Securing Your Sensitive Data with EKM & TDE. on SQL Server 2008/2012
|
|
- Cecil Thomas
- 8 years ago
- Views:
Transcription
1 Securing Your Sensitive Data with EKM & TDE on SQL Server 2008/2012
2 About The Speaker Founder & CEO of Townsend Security Leading data security expert 30 years IT industry experience
3 Introduction Organizations of all sizes are under multiple compliance regulations Encryption is perceived to be the hardest part of compliance Key management is perceived to be the hardest part of encryption
4 Session Roadmap Compliance and Standards Key Management Critical for Compliance Microsoft EKM Architecture EKM Supported Platforms Transparent Data Encryption Cell Level Encryption
5 Session Roadmap (cont.) Performance Considerations Should I upgrade? The Business Case Migrating to EKM with Key Management How about SharePoint and Dynamics Encryption?
6 PCI DSS Credit Card Payments HIPAA / HITECH Act Medical GLBA / FFIEC Banking and Finance State Privacy (proposed Federal)
7 Compliance and Standards (Cont.) FISMA Federal Govt. FERPA Educational Institutions Federal Trade Commission Consumer Fraud
8 Where Do Regulations Come From? National Institute of Standards and Technology (NIST) International Standards Organization ISO American National Standards Institute ANSI IEEE Key Management for Storage
9 What are the Standards and Certifications? AES encryption standard is from NIST AES Validation Cryptographic module certification for key management is from NIST FIPS RSA and ECC cryptographic module certification is from NIST RSA and ECC validation FIPS certification
10 Key Management: Critical for Compliance Dual Control & Separation of Duties why do they matter? Not new concepts, very common in financial operations
11 Dual Control Two or more people authenticate to perform ONE operation Example: Two signatures required on checks Key Management: Two or more people must authenticate
12 Separation of Duties Different people perform different operations Example: Different person prints the checks than signs them Key Management: Different people manage encryption keys than manage databases Locally stored keys result in audit failures
13 SQL Server EKM Capabilities Extensible Key Management starting with SQL Server 2008 Transparent Data Encryption (TDE) Cell Level Encryption HSM hosted keys Symmetric and Asymmetric Encryption
14 EKM Supported Platforms SQL Server 2008 Enterprise Edition or higher SQL Server 2008 R2 Enterprise Edition or higher SQL Server 2012 Enterprise Edition or higher SQL Server Developer and Evaluation Editions
15 Non EKM Platforms EKM not supported on: SQL Server 2000 SQL Server 2005 SQL Server 2008/2012 Express Edition SQL Server 2008/2012 Standard Edition SQL Server 2008/2012 Web Edition
16 SQL Server EKM Architecture SQL Server with EKM support EKM Provider software (vendor provided) Key manager HSM
17 Transparent Data Encryption (TDE) Entire table space is encrypted Temporary space and logs are encrypted Symmetric key is protected by Asymmetric key on key manager Encryption key protected by the HSM
18 Transparent Data Encryption (TDE) Symmetric key is unlocked during SQL Server start SQL Server performs all encryption tasks (not an HSM task)
19 EKM TDE with HSM example create cryptographic provider KeyConnection from file = 'C:\Program Files\Townsend Security\Key Connection for SQL Server\bin\EkmProvider.dll';
20 EKM TDE with HSM example use master; create asymmetric key rsa_key from provider KeyConnection with provider_key_name = 'RSA- KEY', creation_disposition = open_existing;
21 EKM TDE with HSM example use mydatabase; create database encryption key with algorithm = AES_256 encryption by server asymmetric key rsa_key;
22 EKM TDE with HSM example alter database mydatabase set encryption on;
23 Migrating EKM TDE encryption to an HSM strategy Without a key server HSM, SQL Server data encryption key is protected by key encryption key stored on the server Migrating to HSM protection is easy just two or three commands
24 Cell Level Encryption Only selected cells (columns) are encrypted Requires changes to SQL statements EKM Provider called for each encryption request Symmetric keys are retrieved from key manager HSM as needed EKM Provider performs encryption tasks
25 EKM Cell Level HSM example create cryptographic provider KeyConnection from file = 'C:\Program Files\Townsend Security\Key Connection for SQL Server\bin\EkmProvider.dll';
26 EKM Cell Level HSM example select provider_id from sys.dm_cryptographic_provider_properties where friendly_name = 'Key Connection for SQL Server';
27 EKM Cell Level HSM example select * from sys.dm_cryptographic_provider_keys(provider_id);
