SlideShare uma empresa Scribd logo

FRSecure Sales Deck

Transferir como PPT, PDF
Evan Francen
Evan Francen

FRSecure Sales Deck

Tecnologia
1 de 35
Corporate and Services Overview
• About Us • Information Security Explained • The Need for Information Security • Information Security Assessment Overview • Information Security Assessment Deliverables • Full-Service Consulting Presentation Topics
• What’s in it for them? • What’s in it for you? • Preliminary Assessment • Who else do we work with? • Where can you find us? • What’s the bottom line? Presentation Topics (cont.)
• Formed in 2008, FRSecure LLC is a full-service information security consulting company dedicated to information security education, awareness, application, and improvement. FRSecure helps clients understand, design, implement, and manage best-in-class information security solutions; thereby, achieving optimal value for every information security dollar spent. • Regulatory and industry compliance is built into all of our solutions. • Over 50 successful assessments performed in the past 18 months About Us
• EVAN FRANCEN, CISSP CISM • President • Over 15 years as a leading information security professional and corporate leader in both private and public companies • Well versed in governmental and industry-specific regulations, standards and guidelines including ISO/IEC 27002 (17799:2005), HIPAA, GLBA, PCI-DSS, FDA CFR Part 11, SOX and COBIT • Active participant in numerous information security trade associations including ISACA, ISSA, and ISC2 About Us
At FRSecure, our job is to find risks, and we’ve been helping businesses of all sizes and industries for more than 15 years. Our clients include well-known names in: ● Banking ● Insurance ● Accounting ● Health care ● Legal ● Data storage ● Mortgage ● Printing ● And more. About Us
Information Security Explained Fundamentally, Information Security is: The application of Administrative, Physical and Technical controls in an effort to protect the Confidentiality, Integrity, and Availability of Information. “Effective information security requires the assessment and accounting for all risks to information in all of its forms throughout the enterprise. Anything less results in wasted resources and the increased likelihood of catastrophic loss.” – Evan Francen Fundamentally, information security is NOT: • An IT issue; it is a business issue • Compliance-based; it is risk-based
Information Security Explained Administrative Control Questions • Do you have formal information security policies? If so, do your policies adequately cover all areas of information security? • How are your information security policies communicated to employees and relevant 3rd -parties? • Do you have a defined review schedule for your information security policies? • Has your organization defined a formal risk assessment methodology? • Does your organization conduct background checks on potential employees prior to hire? • Do you have an acceptable use policy? • Do you have a formal information security awareness training program?
Information Security Explained Physical Control Questions • Has a risk assessment of physical security been performed? • Should your company utilize a multi-tiered approach to physical security? • Have you developed a physical security policy? • How are public areas in and/or around your facility monitored? • How is roof access at your facility secured? • Do you log the date, time of entry, and time of departure of visitors, contractors, and third-party personnel? • How do you prevent unauthorized access to office spaces? • How do you prevent unauthorized access to restricted areas? • What access controls are implemented for office spaces?
Information Security Explained Technical Control Questions • What are the minimum encryption key strength requirements? • Is your network adequately segmented and controlled to prevent unauthorized access to sensitive information resources? • What types of devices and technologies are used to control the flow of network traffic; especially between different “security zones”? • Has your organization deployed one or more external applications? • Which ports and services are allowed to remain enabled on network devices? • How do you ensure that patches are consistently applied to all devices, applications, and systems? • What types of authentication mechanisms are used to establish a wireless connection?
Information Security Explained In an effort to protect: Confidentiality Ensuring information is disclosed to, and reviewed exclusively by intended recipients / authorized individuals Integrity Ensuring the accuracy and completeness of information and processing methods Availability Ensuring that information and associated assets are accessible, whenever necessary, by authorized individuals The opposite of C. I. A. is D. A. D. (Disclosure, Alteration and Destruction)
The Need for Information Security • It’s the Law • Sarbanes-Oxley Act of 2002 • Gramm–Leach–Bliley Act (GLBA) • FDA CFR Title 21 • Computer Fraud and Abuse Act • Various state and local laws • Protect intellectual property (IP) • Protect Financial Data • Protect Personally Identifiable Information (PII) • Protect other “Confidential” Data • Clinical trial data • Safety data • Regulatory filings 94,000,000 records 8,500,000 records8,500,000 records 130,000,000 records
The Need for Information Security In the news…
The Need for Information Security The consequences of insufficient security • Many times the victim is you, the individual • Loss of competitive advantage • Compromised customer confidence; loss of business • Identity theft • Embarrassing media coverage • Equipment theft • Service interruption • Legal penalties
FRSecure performs an Enterprise Information Security Assessment to determine: • what type of information you need to protect, • the risks related to how you are currently using and protecting information; • and how to best proceed in reducing risks. Information Security Assessment Overview
The FRSecure Information Security Assessment: • Comprehensive – We review and assess all of your current physical, administrative, and technical protections. • Standardized – Our assessment is based on and mapped to the ISO 27002 (17799:2005) international standard • Compliant – Comprehensive enough to satisfy all major industry and regulatory requirements including GLBA, HIPAA, SOX, and various state laws • Functional – The results from our assessment are easily understood and our recommendations are functionally sound Information Security Assessment Overview
How do we assess their current environment? We walk through as many as 3000 aspects of your information security program with you during our assessment. Our questions are tailored around the specific information that you need and want to protect. We focus our questions in these main areas: • Security Policy Management • Corporate Security Management • Organizational Asset Management • Human Resource Security Management • Physical Security Management • Environmental Security Management • Compliance Management • Communications Management • Operations Management • Information Access Control Management • Information Systems Security Management • Information Security Incident Management • Business Continuity Management Information Security Assessment Overview
What do you get from an FRSecure Information Security Assessment? – Executive Summary • Overview of most significant risks • High level mitigation plans – Technical Specification • Detailed documentation of all findings, including risks, risk ratings, and mitigation strategies – Action Plan* • Detailed risk mitigation plan *We don’t just tell you what’s wrong and leave you to figure out how to fix it. Information Security Assessment Deliverables
  How do we help you implement the action plan? We determine the areas where we can make simple, low cost changes that  will improve security significantly.  We then plan and coordinate the  larger changes needed to fully implement the security plan.  We act as your Information Security department, if needed.  We create  policies and procedures, as well as help with training and corporate  acceptance. Once the Action Plan is complete, typically 6-12 months, we will do a second  Assessment to show that your environment is now adequately secure. Implementing the Action Plan
A full accounting of FRSecure’s Services: • Information Security Assessment • Information Security Program Development • Information Security Management • Penetration Testing • Business Continuity Planning • Incident Response • Training & Awareness • Legal Expert Witness and Testimony Full-Service Consulting
Information Security Assessment An independent and objective assessment of your current information security program. We have a keen understanding of practical information security in business,  not just theory and academics.  FRSecure personnel average more than 10  years of direct information security experience.  The reasons for  conducting an information security assessment range from just wanting to  know where you stand, to satisfying compliance requirements.  FRSecure  information security assessments are specifically customized to meet (or  exceed) your objectives and provide you with valuable, actionable  information.  Most of our information security assessments are based on  the ISO 27002 international standard   Full-Service Consulting
Information Security Program Development Cost-effective and customized information security program development that reduces risk and improves efficiency. In order to maximize your information security investments, you need to take  a formal, risk-based approach.  FRSecure has developed cost-effective  information security programs for companies of all shapes and sizes,  public and private, in a variety of industries.  Over the years we have  gained a tremendous amount of experience, and this experience has led to  principles that guide each one of our information security development  projects.  Most organizations know that they need to something in regards  to information security, but don’t have the expertise to implement a  program themselves.   Full-Service Consulting
Information Security Management Leverage years of expertise without the tremendous expense that can accompany it. An information security professional on par with those employed by  FRSecure can be costly and unaffordable for many companies.  After  factoring in salary, benefits, bonuses, and office space, an experienced  information security professional can cost as much as $180,000 annually.   FRSecure saves our clients money by using our proven approach to  information security management.   Full-Service Consulting
