SlideShare uma empresa Scribd logo

TehDays Basel - Auditing in sql server 2012 - charley hanania - tech days basel 2012

Charley Hanania
Charley Hanania
Tecnologia
1 de 32
IT Pro Day Auditing in SQL Server 2012 Charley Hanania Principal Consultant, QS2 AG – Quality Software Solutions www.qs2.ch
Now: • Database Consultant at QS2 AG Formerly: • Production Product Owner of MS SQL Server Platform at UBS Investment Bank IT Professional since 1992 SQL Server Certified since 1988 • On SQL Server since 1995 • Version 4 on OS/2 Community • Microsoft MVP: SQL Server • PASS Chapter Leader – Switzerland • PASS Regional Mentor – Europe • European PASS Conference Lead • International Event Speaker • MCT Regional Lead (Switzerland) • Database Days Conference Switzerland Lead B.Sc (Computing), MCP, MCDBA, MCITP, MCTS, MCT, Microsoft MVP: SQL Server, MCT Regional Lead (Switzerland)
Agenda Chapter 2/4
Agenda Overview SQL Server Audit Framework Policy Based Mgt Framework Wrap-Up
Overview of regulatory standards and
The Compliance and Policy EcosystemWhy all this is so important…
1. Identify Issues and Risks 2. Develop Policies to mitigate them 3. Architect Procedures & Solutions (frameworks) to meet (comply with) Policies 4. Implement methods to report compliance levels 5. Implement methods & countermeasures for exceptions and comprised systems 6. Implement Process Improvement methodologies for framework maturity
Major frameworks used for establishing IT controls…
• AICPA/CICA Trust Services, Principles, and Criteria • Carnegie Mellon University Software Engineering Institute (CMU/SEI) OCTAVE • CICA CoCo – Criteria of Control Framework • CICA IT Control Guidelines • CMMI – Capability Maturity Model Integration • CobiT – Control Objectives for Information and related Technology • COSO – Internal Control Integrated Framework • GAISP – Generally Accepted Information Security Principles • ISF Standard of Good Practice for Information Security • ISO 17799:2005 • ISO 9000 • ITIL – the IT Infrastructure Library • Malcolm Baldridge National Quality Program • Organization for Economic Cooperation and Development (OECD) Principles of Corporate Governance • OPMMM – Organizational Project Management Maturity Model • Six Sigma • OECD - Organization for Economic Cooperation and Development Guidelines on the Protection of Privacy and Transborder Flows of Personal Data • NIST SP 800-53 - Recommended Security Controls for Federal Information Systems • The FFIEC Information Technology Examination Handbook series The major players in the IT framework arena are: source: www.unifiedcompliance.com Note:  There is no single framework that is all encompassing and "complete"  Some frameworks focus on process maturity analysis and others focus more on standardised policies and checklists.  These frameworks are used to bring organisations closer to compliance with one or more regulatory standards
Relevant Technology Componentswithin SQL Server
• Complex DBMS :: packed with features.
SQL Server Audit Framework
Feature OverviewSQL Server Audit Framework
• Based on Extended Events • Components: SQL Server Audit
• sys.fn_get_audit_file • sys.sp_audit_write • System Views SQL Server Audit
Enhancements in SQL Server 2012 SQL Server Audit Framework
• SQL Server Auditing is more resistant to auditing destination failures • Audit log records additional T-SQL stack frame information when available • Audit information is filtered before it is written into the audit target • Maximum number of audit files available • Stored procedure - sp_audit_write • New columns in audit related views and functions
Demo SQL Server Audit Framework
Policy Based Mgt Framework
Feature OverviewPolicy Based Mgt Framework
•A framework which exposes sql server's properties as facets, allows you to create conditions which report back the status of those facets, and then create policies around those conditions. •You can just report on those or enforce them. You can also import and export them and apply them to multiple servers. Policy Based Management
Conditions Facets Policies Policy Based Management
Demo Policy Based Mgt Framework
Wrap-Up
Summary Wrap-Up
The Audit Feature is enhanced in SQL Server 2012 It is a tool in the “Security and Compliance” arsenal It needs to be architected into the overall operational strategy, alongside strategic tools, policies and processes.
REGISTER NOW AND GET 10% OFF DISCOUNT CODE: CHMTD12 (Valid until December 10, 2012) • A Preconference Day with 5-7 parallel technical workshops, focussed on critical role-based skills for Data Professionals. • Two days of conference seminars across 3 technical tracks: - Database Administration - Business Intelligence - Data Platform Application Development. Check out www.databasedays.com
Questions? Wrap-Up
Can Enterprise Roles be Audited? Eg Administrators? • yes, but not out of the box. A deeper look at how AD groups and segregations of rights are implemented is needed, and the application of auditing against these should then be done. Which Editions is audit available on? • All editions, but with limitations. Enterprise Edition allows for more granular auditing that is unavailable in the other SKU’s Which SKU’s is PBM available on? Why would reducing the queue delay to 0 in the Audit properties have an negative effect on performance? • Reducing the delay to 0 tells the audit feature to work in synchronous mode, so every write to the log needs to be persisted before it is released. This essentially has a similar effect to what the transaction log has on the system from a commit perspective. • Also, if flushes occur too frequently, it may have detrimental effects as the disk subsystem may be slow or overloaded. • When set to say 10,000 (10 seconds) it will only flush the buffer if it is full, or it has reached the timer value specified.
Contact Info Wrap-Up
Email: Charley.Hanania@sqlpass.org Website: http://www.sqlpass.ch Twitter: http://www.twitter.com/CharleyHanania Blog: http://blogs.mssqltips.com/blogs/charleyhanania Linked-in: http://www.linkedin.com/in/charleyhanania Database Days: http://www.databasedays.com
TehDays Basel - Auditing in sql server 2012 - charley hanania - tech days basel 2012