28 EKM with HSM example create symmetric key my_key from provider KeyConnection with provider_key_name = 'KEY01-128', creation_disposition = open_existing;
29 EKM with HSM example select encryptbykey(key_guid('my_key'), 'Hello World'); select decryptbykey(some_column) from some_table; insert into my_table values (encryptbykey(key_guid('my_key'), 'Hello World', 1, 'Townsend Security'));
30 Performance considerations TDE works best on small and mid-sized databases TDE imposes about 1.5% to 2% performance impact Backups may take longer with TDE due to low compression
31 Performance considerations Cell Level Encryption is best for large databases EKM Provider can help with Cell Level encryption performance
32 Upgrade for EKM? The Business Case Cost/Benefit analysis is important in upgrade scenarios Most companies view encryption as risk mitigation ROI is not appropriate TDE is low impact from a maintenance point of view
33 SharePoint Encryption? SharePoint 2010 supports SQL Server TDE
34 Dynamics CRM Encryption? Microsoft Dynamics CRM applications with SQL Server TDE
35 Dynamics CRM Encryption What Microsoft says about Dynamics CRM 4.0 with TDE encryption: For business scenarios that require a level of protection for the entire database at rest, consider enabling TDE, which test results confirm will have a minimal effect on the performance of existing applications.
36 Thank You Conclusion
ENCRYPTION KEY MANAGEMENT SIMPLIFIED A BEGINNER S GUIDE TO ENCRYPTION KEY MANAGEMENT
ENCRYPTION KEY MANAGEMENT SIMPLIFIED A BEGINNER S GUIDE TO ENCRYPTION KEY MANAGEMENT IS THIS ebook RIGHT FOR ME? Not sure if this is the right ebook for you? Check the following qualifications to make
More informationEncryption Key Management for Microsoft SQL Server 2008/2014
White Paper 0x8c1a3291 0x56de5791 0x450a0ad2 axd8c447ae 8820572 0x5f8a153d 0x19df c2fe97 0xd61b5228 0xf32 4856 0x3fe63453 0xa3bdff82 0x30e571cf 0x36e0045b 0xad22db6a 0x100daa87 0x48df 0x5ef8189b 0x255ba12
More informationAlliance Key Manager Cloud HSM Frequently Asked Questions
Key Management Alliance Key Manager Cloud HSM Frequently Asked Questions FAQ INDEX This document contains a collection of the answers to the most common questions people ask about Alliance Key Manager
More informationMicrosoft SQL Server Integration Guide
Microsoft SQL Server Integration Guide Document Information Document Part Number 007-011108-001 (Rev J) Release Date August 2013 Trademarks All intellectual property is protected by copyright. All trademarks
More informationPrivateServer HSM EKM Provider for Microsoft SQL Server
PrivateServer HSM EKM Provider for Microsoft SQL Server January 2014 Document Version 1.1 Notice The information provided in this document is the sole property of Algorithmic Research Ltd. No part of this
More informationSecuring Data on Microsoft SQL Server 2012
Securing Data on Microsoft SQL Server 2012 Course 55096 The goal of this two-day instructor-led course is to provide students with the database and SQL server security knowledge and skills necessary to
More informationKey Management in the Multi-Platform Environment
White Paper 0x8c1a3291 0x56de5791 0x450a0ad2 axd8c447ae 8820572 0x5f8a153d 0x19df c2fe97 0xd61b5228 0xf32 4856 0x3fe63453 0xa3bdff82 0x30e571cf 0x36e0045b 0xad22db6a 0x100daa87 0x48df 0x5ef8189b 0x255ba12
More informationMS-55096: Securing Data on Microsoft SQL Server 2012
MS-55096: Securing Data on Microsoft SQL Server 2012 Description The goal of this two-day instructor-led course is to provide students with the database and SQL server security knowledge and skills necessary
More informationCritical Steps to Encryption & Key Management in the Microsoft Azure Cloud
White Paper 0x8c1a3291 0x56de5791 0x450a0ad2 axd8c447ae 8820572 0x5f8a153d 0x19df c2fe97 0xd61b5228 0xf32 4856 0x3fe63453 0xa3bdff82 0x30e571cf 0x36e0045b 0xad22db6a 0x100daa87 0x48df 0x5ef8189b 0x255ba12
More informationThales Database Security Option Pack. for Microsoft SQL Server Integration Guide. www.thales-esecurity.com
Thales Database Security Option Pack for Microsoft SQL Server Integration Guide www.thales-esecurity.com Version: 2.0 Date: 4 May 2012 Copyright 2012 Thales e-security Limited. All rights reserved. Copyright
More informationAlliance Key Manager Solution Brief
Alliance Key Manager Solution Brief KEY MANAGEMENT Enterprise Encryption Key Management On the road to protecting sensitive data assets, data encryption remains one of the most difficult goals. A major
More informationAlliance AES Key Management
Alliance AES Key Management Solution Brief www.patownsend.com Patrick Townsend Security Solutions Criteria for selecting a key management solution for the System i Key Management is as important to your
More informationAutomatic Encryption With V7R1 Townsend Security
Automatic Encryption With V7R1 Townsend Security 724 Columbia Street NW, Suite 400 Olympia, WA 98501 360.359.4400 THE ENCRYPTION COMPANY 25 years experience data communication and data security Recognized
More informationMySQL Security: Best Practices
MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationBMC s Security Strategy for ITSM in the SaaS Environment
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
More informationTransparent Data Encryption: New Technologies and Best Practices for Database Encryption
Sponsored by Oracle : New Technologies and Best Practices for Database Encryption A SANS Whitepaper April 2010 Written by Tanya Baccam, SANS senior instructor and course author for SEC509: Oracle Database
More informationDeploying PGP Encryption and Compression for z/os Batch Data Protection to (FIPS-140) Compliance
Deploying PGP Encryption and Compression for z/os Batch Data Protection to (FIPS-140) Compliance Patrick Townsend Software Diversified Services/Townsend Security August 9, 2011 Session Number 9347 PGP
More informationSQL Server Encryption Overview. September 2, 2015
SQL Server Encryption Overview September 2, 2015 ABOUT ME Edmund Poillion Data Platform Systems Engineer Skyline Associate since 1999 Started in App Dev, changed focus to SQL Server in 2012 Email: epoillion@skylinetechnologies.com
More informationPreface. Microsoft Office Sharepoint Server 2007 Integration Guide. 2009 SafeNet, Inc. All rights reserved. Part Number: 009804-001 (Rev A, 06/2009)
Microsoft Office Sharepoint Server 2007 Integration Guide Preface Preface 2009 SafeNet, Inc. All rights reserved. Part Number: 009804-001 (Rev A, 06/2009) All intellectual property is protected by copyright.
More informationSafeNet MSSQL EKM Provider User Guide
SafeNet MSSQL EKM Provider User Guide Version 4.8.5 Documentation Version: 20080705 Copyright Information 2009 SafeNet, Inc. All rights reserved All intellectual property is protected by copyright. All
More informationKey Management Best Practices
White Paper Key Management Best Practices Data encryption is a fundamental component of strategies to address security threats and satisfy regulatory mandates. While encryption is not in itself difficult
More informationSafeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST
Safeguarding Data Using Encryption Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST What is Cryptography? Cryptography: The discipline that embodies principles, means, and methods
More informationVormetric Data Security Platform Data Sheet
Vormetric Data Security Platform Data Sheet The makes it efficient to manage data-at-rest security across an entire organization. The Vormetric Data Security Platform is a broad set of products that share
More informationSafeNet DataSecure vs. Native Oracle Encryption
SafeNet vs. Native Encryption Executive Summary Given the vital records databases hold, these systems often represent one of the most critical areas of exposure for an enterprise. Consequently, as enterprises
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationAlliance AES Encryption for IBM i Solution Brief
Encryption & Tokenization Alliance AES Encryption for IBM i Solution Brief A Complete AES Encryption Solution Alliance AES Encryption for IBM i provides AES encryption for sensitive data everywhere it
More informationMicrosoft Dynamics CRM 2011 Installation and Deployment
Microsoft Dynamics CRM 2011 Installation and Deployment Course 80296; 2 Days, Instructor-led Course Description This two-day instructor course covers the installation and configuration of Microsoft Dynamics
More informationUsing BroadSAFE TM Technology 07/18/05
Using BroadSAFE TM Technology 07/18/05 Layers of a Security System Security System Data Encryption Key Negotiation Authentication Identity Root Key Once root is compromised, all subsequent layers of security
More informationIT Forum 2-11-2013 UW-Madison Records Management Program. UW Archives and Records Management
IT Forum 2-11-2013 UW-Madison Records Management Program Records facilitate and sustaining day-to-day university operations. Records support organizational activities such as student admissions, research
More informationPRIME IDENTITY MANAGEMENT CORE
PRIME IDENTITY MANAGEMENT CORE For secure enrollment applications processing and workflow management. PRIME Identity Management Core provides the foundation for any biometric identification platform. It
More informationUnderstanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective
Understanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective Futurex. An Innovative Leader in Encryption Solutions. For over 30 years, more than 15,000 customers worldwide
More informationREQUEST FOR QUOTATION (RFQ) Encryption Key Management Solution. Date Posted: May 27, 2015. Solicitation Number RFQ-2015-0527
REQUEST FOR QUOTATION (RFQ) Date Posted: May 27, 2015 Solicitation Number Bid Due Date and Time June 9, 2015 12PM Noon Pacific Time The RFQ Coordinator is the SOLE POINT OF CONTACT at WSDOT for this procurement.
More informationDatabase Security SQL Server 2012
Database Security SQL Server 2012 Russ McMahon Associate Prof of Information Technology CECH UC 1 of only 21 ABET accredited programs in the US Jasmine Hix Senior IT (Software Dev) Helped with the slides
More informationIBM i Encryption in a Snap! Implement IBM FIELDPROC with a simple to use GUI and a few clicks of your mouse.
IBM i Encryption in a Snap! Implement IBM FIELDPROC with a simple to use GUI and a few clicks of your mouse. Presented by Richard Marko, Manager of Technical Services Sponsored by Midland Information Systems,
More informationHealthcare Compliance Solutions
Healthcare Compliance Solutions Let Protected Trust be your Safe Harbor In the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), the U.S. Department of Health and Human
More information1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information
1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information The following is intended to outline our general product direction. It is intended for information purposes only,
More informationAuditing Data Access Without Bringing Your Database To Its Knees
Auditing Data Access Without Bringing Your Database To Its Knees Black Hat USA 2006 August 1-3 Kimber Spradlin, CISA, CISSP, CPA Sr. Manager Security Solutions Dale Brocklehurst Sr. Sales Consultant Agenda
More information05.0 Application Development
Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development
More informationCryptographic and Security Testing Laboratory. Deputy Laboratory Director, CST Laboratory Manager
Cryptographic and Security Testing Laboratory Deputy Laboratory Director, CST Laboratory Manager About our Cryptographic and Security Testing Laboratory Bringing together a suite of conformance testing
More informationUpgrading Your SQL Server 2000 Database Administration (DBA) Skills to SQL Server 2008 DBA Skills Course 6317A: Three days; Instructor-Led
Upgrading Your SQL Server 2000 Database Administration (DBA) Skills to SQL Server 2008 DBA Skills Course 6317A: Three days; Instructor-Led About this Course This three-day instructor-led course provides
More informationOracle Database 11g: Security. What you will learn:
Oracle Database 11g: Security What you will learn: In Oracle Database 11g: Security course students learn how they can use Oracle database features to meet the security, privacy and compliance requirements
More informationCourse Outline: Course 6317: Upgrading Your SQL Server 2000 Database Administration (DBA) Skills to SQL Server 2008 DBA Skills
Course Outline: Course 6317: Upgrading Your SQL Server 2000 Database Administration (DBA) Skills to DBA Skills Learning Method: Instructor-led Classroom Learning Duration: 3.00 Day(s)/ 24 hrs Overview:
More informationHealthcare Compliance Solutions
Privacy Compliance Healthcare Compliance Solutions Trust and privacy are essential for building meaningful human relationships. Let Protected Trust be your Safe Harbor The U.S. Department of Health and
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance IT Governance Policy Mergers and Acquisitions Policy Terms and Definitions Policy 164.308 12.4 12.5 EDM01 EDM02 EDM03 Information Security Privacy Policy Securing Information Systems Policy
More informationSecureD Technical Overview
WHITEPAPER: SecureD Technical Overview WHITEPAPER: SecureD Technical Overview CONTENTS section page 1 The Challenge to Protect Data at Rest 3 2 Hardware Data Encryption Provides Maximum Security 3 3 SecureD
More informationWhite Paper How Noah Mobile uses Microsoft Azure Core Services
NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah
More informationHow To Improve Your Business
IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends
More informationPCI Data Security. Meeting the Challenges of PCI DSS Payment Card Security
White Paper 0x8c1a3291 0x56de5791 0x450a0ad2 axd8c447ae 8820572 0x5f8a153d 0x19df c2fe97 0xd61b5228 0xf32 4856 0x3fe63453 0xa3bdff82 0x30e571cf 0x36e0045b 0xad22db6a 0x100daa87 0x48df 0x5ef8189b 0x255ba12
More informationTownsend Security Addendum to VMware Product Applicability Guide for Payment Card Industry Data Security Standard (PCI DSS) version 3.
