ABOUT US

FORUMS

PARTNERS

PRODUCTS & SERVICES

FREE RESOURCES

JOIN
NOW!

You are not logged in. Access is limited. Login or see membership information. • Streetwise Security Zone Community

Watch this Blog Notify me by e-mail any time a new post is made to this blog.

Scott Wright's editorials on a variety of security issues for non-technical business managers and home computer users. Please feel free to comment and help spread the word that managers need to think about their information security risks.

The Virus Time Machine (e-Book)
Product ID: 00000007

... What You Need to Know (and Wish You Knew Before) About Removing Virus and Malware Infections Before you start down the path of trying to fix a virus infection on your computer, you should really understand what's invol ... More »

Non-Member Price: $4.99

November 2008 Posts

Is the problem with the technology, the procedures or the people?
Mon 24th 2008 @ 6:05 AM
Clicking on links is like hitch-hiking - you never know where you'll end up
Mon 24th 2008 @ 6:03 AM
Social engineering petrie dishies could easily be more secure
Mon 24th 2008 @ 6:02 AM
Book review - IT Governance: Guidelines for Directors
Mon 24th 2008 @ 6:00 AM
Visitor access logs can be used for unintended purposes by anyone
Thu 20th 2008 @ 3:00 PM
Deterrent safeguards - they can't prevent anything, so why bother?
Thu 20th 2008 @ 2:58 PM
What's your board doing with IT?
Thu 20th 2008 @ 2:55 PM
It's not that you can't trust them, but...
Thu 20th 2008 @ 2:54 PM
Getting to secure - incrementally and practically
Thu 20th 2008 @ 2:51 PM
Scott Wright's Security Views column is moving to The Streetwise Security Zone for your convenience
Wed 19th 2008 @ 9:23 AM
Getting on the blog wagon
Wed 19th 2008 @ 9:06 AM
Instant messaging in the enterprise... security threat, privacy threat or useful tool?
Wed 19th 2008 @ 9:04 AM
If you don't have integrity, what do you have?
Wed 19th 2008 @ 9:02 AM
Magic Crypto Fairy Dust
Wed 19th 2008 @ 9:01 AM
Debit Machine Tampering
Wed 19th 2008 @ 8:59 AM
USB Tokens Can Be Risky
Wed 19th 2008 @ 8:58 AM
Voice Over IP Security
Wed 19th 2008 @ 8:53 AM
Canadian Breach Notification Laws
Wed 19th 2008 @ 8:52 AM
Book - Beyond Fear by Bruce Schneier
Wed 19th 2008 @ 8:50 AM
Welcome to Scott Wright's Security Views
Wed 19th 2008 @ 8:41 AM

If you don't have integrity, what do you have?

Wednesday, November 19th 2008 @ 9:02 AM (not yet rated) post viewed 1123 times

Originally posted - February 23, 2007

In the last while, I haven’t heard much about Data Integrity in the news. I guess that’s a good thing. Nothing to worry about, right? I doubt it. What is one of the worst threat scenarios you could imagine in your enterprise? Identity theft, credit card fraud, data compromise? Maybe. But what if someone is able to gain access to a key database server in your operations zone? Has anyone considered what could happen if the culprit was sympathetic with your competitor, or had an axe to grind with your organization’s management?

In the old days, hackers broke in and defaced Web sites. Well, in a rare bit of nostalgia lately, they were at it again when they decided to hit the Canadian Nuclear Safety Commission Web site. But nowadays it’s usually for financial gain (selling information) or serious revenge. Most of the time, they do whatever they can to cover up their tracks. This makes it hard to tell if they’ve even touched your servers.

Most often I hear of people doing Threat and Risk Assessments or Incident Investigations, and they are concentrating on what the cost is, in relation to the resale value of identity information, or loss of credibility. These are important, for sure. But I rarely hear people considering what the cost could be to an organization if their operational information in live databases is altered maliciously. How long would it take to discover? How long would it take (and how many analysts) to identify the exact roll-back point? Of course, everyone is doing database checkpoints and journalling (are you?), so it shouldn’t really be a problem to recover systems to the point of compromise, reload all the subsequent transactions to the current date? And to top it off, what if the perpetrator was a malicious internal administrator who knows what safeguards are easiest to get around without detection? Could they plant some malicious code on a server that could continue to corrupt data long after they are gone?

OK, so you might say that these are really far out scenarios. And like Bruce Schneier’s “Best Terror Movie Plot” contest, it could raise some objections that we are just giving people ideas here. That’s really underestimating the imagination of the bad guys. But that’s a whole other discussion.

The real key is to incorporate layers in your security safeguards that not only try to prevent and detect at the perimeter, but inside more secure zones, as well. And it’s not just protecting against access for theft, you must consider ways to prevent and detect unauthorized modification of operational data that your organization depends on. Imagine having buy/sell limits changed for thousands of investment clients; or flight times and fuel quantities for an airline with thousands of aircraft moving around the world…
There are features in most database systems, and there are file system integrity tools that can let you know when unscheduled or unauthorized changes are made.

The key tools for protecting data integrity are access control and detection of unauthorized changes. These risks may not be as spectacular as losing a laptop with half a million identities on it. But, I think the impact to an organization can be just as devastating if all the layers aren’t protected against less obvious attacks against data integrity.

My live security awareness webinars are a quick and affordable way to provide your entire staff with professional quality security awareness training and education - whether it's general training or for specific teams or industries. I offer group rates and can tailor content to your specific needs. Please call or email me at the coordinates below, or CLICK HERE to see my training webinar catalog.

Scott Wright

The Streetwise Security Coach

Join the Streetwise Security Zone at:
http://www.streetwise-security-zone.com/join.html

Phone: 1-613-693-0997
Email: scott@streetwise-security-zone.com
Twitter ID: http://www.twitter.com/streetsec

To receive weekly security tips and other notices about helpful content available on this site, please make sure you are on my list by clicking HERE, and entering your name and email address.

add a comment

rate this post:

Comments