Skip to main content

Free audit program · v0.1.0

Database Leak / Unauthorised Data Exposure — Audit Program

Attacker dumps or sells a customer database. Implies the data store was accessible from the internet, lacked encryption at rest, or had weak access controls. DLP, classification, encryption and database access auditing close the gap.

  • data breach target area
  • framework
  • 6 controls in this program
  • Mustafa Senior Reviewer
Sign in to run → Back to library

About this program

Threat context: Database Leak / Unauthorised Data Exposure

This program audits the controls that mitigate the above threat. Each procedure references one mapped control. Run the program to score your exposure.

Risks addressed

Controls (6)

  1. Data loss prevention (DLP)

    Data Loss Prevention (DLP) is a set of technologies and processes that detect, monitor, and block sensitive data from being transmitted outside authorized boundaries, whether intentionally or accidentally. DLP solutions inspect data at rest (stored files), in motion (network traffic,…

    How to test + evidence

  2. Data classification and labelling

    Data classification and labelling is the systematic categorization of organizational data assets based on sensitivity, regulatory requirements, and business impact, combined with the application of persistent metadata labels that travel with the data. Organizations define classification tiers (e.g., Public, Internal,…

    How to test + evidence

  3. Encryption at rest

    Encryption at rest protects data stored on persistent media (disk, tape, object storage, databases) by transforming it into ciphertext using cryptographic algorithms, ensuring confidentiality even if physical media is compromised or accessed without authorization. This control typically involves full-disk encryption…

    How to test + evidence

  4. Encryption in transit

    Encryption in transit protects data while it moves between systems, networks, or components by encoding it using cryptographic protocols such as TLS 1.2 or higher, SSH, IPsec, or equivalent. This control mandates that all sensitive or regulated data traversing untrusted…

    How to test + evidence

  5. Privileged access management (PAM)

    Privileged Access Management (PAM) controls the lifecycle of accounts with elevated system, application, or data permissions through dedicated tooling and processes. PAM solutions typically vault privileged credentials, enforce session recording, require just-in-time access requests with approval workflows, and rotate passwords…

    How to test + evidence

  6. Logging and alerting

    Logging and alerting is the systematic collection, retention, and real-time monitoring of security-relevant events across systems, applications, networks, and security controls to detect and respond to incidents. This control requires configuring centralized log aggregation, defining alert thresholds for suspicious activity,…

    How to test + evidence