• Irongeek Security
• Hacking Illustrated Videos
• InfoSec Articles
• Mobile Pen-testing Tools
• Apps/Scripts
• Reviews
• RSS
• Your IP
• Podcasts
• Hoosier Hackers
• Newscat
• Links
• Contact
• Forums
• Workout
• Nutrition
• Supplements
• Humor
• Irongeek Campuses
• Fed Watch
• Books
• Store
• About
• Follow @irongeek_adc

Insider Attacks: The How’s, Why’s, and What to Do’s
Dr. Eugene Schultz 

        An insider attack is intentional misuse by individuals who are authorized to use computers and networks. Insider attacks result in more financial and other loss than another other type of attack. Worse yet, detecting insider attacks is one of the most difficult tasks facing information security professionals, but an increasing amount of information about the nature of these attacks and strategies that inside attackers use, and ways of both preventing these attacks and/or limiting the damage that they can cause is becoming available. Based on this information, this talk describes the major types of risk resulting from the insider attacks, major types of insider attacks and motives for these attacks, appropriate information security policy provisions relevant to insider risks, how to better predict and detect insider attacks, and how to respond appropriately when insider attacks occur.

        About the speaker: CTO at Emagined Security, previous manager of an information security practice and national incident response team, and retired professor of computer science at University of CA at Berkeley.  Gene is the author/co-author of a book on Unix security, another on Internet security, a third on Windows NT/200, a fourth on incident response, and the latest on intrusion detection and prevention.  He is the former Editor-in-Chief of Computers and Security (2002-2007), is an associate editor for Network Security, is a SANS instructor and member of SANS NewsBites, has co-authored the 2005 & 2006 Certified Information Security Manager preparation materials, and is on the technical advisory board of three companies.  He has received numerous industry and academic awards and has even provided expert testimony before committees in the US Senate and House of Representatives. 

Download link: http://blip.tv/file/get/Irongeek-2009LMIEugeneSchultz444.mp4

Descriptions and details from http://www.louisvilleinfosec.com, with small edits.
Thanks to Lee Pfeiffer and the student volunteers for handling the video the day of the conference, and Brian Blankenship for editing the videos.

Printable version of this article