$135

Security Primer on Data Breaches, Preparation, Encryption and Remediation

Event Information

Share this event

Date and Time

Location

Location

E. T. Mahoney State Park - Peter Kiewit Lodge

28500 W Park Hwy

Ashland, NE 68003

View Map

Event description

Description

SQL Saturday #767 with Bruce Wray

Is Your Data Breach Scheduled? A Security Primer on Data Breaches, Preparation, Encryption and Remediation within a SQL Environment

The past several years have made clear that companies continue to suffer through data breaches, but very few are taking the necessary steps to prepare for a call from the FBI, or worse, from a Data Protection Authority. This course will provide a general security primer, a broad discussion on data breaches, including how to prepare, react, and recover, and some SQL Server specific approaches. At the end of this course, you will have the baseline knowledge to assess if your company has the right controls and mindset to respond to a potential, or eventual, breach. In addition, you should have a deep understanding of best practices that should be considered.

Course Outline

Section I - Primers

Section I.A, Information Security Primer - reviewing the infosec triad (confidentiality, integrity, availability), defense in depth, principle of least privilege/least access, calculations of risk (probability times loss), and audit & records retention

Section I.B, Data Breach Primer - discussing sources of risk, complications of data breaches, response timelines, and the parallel tracks between information technology, information security and legal responses to a data breach

Section I.C, Encryption Primer - reviewing fundamentals of encryption, asymmetric vs symmetric, public key cryptography, hashes, and available encryption systems

Section II - Data Breach

Section II.A, Data Breach Preparation - understanding the data preservation lifecycle, knowing your data, specifically knowing where your data is, how long you must keep your data, and how long you actually keep your data, contract protections and obligations (data security requirements, notice requirements, etc.), and detection measures

Section II.B, Data Breach Response - the goal is to respond and resolve, which requires assessing a breach, forming an incident response team, collecting and preserving of data and logs, communicating within and outside the company, assessing the difficulties of attorney-client privilege and discoverability from a legal standpoint, and finally, knowing the notification requirements

Section II.C, Other Breach Issues - knowing what the post breach fallout will entail, including regulatory follow up, direct and indirect costs and their relation to cyber insurance, and the liability from a data breach, 3rd and 4th party breaches, Cloud data breaches, and a short tabletop exercise on data breach response

Section III - SQL Approaches

Section III.A, Securing the SQL Instance - reviewing common approaches to securing SQL instances, including external security (physical security, operating system and network security, and the applications using the SQL instance) and internal security (the SQL Instance surface area, permissions, authentication and password policies)

Section III.B, Encryption and SQL - discussion of the available encryption options, including Always Encrypted, Transparent Data Encryption, and Column-level Encryption, as well as external file system/disk with EFS and BitLocker and encrypted backups

Section III.C, Other SQL and Security Issues - discussion of the SQL Injection, SQL process account permission, audit logging, cloud instances, GDPR and new California Consumer Privacy Act compliance

Trainer Names

Bruce Wray, JD, CISSP

Share with friends

Date and Time

Location

E. T. Mahoney State Park - Peter Kiewit Lodge

28500 W Park Hwy

Ashland, NE 68003

View Map

Save This Event

Event Saved