ISACA Winnipeg Chapter Homepage

Database Security and Audit
Event 97

Thursday & Friday

June 21 & 22, 2007

Royal Crown Conference Centre
83 Garry Street (Winnipeg, Manitoba)

8:00 AM to 4:30 PM

Presented By:

For further information contact

Barry Saunders, Event Director - (204) 945-6533 Barry

Visit the ISACA Winnipeg Chapter web site at isaca-wpg.org

SCHEDULE

Registration	08:00 AM	to	08:15 AM	(Continental Breakfast Provided)
Presentation	08:15 AM	to	10:15 AM
Coffee Break	10:15 AM	to	10:30 AM
Presentation	10:30 AM	to	12:00 AM
Lunch Break	12:00 AM	to	01:00 PM	(Lunch Provided)
Presentation	01:00 PM	to	02:45 PM
Coffee Break	02:45 PM	to	03:00 PM
Presentation	03:00 PM	to	04:30 PM

SPEAKER INFORMATION

John Tannahill, CA, CISM
John Tannahill is an independent Information Security and Audit Services Consultant. John's current consulting work areas are focused on information security in large information systems environments and networks. Particular areas of technical security expertise include: Windows 2000/2003; Unix (including Solaris, AIX & Linux); Oracle and Microsoft SQL Server, & Network and Internet security.

John is a frequent speaker in Canada, USA and Europe on the subject of Information Security. He is a member of the Institute of Chartered Accountants of Scotland (CA) and a Certified Information Security Manager (CISM).

SESSION DESCRIPTION (16 CPE Credits) The focus of this session will be on the audit, control and security issues related to the use of database management systems in today's business environments. A specific focus of the session will be security and audit of Oracle 9i/10G; Microsoft SQL Server 2000/2005 and DB2/UDB environments.

Learn practical approaches and techniques for evaluating the implementation of database security and control.

Live demonstrations using Oracle; SQL Server and UDB database environments will reinforce the principles presented. Seminar Highlights
1. Database Concepts

Relational database concepts

Database schemas, instances

Database objects

SQL components

Using SQL as an audit tool
2. Database Security & Control

Database versions

Architecture and components

Audit & Control objectives

Security Configuration

Data dictionary

Database connection

Identification and authentication

Password administration

System and object privileges

Audit trails and security logs

Role of operating system security

Known security vulnerabilities

Security patches
3. Audit Tools & Techniques

Audit Testing Approaches

Audit Checklist

Database Vulnerability and Penetration Testing
4. Security & Audit Resources

Audit & Security References

Useful Web Sites

Mailing Lists/Advisories WHO SHOULD ATTEND:
Systems Administrators, Databse Administrators, IT Auditors and Information Security professionals.
Learning Level: Intermediate

Event Costs (all prices include GST & are in Canadian Funds)

	Member	595.00	(ISACA or CGA Members only)
	Non-Member	795.00

Cancellation Deadline: June 7, 2007. Refer to Polices below.

ISACA Winnipeg Members Express Registration requires Member ID & PW (available here)

Event Policies

Please refer to our Chapter Cancellation & Substitution Policy and Privacy Policy

Advance Registration and Payment is greatly appreciated and Substitutions are allowed. If we cancel a course for any reason, our liability is limited to the registration fee only.

The speakers, topics and events are correct at the time of publishing and if unforeseen circumstances occur, ISACA reserves the right to alter or delete items from the program.

The presenters have prepared this material for the professional development of ISACA members and others. Although they trust that it will be useful for this purpose, neither the presenters, nor ISACA can warrant the use of this material would be adequate to discharge the legal or professional liability of members in the conduct of their practices.

For info on ISACA Winnipeg Chapter contact the President - on Membership contact Membership