Pittsburgh, Pa., February 10,
2011—Strong computer security is a requirement for all organizations today.
However, building security into an existing business culture can be a complex
undertaking. The CERT insider threat and resilience management teams at the Carnegie Mellon Software Engineering Institute
(SEI) work to help organizations launch enterprise-wide security efforts and
improve existing security programs. Next week, they'll be sharing their most
recent research findings and solutions at the RSA 2011 Conference in San
Insider attacks affect more than half of all organizations. Does your
organization have sufficient controls in place to detect or prevent an insider
attack? Dawn Cappelli and Joji Montelibano of the SEI's CERT Insider Threat Center will present a session discussing how to
combat insider threat using strategies developed and tested in the CERT Insider
Threat Lab. The session will feature recreations of actual insider crimes and will
demonstrate how each of the crimes could have been prevented using technical
and non-technical countermeasures. The session will emphasize the importance of
communication between business units to combat insider threat and share
solutions that attendees can use to complement their current defensive posture.
IT Sabotage: Technical Solutions from the CERT Insider Threat Lab
February 15, 2011, at 3:40 p.m.
Where: RSA 2011 Conference, Moscone Center,Red Room 104
Presenters: Dawn Cappelli, Technical Manager, CERT and Joji Montelibano, Insider Threat Technical
Team Lead, CERT
It's necessary to secure infrastructure, systems, and information, but
how do you determine how well your systems are going to perform during a cyber
attack? If faced with an attack, can you keep functioning at an adequate level
of performance and not put your organization at risk?
Julia Allen and James Cebula of the SEI CERT resilience management team
will lead a session that will discuss the building blocks of risk and
demonstrate the concepts and principles of operational risk. They will also
introduce several relevant aspects of the CERT Resilience Management Model
(CERT-RMM), which defines processes for managing operational resilience in
complex risk-evolving environments.
and Resilience: Considerations for Information Security Risk Assessment
February 16, 2011, at 10 a.m.
Where: RSA 2011 Conference, Moscone Center,Orange Room 300
Presenters: Julia Allen, Senior Researcher, CERT and James Cebula, Information and Infrastructure
Security Analyst, CERT
If you wish to speak with any of the presenters from the Software
Engineering Institute CERT Program, please stop by the SEI booth (#2158) or
contact Dana Hanzlik at 412-999-6947 or via e-mail at email@example.com.
About the Carnegie Mellon
Software Engineering Institute and the CERT Program
The Software Engineering Institute (SEI) is a federally funded research
and development center sponsored by the U.S. Department of Defense and operated
by Carnegie Mellon University. The SEI helps organizations make measurable
improvements in their software engineering capabilities by providing technical
leadership to advance the practice of software engineering. For more
information, visit the SEI website at http://www.sei.cmu.edu.
The CERT Program serves as a center of enterprise and network security
research, analysis, and training within the Software Engineering Institute. For
more information, visit the CERT website at http://www.cert.org.