Database Security and Auditing

Transcription

1 Database Security and Auditing

2 COURSE DESCRIPTION: This seminar aims to provide the Database Administrators, System Administrators, Auditors and IT Security Officers an overview on how to secure and audit database environments which includes major relational database products like Oracle, MS SQL Server, MySQL Server on heterogeneous environments that include more than one database version on major operating systems in conformance to major international and local Regulations and Compliance (SOX, HIPAA, Data Privacy Laws, etc.). COURSE OBJECTIVES: To learn the fundamental concepts behind database system To study key components within a database deployment To learn techniques used by hackers to exploit database flaws and vulnerabilities To learn how to audit and harden database system To study the process of thorough database assessment, including tools and methodologies TARGET PARTICIPANTS: IT Auditors IT Security Officers System Administrators Database Administrators

3 COURSE OUTLINE A. Common Database Vendors 1. Oracle 2. IBM 3. MySQL 4. Sybase 5. Microsoft B. Regulations and Standards for Handling Sensitive Data 1. COBIT 2. PCI DSS 3. HIPAA 4. ISO Sarbanes Oxley 6. Data Privacy Laws 7. BSP Circulars C. Major Types of Risks Involved 1. Mistake 2. Misuse 3. Malicious action D. Common Vulnerabilities in Database Attacks 1. Phishing 2. SQL Injection 3. Data Exfiltration E. Database Components 1. Program Files 2. Configuration Values 3. Data Files 4. Client/Network Libraries 5. Backup/Restore System 6. SQL Statements 7. Database Objects 8. Data Dictionary F. Database Auditing 1. Setup and General Controls 2. Operating System Security 3. Account and Permissions Management 4. Password Strength and Management Features 5. Database Privileges 6. Data Encryption 7. Monitoring and Management G. Hands on Exercises (MySQL Environment) H. Tools and Technology I. Additional Resources

4 ABOUT THE SPEAKER Mario B. Demarillas, CFE, COBIT (F), CRISC, CISM, CISA, CIA, CPA Board of Trustee Association of Certified Fraud Examiner Philippines and ISACA Manila Chapter Mario has more than 15 years of professional experience in Information Systems and Internal Auditing, Information Security and IT Governance consulting. His experience covers project management, pre- and post- IT implementation reviews, business process documentation and testing, due diligence, fraud investigations, vulnerability assessment and penetration testing, software license reviews, information security governance, business continuity and disaster recovery planning, system technical reviews and IT risk and assessment reviews of companies engaged in the Financial Services, Manufacturing, Public Sector, Services, and Technology, Media & Telecommunications industries. He is a former Director for Enterprise Risk Services of Navarro Amper & Co./Deloitte Philippines. He used to lead the Cyber Risk Service line of Deloitte Philippines. Mario earned his degrees in B.S. Accountancy and Information Management from Adamson University and Asia Pacific College, respectively. He is a Certified Fraud Examiner (CFE), COBIT 5 Foundation Certificate holder, Certified in Risk and Information Systems Control (CRISC) top 3, Certified Information Security Manager (CISM) top 1, Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA) and Certified Public Accountant (CPA). He s a Board of Trustee for Professional Development, ISACA Manila Chapter and Board of Trustee for Conferences, Association of Certified Fraud Examiners (ACFE) Philippines Chapter. Mario is a resource speaker for ISACA Manila Chapter and ACFE Philippines Chapter on different topics such as Fraud Audit, Basic Digital Forensic, Database Security and Audit, Data Analytics to Detect Fraud and review sessions for CISA, CRISC and CFE examinees. COURSE FEES (NON VAT): ISACA Members P9, Non Members P13, For inquiry and reservation, kindly call at T/F: (02) us at secretariat@isaca-manila.org or staff@isaca-manila.org Venue: ISACA Manila Professional Development Center Suite 2109 Cityland 10 Tower 2, #154 H.V. Dela Costa St., Makati City

5 R E G I S T R A T I O N F O R M DATABASE SECURITY AND AUDITING August 26 & 27, :30 am - 5:30 pm FAX NO.: (02) / NAME COMPANY NAME COMPANY ADDRESS CURRENT FIELD OF EMPLOYMENT & PROFESSIONAL ACTIVITY YEARS OF EXPERIENCE REMARKS (SPECIAL ARRANGEMENT PHYSICAL DISABILITIES, FOOD PREFERENCE, ETC.) MEMBERSHIP ISACA Member Non Member Please specify membership no. PAYMENT: (pls. check one) Company Personal CONTACT DETAILS: ADDRESS: Fees, speakers and date are subject to change Please make your checks payable to Information Systems Audit and Control Association Training Fee is inclusive of Training Kit, Refreshments and Training certificate Any cancellations received within the last ten calendar days would be liable for 50% of the course fees. Registered attendees who are unable to attend the above course can send replacements subject to one week s notification. Cancellations must be received in writing at least one week prior to course commencement No-shows would be fully charged I/We hereby agree to the terms and condition as declared by the ISACA Manila Chapter. Name/Representative: Signature : Contact No. : Date :