FISMA News

BMC Software and Guardium Host Webcast to Share Best Practices for Government Database Security and Compliance

(July 23, 2008)-- Guardium, the database security company, and BMC Software are hosting a Webcast to provide government agencies with effective strategies for safeguarding Personally Identifiable Information (PII) in sensitive databases and easily complying with OMB M-06-16. The OMB directive states that government departments and agencies must log all extracts "from databases holding sensitive information and verify each extract including sensitive data has been erased within 90 days or its use is still required."

Major government agencies, such as the Federal Trade Commission, have already improved database security and addressed compliance regulations by deploying Guardium's database activity monitoring (DAM) solution. Guardium 7 monitors and tracks all access to sensitive data, across all major DBMS platforms and applications, without impacting database performance or requiring changes to applications.

In this session, participants will learn how to:
-- Simplify compliance with automated reports for OMB M-06-16, the Federal Information Security Management Act (FISMA), and other best practices controls based on industry guidelines such as SAS70, the Payment Card Industry Data Security Standard (PCI-DSS), and Sarbanes-Oxley.
-- Block privileged users from unauthorized access to sensitive database tables, without the risk of blocking legitimate access and while allowing privileged users - such as outsourced DBAs and developers - to continue performing routine administrative tasks such as backups.
-- Prevent unauthorized changes to key systems, such as PeopleSoft, SAP and Oracle Financials, with closed-loop change control that leverages existing ticketing systems such as BMC Remedy.
-- Perform database vulnerability assessments based on Department of Defense (DoD) standards such as the Database Security Technical Implementation Guide (STIG) and the Center for Internet Security (CIS) Benchmark. These tests identify vulnerabilities such as missing patches, misconfigured privileges, weak passwords and default vendor accounts as well as anomalous behavior such as excessive failed logins and sharing of privileged account credentials.
-- Automate verification, sign-off and escalation processes to reduce the time and effort required for compliance reporting.

Visit www.bmc.com for more information.

Share or bookmarklet this web page at: