Securing SQL Backups

  • Comments posted to this topic are about the content posted at http://www.sqlservercentral.com/columnists/bkelley/securingsqlbackups.asp

    K. Brian Kelley
    @kbriankelley

  • Excellent article Brian, and one which applied equally to sysadmins and security managers. Highlights too the failings of auditors, who all too often seem to only be after ticks in boxes to obtain paper compliance, rather than really testing that the procedures that are in place actually work. Should be required reading for anyone who runs a business that relies on IT.


    Jon

  • Exactly. Auditors seek evidence that you have valid procedures. Depending on the audit, they may not seek evidence you're actually following them. Also, even though you have it documented, that doesn't mean you're doing it. That's a key point. Sometimes a pair of eyeballs and a pen test is what is needed to verify everyone is keeping the organization safe. Independent auditors are an essential part of any organization's security posture. They aren't the only part, however.

    K. Brian Kelley
    @kbriankelley

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply