Most modern business applications have a relational database behind them and many of those are on a SQL Server Platform.
Vast collections of sensitive and confidential data are now held on database servers and if they are not secured adequately that data can be vulnerable to theft, corruption or loss. Most organisations now put a very high value on their data and a very high priority in implementing a security policy.
This course is aimed at both Database Auditors and Database Administrators who are responsible for implementing Security Policies. Delegates attending this course will learn about the underlying architecture of a SQL Server database deployment and will be alerted to the many vulnerabilities that can be exploited if a system is not adequately secured and audited. It is important for both auditors and administrators to be aware of security vulnerabilities and weaknesses so that they can work together to ensure their SQL Server systems are safe, secure and running to their optimum performance.
Delegates will learn about the audit process from the initial risk assessment phase to the construction of an audit plan and audit checklist. The course is hands on with delegates implementing, testing and reporting on SQL Server security. They will learn about physical and logical storage security, user security (SQL server authentication, Windows authentication, Certificate authentication, authorisation, privileges, permissions, audit trails), data security (encryption of stored data, encryption of entire database, implementation of symmetric keys, asymmetric keys and certificates). Backups and restores provide a fundamental level of protection of databases and this course covers the various backup methods supported as well as High Availability and Disaster Recovery options (Log Shipping, Database Mirroring, Always On Availability Groups, Replication).
Testing a security policy is an important task and the auditing section of this course focuses on the tools and methods available for retrieving information about the security configuration of the system (querying system views, audit specification, profiler traces, extended events).
The course covers all versions up to and including SQL Server 2016.