DB031 Holistic Approach to Database Security 

For years we have been locking down the software to protect information. This presentation puts the focus where it belongs: identifying, protecting, and selecting the correct tools to protect your data. We will go through defining the attack surface, various attack vectors and mitagations.

Subjects covered:

  • Attack Vector: how does your information leak. Including an open and frank discussion of organized gangs (ie Anonymous)
  • Risk identification and mitigation. Identify the risks in your system and come up with mitigation strategies.
  • Audit. Identify what to audit based on your risks. Audit too much and you will get bogged down, too little audit and you may miss a breach of security.
  • Database encryption. Encrypting the database, the tablespace, the tables or atomic data? What is the cost and how do you accomplish it.
  • Network encryption. What are the risks of man in the middle attack? How to setup network encryption.
  • Backup encryption. What are the risks of losing a backup tape? How to encrypt backups using RMAN.
  • Data redaction. Who gets to see sensitive data? Do you want to expose credit card numbers or other PII to users? Introduction on how to setup data redaction.
  • Data Masking. Do you refresh the test or QA environment from production? Does your need your testers to have access to your production data?