Close

OCU C)ISSO D Discussion Lesson 14

Viewing 3 reply threads
  • Author
    Posts
    • #65748
      Jessica Jagerson
      Keymaster

      Database security has many issues.  After reading this chapter and viewing the video, discuss 2 issues that you have experienced or heard about.  Explain the security issue and what happened.  If you have never experienced any of these issues, choose two to explain in detail giving examples of what could happen in an organization.

    • #85662
      Kevin Mehok
      Participant

      IST3100 Information Systems Security Officer
      Week Four
      WK4 Database Security Discussion
      Kevin Mehok

      Hey Class,

      This is wide scope to discuss. As database security includes a variety of measures used to secure database management systems from malicious cyber-attacks and illegitimate use (Imperva, 2023). I have learned this week that database security programs are designed to protect not only the data within the database, but also the data management system itself, and every application that accesses it, from misuse, damage, and intrusion (Imperva, 2023). I felt that this is an extreme important point to fully comprehend as an Security Officer (SO).

      Database security encompasses tools, processes, and methodologies which establish security inside a database environment (Imperva, 2023). Okay, so what are we fighting against or potentially defending against? THREATS! Even insider threats. For example, an insider threat is a security risk from one of the following three sources, each of which has privileged means of entry to the database:

      A malicious insider with ill-intent (Imperva, 2023).

      A negligent person within the organization who exposes the database to attack through careless actions (Imperva, 2023).

      An outsider who obtains credentials through social engineering or other methods, or gains access to the database’s credentials (Imperva, 2023).

      An insider threat is one of the most typical causes of database security breaches and it often occurs because a lot of employees have been granted privileged user access (Imperva, 2023).

      Another attack type worth discussing is a database-specific threat involving the use of arbitrary non-SQL and SQL attack strings into database queries (Imperva, 2023). Typically, these are queries created as an extension of web application forms or received via HTTP requests (Imperva, 2023). This may seem like super power hacker stuff, but it is not really that complicated. In fact, nearly all database system are vulnerable to these attacks, if developers do not adhere to secure coding practices, and if the organization does not carry out regular vulnerability testing (Imperva, 2023).

      The defense starts with understanding the enemy.

      That’s all I’ve got.

      God Bless,

      Kevin

      • #85675
        Marcena Davis
        Participant

        Hi Kevin,

        I completely agree with you on the importance of database security. It’s fascinating to learn about the various measures that are used to protect sensitive data from cyber-attacks and misuse. As you mentioned, database security programs not only protect the data within the database but also the entire data management system and every application that accesses it.

        It’s scary to think that threats can come from both inside and outside an organization. I was surprised to learn that insider threats are one of the most common causes of database security breaches. It’s crucial to ensure that employees with privileged user access are thoroughly vetted and monitored to prevent potential threats.

        Another type of attack that caught my attention was the use of arbitrary non-SQL and SQL attack strings into database queries. It’s scary to think that almost all database systems are vulnerable to these attacks if developers do not follow secure coding practices and if the organization does not conduct regular vulnerability testing.

        It’s clear that understanding the enemy is the first step in defending against these threats. Thanks for sharing your insights on this important topic.

      • #85774
        Kelly Crooks
        Participant

        Kevin, thanks for sharing your thoughts on security threats. As I mentioned earlier and commented on Marcena’s post, insider threats have always been a concern to me, even before starting IT classes. It seems to me that some organizations are easier to steal or leak information from than others, even with security protocols in place. I always keep in mind the old saying “too many cooks spoil the broth”.

    • #85674
      Marcena Davis
      Participant

      Database security is a crucial aspect of any organization’s security infrastructure. After reading through the chapter and watching the video on database security, I realized that there are many security issues that organizations must address to protect their sensitive data.

      One issue that comes to mind is SQL injection attacks. These attacks occur when an attacker uses malicious SQL statements to gain unauthorized access to a database. The attacker can then manipulate, steal, or delete sensitive data. I have heard of several instances where SQL injection attacks have resulted in significant data breaches, causing immense financial and reputational damage to organizations.

      Another issue that concerns me is insider threats. These threats are posed by individuals who have authorized access to an organization’s database, such as employees or contractors. Insider threats can occur due to intentional actions, such as stealing or leaking data, or unintentional actions, such as inadvertently exposing sensitive information. Insider threats can be challenging to detect and prevent, making them a significant concern for organizations.

