UK Oracle User Group


Database Security – The next element of the testing process, Ian Glover, President of the Council of Registered Ethical Security Testers (CREST)

« Return to event

Time: 10:15 AM - 11:00 AM

Track: Track 1

Abstract

CREST is the Council of Registered Ethical Security Testers. It is a not for profit organisation funded by its member organisations who have to meet minimum standards of ethics, methodologies, and technical capability.  

This presentation will describe the background to why CREST was established and the close collaboration between CREST and the UK Government CHECK Scheme.

It will describe the process that organisations have to undertake to become CREST registered and the valuable contribution the member companies make to the ongoing development of CREST and the direction of the testing industry.

It will describe the approach that CREST has adopted to assess the skill and competence of professional ethical penetration testers.  It will describe the difference between CREST certified and registered, penetration testers and how this relates to their career development.  

As the vulnerabilities in infrastructure have been reduced and companies are starting to be more aware of vulnerabilities in the coding of their web sites the next logical place to attack will be the databases.  Attacks are likely to come both internal and external sources and whilst database systems have good security facilities they are often not switched on or are incorrectly configured.

The presentation will discuss what the industry should be doing to address this problem ahead of successful high profile attacks.  It will also discuss what skills and capabilities are required of those that are asked to reverse engineer an incident to ascertain source and resolution.

Biography

Ian Glover has thirty four years experience in information technology and has specialised in professional services for the last twenty eight years.

Ian is the President of the Council of Registered Ethical Security Testers (CREST).  CREST is a not for profit organisation.  It was established to help develop professionalism within the information technology security testing community and provide a development path for individual testers.  The Register is used by private sector organisations to gain a level of assurance that the security testers are competent and that the organisations they work for have appropriate processes and controls in place.  The CREST qualifications have all been assessed and are recognised by the GCHQ, CESG, CHECK scheme.  Ian is currently running a project to develop a set of professional network forensics qualifications with the support of CPNI, CESG and Industry.  The work is also being evaluated by NBISE (National Bureau of Information Security Examiners) in the USA.

Ian is the Chairman of the CLAS Forum.  The Forum was established at the request of central government to provide a representative body for 800+ CLAS members in order to: promote the interests of the CLAS community; provide a more structured view of member concerns and issues to CESG and promote professionalism within the CLAS scheme.  This is an elected role funded by CESG.

Ian is a Fellow of the Business Continuity Planning Institute (BCI) and was voted Business Continuity Consultant of the year in 2001 and 2003.

He is also part of the project team to build the next land speed record car, Bloodhound SSC which is aiming to break the existing record and exceed 1,000 mph with the aim of providing and inspirational project to encourage youth into science maths and engineering.

Prior to this Ian was one of the founding Partners of Insight Consulting and was Managing Director of Siemens Insight Consulting.   

Top