For years we have been locking down the software to protect information. This presentation puts the focus where it belongs: identifying, protecting, and selecting the correct tools to protect your data. We will go through defining the attack surface, various attack vectors and mitagations.
- Attack Vector: how does your information leak. Including an open and frank discussion of organized gangs (ie Anonymous)
- Risk identification and mitigation. Identify the risks in your system and come up with mitigation strategies.
- Audit. Identify what to audit based on your risks. Audit too much and you will get bogged down, too little audit and you may miss a breach of security.
- Database encryption. Encrypting the database, the tablespace, the tables or atomic data? What is the cost and how do you accomplish it.
- Network encryption. What are the risks of man in the middle attack? How to setup network encryption.
- Backup encryption. What are the risks of losing a backup tape? How to encrypt backups using RMAN.
- Data redaction. Who gets to see sensitive data? Do you want to expose credit card numbers or other PII to users? Introduction on how to setup data redaction.
- Data Masking. Do you refresh the test or QA environment from production? Does your need your testers to have access to your production data?