Recomendados

Working effectively with primavera support
Working effectively with primavera supportWorking effectively with primavera support
Working effectively with primavera supportp6academy
 
Rh442
Rh442Rh442
Rh442Innovative Technology Solutions
 
Fusion techie - iBANK.UK.COM 07474222079
Fusion techie - iBANK.UK.COM 07474222079Fusion techie - iBANK.UK.COM 07474222079
Fusion techie - iBANK.UK.COM 07474222079ibankuk
 
Tools for Accelerating Validation of Office 365
Tools for Accelerating Validation of Office 365Tools for Accelerating Validation of Office 365
Tools for Accelerating Validation of Office 365Montrium
 
Oracle EBS Upgrade - Tips and Tricks
Oracle EBS Upgrade - Tips and TricksOracle EBS Upgrade - Tips and Tricks
Oracle EBS Upgrade - Tips and Trickspanayaofficial
 
Extending Microsoft Project into a Unified Work Management Solution
Extending Microsoft Project into a Unified Work Management SolutionExtending Microsoft Project into a Unified Work Management Solution
Extending Microsoft Project into a Unified Work Management SolutionMichelle Manimtim
 
Inventory and manufacturing system migration - case study
Inventory and manufacturing system migration - case studyInventory and manufacturing system migration - case study
Inventory and manufacturing system migration - case studyAtul Singla
 
Oracle E-Business Suite 12.2 - The Upgrade to End All Upgrades
Oracle E-Business Suite 12.2 - The Upgrade to End All UpgradesOracle E-Business Suite 12.2 - The Upgrade to End All Upgrades
Oracle E-Business Suite 12.2 - The Upgrade to End All UpgradesShiri Amit
 

Recomendados

Working effectively with primavera support
Working effectively with primavera supportWorking effectively with primavera support
Working effectively with primavera supportp6academy
 
Rh442
Rh442Rh442
Rh442Innovative Technology Solutions
 
Fusion techie - iBANK.UK.COM 07474222079
Fusion techie - iBANK.UK.COM 07474222079Fusion techie - iBANK.UK.COM 07474222079
Fusion techie - iBANK.UK.COM 07474222079ibankuk
 
Tools for Accelerating Validation of Office 365
Tools for Accelerating Validation of Office 365Tools for Accelerating Validation of Office 365
Tools for Accelerating Validation of Office 365Montrium
 
Oracle EBS Upgrade - Tips and Tricks
Oracle EBS Upgrade - Tips and TricksOracle EBS Upgrade - Tips and Tricks
Oracle EBS Upgrade - Tips and Trickspanayaofficial
 
Extending Microsoft Project into a Unified Work Management Solution
Extending Microsoft Project into a Unified Work Management SolutionExtending Microsoft Project into a Unified Work Management Solution
Extending Microsoft Project into a Unified Work Management SolutionMichelle Manimtim
 
Inventory and manufacturing system migration - case study
Inventory and manufacturing system migration - case studyInventory and manufacturing system migration - case study
Inventory and manufacturing system migration - case studyAtul Singla
 
Oracle E-Business Suite 12.2 - The Upgrade to End All Upgrades
Oracle E-Business Suite 12.2 - The Upgrade to End All UpgradesOracle E-Business Suite 12.2 - The Upgrade to End All Upgrades
Oracle E-Business Suite 12.2 - The Upgrade to End All UpgradesShiri Amit
 
Best Practices for Implementing Robust Governance Processes in Office 365
Best Practices for Implementing Robust Governance Processes in Office 365Best Practices for Implementing Robust Governance Processes in Office 365
Best Practices for Implementing Robust Governance Processes in Office 365Montrium
 
Webinar: Top 10 things your DBA should be doing to prepare for a crisis
Webinar: Top 10 things your DBA should be doing to prepare for a crisisWebinar: Top 10 things your DBA should be doing to prepare for a crisis
Webinar: Top 10 things your DBA should be doing to prepare for a crisisPeter Ward
 
CHRISTY BARRON 2
CHRISTY BARRON 2CHRISTY BARRON 2
CHRISTY BARRON 2Christy Barron
 
From Release Bottleneck to Deployment Flow - how Eaton Vance revolutionized t...
From Release Bottleneck to Deployment Flow - how Eaton Vance revolutionized t...From Release Bottleneck to Deployment Flow - how Eaton Vance revolutionized t...
From Release Bottleneck to Deployment Flow - how Eaton Vance revolutionized t...Serena Software
 