Townsend Security Addendum to VMware Product Applicability Guide for Payment Card Industry Data Security Standard (PCI DSS) version 3.0 April 2015 v1.0 Product Applicability Guide Table of Contents INTRODUCTION...
More informationDRAFT Standard Statement Encryption
DRAFT Standard Statement Encryption Title: Encryption Standard Document Number: SS-70-006 Effective Date: x/x/2010 Published by: Department of Information Systems 1. Purpose Sensitive information held
More informationOracle 1Z0-528 Exam Questions & Answers
Oracle 1Z0-528 Exam Questions & Answers Number: 1Z0-528 Passing Score: 660 Time Limit: 120 min File Version: 21.1 http://www.gratisexam.com/ Oracle 1Z0-528 Exam Questions & Answers Exam Name: Oracle Database
More informationManaged Encryption Service
Amethyst Cryptographic Services Ltd Managed Encryption Service An Overview Chris Greengrass March 2011 Encryption and Cryptography The use of encryption/decryption is as old as the art of communication.
More informationCompliance and Industry Regulations
Compliance and Industry Regulations Table of Contents Introduction...1 Executive Summary...1 General Federal Regulations and Oversight Agencies...1 Agency or Industry Specific Regulations...2 Hierarchy
More informationGuide to Data Field Encryption
Guide to Data Field Encryption Contents Introduction 2 Common Concepts and Glossary 3 Encryption 3 Data Field Encryption 3 Cryptography 3 Keys and Key Management 5 Secure Cryptographic Device 7 Considerations
More informationAll Things Oracle Database Encryption
All Things Oracle Database Encryption January 21, 2016 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development Integrigy Corporation Agenda Database Encryption
More informationSQL Server for Database Administrators Course Syllabus
SQL Server for Database Administrators Course Syllabus 1. Description This course teaches the administration and maintenance aspects of Microsoft SQL Server. It covers all the roles performed by administrative
More informationUpdating Your Microsoft SQL Server 2005 Skills to SQL Server 2008
Key Data Product #: Course #: 6158C Number of Days: 3 Format: Certification Exams: Instructor-Led None This course syllabus should be used to determine whether the course is appropriate for the students,
More informationCloud Computing. Mike Bourgeois Platform as a Service Point of View September 17, 2015
Cloud Computing Mike Bourgeois Platform as a Service Point of View September 17, 2015 Agenda Cloud Computing Definition Platform as a Service Business Drivers and Benefits Technology Drivers and Benefits
More informationMySQL Strategy. Morten Andersen, MySQL Enterprise Sales. Copyright 2014 Oracle and/or its affiliates. All rights reserved.
