# Database Security & Governance ## Agenda 1. Database Security - Common challenges - The CIA Model 2. Security 101 - Secure installation - Threat prevention 3. Data Access control - Accounts - Privileges - Account locking - Password management - Identification and authentication (IAM) 4. Data Encryption - Encryption Protocols: SSL/TLS - Vulnerabilities - Certificates - Symmetric & asymmetric encryption 5. Data Governance - Auditing - Compliance - Firewall 6. Performance considerations ## References [1] [CVE (Common Vulnerabilities and Exposures)](https://cve.mitre.org/) [2] [BreachDirectory.com](BreachDirectory.com) [3] [OWASP Top Ten Web Application Security Risks](https://owasp.org/www-project-top-ten/) [4] [Network Security & Database Vulnerabilities](https://www.coursera.org/learn/network-security-database-vulnerabilities) [5] [Mandatory, Discretionary, Role and Rule Based Access Control](https://www.techotopia.com/index.php/Mandatory,_Discretionary,_Role_and_Rule_Based_Access_Control) [6] [What is Zanzibar? (authzed.com)](https://authzed.com/blog/what-is-zanzibar/) [7] [ABAC vs. RBAC: What's the Difference?](https://www.citrix.com/blogs/2022/05/17/abac-vs-rbac-comparison/) [8] [Security and traceability on distributed database systems](https://www.percona.com/resources/videos/security-and-traceability-distributed-database-systems-julien-riou-percona-live) [9] [Improving Security in MySQL](https://www.percona.com/resources/technical-presentations?combine=Security&title=&field_talk_event_value=&field_talk_date_value%5Bvalue%5D%5Byear%5D=) [10] [Enhancing MySQL Security](https://www.percona.com/resources/technical-presentations/enhancing-mysql-security-percona-technical-webinars) [11] [MariaDB Security Features and Best Practices](https://www.percona.com/resources/technical-presentations?combine=Security&title=&field_talk_event_value=&field_talk_date_value%5Bvalue%5D%5Byear%5D=&page=1) [12] [Amazon RDS - Relational Database Service](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.html) [13] [Cloud Database Security - VPC Security Groups.html](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html) [14] [Diffie–Hellman key exchange](https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange) [15] [OpenSSL Encryption](https://www.openssl.org/) [16] [US CISA CYBERSECURITY TRAINING & EXERCISES](https://www.cisa.gov/cybersecurity-training-exercises)