July 2019: Data Management From A Penetration Tester’s Perspective

Click here to download the presentation slides

Presented by John Stephens, CISSP

Managing Partner, Luminant Digital Security

Data Management from a Penetration Tester’s Perspective – Zero Trust and Compliance

It’s pretty much a daily occurrence where we hear some vulnerability or hack or about this or that breach, resulting in information disclosure on what seems increasingly to be hundreds of thousands or millions of records. And if that wasn’t enough, it’s become a regular occurrence where we hear about how some city opted to pay hundreds of thousands of dollars in ransom. Now, we could spend all day talking about all the things that went wrong to get to this point. That could include security patching, application development, system configuration, etc. One item that’s often overlooked is Data Management and its impact on security. In nearly every hack or breach, the ultimate goal of the attacker is to get to the data so it can be monetized. So how you manage the data is critical.

This presentation is designed to give you insight into how attacks are executed, the tools and tricks the attackers use, and how data management can play a role in minimizing the damage when a breach occurs, or perhaps stopping it altogether. This effort can be significantly enhanced by adopting a zero trust approach with data access and backups. It can be significantly hindered by checklist “compliance” efforts that are not grounded in secure best practices. We’ll talk about these items based on observations and experience during actual Penetration Tests, so you can hear firsthand how data management can play a role in securing your data.

Continue reading “July 2019: Data Management From A Penetration Tester’s Perspective”

November 2018: Data Management Maturity

Presented by Melanie Mecca

Director, Data Management Product and Services, CMMI Institute

Data Management Maturity – Why We Need It and How It Can Propel You to DM Leadership

Our industry is continually building capabilities based on its considerable accomplishments over the past decades. Some of the (roughly) sequential milestone markers that most organization share include: data design, data administration, data architecture / warehousing, data quality and governance, MDM, and predictive analytics using both structured and unstructured data.

So why haven’t organizations attained DM perfection? As we know, the data layer in the vast majority of organizations grew project by project, typically to meet specific needs of a line of business. Best practices were not usually shared, useful work products languished in project repositories, etc. – and above all, there was no universal mandate to manage data as a critical corporate asset.

The Data Management Maturity (DMM) Model’s primary goals are to accelerate organization-wide DM programs by: providing a sound reference model to quickly evaluate capabilities, strengths and gaps; accelerating business engagement; launching a collaborative vision / strategy; and identifying key initiatives to extend existing capabilities while building new ones – leading to efficiency, cost savings, creativity, and improved data quality.

In this seminar, we’ll address:

  • Data Management Capabilities and Maturity Evaluation
  • The DMM in action – interactive exercise with the Business Glossary – rate your organization!
  • Case study examples – how organizations have accelerated their progress
  • How to leverage Data Management Maturity to empower your career.
    Continue reading “November 2018: Data Management Maturity”

June 2018: Data Management for the Internet of Things

Presented by Michael Scofield, M.B.A.

Assistant Professor, Loma Linda University

The “internet of things” is dependent upon the communication between various devices—such communication containing data. When data moves, it has architecture, and it is that architecture of “data in motion” (albeit small records within a transaction) which must be astutely designed.

The quality of any business or industrial process outcomes depend upon three major foundations:

  1. Quality and reliability of hardware (and physical network) supporting it.
  2. Quality of design of the process and decision rules. This includes anticipating all contingencies which would influence a decision made independent of human judgment and involvement.
  3. Quality of the data at capture, and quality of definition and clarity of data conveyed between devices.

Continue reading “June 2018: Data Management for the Internet of Things”