By Raj Soni As president & CEO of Adaptive Systems Inc, a firm exclusively focused on data privacy, security and compliance, “why should I monitor my databases?” is a question I get asked all the time. Many clients have said that their databases are in a secure zone and in a...
By Asha Abraham We’ve already covered common approaches to qualitative cyber risk analyses in the previous blog post and highlighted key differences between qualitative and quantitative assessments. Here we will look at how to actually quantify cyber risk. According to Factor Analysis of Information Risk (FAIR)1, cyber risk management is about...
By Asha Abraham Information and associated technologies are the lifeblood of a business entity today and the tangible assets that fuel our digital economy. In a digital world where technology domains converge to enable business at machine speed, cyber risk is the risk that technology, especially connected technologies introduce into your...
I’m sure you have asked yourself this question, right? Simple answer: SQL Injection. "...they probably stole the database credentials out of the [web] application…" According to the below article and many others online, the data breach occurred due to a web app vulnerability. This article explains technically what happened. http://securityaffairs.co/wordpress/62934/hacking/equifax-hack-struts.html Excerpt from the above article: “For...
What is General Data Protection Regulation (GDPR)? Who has to Comply with GDPR? Does your organization collect European Union (EU) citizen data? If yes, then you most certainly need to comply. The EU passed this privacy regulation which includes requirements for protecting personal information, make sure that it stays private and...
What is WannaCry2? A rapidly spreading cyberattack that was first detected in March and has impacted businesses in nearly 100 countries. Currently, the source of the attack is unknown. The WannaCry2 attacks have crippled critical infrastructure, including hospitals, telecommunications and distribution/supply chain services. The scale of this attack was possible because of a vulnerability...
“The number one thing about Data(base) security is that you have to know what you have.” An important first step to protect sensitive data is to identify its existence. As the 2016 Data Breach Investigations Reports says, “You can’t effectively protect your data if you don’t know where it resides”. This...
Change Ticket Auto-reconciliation Many organizations, to meet audit requirements, spend an inordinate amount of time collecting all the changes from Guardium and reconcile these changes with their ticketing system to identify approved and unauthorized changes. We at Adaptive Systems have developed a change ticket auto-reconciliation capability that allows organizations to track all...