Auditing Oracle Applications Primer For Internal Auditors
Auditing Oracle Applications Primer For Internal AuditorsAuditing Oracle Applications Primer For Internal Auditors
Auditing Oracle Applications Primer For Internal Auditorsjhare
 
Oracle SOA and BPM
Oracle SOA and BPMOracle SOA and BPM
Oracle SOA and BPMkumar gaurav
 
Cetas - Application Development Services
Cetas - Application Development ServicesCetas - Application Development Services
Cetas - Application Development ServicesKabilan D
 
Douglas Ciriacks Resume
Douglas Ciriacks ResumeDouglas Ciriacks Resume
Douglas Ciriacks ResumeDoug Ciriacks
 
IT Application Decommissioning - Application Retirement Services
IT Application Decommissioning - Application Retirement ServicesIT Application Decommissioning - Application Retirement Services
IT Application Decommissioning - Application Retirement ServicesAvenDATA
 
BVT_Swamy_Abap_4
BVT_Swamy_Abap_4BVT_Swamy_Abap_4
BVT_Swamy_Abap_4BOGGARAPU VENKATA TRINADHA SWAMY
 
Crafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC StrategyCrafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC StrategyCognizant
 
End-to-end SAP S/4HANA security projects are child’s play – if you have the r...
End-to-end SAP S/4HANA security projects are child’s play – if you have the r...End-to-end SAP S/4HANA security projects are child’s play – if you have the r...
End-to-end SAP S/4HANA security projects are child’s play – if you have the r...akquinet enterprise solutions GmbH
 
Planning for your upgrade to dynamics gp 2013
Planning for your upgrade to dynamics gp 2013Planning for your upgrade to dynamics gp 2013
Planning for your upgrade to dynamics gp 2013SociusPartner
 
Tier1 Oracle Database Managed Services
Tier1 Oracle Database Managed ServicesTier1 Oracle Database Managed Services
Tier1 Oracle Database Managed ServicesToby Schwab
 
Introducing Oracle Fusion Middleware 12.1.3 and especially SOA Suite and BPM ...
Introducing Oracle Fusion Middleware 12.1.3 and especially SOA Suite and BPM ...Introducing Oracle Fusion Middleware 12.1.3 and especially SOA Suite and BPM ...
Introducing Oracle Fusion Middleware 12.1.3 and especially SOA Suite and BPM ...Lucas Jellema
 
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)Rui Miguel Feio
 
Solution Manager 7.2 Overview final
Solution Manager 7.2 Overview finalSolution Manager 7.2 Overview final
Solution Manager 7.2 Overview finalDeb Martina
 
Ebs upgrade-to-12.2 technical-upgrade_best_practices(aioug-aug2015)
Ebs upgrade-to-12.2 technical-upgrade_best_practices(aioug-aug2015)Ebs upgrade-to-12.2 technical-upgrade_best_practices(aioug-aug2015)
Ebs upgrade-to-12.2 technical-upgrade_best_practices(aioug-aug2015)pasalapudi123
 
Flexera Software Application Discovery and Normalization Services
Flexera Software Application Discovery and Normalization ServicesFlexera Software Application Discovery and Normalization Services
Flexera Software Application Discovery and Normalization ServicesFlexera
 
Healthcare Compliance Software
Healthcare Compliance SoftwareHealthcare Compliance Software
Healthcare Compliance SoftwareJose Ivan Delgado, Ph.D.
 
An intro to building an architecture repository meta model and modeling frame...
An intro to building an architecture repository meta model and modeling frame...An intro to building an architecture repository meta model and modeling frame...
An intro to building an architecture repository meta model and modeling frame...wweinmeyer79
 
Performing a successful technical debt assessment in Salesforce
Performing a successful technical debt assessment in SalesforcePerforming a successful technical debt assessment in Salesforce
Performing a successful technical debt assessment in SalesforceCoforge (Erstwhile WHISHWORKS)
 

Mais conteúdo relacionado

Mais procurados

Best Practices for Implementing Robust Governance Processes in Office 365
Best Practices for Implementing Robust Governance Processes in Office 365Best Practices for Implementing Robust Governance Processes in Office 365
Best Practices for Implementing Robust Governance Processes in Office 365Montrium
 
Webinar: Top 10 things your DBA should be doing to prepare for a crisis
Webinar: Top 10 things your DBA should be doing to prepare for a crisisWebinar: Top 10 things your DBA should be doing to prepare for a crisis
Webinar: Top 10 things your DBA should be doing to prepare for a crisisPeter Ward
 
From Release Bottleneck to Deployment Flow - how Eaton Vance revolutionized t...
From Release Bottleneck to Deployment Flow - how Eaton Vance revolutionized t...From Release Bottleneck to Deployment Flow - how Eaton Vance revolutionized t...
From Release Bottleneck to Deployment Flow - how Eaton Vance revolutionized t...Serena Software
 
Auditing Oracle Applications Primer For Internal Auditors
Auditing Oracle Applications Primer For Internal AuditorsAuditing Oracle Applications Primer For Internal Auditors
Auditing Oracle Applications Primer For Internal Auditorsjhare
 
Oracle SOA and BPM
Oracle SOA and BPMOracle SOA and BPM
Oracle SOA and BPMkumar gaurav
 
Cetas - Application Development Services
Cetas - Application Development ServicesCetas - Application Development Services
Cetas - Application Development ServicesKabilan D
 
Douglas Ciriacks Resume
Douglas Ciriacks ResumeDouglas Ciriacks Resume
Douglas Ciriacks ResumeDoug Ciriacks
 
IT Application Decommissioning - Application Retirement Services
IT Application Decommissioning - Application Retirement ServicesIT Application Decommissioning - Application Retirement Services
IT Application Decommissioning - Application Retirement ServicesAvenDATA
 
Crafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC StrategyCrafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC StrategyCognizant
 
End-to-end SAP S/4HANA security projects are child’s play – if you have the r...
End-to-end SAP S/4HANA security projects are child’s play – if you have the r...End-to-end SAP S/4HANA security projects are child’s play – if you have the r...
End-to-end SAP S/4HANA security projects are child’s play – if you have the r...akquinet enterprise solutions GmbH
 
Planning for your upgrade to dynamics gp 2013
Planning for your upgrade to dynamics gp 2013Planning for your upgrade to dynamics gp 2013
Planning for your upgrade to dynamics gp 2013SociusPartner
 
Tier1 Oracle Database Managed Services
Tier1 Oracle Database Managed ServicesTier1 Oracle Database Managed Services
Tier1 Oracle Database Managed ServicesToby Schwab
 
Introducing Oracle Fusion Middleware 12.1.3 and especially SOA Suite and BPM ...
Introducing Oracle Fusion Middleware 12.1.3 and especially SOA Suite and BPM ...Introducing Oracle Fusion Middleware 12.1.3 and especially SOA Suite and BPM ...
Introducing Oracle Fusion Middleware 12.1.3 and especially SOA Suite and BPM ...Lucas Jellema
 
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)Rui Miguel Feio
 
Solution Manager 7.2 Overview final
Solution Manager 7.2 Overview finalSolution Manager 7.2 Overview final
Solution Manager 7.2 Overview finalDeb Martina
 
Ebs upgrade-to-12.2 technical-upgrade_best_practices(aioug-aug2015)
Ebs upgrade-to-12.2 technical-upgrade_best_practices(aioug-aug2015)Ebs upgrade-to-12.2 technical-upgrade_best_practices(aioug-aug2015)
Ebs upgrade-to-12.2 technical-upgrade_best_practices(aioug-aug2015)pasalapudi123
 
Flexera Software Application Discovery and Normalization Services
Flexera Software Application Discovery and Normalization ServicesFlexera Software Application Discovery and Normalization Services
Flexera Software Application Discovery and Normalization ServicesFlexera
 

Mais procurados (20)

Best Practices for Implementing Robust Governance Processes in Office 365
Best Practices for Implementing Robust Governance Processes in Office 365Best Practices for Implementing Robust Governance Processes in Office 365
Best Practices for Implementing Robust Governance Processes in Office 365
 
Webinar: Top 10 things your DBA should be doing to prepare for a crisis
Webinar: Top 10 things your DBA should be doing to prepare for a crisisWebinar: Top 10 things your DBA should be doing to prepare for a crisis
Webinar: Top 10 things your DBA should be doing to prepare for a crisis
 
CHRISTY BARRON 2
CHRISTY BARRON 2CHRISTY BARRON 2
CHRISTY BARRON 2
 
From Release Bottleneck to Deployment Flow - how Eaton Vance revolutionized t...
From Release Bottleneck to Deployment Flow - how Eaton Vance revolutionized t...From Release Bottleneck to Deployment Flow - how Eaton Vance revolutionized t...
From Release Bottleneck to Deployment Flow - how Eaton Vance revolutionized t...
 
Auditing Oracle Applications Primer For Internal Auditors
Auditing Oracle Applications Primer For Internal AuditorsAuditing Oracle Applications Primer For Internal Auditors
Auditing Oracle Applications Primer For Internal Auditors
 
Oracle SOA and BPM
Oracle SOA and BPMOracle SOA and BPM
Oracle SOA and BPM
 
Cetas - Application Development Services
Cetas - Application Development ServicesCetas - Application Development Services
Cetas - Application Development Services
 
Douglas Ciriacks Resume
Douglas Ciriacks ResumeDouglas Ciriacks Resume
Douglas Ciriacks Resume
 
IT Application Decommissioning - Application Retirement Services
IT Application Decommissioning - Application Retirement ServicesIT Application Decommissioning - Application Retirement Services
IT Application Decommissioning - Application Retirement Services
 
BVT_Swamy_Abap_4
BVT_Swamy_Abap_4BVT_Swamy_Abap_4
BVT_Swamy_Abap_4
 
Crafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC StrategyCrafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC Strategy
 
End-to-end SAP S/4HANA security projects are child’s play – if you have the r...
End-to-end SAP S/4HANA security projects are child’s play – if you have the r...End-to-end SAP S/4HANA security projects are child’s play – if you have the r...
End-to-end SAP S/4HANA security projects are child’s play – if you have the r...
 
