I just listened to the Tuesday, May 09 2006 webcast entitled “Ask The Expert Webcast: Who’s Guarding the Guards? Employing a Privileged User Monitoring Strategy” on the SANS webcast archive page at
https://www.sans.org/webcasts/archive.php
Too much ground was covered and it could have been better organized, but I’m still recommending this webcast because there were some valuable nuggets of information that I was able to pick out of the torrent of exposition.
I was not aware, for example, that behavioral analysis of database usage is being deployed to identify potential insider abuse like credit card data collection. The webcast also asserted that the majority of serious breaches were committed by employees with five to ten years of service: long enough to gain the requisite levels of experience, trust and privileged access to sensitive–and saleable–data.
What amazed me was the scope of the problem: 300 to 400 billion dollars per year. Now I understand why drug tests and credit checks are becoming part of the IT employee vetting process, though I do not approve. In the final analysis, only the Lord beholds the soul and recourse is had to imperfect substitutes due to the Deity’s lamentable absence from the hiring process