August 10, 2006 at 2:26 pm
This is interesting. A list of ways to stop industrial espionage. I was hoping to see some great ideas to protect my data, but the article just gives some general recommendations, mostly relying on encryption to keep things safe.
But it got me wondering...
How can you keep data safe from industrial espionage?
I'm not really expecting any of you to come up with the magic bullet, but it would be cool if you did 🙂
Personally I don't think you'll ever get things completely secure. It's good to take precautions to limit outside access and limit rights, but I think you really need to build a great auditing and analysis solution. To me the important things are that you know when you have issues and how to deal with them.
And along with the process, structure and control of your systems, I think you have to expect circumvention and work to clean up the reasons for it rather than crushing it. Usually people circumvent processes to get work done and you don't want to make it more difficult for them to get work done. You want to help them get work done while minimizing risk.
Of course you want to be sure when the rules are bent for nefarious purposes you know about it.
Steve Jones
August 11, 2006 at 4:10 am
Let's go back to Service Management (as per ITIL) and Audit (as per COBIT) best practice.
The job of Service Management professionals is to 'pull' the framework of corporate IT so that it:
a) Is aligned to business objectives
b) Meets Service Level and ROI targets
c) Ensures the correct resources (hardware, staff, etc) are available
d) Has identified the potential risks and put appropriate mitigation in place
e) Demonstates compliance with the above
The job of Audit is to 'push' the framework of corporate IT so that it
...does a) b) c) d) e) above...
Guarding against industrial espionage falls into d). It is not something the DBA can achieve on their own. The organisation needs to decide how much commercial value their data has, what the risks are, and how much budget they want to spend in protecting it. Corporate Security should manage this, set expectations, and mandate what level of protection should be implemented.
In the absense of corporate support the DBA should take reasonable precautions to protect the data - this is being professional. They also need to highlight the issues to their management, to help identify where the gaps in governance are.
Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.
When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara
Viewing 2 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply