Are you 100% certain you know where you store all of your sensitive or regulated data?
Do you have a policy and systems in place to categorize and track your sensitive or regulated data?
Do you encrypt your sensitive or regulated data at rest?
Are you masking or redacting your sensitive data so that ONLY the users with legitimate needs can see the data?
Do you know when database privileges have been escalated or granted?
Do you have a way to restrict database access by IP?
Can you block database requests that appear abnormal or malicious?
Do you replicate your database data so that you have an “always up” version (not a backup) that you can fail over to with almost downtime and close to zero data loss?
Are you confident that your database data is safe from a targeted ransom attack?
Can you produce a database audit trail of changes to your sensitive or regulated data?