Close

Reply To: OCU ISSO D Week 04 Lesson 14 Discussion

#85662
Kevin Mehok
Participant

IST3100 Information Systems Security Officer
Week Four
WK4 Database Security Discussion
Kevin Mehok

Hey Class,

This is wide scope to discuss. As database security includes a variety of measures used to secure database management systems from malicious cyber-attacks and illegitimate use (Imperva, 2023). I have learned this week that database security programs are designed to protect not only the data within the database, but also the data management system itself, and every application that accesses it, from misuse, damage, and intrusion (Imperva, 2023). I felt that this is an extreme important point to fully comprehend as an Security Officer (SO).

Database security encompasses tools, processes, and methodologies which establish security inside a database environment (Imperva, 2023). Okay, so what are we fighting against or potentially defending against? THREATS! Even insider threats. For example, an insider threat is a security risk from one of the following three sources, each of which has privileged means of entry to the database:

A malicious insider with ill-intent (Imperva, 2023).

A negligent person within the organization who exposes the database to attack through careless actions (Imperva, 2023).

An outsider who obtains credentials through social engineering or other methods, or gains access to the database’s credentials (Imperva, 2023).

An insider threat is one of the most typical causes of database security breaches and it often occurs because a lot of employees have been granted privileged user access (Imperva, 2023).

Another attack type worth discussing is a database-specific threat involving the use of arbitrary non-SQL and SQL attack strings into database queries (Imperva, 2023). Typically, these are queries created as an extension of web application forms or received via HTTP requests (Imperva, 2023). This may seem like super power hacker stuff, but it is not really that complicated. In fact, nearly all database system are vulnerable to these attacks, if developers do not adhere to secure coding practices, and if the organization does not carry out regular vulnerability testing (Imperva, 2023).

The defense starts with understanding the enemy.

That’s all I’ve got.

God Bless,

Kevin

SUPPORT

Please Note:

The support ticket system is for technical questions and post-sale issues.

 

If you have pre-sale questions please use our chat feature or email information@mile2.com .

Cybersecurity Certifications for Today's INFOSEC Careers

Mile2 Cybersecurity Certifications is a world-leader in providing accredited education, training, and certifications for INFOSEC professionals. We strive to deliver the best course ware, the strongest Cyber Range, and the most user-friendly exam system in the market.

 

Our training courses follow our role-based Certification Roadmap. Plus, many of our classes include hands-on skill development in our Cyber Range.  We train students in penetration testing,disaster recovery, incident handling, and network forensics.  Additionally, our Information Assurance training certification meets military, government, private sector and institutional specifications.  

 

Accreditations

We've developed training for...

Canada Army Navy Airforce

The Canadian Department of National Defense

USAF

The United States Air Force

Defense Logistics Agency

A United States Counterintelligence Agency

Texas Workforce Commission

Texas Workforce Commission

error: Alert: Content is protected !!