PGCon2016 - 20180510
PGCon 2016
The PostgreSQL Conference
| Speakers | |
|---|---|
|
Christophe Pettus |
| Schedule | |
|---|---|
| Day | Talks - Day 2 - 2016-05-20 |
| Room | DMS 1110 |
| Start time | 13:00 |
| Duration | 00:45 |
| Info | |
| ID | 902 |
| Event type | Lecture |
| Track | Applications |
| Language used for presentation | English |
The PCI Compliant Database.
... yours probably is not.
Securing a database to the level required by PCI is hard; we'll go over what is required.
Everyone talks about database security, but what are we really doing about it?
The Payment Card Industry standards specify what you need to do in order to store credit and debt card information in your database. If you store that information, you have to comply. Even if you don't store that information, it's a good reference point for what it takes to actually secure a database.
We'll discuss all aspects of what the PCI standard requires of your database, including:
- Firewalls and network infrastructure.
- Security policies.
- Data security at the database level.
- Data security in flight.
- Client-level security.
- Development and operational requirements for security.
While structured in the context of the PCI standard, the information is useful for anyone who maintains sensitive information in a database, and that's nearly everyone.