SlideShare uma empresa Scribd logo

Information Security For Leaders, By a Leader

Evan Francen
Evan Francen

Evan Francen, President of FRSecure, discusses the challenges of building an efficient and effective security program in today’s world. Learn why most leaders have a false assumption of security, and how you can avoid the security mistakes most organizations make. - Delivered on 4/17/12 at TechPulse 2012.

NegóciosTecnologia
1 de 21
Information Security for Leaders, From a Leader TechPulse 2012 – April 17th, 2012 Presented by Evan Francen, President – FRSecure, LLC http://www.frsecure.com | 952-467-6384
Introduction Before we get started: • This is not your typical presentation. • What you have to say is as important as what I am going to tell you. • You are encouraged to participate! I will ask you questions, if you don’t ask me some! http://www.frsecure.com | 952-467-6384
Introduction FRSecure • Information security consulting company – it’s all we do. • Established in 2008 by people who have earned their stripes in the field. • We help small to medium sized organizations solve information security challenges. http://www.frsecure.com | 952-467-6384
Introduction Speaker – Evan Francen, CISSP CISM CCSK • President & Co-founder of FRSecure • 20 years of information security experience • Security evangelist with more than 700 published articles • Experience with 150+ public & private organizations. http://www.frsecure.com | 952-467-6384
Introduction Topics • What is information security? • What do business leaders need to know? • You’re in business to make money • Understand risk and manage it • How we help? • Where should you start? • Need Help? – Contact Us! http://www.frsecure.com | 952-467-6384
When you think of information security, how do you feel? Be honest http://www.frsecure.com | 952-467-6384
What is information security? This is really a question for you http://www.frsecure.com | 952-467-6384
What is Information Security? http://www.frsecure.com | 952-467-6384
Information Security Is Not an IT Issue The application of Administrative, Physical and Technical controls in an effort to protect the Confidentiality, Integrity, and Availability of Information. IT-centric information security over-emphasizes Technical Control, often at the expense of Administrative and Physical Control. IT-centric information security also places an over-emphasis on Availability of systems, sometimes at the expense of Confidentiality and Integrity. http://www.frsecure.com | 952-467-6384
It’s not compliance, but compliance is important Today’s compliance landscape is confusing! Federal Regulations: • HIPAA, GLBA, FTC, ECPA, Computer Fraud and Abuse Act, etc. State Regulations: • Breach notification laws, data destruction laws, data protection laws Industry Regulations: • Payment Card Industry Data Security Standard (PCI-DSS) Customer Regulations: • Good luck! http://www.frsecure.com | 952-467-6384
What do business leaders need to know? Business leaders have ultimate responsibility for information security Due Care (aka “duty of care”): • Provides a framework that helps to define a minimum standard of protection that business stakeholders must attempt to achieve. • Often reference the Prudent Man Rule, and require that the organization engage in business practices that a prudent, right thinking, person would consider to be appropriate. • Businesses that are found to have not applied this minimum duty of care can be deemed as having been negligent in carrying out their duties http://www.frsecure.com | 952-467-6384
What do business leaders need to know? Business leaders have ultimate responsibility for information security Due Diligence: • Requires that an organization continually scrutinize their own practices to ensure that they are always meeting or exceeding the requirements for protection of assets and stakeholders • Due diligence is the management of due care: it follows a formal process • Persons are said to have exercised due diligence, and therefore cannot be considered negligent, if they were prudent in their investigation of potential risks and threats http://www.frsecure.com | 952-467-6384
You are in business to make money Sometimes information security professionals forget this fact! • Not all risks require mitigation/remediation • Information security must be strategic • Information security strategy must align with business strategy • Avoid business vs. information security scenarios • Information security controls should be as transparent as possible http://www.frsecure.com | 952-467-6384
The Answer: Understand Risk and Manage it. • Risk is unique to your business and environment; information security is not a one-size-fits-all solution • Likelihood x Impact • Risks change as your business environment changes • There is no “easy button” • You don’t need to know about every risk, but you must know about the significant ones. http://www.frsecure.com | 952-467-6384
How we help – Risk Assessment http://www.frsecure.com | 952-467-6384
How we help – Risk Management (Build & Manage) http://www.frsecure.com | 952-467-6384
Where should you start? Conduct a risk assessment • Do it right • Comprehensive • Quantified/Measured/Scored • Choose a standard (ISO, NIST, COBIT, etc.) http://www.frsecure.com | 952-467-6384
Where should you start? Make Decisions Once you understand your risks, You can: decide what you want to do • Accept some risk about them. • Mitigate some risk • Transfer some risk Where organizations get in trouble is in ignoring risks and/or assuming that they don’t exist. http://www.frsecure.com | 952-467-6384
Where should you start? Your own information security risk management program: • Conduct Risk Assessment • Make Decisions • Plan Strategically • Update Regularly http://www.frsecure.com | 952-467-6384
Need Help? Contact FRSecure! Some of our services: • Information Security Assessments • Compliance Assessments (i.e. HIPAA, GLBA, etc.) • Customer Required Assessments • Internal Network Vulnerability Assessments • External Network Security Assessments • Penetration Testing • BC/DR Plans • Policy Creation Evan Francen, CISSP CISM • Outsourced Security Resources President evan@frsecure.com 952-467-6384 (direct) www.frsecure.com http://www.frsecure.com | 952-467-6384
Thank you! Questions? http://www.frsecure.com | 952-467-6384

Recomendados

Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...EC-Council
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?PECB
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overviewstevemarsden
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitKevin Duffey
 
CEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackCEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackKevin Duffey
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017Doug Copley
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...PECB
 

Recomendados

Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...EC-Council
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?PECB
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overviewstevemarsden
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitKevin Duffey
 
CEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackCEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackKevin Duffey
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017Doug Copley
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...PECB
 
Strategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a RoleStrategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a RoleKevin Duffey
 
The 5 ws of Cyber Security
The 5 ws of Cyber SecurityThe 5 ws of Cyber Security
The 5 ws of Cyber SecurityMisha Hanin
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
Why information security is becoming the most important for mid size business...
Why information security is becoming the most important for mid size business...Why information security is becoming the most important for mid size business...
Why information security is becoming the most important for mid size business...Ajay p
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategyJason Clark
 
Showreel ICSA Technology Conference
Showreel ICSA Technology ConferenceShowreel ICSA Technology Conference
Showreel ICSA Technology ConferenceInstitute of Chartered Secretaries and Administrators
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The CloudPECB
 
isicg - 3 r's v4
isicg - 3 r's v4isicg - 3 r's v4
isicg - 3 r's v4Elliott Franklin
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesJohn Rapa
 
The ESRM Skills Cocktail
The ESRM Skills CocktailThe ESRM Skills Cocktail
The ESRM Skills CocktailDoreen Loeber
 
Jim Noble SEASIM Keynote
Jim Noble SEASIM KeynoteJim Noble SEASIM Keynote
Jim Noble SEASIM KeynoteSeattleSIM
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security StrategyLaura Vanassche
 
Trofi Security Service Catalogue (1)
Trofi Security Service Catalogue (1)Trofi Security Service Catalogue (1)
Trofi Security Service Catalogue (1)Michael Trofi Jr. CISSP, CISM, CGEIT
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionEvan Francen
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceEvan Francen
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceEvan Francen
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information SecurityEvan Francen
 
What's Next in Growth? 2016
What's Next in Growth? 2016What's Next in Growth? 2016
What's Next in Growth? 2016Andrew Chen
 
The Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post FormatsThe Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post FormatsBarry Feldman
 

Mais conteúdo relacionado

Mais procurados

Strategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a RoleStrategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a RoleKevin Duffey
 
The 5 ws of Cyber Security
The 5 ws of Cyber SecurityThe 5 ws of Cyber Security
The 5 ws of Cyber SecurityMisha Hanin
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
Why information security is becoming the most important for mid size business...
Why information security is becoming the most important for mid size business...Why information security is becoming the most important for mid size business...
Why information security is becoming the most important for mid size business...Ajay p
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategyJason Clark
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The CloudPECB
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesJohn Rapa
 
The ESRM Skills Cocktail
The ESRM Skills CocktailThe ESRM Skills Cocktail
The ESRM Skills CocktailDoreen Loeber
 
Jim Noble SEASIM Keynote
Jim Noble SEASIM KeynoteJim Noble SEASIM Keynote
Jim Noble SEASIM KeynoteSeattleSIM
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 

Mais procurados (16)

Strategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a RoleStrategies for cyber resilience - Everyone has a Role
Strategies for cyber resilience - Everyone has a Role
 
The 5 ws of Cyber Security
The 5 ws of Cyber SecurityThe 5 ws of Cyber Security
The 5 ws of Cyber Security
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Why information security is becoming the most important for mid size business...
Why information security is becoming the most important for mid size business...Why information security is becoming the most important for mid size business...
Why information security is becoming the most important for mid size business...
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control Systems
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
 
Showreel ICSA Technology Conference
Showreel ICSA Technology ConferenceShowreel ICSA Technology Conference
Showreel ICSA Technology Conference
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
 
isicg - 3 r's v4
isicg - 3 r's v4isicg - 3 r's v4
isicg - 3 r's v4
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial Services
 
