Building a Database Security Program

Presented at DerbyCon 2.0 Reunion (2012), Sept. 30, 2012, 1 p.m. (50 minutes)

In today’s world of Information Security, we implement technical controls almost everywhere. As such, you would probably be hard pressed to find an up-to-date InfoSec department that didn’t manage firewalls, IDS/IPS systems, Web Application Firewalls, HIDS/HIPS, AV for clients and servers, and full disk encryption for laptops. While these types of systems can be useful, in most cases they fail to prevent a company’s IP and customer data from being stolen by attackers.

This talk will present a model that can be used by companies to effectively detect and prevent such breaches by implementing a database security program focused on business integration, proactive security controls, and continuous monitoring and alerting. Examined will be the key focus areas of the program along with how each provides greater visibility to security and the business, and makes it possible to respond quicker to potential security incidents – potentially preventing a breach altogether.

Presenters:

• Matt Presson
  Matt is an Application Security Analyst with Willis North America where he is responsible for performing penetration tests/vulnerability assessments of internal and third party applications, as well as designing and implementing the organization’s database security strategy. Matt has been in the Information Security industry for 5 years and holds a number of industry certifications from GIAC and (ISC)^2.

Similar Presentations:

• DerbyCon 7.0 Legacy (2017) / Run your security program like a boss / practical governance advice
• DeepSec 2018 „I like to mov &6974,%bx“ / Blinding the Watchers: The Growing Tension between Privacy Concerns and Information Security
• Black Hat USA 2010 / Security is Not a Four Letter Word