IT sabotage. Intellectual property theft. Employee fraud. These are the three most common insider threats to organizations. But what are the successful solutions for detecting and preventing these crimes? Register for this session to hear first-hand from leading researchers and authors Dawn Cappelli and Randy Trzeciak, as well as security expert and author Christine Meyers:
What motivates insiders to commit crimes;
Most common methods of attack;
Solutions you can use to stop these incidents before they cause damage.
The insider threat: It's a top challenge for any organization, and it's one that Dawn Cappelli and Randy Trzeciak have studied for over a decade.
Cappelli and Trzeciak are both leaders with the CERT Program at Carnegie Mellon University's Software Engineering Institute, and they are the author of a new book, The CERT Guide to Insider Threats.
In their work, these researchers have uncovered the three most common types of insider crimes:
IT Sabotage: An insider's use of IT to direct specific harm at an organization or an individual. Common crimes: Deletion of information; bringing down systems; web site defacement to embarrass an organization.
Theft of Intellectual Property: An insider's use of IT to steal intellectual property from the organization. This category includes industrial espionage involving insiders, and among the criminals' targets: Proprietary engineering designs, scientific formulas; source code; confidential customer information.
Fraud: An insider's use of IT for the unauthorized modification, addition or deletion of an organization's data (not programs or systems) for personal gain, or theft of information that leads to fraud (identity theft, credit card fraud). Typical crimes: Theft and sale of confidential information (SSN, credit card numbers, etc.); modification of critical data for pay (driver's license records, criminal records, welfare status); stealing of money (financial institutions, government organizations).
In this session, Cappelli and Trzeciak will discuss each of these models of insider crimes, including case studies that detail potential indicators that your organization is at risk.
They will be joined by Christine Meyers, Director of Attachmate's Enterprise Fraud Management solutions, and overseer of the Luminet product. She will discuss security controls that will help detect and prevent these costly insider crimes. She will also provide a 6 step guide to reducing risk across the enterprise.
Cappelli is Vice President and CISO, at Rockwell Automation. She is responsible for design and execution of Rockwell's insider risk management program to deter, detect and respond to malicious insider activity across the global enterprise while protecting privacy and civil liberties of employees. Cappelli joined Rockwell from Carnegie Mellon University where she was founder and director of the CERT Insider Threat Center. She is recognized as one of the world's leaders in insider threat mitigation, and has worked with government and industry leaders on national strategy issues.
Director - Enterprise Fraud Management, Attachmate
Meyers is the Director of Attachmate's Enterprise Fraud and Compliance solutions, and overseer of the Luminet product. She has been writing on emerging technologies, security, risk and compliance for over a decade on issues related to enterprise fraud, investigation, and behavioral analytics.
Trzeciak heads a team focusing on insider threat research, threat analysis and modeling, assessments and training. He has more than 20 years of experience in software engineering, focusing on database design, development and maintenance. In addition to his role with CERT, he is an adjunct professor at Carnegie Mellon's Heinz College, Graduate School of Information Systems and Management.