The ESRM Skills Cocktail
The ESRM Skills CocktailThe ESRM Skills Cocktail
The ESRM Skills Cocktail
 
Jim Noble SEASIM Keynote
Jim Noble SEASIM KeynoteJim Noble SEASIM Keynote
Jim Noble SEASIM Keynote
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
 
Trofi Security Service Catalogue (1)
Trofi Security Service Catalogue (1)Trofi Security Service Catalogue (1)
Trofi Security Service Catalogue (1)
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 

Destaque

AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionEvan Francen
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceEvan Francen
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceEvan Francen
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information SecurityEvan Francen
 
What's Next in Growth? 2016
What's Next in Growth? 2016What's Next in Growth? 2016
What's Next in Growth? 2016Andrew Chen
 
The Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post FormatsThe Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post FormatsBarry Feldman
 
The Outcome Economy
The Outcome EconomyThe Outcome Economy
The Outcome EconomyHelge Tennø
 
32 Ways a Digital Marketing Consultant Can Help Grow Your Business
32 Ways a Digital Marketing Consultant Can Help Grow Your Business32 Ways a Digital Marketing Consultant Can Help Grow Your Business
32 Ways a Digital Marketing Consultant Can Help Grow Your BusinessBarry Feldman
 

Destaque (8)

AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the Union
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to Compliance
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology Conference
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information Security
 
What's Next in Growth? 2016
What's Next in Growth? 2016What's Next in Growth? 2016
What's Next in Growth? 2016
 
The Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post FormatsThe Six Highest Performing B2B Blog Post Formats
The Six Highest Performing B2B Blog Post Formats
 
The Outcome Economy
The Outcome EconomyThe Outcome Economy
The Outcome Economy
 
32 Ways a Digital Marketing Consultant Can Help Grow Your Business
32 Ways a Digital Marketing Consultant Can Help Grow Your Business32 Ways a Digital Marketing Consultant Can Help Grow Your Business
32 Ways a Digital Marketing Consultant Can Help Grow Your Business
 

Semelhante a Information Security For Leaders, By a Leader

Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance WorldEvan Francen
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company OverviewKevin Orth
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT IssueEvan Francen
 
Security 101 for No- techies
Security 101 for No- techiesSecurity 101 for No- techies
Security 101 for No- techiesBrenton Johnson
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Rothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professionalRothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professionalBen Rothke
 
2020 FRsecure CISSP Mentor Program - Class 1
2020 FRsecure CISSP Mentor Program - Class 12020 FRsecure CISSP Mentor Program - Class 1
2020 FRsecure CISSP Mentor Program - Class 1FRSecure
 
How To Eliminate Security Exposures in Office 365 Webinar
How To Eliminate Security Exposures in Office 365 WebinarHow To Eliminate Security Exposures in Office 365 Webinar
How To Eliminate Security Exposures in Office 365 WebinarConcept Searching, Inc
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessCBIZ, Inc.
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Top 10 Measure to Mitigate Insider Security Threats.pptx
Top 10 Measure to Mitigate Insider Security Threats.pptxTop 10 Measure to Mitigate Insider Security Threats.pptx
Top 10 Measure to Mitigate Insider Security Threats.pptxinfosec train
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxinfosec train
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response PlanNext Dimension Inc.
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessJoel Cardella
 

Semelhante a Information Security For Leaders, By a Leader (20)

Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance World
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overview
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
 
Security 101 for No- techies
Security 101 for No- techiesSecurity 101 for No- techies
Security 101 for No- techies
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 
Rothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professionalRothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professional
 
2020 FRsecure CISSP Mentor Program - Class 1
2020 FRsecure CISSP Mentor Program - Class 12020 FRsecure CISSP Mentor Program - Class 1
2020 FRsecure CISSP Mentor Program - Class 1
 
How To Eliminate Security Exposures in Office 365 Webinar
How To Eliminate Security Exposures in Office 365 WebinarHow To Eliminate Security Exposures in Office 365 Webinar
How To Eliminate Security Exposures in Office 365 Webinar
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security Awareness
 
Security beyond compliance
Security beyond complianceSecurity beyond compliance
Security beyond compliance
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
 
CISO's first 100 days
CISO's first 100 daysCISO's first 100 days
CISO's first 100 days
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Top 10 Measure to Mitigate Insider Security Threats.pptx
Top 10 Measure to Mitigate Insider Security Threats.pptxTop 10 Measure to Mitigate Insider Security Threats.pptx
Top 10 Measure to Mitigate Insider Security Threats.pptx
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing business
 