Planning for your upgrade to dynamics gp 2013
Planning for your upgrade to dynamics gp 2013Planning for your upgrade to dynamics gp 2013
Planning for your upgrade to dynamics gp 2013
 
Tier1 Oracle Database Managed Services
Tier1 Oracle Database Managed ServicesTier1 Oracle Database Managed Services
Tier1 Oracle Database Managed Services
 
Introducing Oracle Fusion Middleware 12.1.3 and especially SOA Suite and BPM ...
Introducing Oracle Fusion Middleware 12.1.3 and especially SOA Suite and BPM ...Introducing Oracle Fusion Middleware 12.1.3 and especially SOA Suite and BPM ...
Introducing Oracle Fusion Middleware 12.1.3 and especially SOA Suite and BPM ...
 
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
 
Solution Manager 7.2 Overview final
Solution Manager 7.2 Overview finalSolution Manager 7.2 Overview final
Solution Manager 7.2 Overview final
 
Ebs upgrade-to-12.2 technical-upgrade_best_practices(aioug-aug2015)
Ebs upgrade-to-12.2 technical-upgrade_best_practices(aioug-aug2015)Ebs upgrade-to-12.2 technical-upgrade_best_practices(aioug-aug2015)
Ebs upgrade-to-12.2 technical-upgrade_best_practices(aioug-aug2015)
 
Flexera Software Application Discovery and Normalization Services
Flexera Software Application Discovery and Normalization ServicesFlexera Software Application Discovery and Normalization Services
Flexera Software Application Discovery and Normalization Services
 
Healthcare Compliance Software
Healthcare Compliance SoftwareHealthcare Compliance Software
Healthcare Compliance Software
 

Semelhante a TehDays Basel - Auditing in sql server 2012 - charley hanania - tech days basel 2012

An intro to building an architecture repository meta model and modeling frame...
An intro to building an architecture repository meta model and modeling frame...An intro to building an architecture repository meta model and modeling frame...
An intro to building an architecture repository meta model and modeling frame...wweinmeyer79
 
Performing a successful technical debt assessment in Salesforce
Performing a successful technical debt assessment in SalesforcePerforming a successful technical debt assessment in Salesforce
Performing a successful technical debt assessment in SalesforceCoforge (Erstwhile WHISHWORKS)
 
Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.
Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.
Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.Microsoft Décideurs IT
 
Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.
Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.
Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.Microsoft Technet France
 
HP's vision for an integrated IT Service Portfolio Management
HP's vision for an integrated IT Service Portfolio ManagementHP's vision for an integrated IT Service Portfolio Management
HP's vision for an integrated IT Service Portfolio ManagementHP Enterprise Italia
 
Aim PPT For Oracle HRMS
Aim PPT For Oracle HRMSAim PPT For Oracle HRMS
Aim PPT For Oracle HRMSRajiv reddy
 
All About Business Analyst Becoming a successful BA
All About Business Analyst Becoming a successful BAAll About Business Analyst Becoming a successful BA
All About Business Analyst Becoming a successful BAZaranTech LLC
 
Data center insights summit 2015 disruptive force of clouds
Data center insights summit 2015 disruptive force of cloudsData center insights summit 2015 disruptive force of clouds
Data center insights summit 2015 disruptive force of cloudscrbraun
 
What's New in System Center 2012
What's New in System Center 2012 What's New in System Center 2012
What's New in System Center 2012 Perficient, Inc.
 
rough-work.pptx
rough-work.pptxrough-work.pptx
rough-work.pptxsharpan
 
Best practice for_agile_ds_projects
Best practice for_agile_ds_projectsBest practice for_agile_ds_projects
Best practice for_agile_ds_projectsKhalid Kahloot
 
ASUG 10_27_2016 Entegris PLM-MDM Business Process Optimization 3
ASUG 10_27_2016 Entegris PLM-MDM Business Process Optimization 3ASUG 10_27_2016 Entegris PLM-MDM Business Process Optimization 3
ASUG 10_27_2016 Entegris PLM-MDM Business Process Optimization 3keefe008
 
Top Business Benefits of Application Lifecycle Management (ALM)
Top Business Benefits of Application Lifecycle Management (ALM)Top Business Benefits of Application Lifecycle Management (ALM)
Top Business Benefits of Application Lifecycle Management (ALM)Imaginet
 
matt heinzelman software quality assurance presentation technical & tool
matt heinzelman software quality assurance presentation technical & toolmatt heinzelman software quality assurance presentation technical & tool
matt heinzelman software quality assurance presentation technical & toolCuongHoang80
 
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015Vimal Suba
 
Copy of Alok_Singh_CV
Copy of Alok_Singh_CVCopy of Alok_Singh_CV
Copy of Alok_Singh_CVAlok Singh
 

Semelhante a TehDays Basel - Auditing in sql server 2012 - charley hanania - tech days basel 2012 (20)

An intro to building an architecture repository meta model and modeling frame...
An intro to building an architecture repository meta model and modeling frame...An intro to building an architecture repository meta model and modeling frame...
An intro to building an architecture repository meta model and modeling frame...
 
Performing a successful technical debt assessment in Salesforce
Performing a successful technical debt assessment in SalesforcePerforming a successful technical debt assessment in Salesforce
Performing a successful technical debt assessment in Salesforce
 
Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.
Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.
Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.
 
Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.
Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.
Des serveurs créés pour vos usages specifiques, vous en avez reve HP l'a fait.
 
HP's vision for an integrated IT Service Portfolio Management
HP's vision for an integrated IT Service Portfolio ManagementHP's vision for an integrated IT Service Portfolio Management
HP's vision for an integrated IT Service Portfolio Management
 
LavettaMcClorinResume
LavettaMcClorinResumeLavettaMcClorinResume
LavettaMcClorinResume
 
Aim PPT For Oracle HRMS
Aim PPT For Oracle HRMSAim PPT For Oracle HRMS
Aim PPT For Oracle HRMS
 
All About Business Analyst Becoming a successful BA
All About Business Analyst Becoming a successful BAAll About Business Analyst Becoming a successful BA
All About Business Analyst Becoming a successful BA
 
Data center insights summit 2015 disruptive force of clouds
Data center insights summit 2015 disruptive force of cloudsData center insights summit 2015 disruptive force of clouds
Data center insights summit 2015 disruptive force of clouds
 
Arunprakash Alagesan
Arunprakash AlagesanArunprakash Alagesan
Arunprakash Alagesan
 
What's New in System Center 2012
What's New in System Center 2012 What's New in System Center 2012
What's New in System Center 2012
 
rough-work.pptx
rough-work.pptxrough-work.pptx
rough-work.pptx
 
Best practice for_agile_ds_projects
Best practice for_agile_ds_projectsBest practice for_agile_ds_projects
Best practice for_agile_ds_projects
 
ASUG 10_27_2016 Entegris PLM-MDM Business Process Optimization 3
ASUG 10_27_2016 Entegris PLM-MDM Business Process Optimization 3ASUG 10_27_2016 Entegris PLM-MDM Business Process Optimization 3
ASUG 10_27_2016 Entegris PLM-MDM Business Process Optimization 3
 
Top Business Benefits of Application Lifecycle Management (ALM)
Top Business Benefits of Application Lifecycle Management (ALM)Top Business Benefits of Application Lifecycle Management (ALM)
Top Business Benefits of Application Lifecycle Management (ALM)
 
matt heinzelman software quality assurance presentation technical & tool
matt heinzelman software quality assurance presentation technical & toolmatt heinzelman software quality assurance presentation technical & tool
matt heinzelman software quality assurance presentation technical & tool
 
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
 
Copy of Alok_Singh_CV
Copy of Alok_Singh_CVCopy of Alok_Singh_CV
Copy of Alok_Singh_CV
 
Plm rev5 innovation 2012
Plm rev5 innovation 2012Plm rev5 innovation 2012
Plm rev5 innovation 2012
 
Agile at scale
Agile at scaleAgile at scale
Agile at scale
 

Mais de Charley Hanania

2024.03.01 - My weakness, Your Glory - Contemplations on Jonah.pptx
2024.03.01 - My weakness, Your Glory - Contemplations on Jonah.pptx2024.03.01 - My weakness, Your Glory - Contemplations on Jonah.pptx
2024.03.01 - My weakness, Your Glory - Contemplations on Jonah.pptxCharley Hanania
 
SQLBits 2008 - SQL Server High Availability and Disaster Recovery Overview - ...
SQLBits 2008 - SQL Server High Availability and Disaster Recovery Overview - ...SQLBits 2008 - SQL Server High Availability and Disaster Recovery Overview - ...
SQLBits 2008 - SQL Server High Availability and Disaster Recovery Overview - ...Charley Hanania
 
SQL Server Club - SQL Server Enterprise Consolidation - charley hanania
SQL Server Club - SQL Server Enterprise Consolidation - charley hananiaSQL Server Club - SQL Server Enterprise Consolidation - charley hanania
SQL Server Club - SQL Server Enterprise Consolidation - charley hananiaCharley Hanania
 
Pass chapter meeting dec 2013 - compression a hidden gem for io heavy databas...
Pass chapter meeting dec 2013 - compression a hidden gem for io heavy databas...Pass chapter meeting dec 2013 - compression a hidden gem for io heavy databas...
Pass chapter meeting dec 2013 - compression a hidden gem for io heavy databas...Charley Hanania
 
Tech days 2011 - database design patterns for keeping your database applicati...
Tech days 2011 - database design patterns for keeping your database applicati...Tech days 2011 - database design patterns for keeping your database applicati...
Tech days 2011 - database design patterns for keeping your database applicati...Charley Hanania
 
Designing and developing your database for application availability
Designing and developing your database for application availabilityDesigning and developing your database for application availability
Designing and developing your database for application availabilityCharley Hanania
 
Pass chapter meeting - november - partitioning for database availability - ch...
Pass chapter meeting - november - partitioning for database availability - ch...Pass chapter meeting - november - partitioning for database availability - ch...
Pass chapter meeting - november - partitioning for database availability - ch...Charley Hanania
 
Swiss pass chapter deck lausanne - june 2011
Swiss pass chapter deck lausanne - june 2011Swiss pass chapter deck lausanne - june 2011
Swiss pass chapter deck lausanne - june 2011Charley Hanania
 
Swiss pass chapter deck - zurich - april 2011
Swiss pass chapter deck - zurich - april 2011Swiss pass chapter deck - zurich - april 2011
Swiss pass chapter deck - zurich - april 2011Charley Hanania
 
