S3SS10N Wednesday – Aggregation, Inference, and Polyinstantiation

Instructor -

Kelly HanderhanSkilled and certified in CISSP, CASP, and PMP, SME Kelly has taught several courses on Cybrary and is highly praised for her ability to effectively communicate important information in a relate-able and understandable way. You can view her extended (2 minute) bio here.Don't forget to comment and up-vote this S3SS10N!Tell us what you think, and share your own knowledge.

Notes

[insert_vertical_space the_pixels="20"] Purpose of this Session:This lesson offers an overview of the non-technical threats to databases; specifically, aggregation and inference and the solution is polyinstantiation.Protecting databases - Databases have been around for a very long time and the information held within them needs to be protected. Aggregation is the concept of pulling enough information together to see a bigger picture. Inference is taking this aggregated information and using it to make an attack. Polyinstantiation is a way of protecting information via multiple instances of a non-truth. In a database, this might work via using a military database to log in as someone without a security clearance and seeing information about a ship delivering food to Africa; but if someone with a high security clearance logs in to see the information, they would see that same event, but it would disclose the truth: the ship is delivering ammunition to the Middle East. Small measures like this can go a long way toward protecting secret information.Listen to/Download the MP3