databases

Federal cybercrimes growing

Thu, 24 Jan 2008 06:59:59 -0500

It's really no surprise that cybercrime has been increasing in the federal government, and it's just as likely that it is growing in the private sector, too. The Veterans Affairs Department, the Transportation Security Administration, the Internal Revenue Service and several other federal agencies have been hit by attacks in the last two years. As a result, the Congressional High Tech Caucus is looking at the issue and will likely try to deal with it by pressing for more funding for agencies.

The federal space is ripe for many kinds of solutions. Some agencies are turning to information security management tools to deal with these kinds of threats. Other agencies are looking at replacing older low-tech solutions with higher level ones. The job of the CIO is never done in either the federal sector or the commercial one. With cybercrime on the rise, it surely is important to find the best ways to protect your system and to make sure your databases are insulated from theft.

For more on cybercrime in the federal sector:
- Check out this Washington Technology article

Security woes dog Microsoft

Mon, 03 Dec 2007 06:59:59 -0500

Microsoft Office, as well as other pieces of enterprise software, has security holes that are causing problems for Internet users, according to the SANS Institute's annual security report. According to the report, one of the largest problems is that developers aren't using secure enough coding techniques to create Web applications. And that gives hackers a chance to tap into reams of databases with information connected to them.

Overall, the report spells bad news for Microsoft as the company struggles to deal with problems connected to Vista and other applications. The report pointed to vulnerabilities in the applications suite which jumped nearly 300 percent between 2006 and 2007. New flaws in Excel allow hackers to construct documents that can infect a computer with malicious software if they are opened. The report also said that there is a rise in spyware--programs that surreptitiously collect data on a user's computer. The number of websites rigged with spyware increased 187 percent this year.

If you think you have escaped the hackers' attacks, think again. The report said hackers are getting smart about attaching malicious documents to email with an enticing name. To add to the bait, the hacker makes it look like it is coming from someone the recipient knows. If this is a problem for you, remember that training is the best defense against an offense.

For more on the SANS security report:
- See this Washington Post article

When an actor gets hacked

Mon, 15 Oct 2007 07:00:00 -0400

Like many CIOs these days, actor George Clooney found out the hard way that databases can get hacked and information can be leaked. Clooney's medical records were grabbed out of the system at a New Jersey hospital where he was taken following a recent motorcycle accident. More than two dozen members of the hospital staff, including doctors, were suspended without pay following an investigation.

Tough luck, you might say. But this is a problem everywhere, not just at hospitals or even at financial centers that handle large amounts of money. Every CIO must make sure that databases are as tight as a drum and cannot be breached. "We conduct audits on a regular basis to make sure our systems are protecting individuals' rights," Eurice Rojas, the hospital's vice president of external affairs, told The Associated Press.

Do you? Is your staff well-trained in preventing intrusions? And more importantly, does the staff of your company know there are consequences to violating a person's privacy? While securing data is probably the most important job you have--and the most difficult--letting insiders know that security violations will not be tolerated is just as important, even if it is for a peek at a Hollywood hunk's medical chart. -Judi

ALM grows up

Sun, 06 May 2007 20:01:38 -0400

Application lifecycle management is growing up. ALM 2.0 offers more dynamic applications and services-oriented architecture, transforming software development and deployment into a managed business process and more componentized software. Business applications must be integrated at both the information level and the data level, even if they are different code sets or physically different databases. ALM 2.0 is a positive step toward finding one coherent answer to any kind of business question, no matter what the toolsets. But along with more functionality comes the need for better coordination between design and real-world use.

Read more about ALM 2.0:
- read the article at E-Commerce Times

Navigating the red tape of compliance

Tue, 24 Apr 2007 20:01:36 -0400

The starting point for any compliance exercise is to carry out a full audit to understand what information the business holds, what its vulnerabilities are and what elements of the IT systems can be locked down. These include databases, information storage systems and business applications, which could put customers and the business itself at risk. Next, publish a security policy and inform everyone who works in the organization about what is and what is not allowed. Software products also can help organizations better audit, test and document their security processes. Examples include an on-demand PCI compliance service from Qualys and an enterprise-wide threat management and real-time compliance tool from Tier-3. Other suppliers include Computer Associates and IBM.

