MIS 5214 - Section 001 - David Lanter
March 24, 2022 by Jose Gomez 39 Comments
Patrick Jurgelewicz says
March 26, 2022 at 11:13 pm
How are Data Loss Prevention Systems useful in an Information System, and where are some places they can be located in a network?
Vraj Patel says
March 29, 2022 at 10:47 am
One of the place the Data Loss Prevention Systems could be places is at the mail server. Which can detect all the mails going out for any of the PII or PHI information and either quarantine that email or reject that email from getting sent out.
kofi bonsu says
March 27, 2022 at 5:14 am
What is the “data controller” and “data processor?
Madalyn Stiverson says
March 28, 2022 at 12:43 pm
A data controller dictates how and why information should be processed. Sometimes, the actual processing of information is outsourced to a data processor.
Victoria Zak says
March 29, 2022 at 10:00 pm
A data controller is the person who determines the purposes which personal data is processed, A data processor is anyone who processes the personal data of the data controller.
Kyuande Johnson says
March 30, 2022 at 7:36 pm
The data controller, in essence, oversees how data is used, controls and oversees the duties of the data processor, and ensures that data is used, stored, and processed in accordance with the guidelines of the GDPR.
The data processor processes personal data only on behalf of the controller. The data processor is usually a third party external to the company.
Dan Xu says
March 27, 2022 at 10:51 am
Besides backups, what is the best way to avoid data loss, theft or corruption?
Kelly Sharadin says
March 28, 2022 at 6:23 pm
Configure external sharing controls to limit unnecessary exposure of data as well as to enable DLP policies.
March 29, 2022 at 10:54 am
I do agree with Kelly that DLP could be in places to avoid the data loss. Along with the RAID data storage technique could be used as well to avoid the corruption of the data as the RAID provides the data redundancy.
March 29, 2022 at 10:07 pm
There are several ways to avoid data loss, theft, and/or corruption such as physical security, using passwords (8+ characters, special character, numeric, uppercase, and lowercase), data encryption, and blocking access to a user’s personal data.
March 27, 2022 at 12:09 pm
Despite the proliferation of ransomware attacks, organization still lack many database controls. How can enabling database auditing help security professionals detect an unauthorized user from accessing a database?
March 28, 2022 at 10:49 pm
Database auditing can detect an unauthorized user from accessing a database by creating a log for logins (failed logins, logins at strange hours, etc.), changes (to database structure, privileges, protections, etc.), and warnings. Immediate triggers such as Data Definition Language or Data Manipulation Language triggers can notify database administrators when certain risky behavior is attempted.
March 29, 2022 at 10:18 pm
Database auditing is reviewing and documenting the activity of a user on the database. This can help detect suspicious activity and unauthorized activity. Administrators should utilize an audit trail report to monitor and keep track of user’s activity.
March 27, 2022 at 12:51 pm
How does legislation shape standards for preventing and responding to breaches?
Antonio Cozza says
March 27, 2022 at 10:34 pm
Legislation will have a heavy influence on preventing breaches based on the standards that organizations must be in compliance with, however most organizations only do this at the bare minimum level, achieve compliance, and then maintaining compliance between audits is a different story. Legislation also has a heavy influence on responding to breaches as depending on location where certain laws apply, organizations must, for example, report data breaches within a certain amount of time. Investigations will uncover the adequacy of and adherence to the data protection laws in place where the organization does business.
Michael Jordan says
March 29, 2022 at 11:51 pm
Legislation shapes standards for preventing and responding to breaches by explicitly writing out legal policies that must be adhered to by organizations, but also by creating guidelines for how breaches of these policies should be reprimanded. Legal responses to breaches in these legislative policies should be strong enough to deter any other company from having the same issues, because if not, organizations will not care to follow the law.
Dhaval Patel says
March 27, 2022 at 8:00 pm
What are the different RAID levels?
March 27, 2022 at 10:10 pm
Three of the more common RAID levels are RAID 0, 1, and 5.