Penetration Testing An active evaluation or assessment of your information security controls. You have taken the time and spent the money in an effort to protect your  information assets, but how secure are you?  How effective are your  controls?  The only true way to be sure that your controls are effectively  protecting your information assets is to test them.  Expert engineers who  understand current, real-world threats conduct our penetration testing  services.  Before we start any penetration test, we take the time to  understand your goals and objectives and then customize an approach to  maximize your value.     Full-Service Consulting
Business Continuity Planning Planning that keeps your business in business if bad things happen. The wrong time to find out that your business continuity plan is ineffective is  when you have to use it.  Good business continuity planning keeps your  business up and running through interruptions of any kind; power failures,  IT system crashes, natural disasters, supply chain problems and more.   FRSecure business continuity planning has helped our clients avoid  disaster when disaster strikes. Full-Service Consulting
Incident Response Professional assistance in helping you respond appropriately to an information security incident. Any good information security professional will tell you that it is impossible  to stop all threats to your information security assets.  Realized threats  must be detected promptly and responded to systematically.  A poor  incident response can be more costly than the incident alone.  FRSecure  has responded to hundreds of incidents, which has led to minimized  financial impact, improved processes, and thorough investigations leading  to civil and/or criminal prosecutions.   Full-Service Consulting
Training & Awareness Effective training and awareness programs proven to improve employee compliance with your requirements. Another fact; people present the most significant risks to your company’s  information assets.  Poor information security practices are a common  cause of breaches.  One of the best investments you can make in regards  to information security is in the area of employee training and awareness.   FRSecure has developed and delivered over a thousand hours of  information security training for our clients.   Full-Service Consulting
Legal Expert Witness and Testimony Making a case is difficult enough, but making a case without the right expertise is nearly impossible. We are not lawyers, but we help lawyers understand information security related matters and decipher the facts involved in their cases. We help lawyers win cases for their clients. Full-Service Consulting
• Have you done a SAS70 or are you being asked to perform one? • Are you in a regulated industry? • Has a valued client ever asked you to answer an information security questionnaire? • Do you have a formal information security program? • Do you have problems getting executives or employees to buy into your information security ideas, changes, or programs? • Do you have regular training for employees regarding securing information? • Do you already know that there are holes, but you don’t know what to do about them? • What percentage of your time is spent on information security? What should it be? • What information security challenges do you currently face? • How would you announce a sensitive information breach to the public? • How confident are you that your data protection is what it should be? Good Questions to Ask
Experts that act as their Information Security Department or CSO (Chief Security Officer) Signoff on regulatory compliance issues Signoff on client required security audits Ability to add additional sales channels Competitor differentiation Knowledge that they’re doing everything they can to protect their business. What’s in it for them?
Revenue Sharing • 10% of all realized revenue will be paid as a commission for all revenue generated within 1 year of the original SOW. • This commission will be paid as 1099 income for any business you refer us. Sub Contracting We can also be included in a project as a sub contractor. In this case, we will quote you our cost, and you can mark up as appropriate. What’s in it for you?
We offer a free Preliminary Assessment to any prospective client. A Preliminary Assessment includes a short questionnaire and a 30 minute phone conference with one of our experts. The goal of this Preliminary Assessment is to find out if there is information that needs to be protected, as well as establishing credibility within their organization. Preliminary Assessment
In order to help our clients address specific needs that are outside of FRSecure’s core business, we have established partnerships with respected organization that we are pleased to work with and refer to. Who else do we work with? With more to come!
FRSecure is actively participating online through our Web site, blog, and social media sites. • Web: http://www.frsecure.com • Blog: http://www.breachblog.com • Facebook: http://www.facebook.com/frsecure • Twitter: http://www.twitter.com/frsecure • LinkedIn: http://www.linkedin.com/company/frsecure-llc Coming soon – Redesigned blog and podcasts Where can you find us?
FRSecure is the best solution for you to assess your information security needs, address those needs and partner with you for the future. Questions? Contact Us – info@frsecure.com or http://www.frsecure.com It’s not just protecting your information. It’s protecting your business. What is the bottom line?

Recomendados

ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsKarthikeyan Dhayalan
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security ProgramShauna_Cox
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMBMeHealthCareSolutions
 
The general data protection act overview
The general data protection act overviewThe general data protection act overview
The general data protection act overviewRoy Biakpara, MSc.,CISA,CISSP,CISM,ISO27KLA
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceIT Governance Ltd
 

Recomendados

ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsKarthikeyan Dhayalan
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security ProgramShauna_Cox
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMBMeHealthCareSolutions
 
The general data protection act overview
The general data protection act overviewThe general data protection act overview
The general data protection act overviewRoy Biakpara, MSc.,CISA,CISSP,CISM,ISO27KLA
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceIT Governance Ltd
 
Information security management (bel g. ragad)
Information security management (bel g. ragad)Information security management (bel g. ragad)
Information security management (bel g. ragad)Rois Solihin
 
Developing A Risk Based Information Security Program
Developing A Risk Based Information Security ProgramDeveloping A Risk Based Information Security Program
Developing A Risk Based Information Security ProgramTammy Clark
 
HIPAA HiTech Security Assessment
HIPAA HiTech Security AssessmentHIPAA HiTech Security Assessment
HIPAA HiTech Security Assessmentdata brackets
 
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk AnalysisMBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk AnalysisCharles McNeil
 
Introduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointIntroduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointbradleyl2
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1Hamed Moghaddam
 
Lesson 4
Lesson 4Lesson 4
Lesson 4MLG College of Learning, Inc
 
Lesson 1- Information Policy
Lesson 1- Information PolicyLesson 1- Information Policy
Lesson 1- Information PolicyMLG College of Learning, Inc
 
Information classification
Information classificationInformation classification
Information classificationJyothsna Sridhar
 
Information Security Lesson 1 - Eric Vanderburg
Information Security Lesson 1 - Eric VanderburgInformation Security Lesson 1 - Eric Vanderburg
Information Security Lesson 1 - Eric VanderburgEric Vanderburg
 
Network security policies
Network security policiesNetwork security policies
Network security policiesUsman Mukhtar
 
Hipaa Gap Assessment.Sanitized Report
Hipaa Gap Assessment.Sanitized ReportHipaa Gap Assessment.Sanitized Report
Hipaa Gap Assessment.Sanitized Reporttbeckwith
 
7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data GovernanceDATUM LLC
 
HIPAA security risk assessments
HIPAA security risk assessmentsHIPAA security risk assessments
HIPAA security risk assessmentsJose Ivan Delgado, Ph.D.
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
Sensitive data
Sensitive dataSensitive data
Sensitive dataS.M. Towhidul Islam
 
Secuntialesse
SecuntialesseSecuntialesse
SecuntialesseAnne Starr
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityCISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityKarthikeyan Dhayalan
 
The Basics of Security and Risk Analysis
The Basics of Security and Risk AnalysisThe Basics of Security and Risk Analysis
The Basics of Security and Risk Analysislearfield
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
 

Mais conteúdo relacionado

Mais procurados

Information security management (bel g. ragad)
Information security management (bel g. ragad)Information security management (bel g. ragad)
Information security management (bel g. ragad)Rois Solihin
 
Developing A Risk Based Information Security Program
Developing A Risk Based Information Security ProgramDeveloping A Risk Based Information Security Program
Developing A Risk Based Information Security ProgramTammy Clark
 
HIPAA HiTech Security Assessment
HIPAA HiTech Security AssessmentHIPAA HiTech Security Assessment
HIPAA HiTech Security Assessmentdata brackets
 
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk AnalysisMBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk AnalysisCharles McNeil
 
Introduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointIntroduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointbradleyl2
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1Hamed Moghaddam
 
Information classification
Information classificationInformation classification
Information classificationJyothsna Sridhar
 
Information Security Lesson 1 - Eric Vanderburg
Information Security Lesson 1 - Eric VanderburgInformation Security Lesson 1 - Eric Vanderburg
Information Security Lesson 1 - Eric VanderburgEric Vanderburg
 
Network security policies
Network security policiesNetwork security policies
Network security policiesUsman Mukhtar
 
Hipaa Gap Assessment.Sanitized Report
Hipaa Gap Assessment.Sanitized ReportHipaa Gap Assessment.Sanitized Report
Hipaa Gap Assessment.Sanitized Reporttbeckwith
 
7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data GovernanceDATUM LLC
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityCISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityKarthikeyan Dhayalan
 

Mais procurados (20)

Information security management (bel g. ragad)
Information security management (bel g. ragad)Information security management (bel g. ragad)
Information security management (bel g. ragad)
 
Developing A Risk Based Information Security Program
Developing A Risk Based Information Security ProgramDeveloping A Risk Based Information Security Program
Developing A Risk Based Information Security Program
 
HIPAA HiTech Security Assessment
HIPAA HiTech Security AssessmentHIPAA HiTech Security Assessment
HIPAA HiTech Security Assessment
 
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk AnalysisMBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
 
Introduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointIntroduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power point
 
information security management
information security managementinformation security management
information security management
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
 
Lesson 4
Lesson 4Lesson 4
Lesson 4
 
Lesson 1- Information Policy
Lesson 1- Information PolicyLesson 1- Information Policy
Lesson 1- Information Policy
 
Information classification
Information classificationInformation classification
Information classification
 
Information Security Lesson 1 - Eric Vanderburg
Information Security Lesson 1 - Eric VanderburgInformation Security Lesson 1 - Eric Vanderburg
Information Security Lesson 1 - Eric Vanderburg
 
Network security policies
Network security policiesNetwork security policies
Network security policies
 
Hipaa Gap Assessment.Sanitized Report
Hipaa Gap Assessment.Sanitized ReportHipaa Gap Assessment.Sanitized Report
Hipaa Gap Assessment.Sanitized Report
 
7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance
 
HIPAA security risk assessments
HIPAA security risk assessmentsHIPAA security risk assessments
HIPAA security risk assessments
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
 
Sensitive data
Sensitive dataSensitive data
Sensitive data
 
Secuntialesse
SecuntialesseSecuntialesse
Secuntialesse
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityCISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset Security
 

Semelhante a FRSecure Sales Deck

The Basics of Security and Risk Analysis
The Basics of Security and Risk AnalysisThe Basics of Security and Risk Analysis
The Basics of Security and Risk Analysislearfield
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataPrecisely
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a bytelgcdcpas
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
What Is the Scope of ISO 27001 Certification in the Netherlands.pptx
What Is the Scope of ISO 27001 Certification in the Netherlands.pptxWhat Is the Scope of ISO 27001 Certification in the Netherlands.pptx
What Is the Scope of ISO 27001 Certification in the Netherlands.pptxAnoosha Factocert
 
Security Architecture
Security ArchitectureSecurity Architecture
Security ArchitecturePriyank Hada
 
GDPR | Cyber security process resilience
GDPR | Cyber security process resilienceGDPR | Cyber security process resilience
GDPR | Cyber security process resilienceRishi Kant
 
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...Financial Poise
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company OverviewKevin Orth
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overviewstevemarsden
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team SportQuarles & Brady
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
ISStateGovtProposal
ISStateGovtProposalISStateGovtProposal
ISStateGovtProposalDale White
 
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
3rd Party Risk: Practical Considerations for Privacy & Security Due DiligenceResilient Systems
 
Ttss consulting(1)
Ttss consulting(1)Ttss consulting(1)
Ttss consulting(1)Steven Trom
 
How to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramHow to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramFinancial Poise
 

Semelhante a FRSecure Sales Deck (20)

The Basics of Security and Risk Analysis
The Basics of Security and Risk AnalysisThe Basics of Security and Risk Analysis
The Basics of Security and Risk Analysis
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
What Is the Scope of ISO 27001 Certification in the Netherlands.pptx
What Is the Scope of ISO 27001 Certification in the Netherlands.pptxWhat Is the Scope of ISO 27001 Certification in the Netherlands.pptx
What Is the Scope of ISO 27001 Certification in the Netherlands.pptx
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
GDPR | Cyber security process resilience
GDPR | Cyber security process resilienceGDPR | Cyber security process resilience
GDPR | Cyber security process resilience
 
Information security
Information securityInformation security
Information security
 
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overview
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overview
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team Sport
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
ISStateGovtProposal
ISStateGovtProposalISStateGovtProposal
ISStateGovtProposal
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
 
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
 
Ttss consulting(1)
Ttss consulting(1)Ttss consulting(1)
Ttss consulting(1)
 
How to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramHow to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security Program
 

Mais de Evan Francen

WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemEvan Francen
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasEvan Francen
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemEvan Francen
 
Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Evan Francen
 
Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyEvan Francen
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksEvan Francen
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & ManufacturingEvan Francen
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudEvan Francen
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917Evan Francen
 
People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017Evan Francen
 
AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionEvan Francen
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceEvan Francen
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceEvan Francen
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information SecurityEvan Francen
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance WorldEvan Francen
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderEvan Francen
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT IssueEvan Francen
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByEvan Francen
 

