Building a Database Security Program

DerbyCon 2.0 - The Reunion

Presented by: Matt Presson
Date: Sunday September 30, 2012
Time: 13:00 - 13:50
Location: Track 2
Track: Fix Me

In today’s world of Information Security, we implement technical controls almost everywhere. As such, you would probably be hard pressed to find an up-to-date InfoSec department that didn’t manage firewalls, IDS/IPS systems, Web Application Firewalls, HIDS/HIPS, AV for clients and servers, and full disk encryption for laptops. While these types of systems can be useful, in most cases they fail to prevent a company’s IP and customer data from being stolen by attackers.

This talk will present a model that can be used by companies to effectively detect and prevent such breaches by implementing a database security program focused on business integration, proactive security controls, and continuous monitoring and alerting. Examined will be the key focus areas of the program along with how each provides greater visibility to security and the business, and makes it possible to respond quicker to potential security incidents – potentially preventing a breach altogether.

Matt Presson

Matt is an Application Security Analyst with Willis North America where he is responsible for performing penetration tests/vulnerability assessments of internal and third party applications, as well as designing and implementing the organization’s database security strategy. Matt has been in the Information Security industry for 5 years and holds a number of industry certifications from GIAC and (ISC)^2.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats