Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase ««12

Securing data from internal theft Expand / Collapse
Author
Message
Posted Saturday, February 11, 2012 10:24 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: General Forum Members
Last Login: Today @ 1:11 PM
Points: 35,769, Visits: 32,440
No one get's an internet connection, all USB ports are phyiscally removed as are all other ports that could be used for memory such as flash cards, all media drives such as CDs and DVDs are physically remove, drives are fully encrypted such as Elliot suggests, keyboards, mice, and monitors are all soldered in place instead of simply being plugged in, all rooms are radio shrouded using fine mesh grounded copper screening, no electronic devices are allowed such as calculators, cell phones, no one can bring in or out a pencil, etc, no one is allowed to talk, and cavity searchs for everyone!

--Jeff Moden
"RBAR is pronounced "ree-bar" and is a "Modenism" for "Row-By-Agonizing-Row".

First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column."

(play on words) "Just because you CAN do something in T-SQL, doesn't mean you SHOULDN'T." --22 Aug 2013

Helpful Links:
How to post code problems
How to post performance problems
Post #1250847
Posted Saturday, February 11, 2012 10:46 PM
Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Today @ 12:17 AM
Points: 3,113, Visits: 11,540
At a certain point, you have to look at security vs. utility. The safest airplane is one that never leaves the ground, but it's not very useful.

There is no perfect security, unless you delete all your data. There is always some way around it, and often very low tech. Like putting a computer in a box and giving it to the mailroom to ship somewhere.


Post #1250850
Posted Monday, February 13, 2012 3:37 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Friday, June 22, 2012 1:41 AM
Points: 39, Visits: 50
There are also legal issues surrounding this. Certainly in the UK you would normally have watertight clauses in your employment contract regarding data theft, non-disclosure.

There was a data leak incident last year at a UK bank and all employees privy to the leaked data were reminded strongly about the terms covering this and the consequences if they also leaked the data.

Probably also covered by civil if not criminal law?
Post #1251081
Posted Monday, February 13, 2012 4:05 AM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Monday, September 29, 2014 10:46 AM
Points: 2,734, Visits: 943
Your data security is good as is your staff.
Take your security measures, keep the data access to a minimum and don't forget to make a good investment in HR.
Post #1251093
Posted Monday, February 13, 2012 8:54 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Thursday, October 9, 2014 1:02 PM
Points: 6,032, Visits: 5,284
david.gray 17570 (2/13/2012)
There are also legal issues surrounding this. Certainly in the UK you would normally have watertight clauses in your employment contract regarding data theft, non-disclosure.

There was a data leak incident last year at a UK bank and all employees privy to the leaked data were reminded strongly about the terms covering this and the consequences if they also leaked the data.

Probably also covered by civil if not criminal law?
Such things are very common in employee handbooks here. However the policy is only as good as people WILLING to follow it. In most cases data leaks are not criminal only civil matters. If you take client data with you and use it to build your business you haven't really committed a crime but you have probably violated your employment agreement and they can sue, but you aren't going to jail (which is pretty much how I define whether its really a crime, no jail - no crime) doesn't mean what ya did was right or that you couldn't get whacked civilly..

On military installations, when you are dealing with classified information the network wiring goes into a secure wiring closet. You aren't allowed to take ANYTHING electronic in there, about the only thing would be a watch, even then not a REALLY high tech one. PDA, nope, phone, nope, computer, nope, thumb drive, nope, etc.. If you do, it stays in there.. More than a few people have lost new phones that way.

There is always a trade-off, another poster mentioned that as well. There has to be a balance and some trust, you can never be 100% safe.

There is a book called "Beyond Fear" by Bruce Schneier (sp?) that talks alot about risk, I highly recommend it.

One thing to avoid is security theater, things that make you look safer without actually MAKING you safer. I would categorize airline security largely this way here in the states.

CEWII
Post #1251271
Posted Wednesday, February 15, 2012 3:32 PM
SSChasing Mays

SSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing Mays

Group: General Forum Members
Last Login: Thursday, December 18, 2014 8:26 PM
Points: 636, Visits: 5,020
Has anyone heard/used any of these products? What are your opinions?

http://www.appsecinc.com/products/compare.shtml

http://www.imperva.com/products/dsc_database-firewall.html

http://www.imperva.com/index.html

http://www.verdasys.com/data_loss_prevention.php



Post #1252795
« Prev Topic | Next Topic »

Add to briefcase ««12

Permissions Expand / Collapse