Mais de Evan Francen (20)

WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language Problem
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware Dallas
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
 
Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219
 
Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk Effectively
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party Risks
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & Manufacturing
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment Fraud
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
 
People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017
 
AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the Union
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to Compliance
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology Conference
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information Security
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance World
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a Leader
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) By
 

Último

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Último (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

FRSecure Sales Deck

  • 2. • About Us • Information Security Explained • The Need for Information Security • Information Security Assessment Overview • Information Security Assessment Deliverables • Full-Service Consulting Presentation Topics
  • 3. • What’s in it for them? • What’s in it for you? • Preliminary Assessment • Who else do we work with? • Where can you find us? • What’s the bottom line? Presentation Topics (cont.)
  • 4. • Formed in 2008, FRSecure LLC is a full-service information security consulting company dedicated to information security education, awareness, application, and improvement. FRSecure helps clients understand, design, implement, and manage best-in-class information security solutions; thereby, achieving optimal value for every information security dollar spent. • Regulatory and industry compliance is built into all of our solutions. • Over 50 successful assessments performed in the past 18 months About Us
  • 5. • EVAN FRANCEN, CISSP CISM • President • Over 15 years as a leading information security professional and corporate leader in both private and public companies • Well versed in governmental and industry-specific regulations, standards and guidelines including ISO/IEC 27002 (17799:2005), HIPAA, GLBA, PCI-DSS, FDA CFR Part 11, SOX and COBIT • Active participant in numerous information security trade associations including ISACA, ISSA, and ISC2 About Us
  • 6. At FRSecure, our job is to find risks, and we’ve been helping businesses of all sizes and industries for more than 15 years. Our clients include well-known names in: ● Banking ● Insurance ● Accounting ● Health care ● Legal ● Data storage ● Mortgage ● Printing ● And more. About Us
  • 7. Information Security Explained Fundamentally, Information Security is: The application of Administrative, Physical and Technical controls in an effort to protect the Confidentiality, Integrity, and Availability of Information. “Effective information security requires the assessment and accounting for all risks to information in all of its forms throughout the enterprise. Anything less results in wasted resources and the increased likelihood of catastrophic loss.” – Evan Francen Fundamentally, information security is NOT: • An IT issue; it is a business issue • Compliance-based; it is risk-based
  • 8. Information Security Explained Administrative Control Questions • Do you have formal information security policies? If so, do your policies adequately cover all areas of information security? • How are your information security policies communicated to employees and relevant 3rd -parties? • Do you have a defined review schedule for your information security policies? • Has your organization defined a formal risk assessment methodology? • Does your organization conduct background checks on potential employees prior to hire? • Do you have an acceptable use policy? • Do you have a formal information security awareness training program?
  • 9. Information Security Explained Physical Control Questions • Has a risk assessment of physical security been performed? • Should your company utilize a multi-tiered approach to physical security? • Have you developed a physical security policy? • How are public areas in and/or around your facility monitored? • How is roof access at your facility secured? • Do you log the date, time of entry, and time of departure of visitors, contractors, and third-party personnel? • How do you prevent unauthorized access to office spaces? • How do you prevent unauthorized access to restricted areas? • What access controls are implemented for office spaces?
  • 10. Information Security Explained Technical Control Questions • What are the minimum encryption key strength requirements? • Is your network adequately segmented and controlled to prevent unauthorized access to sensitive information resources? • What types of devices and technologies are used to control the flow of network traffic; especially between different “security zones”? • Has your organization deployed one or more external applications? • Which ports and services are allowed to remain enabled on network devices? • How do you ensure that patches are consistently applied to all devices, applications, and systems? • What types of authentication mechanisms are used to establish a wireless connection?
  • 11. Information Security Explained In an effort to protect: Confidentiality Ensuring information is disclosed to, and reviewed exclusively by intended recipients / authorized individuals Integrity Ensuring the accuracy and completeness of information and processing methods Availability Ensuring that information and associated assets are accessible, whenever necessary, by authorized individuals The opposite of C. I. A. is D. A. D. (Disclosure, Alteration and Destruction)
