Remote and onsite Oracle database administration, security, and management services

Oracle Security for GDPR

Category:

This course is a one day seminar that gives the delegates an appreciation of what is involved in responding to a serious security incident in their Oracle database.

Clear

Description

This course is a one day seminar that gives the delegates an appreciation of what is involved in securing the Oracle database platform and also securing personal data in an Oracle database in relation to the new GDPR law in the EU. This class explores which elements of Oracle Security are appropriate for the GDPR.

The class starts the day with the basics of GDPR; what is it, what does it mean for you. The focus of the class is to take the relevant sections of the GDPR law and review and explore which elements of the Oracle database may need to be addressed to help with compliance. We cover looking for personal data (data assessment); security of personal data and the database itself (security by design); data subjects rights (including erasure); writing a security policy for Oracle and automated vulnerability scanning; monitoring access to data (Audit Trails); monitoring database security (Audit Trails); How to deal with an incident and breach notification;

Course Goals

The aim of the class is for students to get an appreciation of where the risks lie in processing and use of data in their organisations’ Oracle databases. Including:

  • How data is stolen and can be stored weakly in an Oracle database
  • How GDPR affects security choices in the Oracle database
  • How to plan for data security compliance, develop a data security policy
Course Duration

The class is one day, 9am to 5pm, and is instructor-led with some demonstrations.

Course Location

The course can be held at your site or students can attend a public class. No public classes are scheduled at present. Details of on-site requirements are provided during the booking process.

Course Pre-Requisites

The class is intended for DBA’s, Developers,security professionals, IT management and anyone involved in deploying, developing and maintaining Oracle databases. No detailed technical knowledge of Oracle databases is necessary in advance.

Course Material

The student will receive a URL to download a zip file that includes:

  • The course notes as PDF files
  • Free PL/SQL tools and scripts
  • All of the examples used as SQL and PL/SQL scripts

Additional information

Course Dates

Dec. 4, 2019, Nov. 3, 2019

Course Outline

Introduction

  • What is GDPR?
  • Which elements of GDPR impact on the Oracle database
  • What is Oracle Security and data security and Oracle security for GDPR

Data Loss and Attacks

  • How does Oracle process your data?
  • What are the data issues that affect Security of your data
  • How do your data security decisions make your data insecure?
  • How do people attack your database and data?

GDPR –Data Impact Assessment (Article 35)

  • What is personal data (Article 4)
  • Looking for and classifying personal data
  • Tools to locate data, document, check security mode

Retention, Lawfulness and Access (Articles 5, 6 and 15)

  • Data retention, legal grounds
  • Training; Forensics, audit trail, how to audit and the need to train staff

Security by Design (data and the database) (Article 25)

  • Design security, don’t make it up!
  • Data domains, Data security, User security

Security Features of the Oracle database (Article 32)

  • Additional cost options from Oracle
  • Third party options and products
  • What if you do not license features –using internal features

Pseudoanonymisation (Article 25)

  • Masking, obfuscation and options

Design Audit Trails (Article 30)

  • Designing Audit Trails, I want to know
  • Options available
  • Management
  • Reporting and alerts

Breach Response, notification and Forensics (Articles 33 and 34)

  • Incident response approach and possible tools to use
  • Where to find evidence
  • What if I have no audit?, What to do next

Data Subjects Rights (Articles 16 – 21)

  • Right to correction, deletion, extraction

Oracle Security policies (Article 32)

  • Creation of a database security Policy
  • Creation of Audit policy
  • Incident / Breach policy

Automated vulnerability scanning (Article 32)

  • Free, commercial, automated, manual and write your own

Finishing Up

  • The journey today