Question

Upon opening your browser early one morning, you see a Yahoo! News story about an arrest that was made the previous day involving a major cybercrime ring. As you read more of the story, it seems that authorities are going through computers and servers seized from the criminals' offices and have identified more than 20 companies that may have had their customer and retail transactions compromised. One of the companies listed, it turns out, was SuperMart, Inc., the company for which you have been employed as a database administrator for the past nine years. You leave a message on the office phone of your superior, John Dalton, the CIO of SuperMart.

SuperMart is a medium-sized retail company that evolved from a grocery chain in the 1980s. While the corporation has 200 stores, primarily in your region of the country, it carries a full line of grocery and household items in large outlets that are linked by a very up-to-date computer network with real-time integration of data into a series of databases. Your department has been working on a project that will be transferring all data into a data warehouse and streamlining data mining operations. Security for the system is handled by a security department for physical security, an IT security division of the network administration department, and by the team of data security and privacy specialists within your own data management department.

Even in these early moments of this possible breach of security, after your shock wears off, you understand that the CIO's response will be to meet immediately with all security personnel, with the database administrator, the network manager, the corporate legal team, and possibly the CEO and CFO. You have assigned your assistant to get as much information as possible from authorities, and you are making initial notes on a plan to proceed with SuperMart's response to such a potentially toxic data breach.

Using the scenario above research and discuss the 3 topics below.

• Explain the tools available to database administrators that would prevent security breaches such as the one that may have occurred at SuperMart.
• Describe the strategies that are available to database administrators that would prevent security breaches such as the one that may have occurred at SuperMart.
• Identify the laws, rules, and standards that may be applicable to SuperMart and this possible security breach.

Answer 1

Explain the tools available to database administrators that would prevent security breaches such as the one that may have occurred at SuperMart.

- There are plenty of tools available to prevent security breaches but the most advanced and helpful are as follows:

1) SIEM : Security Information and Event Management

It centrally collects data from multiple devices on your network, including your existing security appliances. With the use of advanced correlation engine, it is able to proactively identify security events not otherwise detected by standalone security technology

2) EDR : Endpoint Detection and Response

it prevents security breaches with endpoint detection and response with the help of artificial intelligence.

3) Patch management

It is a simple process that tends to be overlooked by already overwhelmed IT employees but, to prevent security breaches, this can have the biggest impact

4) Vulnerability Management

Performing only a single vulnerability scan each year or quarter puts organizations at risk of not uncovering new vulnerabilities.

Describe the strategies that are available to database administrators that would prevent security breaches such as the one that may have occurred at SuperMart.

- Train your employees and educate them about cybersecurity

- Protect the data

- Enforce strong passwords wide and schedule changes at least every six months

- Monitor data and its transfer this will prevent the data form being misued or exploited

- Limit access to certain systems by people who are not connected to the department and make sure the sensitive data is handled only by relevant professionals

- Patch vulnerabilities

- Encypt devices and data as they are more prone and vulnerable to attacks

- Two-factor authentication

- Limit Downloading

- Always keep a Breach Recovery Plan

Identify the laws, rules, and standards that may be applicable to SuperMart and this possible security breach

- The National Conference of State Legislatures

- Directive on Privacy and Electronic Communications