      Overall, database security is a complex and evolving field, and organizations must continually assess and improve their security measures to protect against potential threats.

      • #85681
        Kevin Mehok
        Participant

        Marcena,

        I have a huge database guy, and I have data sorted literally all over the place. I track daily metrics, and through put, however, I have learned to save and compile data, always. I do so using SQL often. However, some of this data my be none company areas like my Microsoft cloud. I keep work and school data there. I can understand the risks involved here, even when I think that this data is being responsibly kept and secured. This week, for me, personally, has been an eye opener.

        God Bless,

        Kevin

      • #85726
        Kelly Crooks
        Participant

        Marcena, insider threats have always been a concern of mine as well. I think they have always been a concern because, as you said, individuals such as employees or contractors have access to the origination data. They have the authority to access sensitive data and information. There are too many variables that can play a role in the loss or theft of that data by those individuals. I think about what happened last month with the young man in the military stealing, copying, and sharing sensitive military data from the Pentagon. Even with all of the security protocols, procedures, policies, and background checks he was still able to leak that information. I often think that someone there wasn’t doing their job correctly.

    • #85686
      Kelly Crooks
      Participant

      Unfortunately, I have been the victim of several of the security issues listed in the textbook, especially when our company first had access to the internet and my parents were in charge of the business. The first one on the list was bad password hygiene. I have to take most of the blame on this one because it happened within the last few years. I decided it would be a good idea to try out a cloud-based bookkeeping program. I set it up using what I thought was a strong, secure password. I got all the customer information, banking information, payroll, reports, vendors, and tax information uploaded to the cloud. Everything was good for the first month or so, but then I had customers calling me asking me why charges were being made on their credit cards from my store. It took me a while to figure out what had happened. The password I thought was strong and secure turned out not to be so strong and secure. Someone had accessed my cloud storage and got over 330 customers’ data. Data that included banking and financial information, address, phone numbers, and email addresses. Luckily the cloud-based program fixed the problem right away and the charges that had been made on the customer’s cards were all refunded except for $1100 which our insurance took care of. I learned a very valuable and expensive lesson about how I set my passwords and where I store them.

      The second security issue that I have been a victim of is phishing. This happened to my wife and I years ago. She was looking for a legit online work-from-home job. We found one and talked to the people and everything seemed good. We paid them $199.00 (which should have been our first clue) and they emailed us all the paperwork. That was the last we heard from them but they continued to take $69.99 out of our checking account each month. We talked to our bank and we filed a police report but there wasn’t much they could do. It cost us several hundreds of dollars and we lost our checking account because they kept letting the money be deducted and it put us in the hole more and more each time. Needless to say, that was another expensive lesson to learn about security threats. If I had known then what I know now, I wouldn’t have even thought about giving them our information.

      • #85720
        Marcena Davis
        Participant

        Hi Kelly, thank you for sharing your personal experience with security issues. It’s unfortunate that you have been a victim of bad password hygiene and phishing. However, your experience serves as a valuable lesson for all of us about the importance of strong passwords and being cautious about providing personal information online. It’s great to hear that the cloud-based program was able to fix the issue and that your insurance covered most of the charges. As for the phishing incident, it’s unfortunate that you lost money and had to close your checking account. It’s a good reminder to always be cautious and do research before providing personal information or paying for services online.

Viewing 3 reply threads
  • You must be logged in to reply to this topic.

SUPPORT

Please Note:

The support ticket system is for technical questions and post-sale issues.

 

If you have pre-sale questions please use our chat feature or email information@mile2.com .

Cybersecurity Certifications for Today's INFOSEC Careers

Mile2 Cybersecurity Certifications is a world-leader in providing accredited education, training, and certifications for INFOSEC professionals. We strive to deliver the best course ware, the strongest Cyber Range, and the most user-friendly exam system in the market.

 

Our training courses follow our role-based Certification Roadmap. Plus, many of our classes include hands-on skill development in our Cyber Range.  We train students in penetration testing,disaster recovery, incident handling, and network forensics.  Additionally, our Information Assurance training certification meets military, government, private sector and institutional specifications.  

 

Accreditations

We've developed training for...

Canada Army Navy Airforce

The Canadian Department of National Defense

USAF

The United States Air Force

Defense Logistics Agency

A United States Counterintelligence Agency

Texas Workforce Commission

Texas Workforce Commission