Welcome!

Weblogic Authors: Yeshim Deniz, Elizabeth White, Michael Meiner, Michael Bushong, Avi Rosenthal

News Feed Item

Center for Internet Security Publishes Consensus-Based Security Configuration Benchmarks for Key Database Platforms

The Center for Internet Security (CIS), a not-for-profit organization focused on enhancing cyber security readiness and response in the public and private sectors, today announced the release of benchmarks that provide security configuration guidance for two of the leading database servers in the enterprise marketplace: Oracle Database 11g R2 and Microsoft SQL Server 2008 R2 Database Engines. By implementing these CIS benchmarks, users can now follow a well-established list of settings to safely harden their systems.

The CIS Oracle Database 11g R2 and CIS Microsoft SQL Server 2008 R2 Benchmarks include specific, detailed guidance for a wide range of security configuration settings, including recommendations for auditing and logging, file/directory permissions and system authentication.

These CIS security guides are the result of a consensus-based peer review process of subject matter experts, providing perspectives from a diverse set of backgrounds including consulting, software development, audit and compliance, security research, operations, government and legal. Dr. Alan Carter Covell of Qualys, along with Alexander Kornbrust of Red Database Security, Paul Wright, and Kevvie Fowler of Ringzero, Inc. provided key contributions to this effort.

“Database security is essential for organizations of all sizes and across all sectors, particularly as our data becomes more critical to business operations and the need to better protect it grows. These new CIS benchmarks provide clear, results-oriented guidance to help entities implement security for their data and database systems,” said Rick Comeau, Executive Director, CIS Security Benchmarks Division. “We are pleased to work with our industry partners and subject matter experts to develop these consensus-based resources and make them available to a broad audience.”

The new CIS Security Configuration Benchmarks are available for download free-of-charge on the CIS website:

Oracle Database 11g R2
Microsoft SQL 2008 R2

For access to all CIS Benchmarks, which provide recommended secure configuration controls spanning server and desktop operating systems, network and mobile devices, desktop software applications and more, visit CIS Security Benchmarks. CIS Benchmarks are widely accepted by auditors to meet a number of compliance requirements, including those within FISMA, PCI, HIPAA and GLB.

CIS also encourages those interested in volunteering their time and expertise to the consensus development of future CIS security benchmarks to sign up online.

About the Center for Internet Security

The Center for Internet Security (CIS) is a not-for-profit organization whose mission is to enhance the cyber security readiness and response of public and private sector entities, with a commitment to excellence through collaboration. The CIS Security Benchmarks Division provides cost-effective, consensus-based and internationally recognized solutions that help organizations improve their cyber security and compliance posture.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

IoT & Smart Cities Stories
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
DXWorldEXPO LLC, the producer of the world's most influential technology conferences and trade shows has announced the 22nd International CloudEXPO | DXWorldEXPO "Early Bird Registration" is now open. Register for Full Conference "Gold Pass" ▸ Here (Expo Hall ▸ Here)
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
Machine Learning helps make complex systems more efficient. By applying advanced Machine Learning techniques such as Cognitive Fingerprinting, wind project operators can utilize these tools to learn from collected data, detect regular patterns, and optimize their own operations. In his session at 18th Cloud Expo, Stuart Gillen, Director of Business Development at SparkCognition, discussed how research has demonstrated the value of Machine Learning in delivering next generation analytics to impr...
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform and how we integrate our thinking to solve complicated problems. In his session at 19th Cloud Expo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and sh...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time t...
What are the new priorities for the connected business? First: businesses need to think differently about the types of connections they will need to make – these span well beyond the traditional app to app into more modern forms of integration including SaaS integrations, mobile integrations, APIs, device integration and Big Data integration. It’s important these are unified together vs. doing them all piecemeal. Second, these types of connections need to be simple to design, adapt and configure...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and simple way to introduce Machine Leaning to anyone and everyone. He solved a machine learning problem and demonstrated an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/business intelligence and Bi...
Contextual Analytics of various threat data provides a deeper understanding of a given threat and enables identification of unknown threat vectors. In his session at @ThingsExpo, David Dufour, Head of Security Architecture, IoT, Webroot, Inc., discussed how through the use of Big Data analytics and deep data correlation across different threat types, it is possible to gain a better understanding of where, how and to what level of danger a malicious actor poses to an organization, and to determ...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in ...