  • 12. The Need for Information Security • It’s the Law • Sarbanes-Oxley Act of 2002 • Gramm–Leach–Bliley Act (GLBA) • FDA CFR Title 21 • Computer Fraud and Abuse Act • Various state and local laws • Protect intellectual property (IP) • Protect Financial Data • Protect Personally Identifiable Information (PII) • Protect other “Confidential” Data • Clinical trial data • Safety data • Regulatory filings 94,000,000 records 8,500,000 records8,500,000 records 130,000,000 records
  • 13. The Need for Information Security In the news…
  • 14. The Need for Information Security The consequences of insufficient security • Many times the victim is you, the individual • Loss of competitive advantage • Compromised customer confidence; loss of business • Identity theft • Embarrassing media coverage • Equipment theft • Service interruption • Legal penalties
  • 15. FRSecure performs an Enterprise Information Security Assessment to determine: • what type of information you need to protect, • the risks related to how you are currently using and protecting information; • and how to best proceed in reducing risks. Information Security Assessment Overview
  • 16. The FRSecure Information Security Assessment: • Comprehensive – We review and assess all of your current physical, administrative, and technical protections. • Standardized – Our assessment is based on and mapped to the ISO 27002 (17799:2005) international standard • Compliant – Comprehensive enough to satisfy all major industry and regulatory requirements including GLBA, HIPAA, SOX, and various state laws • Functional – The results from our assessment are easily understood and our recommendations are functionally sound Information Security Assessment Overview
  • 17. How do we assess their current environment? We walk through as many as 3000 aspects of your information security program with you during our assessment. Our questions are tailored around the specific information that you need and want to protect. We focus our questions in these main areas: • Security Policy Management • Corporate Security Management • Organizational Asset Management • Human Resource Security Management • Physical Security Management • Environmental Security Management • Compliance Management • Communications Management • Operations Management • Information Access Control Management • Information Systems Security Management • Information Security Incident Management • Business Continuity Management Information Security Assessment Overview
  • 18. What do you get from an FRSecure Information Security Assessment? – Executive Summary • Overview of most significant risks • High level mitigation plans – Technical Specification • Detailed documentation of all findings, including risks, risk ratings, and mitigation strategies – Action Plan* • Detailed risk mitigation plan *We don’t just tell you what’s wrong and leave you to figure out how to fix it. Information Security Assessment Deliverables
  • 19.   How do we help you implement the action plan? We determine the areas where we can make simple, low cost changes that  will improve security significantly.  We then plan and coordinate the  larger changes needed to fully implement the security plan.  We act as your Information Security department, if needed.  We create  policies and procedures, as well as help with training and corporate  acceptance. Once the Action Plan is complete, typically 6-12 months, we will do a second  Assessment to show that your environment is now adequately secure. Implementing the Action Plan
  • 20. A full accounting of FRSecure’s Services: • Information Security Assessment • Information Security Program Development • Information Security Management • Penetration Testing • Business Continuity Planning • Incident Response • Training & Awareness • Legal Expert Witness and Testimony Full-Service Consulting
  • 21. Information Security Assessment An independent and objective assessment of your current information security program. We have a keen understanding of practical information security in business,  not just theory and academics.  FRSecure personnel average more than 10  years of direct information security experience.  The reasons for  conducting an information security assessment range from just wanting to  know where you stand, to satisfying compliance requirements.  FRSecure  information security assessments are specifically customized to meet (or  exceed) your objectives and provide you with valuable, actionable  information.  Most of our information security assessments are based on  the ISO 27002 international standard   Full-Service Consulting
  • 22. Information Security Program Development Cost-effective and customized information security program development that reduces risk and improves efficiency. In order to maximize your information security investments, you need to take  a formal, risk-based approach.  FRSecure has developed cost-effective  information security programs for companies of all shapes and sizes,  public and private, in a variety of industries.  Over the years we have  gained a tremendous amount of experience, and this experience has led to  principles that guide each one of our information security development  projects.  Most organizations know that they need to something in regards  to information security, but don’t have the expertise to implement a  program themselves.   Full-Service Consulting
  • 23. Information Security Management Leverage years of expertise without the tremendous expense that can accompany it. An information security professional on par with those employed by  FRSecure can be costly and unaffordable for many companies.  After  factoring in salary, benefits, bonuses, and office space, an experienced  information security professional can cost as much as $180,000 annually.   FRSecure saves our clients money by using our proven approach to  information security management.   Full-Service Consulting
