Guardium 主持了資料庫安全及法規遵則的系列研討會中,在帶領資料庫防護專門知識上,扮演了重要的角色。 April 29, 2008 為著重反映於資料隱私,管制與規範上不可或缺的專門知識者
Attendees will receive strategic and tactical recommendations on how to effectively protect sensitive data stored in corporate databases such as financial/ERP information, credit card data, personally identifiable information (PII) and intellectual property.? Gartner will highlight how to mitigate risk and tighten internal controls while reducing costs to comply with Sarbanes Oxley (SOX), the Payment Card Industry Data Security Standard (PCI-DSS) and data privacy laws. The featured keynote Gartner speaker is Jeffery Wheatman, who has 13 years of information security experience, including 9 years consulting for Fortune 500 and Global 200 organizations in financial services, insurance, healthcare, pharmaceuticals and media.? According to Wheatman, “Although there have been improvements in DBMS [database management system] security options, organizations struggle to secure established DBMSs that were not designed with effective security controls” (“Take Six Steps to Secure Your Databases,” by Jeffrey Wheatman, October 2007). Gartner also recommends that organizations “implement database activity monitoring (DAM) functionality to mitigate the high levels of risk resulting from database vulnerabilities and to address audit findings in such areas as database segregation of duties (SOD) and change management” (“DAM Technology Provides Monitoring and Analytics With Less Overhead,” by Mark Nicolett and Jeffrey Wheatman, November 2007). Guardium’s keynote presenter, CTO Ron Bennatan, brings more than 20 years of experience developing enterprise applications and security technology for blue-chip companies such as Merrill Lynch, J.P. Morgan, Intel, and AT&T Bell Laboratories.? An IBM Gold consultant, he architected the industry’s first real-time database security and auditing solution.? Bennatan holds a Ph.D. in distributed computing and has authored 10 technical books, including the definitive guide Implementing Database Security and Auditing (Elsevier Digital Press, 2005). The series is targeted to professionals involved with IT security, risk management and compliance, corporate governance and privacy, database administration and enterprise application architectures.? Presentations will focus on saving time and money via centralized policies, automated reporting and oversight processes, standardization of controls across multiple compliance initiatives, and a risk-oriented approach to identifying key controls.? Specific takeaways include: • Tips/tactics to protect sensitive information within data centers • Implementing granular DBMS auditing without the overhead of native logging • Monitoring privileged users and enforcing separation of duties • Providing granular access controls for sensitive data • Enforcing change controls with real-time security alerts • Protecting against external attacks such as SQL injection • Preventing fraud with application monitoring for Oracle EBS, PeopleSoft, Siebel, SAP, etc. • Automating change reconciliation with BMC Remedy and other change management systems • Creating a centralized, cross-platform audit repository • Automating compliance oversight workflows (sign-offs, escalations, etc.) • Practical alternatives to field-level encryption for PCI-DSS • Comparison to complementary technologies such as security information and event management (SIEM) and data leakage protection (DLP) • Case study examples, with ROI models WHAT: Seminar: “Best Practices for Database Security & Compliance” WHEN: WHO: Jeffrey Wheatman, Research Director, Gartner WHO SHOULD ATTEND: C-level executives and day-to-day IT security and database practitioners WHERE: Register at: http://events.techtarget.com/DatabaseSecurity/?Offer=SEgdEv4
|