database security, applications, social networking, hackers, xss, xsrf, cross site scripting, cross site request forgery, facebook , linked in, twitter
HOME
PAGE
MEMBER RESOURCES
ABOUT US
FORUMS
PARTNERS
PRODUCTS & SERVICES
FREE RESOURCES
LOGIN
HERE
JOIN
NOW!
You are not logged in. Access is limited. Login or see membership information. • Streetwise Security Zone Community
You Must Be Logged In
You must be a member of this group and logged in to rate this post. Please see the links above on joining this group and/or logging in.

To see the list of all blogs, including Scott Wright's Security Views Blog and the Streetwise Security Zone Podcast click HERE. You also can subscribe via an RSS reader, or check the "Watch This" box in the left column to receive news by email of new articles.


Watch this Blog Notify me by e-mail any time a new post is made to this blog.

Scott Wright's editorials on a variety of security issues for non-technical business managers and home computer users. Please feel free to comment and help spread the word that managers need to think about their information security risks.

The Virus Time Machine (e-Book)
Product ID: 00000007

... What You Need to Know (and Wish You Knew Before) About Removing Virus and Malware Infections Before you start down the path of trying to fix a virus infection on your computer, you should really understand what's invol ... More »

Non-Member Price: $4.99

June 2009 Posts

Archives
  Scott Wright's Security Views
Blog Entry

Its the Databases, Stupid! - You can't say you don't have one somewhere in your enterprise

Monday, June 15th 2009 @ 7:14 PM (not yet rated)    post viewed 977 times

This article has a good summary of the motivations and mechanisms that are causing social networking sites to be a threat to enterprises.

http://www.threatpost.com/blogs/social-networking-attacks-target-enterprise-data

It does cover some fundamental problems that IT security managers need to be concerned with. However, one mechanism they don't discuss is weak passwods on multiple accounts at work and at home.

Either way, the article uncovers the most likely ultimate target in your enterprise - your databases.

Most organizations have at least one database, whether it's for client lists, orders, inventory, financial accounts... anything hackers can use to make money. The database is where most of the valuable information is, and it's pretty easy to find if there are insufficient safeguards in place.

The article also points out the need for security fundamentals within the enterprise, including layered security policies and proper access controls. Security awareness is essential, especially if social networks or any outsourced Web 2.0 enterprise services on are accessible.

But, even personal Facebook pages that are only accessed from home can contain clues that allow attackers to piece together enough information to gain a foothold in an enterprise network, all in the name of getting access to your data, conveniently stashed in giant heaps within your databases.

Site Meter

 

I am now offering monthly briefings, tailored to organizations that want to build and sustain security awareness for staff. Just because your security team is too busy to do its own training and awareness doesn't mean you can't have an economical way to address human security risks. Please call or email me at the coordinates below...

Scott Wright

The Streetwise Security Coach

Join the Streetwise Security Zone at:
http://www.streetwise-security-zone.com/join.html

Phone: 1-613-693-0997
Email: scott@streetwise-security-zone.com
Twitter ID: http://www.twitter.com/streetsec

To receive weekly security tips and other notices about helpful content available on this site, please make sure you are on my list by clicking HERE, and entering your name and email address.

 

 

Site Meter

 rate this post: very bad poor average good fantastic!
Comments