What is the NYDFS Cybersecurity Regulation?

What is the NYDFS Cybersecurity Regulation?

The New York Department of Financial Services released the NYDFS Cybersecurity Regulation (23 NYCRR 500) in 2017, a set of regulations which place cybersecurity requirements on all DFS regulated entities. This regulation was put into effect at a time where cybersecurity threats are growing, with players coming from nation states such as Russia, to independent criminal actors, or even terrorist organizations. The goal of this regulation is to not only protect customer information but to also protect a company’s own…

Read More Read More

Database Security Best Practices – Simple & Worthwhile Concepts – Part III

Database Security Best Practices – Simple & Worthwhile Concepts – Part III

Database security is a hot topic these days, especially with all the new and seemingly never-ending security compliance requirements being imposed such as GDPR. This means that organizations and their DBAs must step up their game when it comes to database security. Some DBAs may think these new requirements apply only to production but depending on the situation DBAs may well need to apply stricter security across the board – including development and all test databases (e.g. unit testing, stress…

Read More Read More

2019 Verizon DBIR Key Findings

2019 Verizon DBIR Key Findings

Two Trends and Themes Worth Thinking About Why do we all get so excited about the Verizon Data Breach Investigations Report (DBIR) every year? For me, it’s not just the subject matter. It’s mostly the snarky tone and the pop-culture references. Call it what you will, but the injection of humor into an otherwise serious set of findings of our seemingly collective ineptitude makes it at least palatable to read and thus easier to digest. Seriously though, while it’s not…

Read More Read More

DATABASE SECURITY BEST PRACTICES – SIMPLE & WORTHWHILE CONCEPTS – PART II

DATABASE SECURITY BEST PRACTICES – SIMPLE & WORTHWHILE CONCEPTS – PART II

Database security is a hot topic these days, especially with all the new and seemingly never-ending security compliance requirements being imposed such as GDPR. This means that organizations and their DBAs must step up their game when it comes to database security. Some DBAs may think these new requirements apply only to production but depending on the situation DBAs may well need to apply stricter security across the board – including development and all test databases (e.g. unit testing, stress…

Read More Read More

What is APRA’s CPS 234? Part 2

What is APRA’s CPS 234? Part 2

This is our second part of a two-part series regarding APRA’s new prudential standard of CPS 234 and how this can potentially impact an organisation. Part 1 focused primarily on the background of the CPS 234 and the beginning of the controls necessary to put in place to begin getting ready. Today we are going to talk about the additional steps necessary around risk management and some of the best practices to assist with that risk management in regards to…

Read More Read More

Database Security Best Practices – Simple & Worthwhile Concepts – Part I

Database Security Best Practices – Simple & Worthwhile Concepts – Part I

Database security is a hot topic these days, especially with all the new and seemingly never-ending security compliance requirements being imposed such as GDPR. This means that organizations and their DBAs must step up their game when it comes to database security. Some DBAs may think these new requirements apply only to production but depending on the situation DBAs may well need to apply stricter security across the board – including development and all test databases (e.g. unit testing, stress…

Read More Read More

What is APRA’s CPS 234? Part 1

What is APRA’s CPS 234? Part 1

If you are located in Australia or do business in Australia, you may be an Australian Prudential Regulation Authority (APRA) regulated entity. If you are unsure, take a trip to APRA’s website and see whether it’s applicable to you or not. For the sake of this blog let’s say you are regulated or are just interested in what it means if you are. In that case, you may be subject to the new prudential standard of CPS 234. So, What…

Read More Read More

How to Implement STEALTHbits Access Library Connectors

How to Implement STEALTHbits Access Library Connectors

With the advent of the STEALTHbits Access Library, today we are going to have a quick Protip in the form of how to best implement these connectors and what the little “gotchas” might actually be. Obtaining Access Library Connectors First, let’s talk about getting the modules downloaded correctly. On the STEALTHbits homepage, there is a “LOGIN” option in the upper-right of the screen: Make sure to login with the credentials provided to you by STEALTHbits! If you don’t have any…

Read More Read More

New! STEALTHbits Access Library – Flexible Access Auditing Across Any Platform

New! STEALTHbits Access Library – Flexible Access Auditing Across Any Platform

Historically most organizations would attempt to standardize on one platform internally for unstructured data and another for structured data. This meant separating off the unstructured data to a singular admin (or team), and the structured off to a different admin (or team) and the business remained divided in that manner. These could take many forms – SharePoint, File Servers, SQL Server, Oracle, OpenText, etc., yet the concept remained the same across all those platforms. With one for each type of…

Read More Read More

Securing Structured Data

Securing Structured Data

Editor’s Note: Read this related blog:“The Structured Future of Data Access Governance“. There are generally two kinds of data: structured and unstructured. An oversimplification shown in Figure 1 below is essentially correct. When we say, “structured data”, we usually mean traditional data that possess organized layouts with somewhat predictable growth characteristics. In fact, for relational databases, we would further assume that means spreadsheet-like tables having rows and columns (a.k.a. relations, tuples, and attributes). So, for now, let’s just focus on…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.