July 2019: Data Management From A Penetration Tester’s Perspective

Click here to RSVP via Eventbrite

Presented by John Stephens, CISSP

Managing Partner, Luminant Digital Security

Data Management from a Penetration Tester’s Perspective – Zero Trust and Compliance

It’s pretty much a daily occurrence where we hear some vulnerability or hack or about this or that breach, resulting in information disclosure on what seems increasingly to be hundreds of thousands or millions of records. And if that wasn’t enough, it’s become a regular occurrence where we hear about how some city opted to pay hundreds of thousands of dollars in ransom. Now, we could spend all day talking about all the things that went wrong to get to this point. That could include security patching, application development, system configuration, etc. One item that’s often overlooked is Data Management and its impact on security. In nearly every hack or breach, the ultimate goal of the attacker is to get to the data so it can be monetized. So how you manage the data is critical.

This presentation is designed to give you insight into how attacks are executed, the tools and tricks the attackers use, and how data management can play a role in minimizing the damage when a breach occurs, or perhaps stopping it altogether. This effort can be significantly enhanced by adopting a zero trust approach with data access and backups. It can be significantly hindered by checklist “compliance” efforts that are not grounded in secure best practices. We’ll talk about these items based on observations and experience during actual Penetration Tests, so you can hear firsthand how data management can play a role in securing your data.

Continue reading “July 2019: Data Management From A Penetration Tester’s Perspective”