IS5403-1W4 podcast Quiz Solutions

Drag the words into the correct boxes

1. According to Prof Nop the 

Security

 Footprint of Databases is 

large

. 

2. This is because of 

misconfiguration

 like installing a bunch of things that you don’t need. 

3. That increases your security footprint becuase it is more 

maintenance

 and you can forget to 

update

 everything because you are focused mostly on what you use often.

4. Prof Nop says that people create databases with 

excess

 administrative privileges.

5. According to Prof Nop, Just like any code, when you don’t have something to 

sanitize

 the data coming in, the result is having 

code

 that is susceptible to 

injects

 that can damage your application.

6. According to Dr. McIver, “Just win baby" works in 

football

 but doesn’t work in 

cybersecurity

.

7. When you ignore the 

confidentiality

 and 

integrity

 portions of the CIA triad it ultimately impacts 

availability

.

8. Prof Nop says that a threat actor may not want to take down your system but 

manipulate

 the data in your system leading to bad decision making.

9. We (cybersecurity professionals) always want all 3 parts of the CIA triad but the 

business

 side needs to pick 1 to prioritize.

10. It is Prof Nop's advice that when you think about availability, think about that 

critical

 system that can’t go down.

11. 

Banking

 is the industry that Dr. McIver hesitant to do cybersecurity for

12. Prof Nop treats a 

Database

 is like a production system, you don’t want to mess with it while its being worked in.

13. Prof Nop says running the database in 

development/test

 or 

test/development

 version is a way to ensure that security won’t break a database.

14. Prof Nop says the DevSecOps is possible because you can run code through a 

pipeline

 and run security checks to ensure that the syntax is correct, check for 

vulnerabilities

, and check for unsecure configurations.

15. Cybersecurity pros need to be honest about “can’t” vs “won't’” when it comes to updating 

older/sensitive

 or 

sensitive/older

 systems.

16. Prof Nop says that you can build 

security

 around a sensitive database that can’t be 

modified

 for security purposes.

17. Prof Nop says that there is no such thing as a 

free

 lunch. In order to get something, you have to 

give

 something.

18. Dr. McIver says that the 

CISO

 is responsible for protecting the database, but business makes the 

decision

 to protect it.

19. Prof Nop uses 

segregation

 to protect the database from other parts of a network and says that if you have sensitive information don’t put it in the 

DMZ

.

20. Prof Nop says that you can also create separation by having different 

instances

, data in different 

tables

, or implementing different 

permissions

.

21. Dr. McIver didn’t understand how important 

databases

 were because he was focused on operations and hardware. Prof Nop says that working on databases are hard because the code is so 

sensitive

.

22. Prof Nop’s final bit of advice is, utilize 

Operating

 System security actions on the 

Database

 Management System. In the IT world, they segregate the 

network

, that can also be adopted in the management of databases. 

Encrypt

 your sensitive data. Database Management Systems now have features that allow for 

Role

 Based Access 

Controls

, creation of 

policies

 in the database environment, 

auditing

, or logging.  Logging allows you to determine what happened to your database.