Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
There are 46 visitors online    
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Pete Finnigan's Oracle security weblog


Home » Archives » September 2011 » UKOUG Oracle Data Security Day presentation slides available

[Previous entry: "Oracle Security Training in Denver, USA"] [Next entry: "oradebug"]

UKOUG Oracle Data Security Day presentation slides available

September 19th, 2011 by Pete


I spoke at the UKOUG special security day event last week at Bletchley Park just outside of Milton Keynes. We had a great agenda for the day which was focused on Data Security. We had Ian Glover of CREST and CLAS and also Bloodhound SSC as the keynote speaker; unfortunately I arrived at the end of Ian's talk but just in time to get the main points from his conclusion. Ian gave a great argument for structured testing of Oracle databases in a similar way that servers and networks are penetration tested in the UK by companies with CHECK team members and CHECK team leaders. In otherwords a repeatable service is provided so that organisations know they are getting a proper assessment of their security. The same is missing in the UK at least and probably most other countries. A centralised standard should be created that doesnt focus on hardening but instead focuses on securing data. This should be the basis in which companies secure their data and also which security companies test against. This would be a great move forward and would also be bolstered should there ever be a UK database security legislation that affects more databases that say PCI DSS, SoX etc do now.

Mary Ann Davidson, Oracle's CISO was next to speak and she gave a very good talk. She is quite open and realistic about security which is great to hear. The delegates also went on a tour around Bletchley Park where in the war years the team there cracked the German Enigma code machines. Then it was George Fyffe's turn to talk about Data Breaches and cyber Security.

Then I spoke. The focus of my talk was really the point that "It is not Oracle security it is data security". I wanted to really focus peoples attention onto where the data really is and who can really access it and therefore how a plan must be created to secure the data in all locations not simply by hardening a database using a checklist. The focus also should be on understanding what the current security status of the data is and then to establish a policy. You cannot secure data unless there is a basis to secure it to. In otherwords you have to know when to start securing and also when it is stopped - i.e. secured to the standard.

Finally Lindsay spoke about legislation and business drivers.

My slides are available on my Oracle Security White Papers Page.



September 2011
SMTWTFS
    123
45678910
11121314151617
18192021222324
252627282930 

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Weblog Home
Weblog Archives


Home
Oracle Security Tools page
Oracle security papers
Oracle Security alerts

Web Development
SQL Server Security

RSS 1.0 FEED
RSS 2.0 FEED
Atom 0.3 FEED
Powered by gm-rss 2.0.0


Valid XHTML 1.0!