The following security white papers are available from Privacy-Assured and its partners:
White Papers from Application Security Inc.
Database Security Best Practices: 10 Steps to Reduce Risk
In the United States alone, the number of records that have been compromised since February 2005 has ballooned to a staggering 218 million. The effects of a publicized security breach are palpable— business’ reputations are dragged through the mud and consumers grow wary that their private data has fallen prey to identity theft and credit fraud. Analysts estimate that the cost to notify victims and remediate impact post breach have increased to almost $200 per compromised record.
ESG Market Research Study: Database Security and Compliance Risks
According to ESG Research there are a large number of independent risks to confidential data stored in databases and that many large organizations remain extremely vulnerable to compliance audit failures and data breaches. Users recognize weaknesses in their security processes, controls, and technologies, but continue to lack the adequate funding, senior management oversight, organizational support, and security skills needed to address these issues.
An Examination of Database Breaches at Higher Education Institutions
Since 2008, higher education institutions have experienced a staggering 158 data breaches resulting in over 2.3 million reported records compromised – and these numbers do not include unreported breach information. In 2009, there were a total of 57 reported data breaches and year to date through July, there have already been 32 breaches.1 Considering that most breaches are not reported until well after the fact, it stands to reason that we are on pace to surpass the 2009 breach totals.
White Papers from Breach Security
Web Application Security in Higher Education: Common Challenges and Employment of a Web Application Firewall (WAF)
This paper focuses on protecting information residing in Web applications or, more accurately, in databases that support those applications. Applications are exposed to the Web to reduce cost through self-service, ubiquity and reach, time-to-market advantages, and improved services. But to counter that exposure steps must be taken to protect applications including persistent defense and simulated attack exercises to test defenses against the latest security attacks.
White Papers from Voltage
Extending EMV Security
To address rising credit card fraud int he 1980s and the 1990s, the major card brands began introducing a new smart card-based system for handling card payment transactions. The intention was to migrate from magnetic stripe-based credit and debit card systems, which were more vulnerable to attack and compromise, to an integrated chip-based payment card system. Based on the Europay MasterCard Visa (EMV) specification, the smart card approach provided credit risk management features and reduced processing costs.
White Papers from Dataguise
Steps to Discovery and Protection of Sensitive Data: Find IT. Search IT. Mask IT.
Enterprise applications are the repositories for a wide variety of sensitive data. HR systems can contain information about employees and their dependents such as salaries, taxpayer IDs, names and addresses, and medical histories. Sales automation applications contain customer information such as credit card numbers, card expiration dates, addresses and telephone numbers. Supply chain applications contain proprietary information such as pricing and sales margins while financial applications contain financial performance data. The need to satisfy requirements for regulatory compliance, data theft prevention and sound corporate governance make it imperative that organizations implement the necessary controls to prevent exposure of this sensitive information.
Protecting Data in Databases vs. Applications: Better Security and Compliance at Lower Cost
Solutions for safeguarding sensitive data housed in database management systems vary from encrypting data at the application level to defense-indepth protection of the database itself. Aberdeen’s analysis shows clear-cut advantages for database security rather than application-level security requiring encryption of data: based on the same number of applications, 30% fewer incidents of data loss or data exposure, 15% greater efficiency at addressing common audit requirements, and 34% lower annual cost of