What: Comprehensive Vulnerability Management at the Database Level
When: Wednesday, May 12, 2010 – Presentation starts at 6:00pm, Refreshments at 5:30pm
Where: Harrisburg University of Science & Technology (Click here for directions)
*Current CISSPs can receive CPE credit for this event.
The Central Pennsylvania Chapter of the Information Systems Security Association invites you to a free presentation! The event begins with socializing and networking at 5:30pm followed by the presentation entitled, Comprehensive Vulnerability Management at the Database Level, from Mark Trinidad, Product Manager at Application Security, Inc.
Presentation Overview
Risks to the database can come in a variety of forms; whether it is an insider attack, a rogue database that IT or a security team is unaware of, an un-patched or mis-configured database, or an attack on a database through a web-facing application. The results can be catastrophic however the breach happens, yet many organizations today still rely on manual processes, still perform infrequent scans, and lack the formalized policies and technology controls necessary to protect vulnerable database assets.
At the database level, information assets are increasingly exposed, particularly where access is granted to employees, contractors and partners. With more entry points on any network, the past few years have seen dramatic increases in the theft and abuse of data at the database level.
With the capacity to harm a company through manipulation of corporate databases, a rise in inappropriate user activity from inside an organization has remained largely unaddressed and difficult to prevent. As an organization goes through various stages of growth, its data environment expands, and its data management and security needs change as well – which means as new technologies are deployed, there can be gaps in securing data, and that’s where a comprehensive vulnerability management plan can help bridge that gap, and monitoring usage and vulnerability policies.
In response to this growing problem, security professionals are proactively seeking ways to combat the threats. This presentation will discuss:
- The threat landscape and how to identify database vulnerabilities.
- How to use vulnerability assessment results to ensure comprehensive data protection and achieve database security goals.
- Importance of a comprehensive database vulnerability management program.
- Methodologies and best practices on how to implement actionable plans to protect enterprise database assets.
About the Speaker
Mark Trinidad is responsible for the direction of AppDetectivePro and the development and maintenance of the vulnerability knowledgebase. Mark is a veteran at AppSecInc and has established trusted partnerships with its vast variety of customers and user base. He focuses on understanding all the database audit controls reviewed by IT auditors and security and risk professionals. Mark has extensive knowledge on industry and regulatory compliance, with keen focus on DIACAP, PCI DSS, HIPAA, and HiTECH. He is an active member of the ISACA and ISSA New York Metro chapters, and has spoken at ISSA, ISACA, and OWASP chapters across the country. Mark holds a BS from Drexel University.
Please RSVP to info@issa-pa.org if you plan on attending. Socializing and refreshments 5:30pm, Presentation 6:00pm, ISSA-PA business meeting 7:00pm. All meetings of ISSA-PA are held at the Harrisburg University of Science and Technology.
Directions, Parking and other information:
Click here for directions The address for Harrisburg University is 326 Market Street, Harrisburg, PA 17101.
Street parking is typically free after 5:00pm. Harrisburg University (HU) has a parking garage and the parking fees are typically between $4.00 to $6.00. Upon arrival at HU, you should proceed directly to the Security Desk and ask to be directed to the ISSA meeting and presentation. Please note that elevator access via the HU parking garage is restricted to go to the ground floor only.
