ISSA - Metro Atlanta Chapter of Information Systems Security Ass    
 
HomeInformation Security Atlanta
EventsInformation Security Atlanta
MembershipInformation Security Atlanta
Career ResourcesInformation Security Atlanta
SponsorshipInformation Security Atlanta
Contact UsInformation Security Atlanta
 
Andrew Herlands

Andrew Herlands

The Rise of the Insider Threat at the Database Level Application Security, Inc.
and How to Counter Privileged Users of Sensitive Information 

Andrew Herlands, Director of Enterprise Solutions
Application Security, Inc.

Presentation Abstract:
The insider threat is real and growing. According to industry experts, over 70% of database attacks originate from the inside, and insider threats are emerging as the top concern for most IT professionals. Often, insider attacks are premeditated and deliberate - but organizations must also recognize that data violations can come in the form of non-malicious insiders who inadvertently access and distribute sensitive information.

At the database level, information assets are increasingly exposed, particularly where access is granted to employees, contractors and partners. With more entry points on any network, the past few years have seen dramatic increases in the theft and abuse of data at the enterprise level. The capacity to harm a company through manipulating a corporate database has given rise to inappropriate user activity from inside an organization, and remains largely unaddressed and difficult to prevent.

In response to this growing problem, security professionals are proactively seeking ways to combat the insider threat. This presentation will provide:

  • Real-life illustrations of specific insider attack scenarios and how to identify them
  • An understanding of database access controls and policies that will prevent unauthorized access
  • Suggested remediation steps through tamper-evident monitoring systems
  • Methodologies on how to implement actionable plans to protect their enterprise database assets

Bio:
Andrew Herlands is the Director of Enterprise Solutions for Application Security, Inc., a leading provider of database security solutions. In his current role, Andrew is responsible for the strategic planning, architecture, and deployment of data security solutions to meet the needs of organizations across all industries all over the world. Just prior to Application Security, Andrew served as a Director of Network Security Solutions at SafeNet, as well as a number of other positions that helped build the organization to being a true "global leader in information security".

With nearly two decades of experience, Andrew has helped organizations of all sizes ranging from startups to some of the largest publicly traded companies in the world. He also continues to provide his insight and knowledge by participating on panels, and speaking at conferences such as InfoSec and the RSA Security Conference.

Andrew is a Certified Information Systems Security Professional, and has received extensive security technology training. He earned his Bachelor of Science degree in Corporate Communications from Ithaca College, and currently lives in New York City.


top | previous page email page | print

Speakers
ISSA Metro Atlanta Chapter Sponsors

Cyber-Ark

Excelovation

Fishnet Security
Infoblox

Kaspersky Lab

PricewaterhouseCoopersMcAfee

Mission Critical Systems

NitroSecurity

Qualys
Sourcefire 

Stonesoft 

TippingPoint 
 
     
ISSA - Information Systems Security Association - Metro Atlanta Chapter
Events · Membership · Career Resources · Sponsorship · Annual Conference
Register ·
User Account · search · Home · Contact Us

Website Strategy and Implementation
provided by Excelovation, Inc.
Computer security and web hosting
provided by Emerald Data Networks