Recorded Live:December 7, 2010
CLICK HERE to register for this Web Conference
Click here to download presentation slidesWeb Conference Overview:
Insiders, by virtue of legitimate access to their organizations’ information and IT infrastructure, pose a significant risk to employers. Employees, motivated by financial problems, greed, revenge, the desire to obtain a business advantage, or the wish to impress a new employer, have stolen confidential data, proprietary information, or intellectual property from their employers. Furthermore, investigations reveal that stolen credentials and SQL injection attacks were implicated in over 90% of data breaches, allowing cyber criminals to exploit trusted relationships within the organization to perpetrate their attacks.
Our speakers will discuss the escalating risk of insider threat as well as strategies and solutions your organization should consider.
Roxana Bradescu - Director of Database Security Products, Oracle
Protecting Data at the Source
Presentation Overview:Two thirds of sensitive and regulated data resides in databases. Yet most IT Security programs fail to protect data at the source - the database – and address the primary sources of threats that databases face today: insider attacks by privileged users or compromised web applications. In this presentation by Roxana Bradescu, Director of Database Security Products at Oracle, you will hear about these evolving threats to databases and learn how adopting a defence-in-depth strategy Oracle Database Security solutions can keep your mission critical information from falling into the wrong hands as well as help ensure data privacy and regulatory compliance.
Speaker Biography:Roxana is responsible for bringing Oracle’s database security portfolio to market. Roxana has more than 20 years of professional experience, and has held senior product marketing and management positions delivering consumer and enterprise security solutions. She has held senior product management and development positions at VeriSign, Excite@Home, and Sun Microsystems as well as several startup companies. She started her career at AT&T Bell Labs where she worked on the NSF InterNIC Directory and Database Services and IETF standards. She holds an MS in Computer Science from Columbia University in New York City, and a BS Summa Cum Laude in Econometrics from Georgia State University.
Randy Trzeciak - CERT / Software Engineering Institute, Insider Threat Center @ CERT
Risk Mitigation Strategies: Lessons Learned from Actual Insider Attacks
Presentation Overview:Since 2001 CERT’s insider threat team has built an extensive library and comprehensive database containing hundreds of actual cases of insider cyber crimes. This presentation will focus on three primary types of insider cyber crimes: IT sabotage, theft of intellectual property (e.g. trade secrets), and employee fraud. For each type of crime, a "crime profile” will be presented which describes who committed the crimes, their motivation, organizational issues surrounding the incidents, methods of carrying out the attacks, impacts, and precursors that could have served as indicators to the organization in preventing the incident or detecting it earlier.
Speaker Biography:Randy Trzeciak is currently a senior member of the technical staff at CERT. He is the insider threat team lead; a team focusing on insider threat research; threat analysis and modeling; assessments; and training. Randy has over 20 years experience in software engineering, database design, development, and maintenance, project management, and information security. He also is an adjunct professor at Carnegie Mellon’s Heinz College, School of Information Systems and Management. Randy holds an MS in Management from the University of Maryland and a BS in Management Information Systems and a BA in Business Administration from Geneva College.
Alexander Hutton,Research and Intelligence Principal, Verizon Business
2010 Data Breach Investigations Report Findings
Presentation Overview:The 2010 Verizon Data Breach Investigations Report, based on a first-of-its kind collaboration with the U.S. Secret Service looked at 900 plus breaches involving more than 900 million compromised records, and found that breaches of electronic records over the past year involved more insider threats, greater use of social engineering and the continued strong involvement of organized criminal groups. In this session Alexander Hutton will present the report findings and their implications for organizations trying to prevent data breaches.
Speaker Biography:Alexander Hutton is a Sr. Consultant/analyst in risk intelligence with Verizon Business. Mr. Hutton has served as consultant and auditor on the topics of information risk and security for over 15 years, serving companies from Fortune 10 to the SMB markets.
He is a co-author of the Data Breach Investigation Report, writes regular for the Verizon Security blogs, and the New School of Information Security Blog.
Our sponsor Oracle would like to provide everyone who registered, complementary access to the Oracle Database Security Resource Kit which contains valuable information such as whitepapers, demos, and case studies to help you take advantage of your data management platform – your database – to protect data against insider threats as well as meet regulatory compliance. Please click here for more information.