pl
en
One could think that recently published T Recommendation has nothing to do with IT Security as it addresses credit risk issues. However point 14.1 has requirements directly touching database security.
From this point the following aspects in terms of database security are important:
- It is critical on database level to provide segregation of duties and enable auditing. Usually auditing is disabled or turned on only partially due to performance issues. In this case however modification of single record can lead to incorrect credit risk assessment.
- Another critical area is database interfaces. Current database servers offer multiple different interfaces with different security models. In many case those interfaces are not correctly protected. A typical example of such case can be Oracle listener, which in many configurations is available publicly.
- Data confidentiality during transfers: a lot of databases offer SSL/TLS support unfortunately this might not be the best solution as this traffic also must be inspected by IPS systems for example.