SMP/E Abused
Project and Program:
Enterprise Data Center,
Security and Compliance
Tags:
Proceedings,
SHARE Sacramento 2018,
2018
If you are an experienced systems programmer, there's a strong possibility you have a working or expert knowledge of SMP/E. However, if your role is in security, governance, application development or risk management - then there is a good chance SMP/E is still a mystery.
This talk will show you 2 sides of SMP/E.�In the first half of the talk, Mark will explain the primary functions of SMP/E and dig into some technical detail on how it works. Included in this will be the core data sets, operations, who uses SMP/E in the enterprise, and how to get information out of SMP/E.
In the second half of the talk, Chad will explain how incorrect (or even correct) security controls applied to SMP/E could leave your organization at extreme risk. Given the trusted nature of the software installed by SMP/E - any compromise of its underlying framework or datasets could be catastrophic. Chad will demonstrate how a knowledgeable adversary could use SMP/E against you by installing malicious during your normal course of operations.
Attendees will come away with a better understanding of the technical uses and operation of SMP/E as well as understanding what controls, if compromised, could result in a material breach of system integrity.-Mark Wilson-RSM Partners; Chad Rikansrud-RSM Partners Ltd
Back to Proceedings File Library