March 29, 2022 at 3:37 am
The most common types are RAID 0 (striping), RAID 1 (mirroring) and its variants, RAID 5 (distributed parity), and RAID 6 (dual parity). Multiple RAID levels can also be combined or nested, for instance RAID 10 (striping of mirrors) or RAID 01 (mirroring stripe sets).
Andrew Nguyen says
March 27, 2022 at 9:03 pm
One question that I would like to ask my classmates this week is :
How can you achieve database security?
March 29, 2022 at 10:58 am
There many ways to secure the database. This are the couple of ways that the database could be secure: enabling an secure protocol for services, disable unused ports, implement an secure authentication method, and by regularly taking backup of the database.
Lauren Deinhardt says
March 29, 2022 at 1:23 pm
Hi Andrew. You could attain database security through deploying a defense-in-depth information security program. By conducting backup best practices, such as the use of continuous data protection, logical and physical access controls, and at-rest/in-transit data encryption, a database can be secured with a plethora of security “walls”.
March 27, 2022 at 10:03 pm
what are your thoughts on port obfuscation / does it actually have a place in security?
March 28, 2022 at 12:47 pm
Port obfuscation is the act of changing the port number of a service to a number not typically used in an attempt to obfuscate the service that the web server is offering.
This is not an effective method to protect your company. It is typically used to clean up logs. If logs are cleaner, sometimes it’s easier to track the more pressing threats. Ultimately, security by obscurity is not an ideal method, and other more useful methods should be prioritized.
March 29, 2022 at 11:24 am
I don’t see port obfuscation being beneficial in preventing attacks. Sure it may deceive a “script kiddy”, but typically they are not going to be very effective. It can be helpful to get rid of the “noise” in logs if say port 22 is getting attacked many times a day, but there are many other forms of security that can be established.
March 27, 2022 at 11:51 pm
What is the best way to ensure that a ransomware attacker cannot gain access to an organizations backed-up data?
March 28, 2022 at 12:49 pm
One way to accomplish this is by enforcing non-repudiation, encryption, and storing your backups ideally offsite and offline, or at least using a method of authentication outside of active directory.
March 28, 2022 at 6:17 pm
Enable Database audit logs to alert on failed logon attempts. Early detection leads to timely prevention of a successful compromise.
zijian ou says
March 28, 2022 at 12:31 am
How to efficiently avoid SQL injection？
March 28, 2022 at 6:20 pm
Ensure developers have sanitized input validation to prevent attackers from entering arbitrary code and that error handling messages are not returned to the client but rather forwarded to the database administrator for review.
March 28, 2022 at 10:22 pm
What is the most efficient type of data backup?
March 29, 2022 at 7:43 am
A full backup is the most complete type of backup where you clone all the selected data. This includes files, SaaS applications, hard drives and more. The highlight of a full backup is the minimal time it requires to restore data.
March 30, 2022 at 7:41 pm
The incremental backup is the most efficient in regard to storage space. A full backup is a total copy of your organization’s entire data assets, which backs up all of your files into a single version. An incremental backup covers all files that have been changed since the last backup was made, regardless of backup type.
March 29, 2022 at 8:45 am
If there is any organization using the DLP would they need to have any specific policies for DLP? If so, what should be included within that policy?
March 29, 2022 at 1:21 pm
What is the difference between continuous data protection (CDP) and hot-hot/active-active BCDR configurations?
March 30, 2022 at 7:16 pm
What does Raid Stand for ?
and What Are all the levels of Raid ?
Bernard Antwi says
April 20, 2022 at 10:38 pm
As with many terms in project management, RAID is an acronym that spells out a specific technique. RAID in project management stands for risks, assumptions, issues, and dependencies.
Olayinka Lucas says
April 20, 2022 at 9:59 pm
What are the key challenges and Difficulties of Data Protection
April 20, 2022 at 10:34 pm
What are the advantages of an external Data Protection Officer compared to an internally appointed DPO?
You must be logged in to post a comment.