Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Pro Day Auditing in SQL Server 2012 Charley Hanania Principal Consultant, QS2 AG – Quality Software Solutions www.qs2.ch.

Published byJessica Marybeth Hubbard Modified over 8 years ago

Similar presentations

Presentation on theme: "IT Pro Day Auditing in SQL Server 2012 Charley Hanania Principal Consultant, QS2 AG – Quality Software Solutions www.qs2.ch."— Presentation transcript:

1 IT Pro Day Auditing in SQL Server 2012 Charley Hanania Principal Consultant, QS2 AG – Quality Software Solutions www.qs2.ch

2 Now: Database Consultant at QS2 AG Formerly: Production Product Owner of MS SQL Server Platform at UBS Investment Bank IT Professional since 1992 SQL Server Certified since 1988 On SQL Server since 1995 Version 4 on OS/2 Community Microsoft MVP: SQL ServerSQL Server PASS Chapter Leader – Switzerland PASS Regional Mentor – Europe European PASS Conference Lead International Event Speaker MCT Regional Lead (Switzerland) Database Days Conference Switzerland Lead B.Sc (Computing), MCP, MCDBA, MCITP, MCTS, MCT, Microsoft MVP: SQL Server, MCT Regional Lead (Switzerland)

3 Agenda Chapter 2/4

4 Agenda

5 Overview of regulatory standards and compliance

6 The Compliance and Policy Ecosystem Why all this is so important…

7 1. Identify Issues and Risks 2. Develop Policies to mitigate them 3. Architect Procedures & Solutions (frameworks) to meet (comply with) Policies 4. Implement methods to report compliance levels 5. Implement methods & countermeasures for exceptions and comprised systems 6. Implement Process Improvement methodologies for framework maturity

8 Major frameworks used for establishing IT controls…

9 AICPA/CICA Trust Services, Principles, and Criteria Carnegie Mellon University Software Engineering Institute (CMU/SEI) OCTAVE CICA CoCo – Criteria of Control Framework CICA IT Control Guidelines CMMI – Capability Maturity Model Integration CobiT – Control Objectives for Information and related Technology COSO – Internal Control Integrated Framework GAISP – Generally Accepted Information Security Principles ISF Standard of Good Practice for Information Security ISO 17799:2005 ISO 9000 ITIL – the IT Infrastructure Library Malcolm Baldridge National Quality Program Organization for Economic Cooperation and Development (OECD) Principles of Corporate Governance OPMMM – Organizational Project Management Maturity Model Six Sigma OECD - Organization for Economic Cooperation and Development Guidelines on the Protection of Privacy and Transborder Flows of Personal Data NIST SP 800-53 - Recommended Security Controls for Federal Information Systems The FFIEC Information Technology Examination Handbook series The major players in the IT framework arena are: source: www.unifiedcompliance.com Note:  There is no single framework that is all encompassing and "complete"  Some frameworks focus on process maturity analysis and others focus more on standardised policies and checklists.  These frameworks are used to bring organisations closer to compliance with one or more regulatory standards

10 Relevant Technology Components within SQL Server

11

12 SQL Server Audit Framework

13 Feature Overview SQL Server Audit Framework

14 SQL Server Audit

15

16 Enhancements in SQL Server 2012 SQL Server Audit Framework

17

18 Demo SQL Server Audit Framework

19 Policy Based Mgt Framework

20 Feature Overview Policy Based Mgt Framework

21 A framework which exposes sql server's properties as facets, allows you to create conditions which report back the status of those facets, and then create policies around those conditions. You can just report on those or enforce them. You can also import and export them and apply them to multiple servers. Policy Based Management

22

23 Demo Policy Based Mgt Framework

24 Wrap-Up

25 Summary Wrap-Up

26 The Audit Feature is enhanced in SQL Server 2012 It is a tool in the “Security and Compliance” arsenal It needs to be architected into the overall operational strategy, alongside strategic tools, policies and processes.

27 REGISTER NOW AND GET 10% OFF DISCOUNT CODE: CHMTD12 (Valid until December 10, 2012) A Preconference Day with 5-7 parallel technical workshops, focussed on critical role-based skills for Data Professionals. Two days of conference seminars across 3 technical tracks: - Database Administration - Business Intelligence - Data Platform Application Development. Check out www.databasedays.comwww.databasedays.com

28 Questions? Wrap-Up

29 Contact Info Wrap-Up

30 Email: Charley.Hanania@sqlpass.orgCharley.Hanania@sqlpass.org Website: http://www.sqlpass.chhttp://www.sqlpass.ch Twitter: http://www.twitter.com/CharleyHananiahttp://www.twitter.com/CharleyHanania Blog: http://blogs.mssqltips.com/blogs/charleyhananiahttp://blogs.mssqltips.com/blogs/charleyhanania Linked-in: http://www.linkedin.com/in/charleyhananiahttp://www.linkedin.com/in/charleyhanania Database Days: http://www.databasedays.comhttp://www.databasedays.com

31

Download ppt "IT Pro Day Auditing in SQL Server 2012 Charley Hanania Principal Consultant, QS2 AG – Quality Software Solutions www.qs2.ch."

Similar presentations

Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.

Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.
Bill McClanahan – Principal Business Consultant LPS Integration.

Bill McClanahan – Principal Business Consultant LPS Integration.
IT Governance Infocom India Presentation December 6, 2006.

IT Governance Infocom India Presentation December 6, 2006.
Copyright 2005 CMMI and ITIL Alison Adams & Kieran Doyle.

Copyright 2005 CMMI and ITIL Alison Adams & Kieran Doyle.
The quality framework of European statistics by the ESCB Quality Conference Vienna, 3 June 2014 Aurel Schubert 1) European Central Bank 1) This presentation.

The quality framework of European statistics by the ESCB Quality Conference Vienna, 3 June 2014 Aurel Schubert 1) European Central Bank 1) This presentation.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Security Controls – What Works

Security Controls – What Works
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
15 1 Chapter 15 Database Administration Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.

15 1 Chapter 15 Database Administration Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.
Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.
CMMI Overview Quality Frameworks.

CMMI Overview Quality Frameworks.
Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.

Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.
Microsoft Certifications – How They Know You Know SQL Server 2008 Certification 101 Chris Testa-O’Neill Practice Consultant – EMC Technical Author– Microsoft.

Microsoft Certifications – How They Know You Know SQL Server 2008 Certification 101 Chris Testa-O’Neill Practice Consultant – EMC Technical Author– Microsoft.
Standardization. Introduction A standard is a document. It is a set of rules that control how people should develop and manage materials, products, services,

Standardization. Introduction A standard is a document. It is a set of rules that control how people should develop and manage materials, products, services,
Software Developer Career. ◦ Desktop Program development ◦ Web Program Development ◦ Mobile Program Development.

Software Developer Career. ◦ Desktop Program development ◦ Web Program Development ◦ Mobile Program Development.
1 Read me first These slides and notes are being made available to MCPs to explain your options in Microsoft Certification. Please note that this PowerPoint.

1 Read me first These slides and notes are being made available to MCPs to explain your options in Microsoft Certification. Please note that this PowerPoint.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Project Management Methodology More about Quality Control.

Project Management Methodology More about Quality Control.

Similar presentations

Ads by Google