  • 24. Penetration Testing An active evaluation or assessment of your information security controls. You have taken the time and spent the money in an effort to protect your  information assets, but how secure are you?  How effective are your  controls?  The only true way to be sure that your controls are effectively  protecting your information assets is to test them.  Expert engineers who  understand current, real-world threats conduct our penetration testing  services.  Before we start any penetration test, we take the time to  understand your goals and objectives and then customize an approach to  maximize your value.     Full-Service Consulting
  • 25. Business Continuity Planning Planning that keeps your business in business if bad things happen. The wrong time to find out that your business continuity plan is ineffective is  when you have to use it.  Good business continuity planning keeps your  business up and running through interruptions of any kind; power failures,  IT system crashes, natural disasters, supply chain problems and more.   FRSecure business continuity planning has helped our clients avoid  disaster when disaster strikes. Full-Service Consulting
  • 26. Incident Response Professional assistance in helping you respond appropriately to an information security incident. Any good information security professional will tell you that it is impossible  to stop all threats to your information security assets.  Realized threats  must be detected promptly and responded to systematically.  A poor  incident response can be more costly than the incident alone.  FRSecure  has responded to hundreds of incidents, which has led to minimized  financial impact, improved processes, and thorough investigations leading  to civil and/or criminal prosecutions.   Full-Service Consulting
  • 27. Training & Awareness Effective training and awareness programs proven to improve employee compliance with your requirements. Another fact; people present the most significant risks to your company’s  information assets.  Poor information security practices are a common  cause of breaches.  One of the best investments you can make in regards  to information security is in the area of employee training and awareness.   FRSecure has developed and delivered over a thousand hours of  information security training for our clients.   Full-Service Consulting
  • 28. Legal Expert Witness and Testimony Making a case is difficult enough, but making a case without the right expertise is nearly impossible. We are not lawyers, but we help lawyers understand information security related matters and decipher the facts involved in their cases. We help lawyers win cases for their clients. Full-Service Consulting
  • 29. • Have you done a SAS70 or are you being asked to perform one? • Are you in a regulated industry? • Has a valued client ever asked you to answer an information security questionnaire? • Do you have a formal information security program? • Do you have problems getting executives or employees to buy into your information security ideas, changes, or programs? • Do you have regular training for employees regarding securing information? • Do you already know that there are holes, but you don’t know what to do about them? • What percentage of your time is spent on information security? What should it be? • What information security challenges do you currently face? • How would you announce a sensitive information breach to the public? • How confident are you that your data protection is what it should be? Good Questions to Ask
  • 30. Experts that act as their Information Security Department or CSO (Chief Security Officer) Signoff on regulatory compliance issues Signoff on client required security audits Ability to add additional sales channels Competitor differentiation Knowledge that they’re doing everything they can to protect their business. What’s in it for them?
  • 31. Revenue Sharing • 10% of all realized revenue will be paid as a commission for all revenue generated within 1 year of the original SOW. • This commission will be paid as 1099 income for any business you refer us. Sub Contracting We can also be included in a project as a sub contractor. In this case, we will quote you our cost, and you can mark up as appropriate. What’s in it for you?
  • 32. We offer a free Preliminary Assessment to any prospective client. A Preliminary Assessment includes a short questionnaire and a 30 minute phone conference with one of our experts. The goal of this Preliminary Assessment is to find out if there is information that needs to be protected, as well as establishing credibility within their organization. Preliminary Assessment
  • 33. In order to help our clients address specific needs that are outside of FRSecure’s core business, we have established partnerships with respected organization that we are pleased to work with and refer to. Who else do we work with? With more to come!
  • 34. FRSecure is actively participating online through our Web site, blog, and social media sites. • Web: http://www.frsecure.com • Blog: http://www.breachblog.com • Facebook: http://www.facebook.com/frsecure • Twitter: http://www.twitter.com/frsecure • LinkedIn: http://www.linkedin.com/company/frsecure-llc Coming soon – Redesigned blog and podcasts Where can you find us?
  • 35. FRSecure is the best solution for you to assess your information security needs, address those needs and partner with you for the future. Questions? Contact Us – info@frsecure.com or http://www.frsecure.com It’s not just protecting your information. It’s protecting your business. What is the bottom line?