Drag the words into the correct boxes
1. According to Prof Nop the Security Footprint of Databases is large
2. This is because of misconfiguration like installing a bunch of things that you don’t need.
3. That increases your security footprint because it is more maintenance and you can forget to update everything because you are focused mostly on what you use often.
4. Prof Nop says that people create databases with excess administrative privileges.
5. According to Prof Nop, Just like any code, when you don’t have something to sanitize the data coming in, the result is having code that is susceptible to injects that can damage your application.
7. When you ignore the confidentiality and integrity portions of the CIA triad it ultimately impacts availability
8. Prof Nop says that a threat actor may not want to take down your system but manipulate the data in your system leading to bad decision making
9. We (cybersecurity professionals) always want all 3 parts of the CIA triad but the business side needs to pick 1 to prioritize.
10. It is Prof Nop’s advice that when you think about availability, think about that critical system that can’t go down.
11. Banking is the industry that Dr. McIver hesitant to do cybersecurity for
12. Prof Nop treats a Database is like a production system, you don’t want to mess with it while its being worked in.
13. Prof Nop says running the database in development/test or test/development version is a way to ensure that security won’t break a database.
14. Prof Nop says the DevSecOps is possible because you can run code through a pipeline and run security checks to ensure that the syntax is correct, check for vulnerabilities, and check for unsecure configurations.
15. Cybersecurity pros need to be honest about “can’t” vs “won’t’” when it comes to updating older/sensitive or sensitive/older system
16. Prof Nop says that you can build security around a sensitive database that can’t be modified for security purposes.
17. Prof Nop says that there is no such thing as a free lunch. In order to get something, you have to give something.
18. Dr. McIver says that the CISO is responsible for protecting the database, but business makes the decision to protect it.
19. Prof Nop uses segregation to protect the database from other parts of a network and says that if you have sensitive information don’t put it in the DMZ.
20. Prof Nop says that you can also create separation by having different instances, data in different tables, or implementing different permissions
21. Dr. McIver didn’t understand how important databases were because he was focused on operations and hardware. Prof Nop says that working on databases are hard because the code is so sensitive.
22. Prof Nop’s final bit of advice is, utilize Operating System security actions on the Database Management System. In the IT world, they segregate the network, that can also be adopted in the management of databases. Encrypt your sensitive data. Database Management Systems now have features that allow for Role Based Access Controls, creation of policies in the database environment, auditing, or logging. Logging allows you to determine what happened to your database.