14 DAY TRIAL // Once in a while I go searching the web to see if I can find anything on how to easily improve security. I've been reading some pretty good stuff lately, but the best thing that I came across today was a simple security plan for databases. I found it on eWeek and it is a nice and easy 5 step strategy. So here it goes:
When you're sitting on a huge pile of data, it's important to know what's under your butt. So, the first thing to do is have a good idea what's going on with your database, that's why you need to properly monitor it. Of course, you (the IT manager) don't have to do that by yourself, just deploy a special monitoring software to do it for you. It's much more efficient, trust me!
The second thing you need to do derives from the first. After you know your data, you need to properly classify it. Some things are more important than others, that's why they need better protection. Some info is for public access, so if hackers got into that part of the info stockpile there would be no problem. So, the more important the data, the tougher the security measure deployed.
The third thing is to mask your info - you need to "overlay" some bogus info on top of the real data so that your programs can properly make use of the database, without actually exposing any info. Pretty clever, huh?
One of the most important things is encryption. Don't just leave data laying around like that - make sure it's written in a code that only your programs can read, so that hackers have a tough time, even if they breach the database!
Another important thing is to let your customers know a little bit more about security. Tell them that guarding a database isn't something you do once and then it's safe. Cyber-security is generally an ongoing-process, eWeek informs. This measure is very good, because it somehow acts like a disclaimer, I think.
You may read the article in full, by clicking on this here link.