Cambridge
Academy
In London
Course Description
Introduction
Database leaders are responsible for protecting some of the organization’s most valuable assets—data—while ensuring availability, performance, and compliance. This advanced program equips database leads with practical methods to design strong security architectures, enforce privacy and access controls, and implement governance and monitoring that reduce risk and support audit readiness across on-prem and cloud database environments.
Course Objectives
By the end of this course, participants will be able to:
· Design database security architectures aligned to risk appetite and regulatory expectations
· Implement robust identity, access controls, and privileged access management for databases
· Apply encryption, key management, and secure configuration baselines effectively
· Strengthen privacy controls: data classification, minimization, masking, and retention
· Build monitoring, auditing, and incident response practices for database environments
· Create an actionable security roadmap and governance cadence for database platforms
Target Audience
This course is designed for:
· Database leads, DBA managers, and senior DBAs
· Data platform and cloud database administrators
· Security engineers and IAM professionals supporting database access controls
· Data governance, privacy, and compliance professionals working with database teams
· IT risk, internal audit, and controls professionals overseeing data environments
Course Outlines
Day 1: Database Security Foundations & Threat Modeling
· Database threat landscape: common attack paths, misconfigurations, and insider risk
· Security principles for database platforms: least privilege, defense-in-depth, and segmentation
· Database security architecture overview: network, identity, data, and monitoring layers
· Data classification and sensitivity: mapping data types to control requirements
· Activity: Database security posture assessment + threat model for a critical database
Day 2: Identity, Access Controls & Privileged Access Management
· Access control models: RBAC/ABAC concepts and role design for DB environments
· Privileged access management (PAM): admin separation, just-in-time access concepts, session controls
· Authentication approaches: SSO/federation concepts, MFA, and service accounts governance
· Authorization controls: schema/object permissions, row/column-level security concepts
· Workshop: Design an access model (roles, permissions, approval workflow, and SoD matrix)
Day 3: Privacy Controls, Encryption & Secure Configuration
· Encryption at rest and in transit: implementation concepts and common pitfalls
· Key management concepts: rotation, separation of duties, and recovery procedures
· Data masking and tokenization concepts: protecting sensitive fields in non-production
· Secure configuration baselines: hardening, patching discipline, and vulnerability management
· Practical activity: Build a database security baseline checklist + privacy control plan
Day 4: Monitoring, Auditing & Incident Response for Databases
· Audit logging: what to log (access, changes, queries) and retention considerations
· Anomaly detection concepts: suspicious queries, privilege abuse, and exfiltration indicators
· Database activity monitoring (DAM) concepts and alert triage workflows
· Incident response integration: evidence handling, containment, and recovery actions
· Case study: Simulated database breach scenario (triage, actions, and communications)
Day 5: Governance, Compliance & Security Roadmap
· Database security governance: policies, standards, and control ownership
· Compliance alignment: audit readiness, evidence packs, and control testing approach
· Third-party and cloud database considerations: shared responsibility and vendor controls
· Operational cadence: access reviews, patch cycles, monitoring reviews, and continuous improvement