MySQL Strategy Morten Andersen, MySQL Enterprise Sales Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not
More informationCourse: 10174B: Configuring and Administering Microsoft SharePoint 2010
Course: 10174B: Configuring and Administering Microsoft SharePoint 2010 Description: This five-day instructor-led course teaches students how to install, configure, and administer Microsoft SharePoint
More information20462- Administering Microsoft SQL Server Databases
Course Outline 20462- Administering Microsoft SQL Server Databases Duration: 5 days (30 hours) Target Audience: The primary audience for this course is individuals who administer and maintain SQL Server
More informationDesigning Database Solutions for Microsoft SQL Server 2012
Course 20465A: Designing Database Solutions for Microsoft SQL Server 2012 Length: Audience(s): 5 Days Level: 300 IT Professionals Technology: Microsoft SQL Server 2012 Type: Delivery Method: Course Instructor-led
More informationOracle Database 11g: Security
Oracle University Contact Us: +27 (0)11 319-4111 Oracle Database 11g: Security Duration: 5 Days What you will learn In Oracle Database 11g: Security course students learn how to use Oracle database features
More informationAlliance Key Manager A Solution Brief for Technical Implementers
KEY MANAGEMENT Alliance Key Manager A Solution Brief for Technical Implementers Abstract This paper is designed to help technical managers, product managers, and developers understand how Alliance Key
More informationADMINISTERING MICROSOFT SQL SERVER DATABASES
Education and Support for SharePoint, Office 365 and Azure www.combined-knowledge.com COURSE OUTLINE ADMINISTERING MICROSOFT SQL SERVER DATABASES Microsoft Course Code 20462 About this course This five-day
More informationMicrosoft Dynamics 2011: MS-80296 Installation and Deployment
coursemonster.com/uk Microsoft Dynamics 2011: MS-80296 Installation and Deployment View training dates» Overview This two day instructor led course covers the installation and configuration of Microsoft
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved.
1 Oracle Database Security Advanced Security Option Thanos Terentes Printzios DB & Options Specialist A&C Technology Adoption Office Oracle Partner Business Development, ECEMEA 2 What is a customers INFORMATION
More informationThe Education Fellowship Finance Centralisation IT Security Strategy
The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and
More informationEfficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules
Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules WHITE PAPER Thales e-security www.thalesesec.com/oracle TABLE OF CONTENT Introduction...3 Oracle Database 11g
More informationCipherShare Features and Benefits
CipherShare s and CipherShare s and Security End-to-end Encryption Need-to-Know: Challenge / Response Authentication Transitive Trust Consistent Security Password and Key Recovery Temporary Application
More informationInformation Security Policy and Handbook Overview. ITSS Information Security June 2015
Information Security Policy and Handbook Overview ITSS Information Security June 2015 Information Security Policy Control Hierarchy System and Campus Information Security Policies UNT System Information
More informationHealth Insurance Portability and Accountability Act Enterprise Compliance Auditing & Reporting ECAR for HIPAA Technical Product Overview Whitepaper
Regulatory Compliance Solutions for Microsoft Windows IT Security Controls Supporting DHS HIPAA Final Security Rules Health Insurance Portability and Accountability Act Enterprise Compliance Auditing &
More informationPractical Storage Security With Key Management. Russ Fellows, Evaluator Group
Practical Storage Security With Key Management Russ Fellows, Evaluator Group SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise noted. Member companies
More informationWith Eversync s cloud data tiering, the customer can tier data protection as follows:
APPLICATION NOTE: CLOUD DATA TIERING Eversync has developed a hybrid model for cloud-based data protection in which all of the elements of data protection are tiered between an on-premise appliance (software
More informationRSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief
RSA Encryption and Key Management Suite The threat of experiencing a data breach has never been greater. According to the Identity Theft Resource Center, since the beginning of 2008, the personal information
More informationOFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES
OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT
More informationAchieving Security through Compliance
Achieving Security through Compliance Policies, plans, and procedures Table of Contents This white paper was written by: McAfee Foundstone Professional Services Overview...3 The Rock Foundation...3 Governance...3
More informationSECURELINK.COM COMPLIANCE AND INDUSTRY REGULATIONS
