IT Pro Day Auditing in SQL Server 2012 Charley Hanania Principal Consultant, QS2 AG – Quality Software Solutions www.qs2.ch.

Slides:



Advertisements
Similar presentations
Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.
Advertisements

Bill McClanahan – Principal Business Consultant LPS Integration.
IT Governance Infocom India Presentation December 6, 2006.
Copyright 2005 CMMI and ITIL Alison Adams & Kieran Doyle.
The quality framework of European statistics by the ESCB Quality Conference Vienna, 3 June 2014 Aurel Schubert 1) European Central Bank 1) This presentation.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Security Controls – What Works
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
15 1 Chapter 15 Database Administration Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.
Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.
CMMI Overview Quality Frameworks.
Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.
Microsoft Certifications – How They Know You Know SQL Server 2008 Certification 101 Chris Testa-O’Neill Practice Consultant – EMC Technical Author– Microsoft.
Standardization. Introduction A standard is a document. It is a set of rules that control how people should develop and manage materials, products, services,
Software Developer Career. ◦ Desktop Program development ◦ Web Program Development ◦ Mobile Program Development.
1 Read me first These slides and notes are being made available to MCPs to explain your options in Microsoft Certification. Please note that this PowerPoint.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Project Management Methodology More about Quality Control.
COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation.
Gurpreet Dhillon Virginia Commonwealth University
Creating Business Workflow Using SharePoint Designer 2007 Presented by Tarek Ghazali IT Technical Specialist Microsoft SQL Server MVP Microsoft SQL Server.
Maintaining a Microsoft SQL Server 2008 Database SQLServer-Training.com.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Laboratory Biorisk Management Standard CWA 15793:2008
We’ll wrap up the module by investigating where MS technologies are best used, why organisations may choose MS over Open Source or vice versa, what support.
ISA 562 Internet Security Theory & Practice
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.
© 2011 PLANET TECHNOLOGIES, INC. Using SPD and SQL Stored Procedures Patrick Curran, MCT AUGUST 12, 2011.
The ISO Standards Get Familiar or Stay Away? PrivaTech Consulting Presenter: Fazila Nurani, B.A.Sc., (E.Eng.), LL.B., CIPP/C.
Microsoft Certifications – How They Know You Know The New Generation of Microsoft Certifications.
Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.
10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.
Holistic Approach to Security
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.
MAP-IT! Review Meeting 5 March Brussels Intermediate results Jordan INNOVA.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
CSE4002CMMI Capability Maturity Model Integration (CMMI) CMMI is replacing the well established CMM rating for software developers and systems engineers.
1 The ISTPA Privacy Framework John Sabo Manager, Security, Privacy and Trust Initiatives Computer Associates Workshop on the Relationship between Security.
IT GOVERNANCE  Objective : The objective of this area is to ensure that the Certified Information Systems Auditor ( CISA ) candidate understands and can.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. BUSINESS PLUG-IN B19 Global Information Systems.
Institute of Internal Auditors COBIT Presentation October 9, 2001.
COBIT®. COBIT® - Control Objectives for Information and related Technology. C OBI T was initially created by the Information Systems Audit & Control Foundation.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Developing SQL/Server database in Visual Studio Introducing SQL /Server Data Tools Peter Lu.Net Practices Director Principle Architect Nexient March 19.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
PASS BA Virtual Chapter Presents: “How to Calculate ROI of Analytics” July 23,
1 Using CobiT to Enhance IT Security Governance LHS © John Mitchell John Mitchell PhD, MBA, CEng, CITP, FBCS, MBCS, FIIA, CIA, CISA, QiCA, CFE LHS Business.
Microsoft Virtual Academy Jamie McAllister | SharePoint MVP & Solution Architect Rob Latino | Program Manager in Office 365 Support.
Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.
Profile of Vishnu varthanan Moorthy, Program Manager– Quality Assurance Role: Strategic Partner for Group Quality Center of Excellence & Strategic lead.
Dr. Yeffry Handoko Putra, M.T
BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.
IS4550 Security Policies and Implementation
ISO 9001:2008/ AS9100 Registered Management Systems Registration
EITS Planning & Decision Support
Did your feature got in, out or planned?
Designing Database Solutions for SQL Server
Designing Business Intelligence Solutions with Microsoft SQL Server
IS4680 Security Auditing for Compliance
Governance, audit and digital preservation
New Paradigm for Performance Tuning in SQL Server 2016
SQLCmd Mode The T-SQL Easy Button
SharePoint 2019 Overview and Use SPFx Extensions
IS4680 Security Auditing for Compliance
Implementing Data Models & Reports with Microsoft SQL Server
Presentation transcript:

