Webinar Postponement and #SQLPASS group leaders heads up

Yesterday I wrote about three upcoming webinars I’m giving, which you don’t need to be in attendance for. Unfortunately, the one scheduled for next week with Idera and BankDirector has been postponed. I apologize for the scheduling delay. It looks like it should be rescheduled for some time in July.

Also, if you are a PASS user group leader and you haven’t already seen the email, PASS HQ is offering temporary GoToMeeting accounts for groups to be able to hold meetings virtually. There’s an email address you need to send your request into, so please check your email (and spam folder) to see what you need to do to have that account created. This is the direction Midlands PASS is going to go for the month of April.

SQL Server Security and Performance Webinars – March 17 – April 8, 2020 #FlattenTheCurve

In response to the Coronavirus (COVID-19) epidemic, we’re seeing folks react smartly by cancelling or rescheduling events where a large number of folks gather together. We have even seen this with at least one in-person SQL Server-based user group. Midlands PASS is considering canceling for April as well. Instead of canceling or postponing, some conferences have chosen to go all on-line. That’s a great track: you can still get professional development by attending on-line offerings. Along those lines, here are three webinars I’ll be giving over the next few weeks. There will likely be more to come, so check back!

 

March 17, 2020 2 PM EDT
BankDirector and Idera
Registration Link: https://register.gotowebinar.com/register/8686876738111806477

Protect Your Sensitive Data from the Inside First

Financial organizations handle an immense amount of sensitive data within their databases, and they face significant fines if that data is exposed or breached. The biggest challenge when it comes to cybersecurity risk is that it constantly evolves, as the threats, actors and attacks increase in sophistication. Organizations that prepare for one method of intrusion may find themselves the victim of a different strategy. So how do you ensure that your data assets are protected, not just from external threats, but also from malicious insiders or accidental accesses?

In this webinar led by IDERA, viewers will learn about best practices for putting the proper database controls in place, along with auditing procedures to track user activity within your environment.

 

March 26, 2020 1 PM EDT
MSSQLTips.com and Quest
Registration Link: https://www.mssqltips.com/sql-server-webcast-signup/?id=814

Why Are My SQL Server Queries So Slow?

Performance is horrible. Users are complaining. Your boss wants to know what’s going on with the SQL Server and what can be done about it. Where do you start? What do you look at? What can you tune? More specifically, what can you tune without touching code?

In this webinar, we’ll look at the entire SQL Server holistically, from the “hardware” allocated to the machine down to individual query plans. We’ll cover what tools are provided out of the box, from Performance Monitor to Query Store, that you can use to spot the bottlenecks on your system. Then we’ll talk about what you can do to alleviate the pain you’re feeling. Will throwing hardware at the problem hide it until you can put a real fix in? Or do you need to roll up your sleeves and rewrite some common, poorly performing queries? What/where is the trade-off? Armed with this knowledge, not only will you be able to identify what’s broke, but you’ll be able to give your organization options on how to fix it.

 

April 8, 2020 2 PM EDT
PASS DBA Virtual Group
Registration Link: https://dba.pass.org/MeetingDetails.aspx?EventID=15086

What do you need to know to work with SQL Server security properly?

In this talk, we’ll look at the must knows. We will start with how a person or application connects to SQL Server and the types of authentication SQL Server provides. We will then look at the hierarchical security model SQL Server implements and how this flows down from server all the way down to tables, views, and stored procedures. Afterwards, we will discuss particular security roles which allows access without explicit permissions. Finally, we will look at ownership chaining and how that can also allow a user access to an object because of a reference from a different object.

Cross-Post: Learning From Technology’s Past

Cross-posted from the ISACA Now Blog:

“This is the song that doesn’t end.
Yes it goes on and on, my friends.”

– Lewis, S., “The Song That Never Ends,” Lamb-chop’s Sing Along, Play Along, Norman Martin Music, 1992.

When I think of technological progress, in a lot of cases we are seeing new views and takes on existing ideas. Ideas keep coming back around, just like “The Song That Doesn’t End.”

Take virtualization and cloud computing. Cloud computing often touts a “pay as you go” model where you run cycles on someone else’s hardware. This is the model many an organization ran with for their mainframes and similarly sized computing devices. A classic example applicable to auditors and IT security folks is found in the Cuckoo’s Egg by Clifford Stoll. Stoll happened onto an international intruder due to a small (less than US$1 dollar) accounting error on just such a platform. That was in 1986.

As auditors, we can use this to our advantage when coming up to speed on new technology, new techniques or new anything in information technology. The first thing to do is see if we have a re-implementation of an older idea. If we do, then chances are we have a good idea of how to begin auditing that new technology.

Approaching new technology with the mindset of looking to see what it is already similar to what we already know accelerates our ability to learn the new technology and provides our organizations with services on said technology. It also reduces a lot of the fear factor for us. After all, the technology implements concepts and ideas we already understand.