Pass camp 2010 - DBA 101 to 401 - From Spring Board to Deep Wreck Dives
Pass camp 2010 - DBA 101 to 401 - From Spring Board to Deep Wreck DivesPass camp 2010 - DBA 101 to 401 - From Spring Board to Deep Wreck Dives
Pass camp 2010 - DBA 101 to 401 - From Spring Board to Deep Wreck DivesCharley Hanania
 
Sql server operational best practices notes from the field - charley hanan...
Sql server operational best practices notes from the field - charley hanan...Sql server operational best practices notes from the field - charley hanan...
Sql server operational best practices notes from the field - charley hanan...Charley Hanania
 
Sql server club - performance management methodologies and enhancements in sq...
Sql server club - performance management methodologies and enhancements in sq...Sql server club - performance management methodologies and enhancements in sq...
Sql server club - performance management methodologies and enhancements in sq...Charley Hanania
 
Sql connections germany - migration considerations when migrating your on pre...
Sql connections germany - migration considerations when migrating your on pre...Sql connections germany - migration considerations when migrating your on pre...
Sql connections germany - migration considerations when migrating your on pre...Charley Hanania
 

Mais de Charley Hanania (13)

2024.03.01 - My weakness, Your Glory - Contemplations on Jonah.pptx
2024.03.01 - My weakness, Your Glory - Contemplations on Jonah.pptx2024.03.01 - My weakness, Your Glory - Contemplations on Jonah.pptx
2024.03.01 - My weakness, Your Glory - Contemplations on Jonah.pptx
 
SQLBits 2008 - SQL Server High Availability and Disaster Recovery Overview - ...
SQLBits 2008 - SQL Server High Availability and Disaster Recovery Overview - ...SQLBits 2008 - SQL Server High Availability and Disaster Recovery Overview - ...
SQLBits 2008 - SQL Server High Availability and Disaster Recovery Overview - ...
 
SQL Server Club - SQL Server Enterprise Consolidation - charley hanania
SQL Server Club - SQL Server Enterprise Consolidation - charley hananiaSQL Server Club - SQL Server Enterprise Consolidation - charley hanania
SQL Server Club - SQL Server Enterprise Consolidation - charley hanania
 
Pass chapter meeting dec 2013 - compression a hidden gem for io heavy databas...
Pass chapter meeting dec 2013 - compression a hidden gem for io heavy databas...Pass chapter meeting dec 2013 - compression a hidden gem for io heavy databas...
Pass chapter meeting dec 2013 - compression a hidden gem for io heavy databas...
 
Tech days 2011 - database design patterns for keeping your database applicati...
Tech days 2011 - database design patterns for keeping your database applicati...Tech days 2011 - database design patterns for keeping your database applicati...
Tech days 2011 - database design patterns for keeping your database applicati...
 
Designing and developing your database for application availability
Designing and developing your database for application availabilityDesigning and developing your database for application availability
Designing and developing your database for application availability
 
Pass chapter meeting - november - partitioning for database availability - ch...
Pass chapter meeting - november - partitioning for database availability - ch...Pass chapter meeting - november - partitioning for database availability - ch...
Pass chapter meeting - november - partitioning for database availability - ch...
 
Swiss pass chapter deck lausanne - june 2011
Swiss pass chapter deck lausanne - june 2011Swiss pass chapter deck lausanne - june 2011
Swiss pass chapter deck lausanne - june 2011
 
Swiss pass chapter deck - zurich - april 2011
Swiss pass chapter deck - zurich - april 2011Swiss pass chapter deck - zurich - april 2011
Swiss pass chapter deck - zurich - april 2011
 
Pass camp 2010 - DBA 101 to 401 - From Spring Board to Deep Wreck Dives
Pass camp 2010 - DBA 101 to 401 - From Spring Board to Deep Wreck DivesPass camp 2010 - DBA 101 to 401 - From Spring Board to Deep Wreck Dives
Pass camp 2010 - DBA 101 to 401 - From Spring Board to Deep Wreck Dives
 
Sql server operational best practices notes from the field - charley hanan...
Sql server operational best practices notes from the field - charley hanan...Sql server operational best practices notes from the field - charley hanan...
Sql server operational best practices notes from the field - charley hanan...
 
Sql server club - performance management methodologies and enhancements in sq...
Sql server club - performance management methodologies and enhancements in sq...Sql server club - performance management methodologies and enhancements in sq...
Sql server club - performance management methodologies and enhancements in sq...
 
Sql connections germany - migration considerations when migrating your on pre...
Sql connections germany - migration considerations when migrating your on pre...Sql connections germany - migration considerations when migrating your on pre...
Sql connections germany - migration considerations when migrating your on pre...
 

