Pittsburgh, Pa., February 10, 2011—Strong computer security is a requirement for all organizations today. However, building security into an existing business culture can be a complex undertaking. The CERT insider threat and resilience management teams at the Carnegie Mellon Software Engineering Institute (SEI) work to help organizations launch enterprise-wide security efforts and improve existing security programs. Next week, they'll be sharing their most recent research findings and solutions at the RSA 2011 Conference in San Francisco.

Insider Threat
Insider attacks affect more than half of all organizations. Does your organization have sufficient controls in place to detect or prevent an insider attack? Dawn Cappelli and Joji Montelibano of the SEI's CERT Insider Threat Center will present a session discussing how to combat insider threat using strategies developed and tested in the CERT Insider Threat Lab. The session will feature recreations of actual insider crimes and will demonstrate how each of the crimes could have been prevented using technical and non-technical countermeasures. The session will emphasize the importance of communication between business units to combat insider threat and share solutions that attendees can use to complement their current defensive posture.

Title: Combat IT Sabotage: Technical Solutions from the CERT Insider Threat Lab
When: Tuesday, February 15, 2011, at 3:40 p.m.
Where: RSA 2011 Conference, Moscone Center,Red Room 104
Presenters: Dawn Cappelli, Technical Manager, CERT and Joji Montelibano, Insider Threat Technical Team Lead, CERT

Resilience Management

It's necessary to secure infrastructure, systems, and information, but how do you determine how well your systems are going to perform during a cyber attack? If faced with an attack, can you keep functioning at an adequate level of performance and not put your organization at risk?

Julia Allen and James Cebula of the SEI CERT resilience management team will lead a session that will discuss the building blocks of risk and demonstrate the concepts and principles of operational risk. They will also introduce several relevant aspects of the CERT Resilience Management Model (CERT-RMM), which defines processes for managing operational resilience in complex risk-evolving environments.

Title: Risk and Resilience: Considerations for Information Security Risk Assessment
When: Wednesday, February 16, 2011, at 10 a.m.
Where: RSA 2011 Conference, Moscone Center,Orange Room 300
Presenters: Julia Allen, Senior Researcher, CERT and James Cebula, Information and Infrastructure Security Analyst, CERT

If you wish to speak with any of the presenters from the Software Engineering Institute CERT Program, please stop by the SEI booth (#2158) or contact Dana Hanzlik at 412-999-6947 or via e-mail at dhanzlik@sei.cmu.edu.

About the Carnegie Mellon Software Engineering Institute and the CERT Program
The Software Engineering Institute (SEI) is a federally funded research and development center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University. The SEI helps organizations make measurable improvements in their software engineering capabilities by providing technical leadership to advance the practice of software engineering. For more information, visit the SEI website at http://www.sei.cmu.edu. The CERT Program serves as a center of enterprise and network security research, analysis, and training within the Software Engineering Institute. For more information, visit the CERT website at http://www.cert.org.