I am looking to send one of my dba's for training specifically in sql server security. I know many of the classes include some training in areas like creating users, database roles, etc. but what I am looking for is something more thorough than that. Basically I am looking for classes that are specifically geared to every facet of sql security, best practices, data intrusion prevention, data and database encryption, network data segmentation, defining security policies, security auditing, anything and everything. Does anyone have any suggestions for any classes we could look into?
You might want to check into training courses dealing with Comptia Security+ or CISSP courses. Those would get very detailed into general security best practices, outside of SQL Server context. Some of those topics are generalized to IT security so most SQL Server courses are not going to cover them that I am aware of.
The short answer is you're not going to find any security specific training for SQL Server. Denny Cherry, Don Kiely, and I do sessions at SQL Saturdays, SQL Connections, and the PASS Summit, but so far as I am aware, only one of us proposed a security pre-con for SQL Rally, but it wasn't picked by the community. Therefore, the best resources are books. There's Denny's book, mine (How to Cheat at Securing SQL Server 2005 from Syngress), Kevvie Fowler's SQL Server Forensics, and then the general stuff as Shawn mentioned. Given what you're asking, I would not waste my time on CISSP books or courses because those are considered management certs and too high level and conceptual for what you're looking for. Security+ is better, but probably the SANS GIAC curriculum is your best bet.
Thanks for all the responses. It sounds like everyone had the same responses I expected. As a matter of fact I am sending one of my other dba's to a sqlskills training in October. However, we did come across this course,
http://www.verhoef-training.com/courses/SSSEC.html, I know it current says 2005 but we have spoken to them and they just have not updated their site and they do the same training only for 2008. Has anyone had any experience with this training company?