What Good Is Data Security?
-
I got this link from another newsletter and it caught my eye. Bank fraud from an outsourced company?, I had to check this out. Apparently while making a phone payment to a bank, from the phone number on the credit card statement, the account information was snagged by the employee at the other end of the phone and used to purchase things.
Sound secure, and it should be. At least until the phishers start trying to send us real junk mail to fool people. And then what do you do? I guess pretty soon you'll only be able to go to the company's website and get their number by typing in their address. But that's another problem.
The real issue here is, well there's two issues. One is that bean counting jerk-*** corporate management is too concerned about saving a few shekels. Not much to be done there, but the other issue is the lack of security checks on outsourced companies. It's related to the first problem, but it's something that government and customers can do something about. If you have doubts, send this link to your bank and let them know ahead of time they should be watching out for things like this.
So what does this have to do with data security? It's an end-around, a back door, a way that compromises all the work you do as a DBA to protect data. The humans are often the weak links in any system, and despite all your password policies, the roles and rights granted, the best practices you employ, your data can still be easily stolen because the human factor hasn't been considered.
Sometimes things like this make me want to throw up my hands and not worry so much about security. If all my efforts can't prevent data theft because nobody checks out employees than what's the point?
The point is I'm a professional and I take pride in that. At least I can do my part and if fail, at least I know I've done my best.
Steve Jones
-
There was a good joke long time ago in Russia:
Phone call to the classified facility: "........Hi, Is it a secret plant?" The facility was quickly relocated because of the security breach. As soon as they moved, they got the same phone call, so they re-located the plant again, as soon as they moved the second time, they got a similar phone call again: "Hi, is it a secret plant?" The manager lost his patience and replied: "Yes, Yes, what do yah want..." -"Could I talk to Maria from the third production line? Tell her it is her boyfriend calling"
Yelena
Regards,Yelena Varsha
-
Yelena - LOVED your joke....there're Marias, however, all over the world! Bottom line is - outsourced company or not - a dishonest employee is a dishonest employee is a....
the old saying goes - "set a thief to catch a thief" - it's an "outsmarting" game and similar to the refrain of the present administration about terrorism - "THEY need to be right just once whereas we need to be right all the time"
**ASCII stupid question, get a stupid ANSI !!!** -
Sushila,
I like your quote too. It reminded me of something from Agatha Christie's stories about Ms Marple (I don't remember which) where she says something like that" The thief did the wrong thing once and the person he stole from is wrong 100 times because he suspects 100 innocent people)
Talking a DBA stuff, there is a risk accessment that is making its way in regulated processes. You don't have to be right all the time, you have to estimate when exactly you have to be right.
Here is a risk accessment joke for you: "2 cowboys in the bar are looking through the window and one is saying: -Look, did you just see an Uncatchable Joe on his horse? The other is asking - You mean he has this nickname because nobody could catch him? The first replies:-Who need him anyway?"
Regards,Yelena Varsha
-
Yelena - I almost stopped reading beyond "Agatha Christie...." - always been a huge fan and own every single one of her books - reread them a zillion times but haven't read one in almost 5-6 yrs now...guess you've set the tone for my weekend reading...
As for "estimating when exactly to be right" it'll be interesting to see a list of all the criteria & how they're weighed - I'm hard put to think of any except "24/7" !!!
**ASCII stupid question, get a stupid ANSI !!!** -
Sushila,
Now I LOVE ASCII expression!
For some reason I don't worry about your good sence after "Agatha Christie University". It is actually one of my favorite authors too. In addition to John Galsworthy.
By the way, did you ever read "Trap for Cinderella" by Sebastien Japrisot? You can get it in the library. Add to it a movie "Les Enfants Du Paradis" -"Children of Paradise" by Marcel Carne (1945), you can get it in Blockbuster with English subtitles or maybe you can get an English version - and your weekend will be all set. Mine at least is - I just found out I am working Sunday.
As for the risk analysis: I always quote SQL Server 2000 Security White Paper: After 60 pages of elaborated security features in the last paragraph it says: "And don't forget to lock your Data Center" (actual wording was "Restrict Physical Access")
Regards,Yelena Varsha
-
Yelena - never did get around to reading Galsworthy - hadn't heard of Japrisot - thanks for the tips on reading and movies..(how did you know I'm a movie buff - splly. foreign films ?!
LOL on the risk analysis quote!
& now I really must go...here's my "crazy quote" for you...
"Suicidal Twin Kills Sister By Mistake!"
**ASCII stupid question, get a stupid ANSI !!!** -
I work for a financial institution. We are finally setting up online mortgage lending, building for SSL and security, the works.
One of our VPs was questioning about the end user using wireless. We had to tell him -- "We can't be responsible for the data being interceped that way.
----------------
Jim P.A little bit of this and a little byte of that can cause bloatware.
Viewing 8 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply