Development and Tools
Friday, 18. October 2019., 10:20
For years we have been locking down the software to protect information. This presentation puts the focus where it belongs: identifying, protecting, and selecting the correct tools to protect your data. Starting with a brief history of security breaches and the impact to both companies and consumers, the presenter will move through a methodology of identifying sensitive information, creating a risk matrix, and which tools are available to mitigate information leaks.Attack Vector: how does your information leak. Including an open and frank discussion of organized gangs (ie Anonymous)Risk identification and mitigation. Identify the risks in your system and come up with mitigation strategies.Audit. Identify what to audit based on your risks. Audit too much and you will get bogged down, too little audit and you may miss a breach of security.Database encryption. Encrypting the database, the tablespace, the tables or atomic data? What is the cost and how do you accomplish it. Network encryption.
What are the risks of man in the middle attack? How to setup network encryption.Backup encryption. What are the risks of losing a backup tape? How to encrypt backups using RMAN.Data redaction. Who gets to see sensitive data? Do you want to expose credit card numbers or other PII to users? Introduction on how to setup data redaction.