IT Pro Day Auditing in SQL Server 2012 Charley Hanania Principal Consultant, QS2 AG – Quality Software Solutions

Now: Database Consultant at QS2 AG Formerly: Production Product Owner of MS SQL Server Platform at UBS Investment Bank IT Professional since 1992 SQL Server Certified since 1988 On SQL Server since 1995 Version 4 on OS/2 Community Microsoft MVP: SQL ServerSQL Server PASS Chapter Leader – Switzerland PASS Regional Mentor – Europe European PASS Conference Lead International Event Speaker MCT Regional Lead (Switzerland) Database Days Conference Switzerland Lead B.Sc (Computing), MCP, MCDBA, MCITP, MCTS, MCT, Microsoft MVP: SQL Server, MCT Regional Lead (Switzerland)

Agenda Chapter 2/4

Agenda

Overview of regulatory standards and compliance

The Compliance and Policy Ecosystem Why all this is so important…

1. Identify Issues and Risks 2. Develop Policies to mitigate them 3. Architect Procedures & Solutions (frameworks) to meet (comply with) Policies 4. Implement methods to report compliance levels 5. Implement methods & countermeasures for exceptions and comprised systems 6. Implement Process Improvement methodologies for framework maturity

Major frameworks used for establishing IT controls…

AICPA/CICA Trust Services, Principles, and Criteria Carnegie Mellon University Software Engineering Institute (CMU/SEI) OCTAVE CICA CoCo – Criteria of Control Framework CICA IT Control Guidelines CMMI – Capability Maturity Model Integration CobiT – Control Objectives for Information and related Technology COSO – Internal Control Integrated Framework GAISP – Generally Accepted Information Security Principles ISF Standard of Good Practice for Information Security ISO 17799:2005 ISO 9000 ITIL – the IT Infrastructure Library Malcolm Baldridge National Quality Program Organization for Economic Cooperation and Development (OECD) Principles of Corporate Governance OPMMM – Organizational Project Management Maturity Model Six Sigma OECD - Organization for Economic Cooperation and Development Guidelines on the Protection of Privacy and Transborder Flows of Personal Data NIST SP Recommended Security Controls for Federal Information Systems The FFIEC Information Technology Examination Handbook series The major players in the IT framework arena are: source: Note:  There is no single framework that is all encompassing and "complete"  Some frameworks focus on process maturity analysis and others focus more on standardised policies and checklists.  These frameworks are used to bring organisations closer to compliance with one or more regulatory standards

Relevant Technology Components within SQL Server

SQL Server Audit Framework

Feature Overview SQL Server Audit Framework

SQL Server Audit

Enhancements in SQL Server 2012 SQL Server Audit Framework

Demo SQL Server Audit Framework

Policy Based Mgt Framework

Feature Overview Policy Based Mgt Framework

A framework which exposes sql server's properties as facets, allows you to create conditions which report back the status of those facets, and then create policies around those conditions. You can just report on those or enforce them. You can also import and export them and apply them to multiple servers. Policy Based Management

Demo Policy Based Mgt Framework

Wrap-Up

Summary Wrap-Up

The Audit Feature is enhanced in SQL Server 2012 It is a tool in the “Security and Compliance” arsenal It needs to be architected into the overall operational strategy, alongside strategic tools, policies and processes.

REGISTER NOW AND GET 10% OFF DISCOUNT CODE: CHMTD12 (Valid until December 10, 2012) A Preconference Day with 5-7 parallel technical workshops, focussed on critical role-based skills for Data Professionals. Two days of conference seminars across 3 technical tracks: - Database Administration - Business Intelligence - Data Platform Application Development. Check out

Questions? Wrap-Up

Contact Info Wrap-Up

Website: Twitter: Blog: Linked-in: Database Days:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.