COMPLIANCE AND INDUSTRY REGULATIONS INTRODUCTION Multiple federal regulations exist today requiring government organizations to implement effective controls that ensure the security of their information
More informationMicrosoft SQL Database Administrator Certification
Microsoft SQL Database Administrator Certification Training for Exam 70-432 Course Modules and Objectives www.sqlsteps.com 2009 ViSteps Pty Ltd, SQLSteps Division 2 Table of Contents Module #1 Prerequisites
More informationI N F O R M A T I O N S E C U R I T Y
NIST Special Publication 800-78-2 DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification W. Timothy Polk Donna F. Dodson William. E. Burr I N F O R M A T I O N S E C U R I T Y
More informationAdministering Microsoft SQL Server Databases
Course 20462C: Administering Microsoft SQL Server Databases Module 1: Introduction to SQL Server 2014 Database Administration This module introduces the Microsoft SQL Server 2014 platform. It describes
More informationAdministering Microsoft SQL Server Databases
Course 20462C: Administering Microsoft SQL Server Databases Module 1: Introduction to SQL Server 2014 Database Administration This module introduces the Microsoft SQL Server 2014 platform. It describes
More informationIT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014
IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security
More informationCalifornia Department of Technology, Office of Technology Services MICROSOFT SQL SERVER GUIDELINE
Table of Contents 1.0 GENERAL... 2 1.1 SUMMARY...2 1.2 REFERENCES...2 1.3 SUBMITTALS...3 1.3.1 General...3 1.3.2 Service Request...3 1.4 EXPECTATIONS...3 1.4.1 OTech...3 1.4.2 Customer...4 1.5 SCHEDULING...4
More informationIntelligent Vendor Risk Management
Intelligent Vendor Risk Management Cliff Baker, Managing Partner, Meditology Services LeeAnn Foltz, JD Compliance Resource Consultant, WoltersKluwer Law & Business Agenda Why it s Needed Regulatory Breach
More information3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
More informationOracle Database 11g: Security Release 2. Course Topics. Introduction to Database Security. Choosing Security Solutions
Oracle Database 11g: Security Release 2 In this course, students learn how they can use Oracle Database features to meet the security, privacy and compliance requirements of their organization. The current
More informationDELL POWERVAULT LIBRARY-MANAGED ENCRYPTION FOR TAPE. By Libby McTeer
DELL POWERVAULT LIBRARY-MANAGED ENCRYPTION FOR TAPE By Libby McTeer CONTENTS ABSTRACT 3 WHAT IS ENCRYPTION? 3 WHY SHOULD I USE ENCRYPTION? 3 ENCRYPTION METHOD OVERVIEW 4 LTO4 ENCRYPTION BASICS 5 ENCRYPTION
More informationSafeNet Securing Microsoft Solutions
SafeNet Securing Microsoft Solutions SafeNet and Microsoft work closely to enhance the security of Microsoft solutions. The Microsoft on Windows provides customizable services for creating and managing
More informationFrequently Asked Questions: EMC Isilon Data at Rest Encryption Solution
1 Frequently Asked Questions: EMC Isilon Data at Rest Encryption Solution Table of Contents What s New? Target Customers Customer Benefits Competitive Positioning Technical Sales Questions General Sales
More informationPrivacy and Encryption in egovernment. Dewey Landrum Technical Architect CSO SLED West Sector CISSP August 11, 2008
Privacy and Encryption in egovernment Dewey Landrum Technical Architect CSO SLED West Sector CISSP August 11, 2008 Privacy Regulations Health Insurance Portability and Accountability Act (HIPPA) Gramm-Leach-Bliley
More informationMcAfee Firewall Enterprise 8.2.1
Configuration Guide FIPS 140 2 Revision A McAfee Firewall Enterprise 8.2.1 The McAfee Firewall Enterprise FIPS 140 2 Configuration Guide, version 8.2.1, provides instructions for setting up McAfee Firewall
More informationrisk advisory TAX Finance & Accounting Dave Elliott, CIPP/G/C, CISSP, CISA Chip Zodrow Paul Rozek, CGEIT
Supporting HIPAA Compliance with Microsoft SQL Server 2008 risk advisory TAX Finance & Accounting Dave Elliott, CIPP/G/C, CISSP, CISA Information Security Center of Expertise Chip Zodrow Risk Advisory
More informationComplying with PCI Data Security
Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring
More informationSecurity Trends and Client Approaches
Security Trends and Client Approaches May 2010 Bob Bocchino, CISA ERM Security and Compliance Business Advisor IBU Technology Sales Support Industries Business Unit, Technology Sales Support 1 Mark Dixon
More informationMOC 20467B: Designing Business Intelligence Solutions with Microsoft SQL Server 2012
MOC 20467B: Designing Business Intelligence Solutions with Microsoft SQL Server 2012 Course Overview This course provides students with the knowledge and skills to design business intelligence solutions
More informationMicrosoft SharePoint 2010 Overview
Course Code: M10174 Vendor: Microsoft Course Overview Duration: 5 RRP: 1,980 Configuring and Administering Microsoft SharePoint 2010 Overview This five day course teaches delegates how to install, configure
More information