Database Security and Auditing



Similar documents
Why CISM? Who Earns CISM Certification? CISA, CISM and CGEIT Program Accreditation Renewed Under ISO/IEC 17024:2003

Information Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza

Security Controls What Works. Southside Virginia Community College: Security Awareness

HOW SECURE IS YOUR PAYMENT CARD DATA?

MatriXay WEB Application Vulnerability Scanner V Overview. (DAS- WEBScan ) The best WEB application assessment tool

Logging the Pillar of Compliance

AUDIT LOGGING/LOG MANAGEMENT

Security aspects of e-tailing. Chapter 7

OFFICE OF AUDITS & ADVISORY SERVICES SHAREPOINT SECURITY AUDIT FINAL REPORT

Cloud Security and Managing Use Risks

Advanced IT Audit Training

How DataSunrise Helps to Comply with SOX, PCI DSS and HIPAA Requirements

Altius IT Policy Collection Compliance and Standards Matrix

Defending the Database Techniques and best practices

Best Practices for Database Security

Helmi Rais CERT-TCC Team Manager National Agency for Computer Security, Tunisia

Big Data, Big Risk, Big Rewards. Hussein Syed

Enforcive / Enterprise Security

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

Cybersecurity. Threats to Nonprofits. Chris Debo Senior Manager, IT Audit. August 14, 2014

Network Test Labs (NTL) Software Testing Services for igaming

Security Manual Template Policy and Procedure Manual Compliance Management Made Easy ISO / HIPAA / SOX / CobiT / FIPS 199 Compliant

MySQL Security: Best Practices

IT Auditing and. Discussion Topics. What is IT Auditing?

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors

How To Protect Data From Attack On A Computer System

Information Security Officer (# 1773) Salary: Grade 25 ($81,808-$102,167) / Grade 27 ($90,595 to $113,141) Summary of Duties. Minimum Qualifications

Please feel free to call on our organizations if we can be of assistance in any way on further deliberations, task forces or committees.

HOW SECURE IS YOUR PAYMENT CARD DATA? COMPLYING WITH PCI DSS

PCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1

Instructor Introduction

IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC

Designing & Building a Cybersecurity Program. Based on the NIST Cybersecurity Framework (CSF)

How Secure is Your Payment Card Data?

Practical Guidance for Auditing IT General Controls. September 2, 2009

Intro to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS. Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015

Technology Risk Management

Executive Cyber Security Training. One Day Training Course

SECURITY RISK MANAGEMENT

Key Considerations of Regulatory Compliance in the Public Cloud

TERMS OF REFERENCE (TORs) OF CONSULTANTS - (EAG) 1. Reporting Function. The Applications Consultant reports directly to the CIO

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

PCI DSS in Essence Through practical examples. September, 2016 Septia Academy

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32

{Are you protected?} Overview of Cybersecurity Services

Hosts HARDENING WINDOWS NETWORKS TRAINING

How to Lead the People in a Program Based Environment

KEY TRENDS AND DRIVERS OF SECURITY

Athens, 2 December 2011 Hellenic American Union Conference Center

Executive Management of Information Security

Developing Value from Oracle s Audit Vault For Auditors and IT Security Professionals

Director, IT Security District Office Kern Community College District JOB DESCRIPTION

Web Application Security

Security Solutions. MyDBA s. Security Solutions. For Databases. October Copyright 2012 MyDBA CC. Version 3

Brown Smith Wallace, LLC

Cloud Computing An Auditor s Perspective

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

Is your business prepared for Cyber Risks in 2016

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

A Decision Maker s Guide to Securing an IT Infrastructure

INFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc.

Top Ten Technology Risks Facing Colleges and Universities

Bill Douglas CPA CIA CFE CFF CITP CGMA PI. Speaker s Packet

Application Monitoring for SAP

Recession Calls for Better Change Management Separation of duties, logging paramount in times of great, rapid change

Val-EdTM. Valiant Technologies Education & Training Services. Workshop on Change Management. All Trademarks and Copyrights recognized.

Auditing Mission-Critical Databases for Regulatory Compliance

Certification Programs

Database Security & Auditing

ISACA Pittsburgh Chapter Invites you to attend the Information Technology Audit & Control Conference. December 7, 2009

Penetration Testing. Request for Proposal

IT Audit in the Cloud

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

How to Audit the Top Ten E-Business Suite Security Risks

External Penetration Assessment and Database Access Review

Security and Control Issues within Relational Databases

Using Free Tools To Test Web Application Security

Information Security and Risk Management

STATE OF WASHINGTON DEPARTMENT OF SOCIAL AND HEALTH SERVICES P.O. Box 45810, Olympia, Washington October 21, 2013

Server Management-Scans & Patches

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

SECURITY CONSIDERATIONS FOR LAW FIRMS

Cyber Exploits: Improving Defenses Against Penetration Attempts

Risky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015

Comprehensive Approach to Database Security

BENEFITS OF A CLOUD ERP SYSTEM April 12, 2016

Cybersecurity: Protecting Your Business. March 11, 2015

Stronger database security is needed to accommodate new requirements

Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA

IPLocks Vulnerability Assessment: A Database Assessment Solution

InfoSec Academy Application & Secure Code Track

Client Security Risk Assessment Questionnaire

AUDIT TAX SYSTEMS ADVISORY

Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University

Designing & Building an Information Security Program. To protect our critical assets

Transcription:

Database Security and Auditing

COURSE DESCRIPTION: This seminar aims to provide the Database Administrators, System Administrators, Auditors and IT Security Officers an overview on how to secure and audit database environments which includes major relational database products like Oracle, MS SQL Server, MySQL Server on heterogeneous environments that include more than one database version on major operating systems in conformance to major international and local Regulations and Compliance (SOX, HIPAA, Data Privacy Laws, etc.). COURSE OBJECTIVES: To learn the fundamental concepts behind database system To study key components within a database deployment To learn techniques used by hackers to exploit database flaws and vulnerabilities To learn how to audit and harden database system To study the process of thorough database assessment, including tools and methodologies TARGET PARTICIPANTS: IT Auditors IT Security Officers System Administrators Database Administrators

COURSE OUTLINE A. Common Database Vendors 1. Oracle 2. IBM 3. MySQL 4. Sybase 5. Microsoft B. Regulations and Standards for Handling Sensitive Data 1. COBIT 2. PCI DSS 3. HIPAA 4. ISO 27001 5. Sarbanes Oxley 6. Data Privacy Laws 7. BSP Circulars C. Major Types of Risks Involved 1. Mistake 2. Misuse 3. Malicious action D. Common Vulnerabilities in Database Attacks 1. Phishing 2. SQL Injection 3. Data Exfiltration E. Database Components 1. Program Files 2. Configuration Values 3. Data Files 4. Client/Network Libraries 5. Backup/Restore System 6. SQL Statements 7. Database Objects 8. Data Dictionary F. Database Auditing 1. Setup and General Controls 2. Operating System Security 3. Account and Permissions Management 4. Password Strength and Management Features 5. Database Privileges 6. Data Encryption 7. Monitoring and Management G. Hands on Exercises (MySQL Environment) H. Tools and Technology I. Additional Resources

ABOUT THE SPEAKER Mario B. Demarillas, CFE, COBIT (F), CRISC, CISM, CISA, CIA, CPA Board of Trustee Association of Certified Fraud Examiner Philippines and ISACA Manila Chapter Mario has more than 15 years of professional experience in Information Systems and Internal Auditing, Information Security and IT Governance consulting. His experience covers project management, pre- and post- IT implementation reviews, business process documentation and testing, due diligence, fraud investigations, vulnerability assessment and penetration testing, software license reviews, information security governance, business continuity and disaster recovery planning, system technical reviews and IT risk and assessment reviews of companies engaged in the Financial Services, Manufacturing, Public Sector, Services, and Technology, Media & Telecommunications industries. He is a former Director for Enterprise Risk Services of Navarro Amper & Co./Deloitte Philippines. He used to lead the Cyber Risk Service line of Deloitte Philippines. Mario earned his degrees in B.S. Accountancy and Information Management from Adamson University and Asia Pacific College, respectively. He is a Certified Fraud Examiner (CFE), COBIT 5 Foundation Certificate holder, Certified in Risk and Information Systems Control (CRISC) top 3, Certified Information Security Manager (CISM) top 1, Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA) and Certified Public Accountant (CPA). He s a Board of Trustee for Professional Development, ISACA Manila Chapter and Board of Trustee for Conferences, Association of Certified Fraud Examiners (ACFE) Philippines Chapter. Mario is a resource speaker for ISACA Manila Chapter and ACFE Philippines Chapter on different topics such as Fraud Audit, Basic Digital Forensic, Database Security and Audit, Data Analytics to Detect Fraud and review sessions for CISA, CRISC and CFE examinees. COURSE FEES (NON VAT): ISACA Members P9,000.00 Non Members P13,000.00 For inquiry and reservation, kindly call at T/F: (02) 894-2533 E-mail us at secretariat@isaca-manila.org or staff@isaca-manila.org Venue: ISACA Manila Professional Development Center Suite 2109 Cityland 10 Tower 2, #154 H.V. Dela Costa St., Makati City

R E G I S T R A T I O N F O R M DATABASE SECURITY AND AUDITING August 26 & 27, 2016 8:30 am - 5:30 pm FAX NO.: (02) 894.2533 / 09157108870 NAME COMPANY NAME COMPANY ADDRESS CURRENT FIELD OF EMPLOYMENT & PROFESSIONAL ACTIVITY YEARS OF EXPERIENCE -------------------------------- REMARKS (SPECIAL ARRANGEMENT PHYSICAL DISABILITIES, FOOD PREFERENCE, ETC.) MEMBERSHIP ISACA Member Non Member Please specify membership no. PAYMENT: (pls. check one) Company Personal CONTACT DETAILS: EMAIL ADDRESS: Fees, speakers and date are subject to change Please make your checks payable to Information Systems Audit and Control Association Training Fee is inclusive of Training Kit, Refreshments and Training certificate Any cancellations received within the last ten calendar days would be liable for 50% of the course fees. Registered attendees who are unable to attend the above course can send replacements subject to one week s notification. Cancellations must be received in writing at least one week prior to course commencement No-shows would be fully charged - - - - - - - - - - - - - - - - - - - - - -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - I/We hereby agree to the terms and condition as declared by the ISACA Manila Chapter. Name/Representative: Signature : Contact No. : Date :

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information