On the BBC's Panorama programme the DWP recently admitted that in the last 12 months, 158 people have been disciplined for unlawful access to personal medical information. Of all information that needs to be kept securely, surely personal medical information must come at the very top of the priority list! |
- Intrusion Prevention – Intrusion prevention technology can prevent you against SQL Injection and Cross Site Scripting attacks. McAfee Database Activity Monitoring and McAfee Intrusion Prevention work at the application layer to identify these attacks and block them.
- Protection against Zero Day Attacks - No database administrator wants to implement emergency patches to their SQL server / Oracle application servers outside their normal patching cycles if they can avoid doing so. McAfee Database Activity Monitoring and Trend Micro DeepSecurity protect you against zero day threats until such time as you are able to apply the manufacturer's patches as part of your normal patching cycle.
- Database Access Monitoring – The first step to securing information on your databases is being able to report on access to personal / confidential information on your databases (e.g. medical information and credit card information) so that you can identify who is accessing this information and consequently which users may have been granted inappropriate access rights. Rules may also be configured to block unauthorised access to sensitive information.
Technology to implement robust data security is not cheap, but withe the Information Commissioner handing out increasing penalties on those organisations that fail to protect personal information, companies need to seriously consider their risk profile and whether some form of data protection may be a wise investment taking into account the potential cost of breach notification procedures, loss of reputation or worse.
No comments:
Post a Comment
Do you have a burning "How do I do that?" IT question that you need an answer to? Post it here and one of our engineers will answer it if they can. If we can't, we will get back to you and let you know nonetheless.