Learn more about compliance:
- read the article at ComputerWeekly

ALSO:
- read this on how flexible compliance saves time and money
- this on how compliance is more of an art than a science
- and this on compliance taking a leap forward

Using technology to court talent

Thu, 19 Apr 2007 20:01:39 -0400

It takes more than intuition and newspaper ads to keep a your employee coffers full these days, and technology can help. Relationship databases are a good way to keep track of interested candidates and to stay in continual contact until you need them. Instead of a static database or an applicant tracking system, it is a repository of comprehensive personal information that contains an element of interactivity that keeps people engaged with the company. The technology is similar to customer relationship management (CRM) database tools, but these tools allow companies to communicate regularly, highlight job openings, nurture candidate interest and collect data on skills and capabilities over time. With these systems, however, it is often the candidates themselves who contribute much of the information to the database. When contact is made with an individual and an e-mail address is collected, the system can kick out an e-mail with a link inviting the individual to visit the company's recruiting web site to complete a questionnaire that can gather any type of information the recruiter desires. This creates a pool of proprietary talent for the company.

Learn more about relationship databases for recruiting talent:
- read the article at CIO Today

ALSO:
- read this on using coaches to hire IT staff
- this on hiring as a CIO focus
- and this on unique hiring strategies

Social responsibility: a CIO function

Wed, 04 Apr 2007 20:01:39 -0400

According to a survey by market research firm AMR Research, CIOs aren't taking an active enough role in their companies' corporate social responsibility (CSR) initiatives. Often, the data and information needed to prioritize CSR investments and measure its impact are spread across organizations in disparate systems and databases. It's the CIO's responsibility to take ownership of this problem. For example, a successful CSR initiative would include information accessed from a company's enterprise resource planning (ERP) system--something CIOs should recognize and incorporate. But as companies realize the business benefits, CSR is becoming a front-of-mind issue for many organizations. That should change the way that CIOs view CSR over time.

For more about the importance of CSR:
- read the article at ZDNet

Integrating privacy controls

Wed, 28 Mar 2007 20:01:36 -0400

To ensure that personal data is fully protected, it's critical to build privacy controls into IT applications and systems. One area where this is particularly crucial is in Web 2.0 technologies, which require integrated privacy controls because they facilitate individuals posting large quantities of potentially personal data. In the case of Web 2.0, these controls should automatically destroy data after a certain period of time and delay material going live by providing a "cooling-off" period between posting and publication. Another important area is databases, which have the potential for sensitive data leaks, data misuse and errors caused by data entry personnel. When it comes to databases, never store data in an unencrypted form and check data regularly with the source to maintain accuracy.

Read more about integrating privacy controls:
- read the article at ITWeek

Don't skimp on data management

Wed, 21 Feb 2007 19:01:38 -0500

Not spending enough time, effort or money on enterprise data management can lead to increased risk and decreased competitive advantage, especially in financial firms. Without effective data management, companies often have dozens of different databases with redundant information--much of it wrong--and dozens of applications that use data from as many as 15 third-party providers. Failing to dedicated the resources to fix this mess can leave financial firms non-compliant with Sarbanes-Oxley and other federal data retention and compliance statutes, while also exposing companies to increased financial and operational risk. Investing in effective technology to clean up enterprise data stores will yield big dividends.

Learn more about developing an effective enterprise data management strategy:
- read the article at Wall Street & Technology

Bill may strengthen security requirements for databases

Thu, 08 Feb 2007 19:01:38 -0500

A bill introduced in the U.S. Senate this week will strengthen requirements for all online databases that hold personal information. The Personal Data Privacy and Security Act of 2007, currently in discussion, would basically hold IT managers responsible for security breaches when personal information is stolen. The law would require companies with databases containing sensitive personal information to implement stringent data privacy and security programs and to notify law enforcement officials whenever access of that data by unauthorized individuals is detected.

Read more about the new database security bill:
- read the article at BetaNews