Presented by John Stephens, CISSP
Managing Partner, Luminant Digital Security
Data Management from a Penetration Tester’s Perspective – Zero Trust and Compliance
It’s pretty much a daily occurrence where we hear some vulnerability or hack or about this or that breach, resulting in information disclosure on what seems increasingly to be hundreds of thousands or millions of records. And if that wasn’t enough, it’s become a regular occurrence where we hear about how some city opted to pay hundreds of thousands of dollars in ransom. Now, we could spend all day talking about all the things that went wrong to get to this point. That could include security patching, application development, system configuration, etc. One item that’s often overlooked is Data Management and its impact on security. In nearly every hack or breach, the ultimate goal of the attacker is to get to the data so it can be monetized. So how you manage the data is critical.
This presentation is designed to give you insight into how attacks are executed, the tools and tricks the attackers use, and how data management can play a role in minimizing the damage when a breach occurs, or perhaps stopping it altogether. This effort can be significantly enhanced by adopting a zero trust approach with data access and backups. It can be significantly hindered by checklist “compliance” efforts that are not grounded in secure best practices. We’ll talk about these items based on observations and experience during actual Penetration Tests, so you can hear firsthand how data management can play a role in securing your data.