Editor’s note: For further insights on this topic, read K. Brian Kelley’s recent Journal article, Innovation Governance: In Everything New, There Is Plenty of Old,” ISACA® Journal, volume 1, 2020. (ISACA membership required to view the article)

Midlands PASS: SQL Server Security Basics

Midlands PASS (Columbia, SC) will be meeting on March 3, 2020, for our monthly user meeting. We’ve been on hiatus since the holidays but we should be meeting regularly again for the rest of the year. The typical schedule (all times are Eastern):

  • 5:30 – 6:00 PM: Meet and Greet / Networking
  • 6:00 – 7:15 PM: Main Talk
  • 7:15 – 7:30 PM: Prizes (if we have any) / Networking

RSVP Link for the March 2020 Meeting: https://www.eventbrite.com/e/sql-server-security-basics-tickets-97152292121

This month I’ll be speaking. Here’s the talk:

SQL Server Security Basics

What do you need to know to work with SQL Server security properly? In this talk, we’ll look at the must knows. We will start with how a person or application connects to SQL Server and the types of authentication SQL Server provides. We will then look at the hierarchical security model SQL Server implements and how this flows down from server all the way down to tables, views, and stored procedures. Afterwards, we will discuss particular security roles which allows access without explicit permissions. Finally, we will look at ownership chaining and how that can also allow a user access to an object because of a reference from a different object.

Renewed as a Friend of Red Gate

I recently received the news that I’ve been renewed as a Friend of Red Gate. I’ve been a big fan of Red Gate since the days when SQL Compare first debuted. Tremendous tools are not the best asset, though. If you weren’t aware, the people are. Most folks are familiar with the more well known SQL luminaries like Grant Fritchey, Steve Jones, Kathi Kellenberger, and Kendra Little. However, everyone I’ve interacted with in the organization have been great.

 

SheLeadsTech Webinar: Braving the Wilderness of Cybersecurity

ISACA has a SheLeadsTech webinar for tomorrow, February 25, 2020 titled Braving the Wilderness of Cybersecurity.

Registration Link: https://www.isaca.org/education/online-events/lms_w022520

If you can’t make the talk, ISACA archives all webinars for one year.

Here’s the information on the talk:

Braving the Wilderness of Cybersecurity

Cybersecurity is one of the most exciting and most challenging career paths you can take. No matter your gender, your age or your experience, there will always be a time when you will feel like you don’t belong, and you are all alone in the middle of the wilderness.

In this webinar we will discuss how you can be brave through those times and what are the key values that will help you succeed and have a thriving cybersecurity career.

Speaker: Enkeleda Ibrahimi

Senior Security Consultant at KPMG, Founder & Community Architect at MeetCyber, IoT Security Enthusiast

Enkeleda is a senior cybersecurity consultant, with over 6 years of experience in different corporations like Vodafone, KPMG, PwC, and more. She is also the founder of MeetCyber, a global network of professionals who are passionate about cybersecurity. Enkeleda holds a master’s degree in Information Security from Stockholm University, is a certified ISO27001 lead implementer and co-author of several research papers in biometrics security and security governance. She was named one of top 50 European Women of Influence in Cybersecurity for 2019 by SC Media UK.

[Cross post] Innovating Yourself as an IS Auditor

This is also posted to the ISACA Journal blog, Practically Speaking:

As new technologies are developed, we have to stay up to date with them. More so than almost any other practitioner interfacing with information technology, auditors have to work hard at continual education. It is not just the technology, though. We are also seeing orders of magnitude more data. More data to process means we have to be more efficient at sifting through those data to ensure we can protect our organizations. So how do we stay up with what is current?

First and foremost, we need to use technology for our benefit when we can. Data is a big deal, but as it has exploded, it is a big deal for just about everyone. That means companies are investing a lot of capital in developing systems to handle the reams and reams of information we have at our fingertips. These systems are able to spot trends and exceptions both. Why should these solutions be limited just to the folks doing financial forecasting? We can use them, too. That is a key attitude for us to take: When technology helps us, we have to come up to speed on it and leverage it for all its worth.

Second, speaking of learning new technology, we are being exposed to new ideas, new protocols and new standards all the time. We have to set aside the time to understand all of these new things. It is not practical to try to learn any of them in great detail. However, we have to understand them well enough to understand what they provide, where they have issues and what they should actually be used for. If we are relying on what we learned just 5 years ago, some of our knowledge is already out of date.

Finally, we have to understand that with the changes we have in technology, whole disciplines may be completely upended. I can remember a time when organizations were on the Internet and firewalls were a very uncommon thing. Now we are in an era where we know the firewall is not enough. These concepts are more abstract than a protocol definition. However, it is just as important that we stay up-to-date in these concepts as well.

All of this adds up to continually innovating yourself to maintain your knowledge and skills. The good news is that if you keep up, you will never be bored. Technology is changing at a break neck pace. There is always something new to learn and pick apart!

Read related Journal article:

Innovation Governance: Innovate Yourself—Using Innovation to Overcome Auditing Challenges,” ISACA Journal, volume 6, 2019.  (requires access to ISACA Journal via ISACA membership)

Previous Older Entries