Scheier's (2006) article

Essay by ontherun2_00@yahoo.cUniversity, Master'sA+, September 2007

download word file, 23 pages 5.0

Downloaded 72 times

Scheier Week 5 DQ 1

University of Phoenix

DBM500: Database Concepts

August 24, 2007

�

Scheier's (2006) article discusses the importance for organizations to protect their databases with multi-layered and multi-faceted security. Pick two of the many types of threats that the author identifies and summarize the security measures that the author says are advisable for dealing with them. Then discuss how your current or previous organization secures its data against those types of threats.

Scheier's (2006) article identifies two treats to organizational data as disgruntled and forgetful employees.

Scheier states that, "disgruntled employees using legitimate access rights to prowl for data" that later sell that data to the highest bidder is a threat to the company. An organization can protect itself by utilizing many defensive tools that Scheier states including: access control and authentication, database access monitoring tools and data encrypting tools.

Scheier indicates that forgetful employees can easily lose or have their notebook stolen and the valuable information contained can be sold.

Similar to the disgruntled employee threat, authentication and authorization along with data encryption can help protect this sensitive data.

Today, my company uses all of the defenses identified by Scheier. We require authorization and authentication to access any assets. We require encryption of data and email located on notebooks, and we monitor all accesses to our databases.

In his article, Scheier (2006) discusses the potential threats to and the defense of a company's data. Scheier discusses the disgruntled employee who has legitimate rights to view information; employees who forget to take precautions and have their notebooks stolen, and those employees looking to sell information to make a buck.

An interesting point he makes is that organizations "often encrypt too little or too much data or fail to build defenses against the most likely threats. What to...