Summary


               Data is the most valuable resource many organizations possess.
               Therefore, it’s critical that information security practitioners
               understand the necessity of safeguarding the data itself and the

               systems and applications that assist in the processing of that data.
               Protections against malicious code, database vulnerabilities, and
               system/application development flaws must be implemented in every
               technology-aware organization.

               Malicious code objects pose a threat to the computing resources of
               organizations. These threats include viruses, logic bombs, Trojan
               horses, and worms.


               By this point, you no doubt recognize the importance of placing
               adequate access controls and audit trails on these valuable
               information resources. Database security is a rapidly growing field; if
               databases play a major role in your security duties, take the time to sit
               down with database administrators, courses, and textbooks and learn
               the underlying theory. It’s a valuable investment.


               Finally, various controls can be put into place during the system and
               application development process to ensure that the end product of
               these processes is compatible with operation in a secure environment.
               Such controls include process isolation, hardware segmentation,
               abstraction, and contractual arrangements such as service-level
               agreements (SLAs). Security should always be introduced in the early
               planning phases of any development project and continually

               monitored throughout the design, development, deployment, and
               maintenance phases of production.