Último

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 

Último (20)

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 

TehDays Basel - Auditing in sql server 2012 - charley hanania - tech days basel 2012

  • 1. IT Pro Day Auditing in SQL Server 2012 Charley Hanania Principal Consultant, QS2 AG – Quality Software Solutions www.qs2.ch
  • 2. Now: • Database Consultant at QS2 AG Formerly: • Production Product Owner of MS SQL Server Platform at UBS Investment Bank IT Professional since 1992 SQL Server Certified since 1988 • On SQL Server since 1995 • Version 4 on OS/2 Community • Microsoft MVP: SQL Server • PASS Chapter Leader – Switzerland • PASS Regional Mentor – Europe • European PASS Conference Lead • International Event Speaker • MCT Regional Lead (Switzerland) • Database Days Conference Switzerland Lead B.Sc (Computing), MCP, MCDBA, MCITP, MCTS, MCT, Microsoft MVP: SQL Server, MCT Regional Lead (Switzerland)
  • 4. Agenda Overview SQL Server Audit Framework Policy Based Mgt Framework Wrap-Up
  • 5. Overview of regulatory standards and
  • 6. The Compliance and Policy EcosystemWhy all this is so important…
  • 7. 1. Identify Issues and Risks 2. Develop Policies to mitigate them 3. Architect Procedures & Solutions (frameworks) to meet (comply with) Policies 4. Implement methods to report compliance levels 5. Implement methods & countermeasures for exceptions and comprised systems 6. Implement Process Improvement methodologies for framework maturity
  • 8. Major frameworks used for establishing IT controls…
  • 9. • AICPA/CICA Trust Services, Principles, and Criteria • Carnegie Mellon University Software Engineering Institute (CMU/SEI) OCTAVE • CICA CoCo – Criteria of Control Framework • CICA IT Control Guidelines • CMMI – Capability Maturity Model Integration • CobiT – Control Objectives for Information and related Technology • COSO – Internal Control Integrated Framework • GAISP – Generally Accepted Information Security Principles • ISF Standard of Good Practice for Information Security • ISO 17799:2005 • ISO 9000 • ITIL – the IT Infrastructure Library • Malcolm Baldridge National Quality Program • Organization for Economic Cooperation and Development (OECD) Principles of Corporate Governance • OPMMM – Organizational Project Management Maturity Model • Six Sigma • OECD - Organization for Economic Cooperation and Development Guidelines on the Protection of Privacy and Transborder Flows of Personal Data • NIST SP 800-53 - Recommended Security Controls for Federal Information Systems • The FFIEC Information Technology Examination Handbook series The major players in the IT framework arena are: source: www.unifiedcompliance.com Note:  There is no single framework that is all encompassing and "complete"  Some frameworks focus on process maturity analysis and others focus more on standardised policies and checklists.  These frameworks are used to bring organisations closer to compliance with one or more regulatory standards
  • 11. • Complex DBMS :: packed with features.
  • 12. SQL Server Audit Framework
  • 14. • Based on Extended Events • Components: SQL Server Audit
  • 16. Enhancements in SQL Server 2012 SQL Server Audit Framework
  • 17. • SQL Server Auditing is more resistant to auditing destination failures • Audit log records additional T-SQL stack frame information when available • Audit information is filtered before it is written into the audit target • Maximum number of audit files available • Stored procedure - sp_audit_write • New columns in audit related views and functions
  • 19. Policy Based Mgt Framework
  • 21. •A framework which exposes sql server's properties as facets, allows you to create conditions which report back the status of those facets, and then create policies around those conditions. •You can just report on those or enforce them. You can also import and export them and apply them to multiple servers. Policy Based Management
  • 26. The Audit Feature is enhanced in SQL Server 2012 It is a tool in the “Security and Compliance” arsenal It needs to be architected into the overall operational strategy, alongside strategic tools, policies and processes.
  • 27. REGISTER NOW AND GET 10% OFF DISCOUNT CODE: CHMTD12 (Valid until December 10, 2012) • A Preconference Day with 5-7 parallel technical workshops, focussed on critical role-based skills for Data Professionals. • Two days of conference seminars across 3 technical tracks: - Database Administration - Business Intelligence - Data Platform Application Development. Check out www.databasedays.com
  • 29. Can Enterprise Roles be Audited? Eg Administrators? • yes, but not out of the box. A deeper look at how AD groups and segregations of rights are implemented is needed, and the application of auditing against these should then be done. Which Editions is audit available on? • All editions, but with limitations. Enterprise Edition allows for more granular auditing that is unavailable in the other SKU’s Which SKU’s is PBM available on? Why would reducing the queue delay to 0 in the Audit properties have an negative effect on performance? • Reducing the delay to 0 tells the audit feature to work in synchronous mode, so every write to the log needs to be persisted before it is released. This essentially has a similar effect to what the transaction log has on the system from a commit perspective. • Also, if flushes occur too frequently, it may have detrimental effects as the disk subsystem may be slow or overloaded. • When set to say 10,000 (10 seconds) it will only flush the buffer if it is full, or it has reached the timer value specified.
  • 31. Email: Charley.Hanania@sqlpass.org Website: http://www.sqlpass.ch Twitter: http://www.twitter.com/CharleyHanania Blog: http://blogs.mssqltips.com/blogs/charleyhanania Linked-in: http://www.linkedin.com/in/charleyhanania Database Days: http://www.databasedays.com

Notas do Editor

  1. SQL Server as a complex DBMS comes packed with features to cover a wide range of operational and development needs.A group of complementing components focus on Operational Security and Compliance, such as: