the accidental breach resulting from
incorrect but not malicious usage noted above, where the
home computer to which the data has been transferred is
attacked or breached. That accidental breach occurred
without any intention of harm by the employee.)
45. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
45
• Poor architecture, in which security was
not adequately factored into the design and
development of the database structure. This
vulnerability may not be discovered until
there is an attempted or successful data
breach.
• Vendor bugs, particularly programming
flaws that allow actions to take place within
the database and with the data that were
not intended or planned.
Much like poor application architecture,
this vulnerability may not be uncovered
until there is an attempted or successful
data breach.
• An unlocked database is one that has no
security measures in place to control access
or auditing.
46. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
46
This seems counterintuitive, but many
home users employing a database for
personal needs, or even for working on
company data while at home, maybe
working with an unlocked database.
47. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
47
Risk Assessments
In the business environment, it is critical that a thorough risk assessment takes
place and be periodically reviewed.
49. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
49
The assessment should address:
• who has access to what data
• the circumstances under which access to the
database may need to change
• who maintains the passwords needed to
access the database
• who uses the company's computers for
access to the internet, e-mail programs, etc.,
and how employees access those resources
• what type of firewalls and anti-malware
solutions to put in place
• the training of the staff
• who has responsibility for enforcement
procedures related to data security.
50. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
50
There are identified solutions for each
of the threats and vulnerabilities
discussed here, including well-defined
and enforced access policies, use of
strong data encryption, vulnerability
assessments, policies related to strong
passwords, and installation of
firewalls.
There are companies that specialize in
designing plans, procedures, and
software to prevent data loss or data
leakage.
51. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
51
With data loss, the data is lost
forever, either by deletion,
theft, or data corruption. Data leakage allows unauthorized
people to get access to the data, either
by intentional action or by mistake.
So data loss and data leakage
can be intentional or
unintentional, and both can be
malicious or just human errors.
52. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
52
Data Security Data Breaches Threats
Databases and
security
Vulnerabilities Protect PII
53. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
53
Protect Personally
Identifiable
Information (PII)
Databases
54. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
54
Protecting databases and the data contained
within can be a costly and all-consuming
activity.
But what does this mean for you, the
individual who uses that credit card, makes
airline reservations, files taxes online,
subscribes to a magazine, has been a patient
in a hospital, shops at a chain store, or is a
member of an online social media site?
55. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
55
Your PII is out there, stored in multiple
databases.
Obviously, you cannot implement
security measures for the company,
business, or government agency that
holds your PII.
But are there many measures you can
take to better protect yourself?
Let’s see some few rules of thumb that
you can implement…
56. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
56
Keep your passwords to yourself
Do not leave a slip with a list of
passwords under your computer, or
anywhere where it can be viewed or
taken by someone.
Just giving your password to a friend is
not a good idea, either.
Use strong passwords
Many of your user IDs must have strong
passwords to gain entry into one or more
systems.
In those instances when you can choose
any password configuration, pick a strong
password to protect your information.
57. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
57
Use different passwords for
different accounts
Remembering multiple passwords can
be a challenge, and it’s often
convenient to use the same password
for multiple accounts, ranging from
Facebook and your bank account to
your X (formerly Twitter) page.
The danger here is that a compromise
of any one of these accounts could also
result in the compromise of others if
the same password is used for multiple
accounts.
58. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
58
Check your credit reports annually
Sometimes people don’t learn that
they’re victims of identity theft until their
credit rating and identity are destroyed.
It’s proactive to get copies of your credit
reports from the credit bureaus and
carefully review them for any errors.
Be sure to follow-up with the credit
bureaus to make any corrections to your
reports, if needed.
By law, you can get one free credit report
from each of the three credit bureaus
every year.
59. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
59
The three nationwide consumer reporting companies are:
✓ Equifax,
✓ Experian, and
✓ TransUnion
60. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
60
Google yourself
Enter your own name in Google, Yahoo
or other search engine and see what
data comes up.
Investigate any postings about yourself
in the information that you find.
Look for any suggestions that your PII
may be compromised. Remember that people can be a
very weak link in security
No matter how secure you make your
passwords and how careful you are
with your technology, there is always a
human element to protecting your
information.
61. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
61
Control physical access to your
devices
It’s important not leave laptops and
other mobile devices unattended in
public locations, like a coffee shop or
other location with free WiFi.
An unattended machine is at risk, for
both theft and other security threats.
When you aren't controlling physical
access to your machine, you shouldn’t
let it out of your sight.
62. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
62
Remember to logout of a website
when you are finished using it
Whether it’s your email, bank account,
retail store shopping account or library
account, always remember to logout
when you leave the website. Remember to lock your computer
with a password when you are
finished using it
By requiring a password to access your
computer (or other electronic device)
you are protecting your information.
You are also making your computer
useless to a thief who cannot break
password locks.
64. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
64
What does CIA stands for?
(No, it’s not Central Intelligence Agency)
C
I
A
Consistency
Confidentiality
Coherence
Adherence
Availability
Abstraction
Independence
Integrity
Importance
65. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
65
True or False?
Some companies do not report
breaches in order to protect their
reputations or to prevent customers
from abandoning the company.
True False
66. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
66
What is a brute-force attack?
1. password-guessing approach in which the
attacker attempts to discover a password by
testing every combination of letters, numbers,
and symbols until the correct combination is
found
2. attacker accesses password files or finds a paper
on which the legitimate user has written down
the ID and password
3. attacker deceives someone into providing the
login ID and password by posing as a supervisor,
IT maintenance personnel, or other authority
4. attacker steals backup media and has access to
the data stored within the backup
67. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
67
What is a vulnerability?
1. a malicious act that seeks to damage data, steal data,
or disrupt digital life in general
2. The probability of exposure, loss of critical assets and
sensitive information, or reputational harm as a result
of a cyber attack or breach within an organization’s
network
3. flooding a network with message traffic or
overloading resources on the computer, forcing it to
stop handling additional tasks or processing
4. a weakness that can be exploited by cybercriminals to
gain unauthorized access to a computer system
68. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
68
Remember some measures you can take to
better protect yourself:
• Keep your passwords to yourself
• Use strong passwords
• Use different passwords for different accounts
• Check your credit reports annually
• Google yourself
• Remember that people can be a very weak link in
security
• Control physical access to your devices
• Remember to logout of a website when you are
finished using it
• Remember to lock your computer with a password
when you are finished using it
71. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
Textbook
71
https://eng.libretexts.org/Courses/Prince_
Georges_Community_College/INT_1010%
3A_Concepts_in_Computing
Purchase of a book is not
required.
72. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
Professor C
72
castellr@pgcc.edu
eLearning Expert
BS & MS in Systems Engineering
BS & MS in Military Arts and Science
HC Dr in Education
IT Professor | Spanish Instructor
LCINT1010.wordpress.com
Presentation created in 01/2022.
Slides last updated on 10/2023
73. Introduction to Information Technology
7.4. Databases: Databases and Security Issues
Introduction to Information Technology
INT-1010
Prof C
Luis R Castellanos
73
07.4
Databases:
Databases and Security Issues