Mais de Evan Francen

WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemEvan Francen
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasEvan Francen
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemEvan Francen
 
Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Evan Francen
 
Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyEvan Francen
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksEvan Francen
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & ManufacturingEvan Francen
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudEvan Francen
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917Evan Francen
 
People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017Evan Francen
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByEvan Francen
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisEvan Francen
 
An Introduction to Information Security
An Introduction to Information SecurityAn Introduction to Information Security
An Introduction to Information SecurityEvan Francen
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales DeckEvan Francen
 

Mais de Evan Francen (14)

WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language Problem
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware Dallas
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
 
Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219
 
Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk Effectively
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party Risks
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & Manufacturing
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment Fraud
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
 
People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) By
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
 
An Introduction to Information Security
An Introduction to Information SecurityAn Introduction to Information Security
An Introduction to Information Security
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 

Último

Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsApsara Of India
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdftbatkhuu1
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsMichael W. Hawkins
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Tina Ji
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insightsseribangash
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 

Último (20)

Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdf
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insights
 
Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517
Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517
Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 

Information Security For Leaders, By a Leader

  • 1. Information Security for Leaders, From a Leader TechPulse 2012 – April 17th, 2012 Presented by Evan Francen, President – FRSecure, LLC http://www.frsecure.com | 952-467-6384
  • 2. Introduction Before we get started: • This is not your typical presentation. • What you have to say is as important as what I am going to tell you. • You are encouraged to participate! I will ask you questions, if you don’t ask me some! http://www.frsecure.com | 952-467-6384
  • 3. Introduction FRSecure • Information security consulting company – it’s all we do. • Established in 2008 by people who have earned their stripes in the field. • We help small to medium sized organizations solve information security challenges. http://www.frsecure.com | 952-467-6384
  • 4. Introduction Speaker – Evan Francen, CISSP CISM CCSK • President & Co-founder of FRSecure • 20 years of information security experience • Security evangelist with more than 700 published articles • Experience with 150+ public & private organizations. http://www.frsecure.com | 952-467-6384
  • 5. Introduction Topics • What is information security? • What do business leaders need to know? • You’re in business to make money • Understand risk and manage it • How we help? • Where should you start? • Need Help? – Contact Us! http://www.frsecure.com | 952-467-6384
  • 6. When you think of information security, how do you feel? Be honest http://www.frsecure.com | 952-467-6384
  • 7. What is information security? This is really a question for you http://www.frsecure.com | 952-467-6384
  • 8. What is Information Security? http://www.frsecure.com | 952-467-6384
  • 9. Information Security Is Not an IT Issue The application of Administrative, Physical and Technical controls in an effort to protect the Confidentiality, Integrity, and Availability of Information. IT-centric information security over-emphasizes Technical Control, often at the expense of Administrative and Physical Control. IT-centric information security also places an over-emphasis on Availability of systems, sometimes at the expense of Confidentiality and Integrity. http://www.frsecure.com | 952-467-6384
  • 10. It’s not compliance, but compliance is important Today’s compliance landscape is confusing! Federal Regulations: • HIPAA, GLBA, FTC, ECPA, Computer Fraud and Abuse Act, etc. State Regulations: • Breach notification laws, data destruction laws, data protection laws Industry Regulations: • Payment Card Industry Data Security Standard (PCI-DSS) Customer Regulations: • Good luck! http://www.frsecure.com | 952-467-6384
  • 11. What do business leaders need to know? Business leaders have ultimate responsibility for information security Due Care (aka “duty of care”): • Provides a framework that helps to define a minimum standard of protection that business stakeholders must attempt to achieve. • Often reference the Prudent Man Rule, and require that the organization engage in business practices that a prudent, right thinking, person would consider to be appropriate. • Businesses that are found to have not applied this minimum duty of care can be deemed as having been negligent in carrying out their duties http://www.frsecure.com | 952-467-6384
  • 12. What do business leaders need to know? Business leaders have ultimate responsibility for information security Due Diligence: • Requires that an organization continually scrutinize their own practices to ensure that they are always meeting or exceeding the requirements for protection of assets and stakeholders • Due diligence is the management of due care: it follows a formal process • Persons are said to have exercised due diligence, and therefore cannot be considered negligent, if they were prudent in their investigation of potential risks and threats http://www.frsecure.com | 952-467-6384
  • 13. You are in business to make money Sometimes information security professionals forget this fact! • Not all risks require mitigation/remediation • Information security must be strategic • Information security strategy must align with business strategy • Avoid business vs. information security scenarios • Information security controls should be as transparent as possible http://www.frsecure.com | 952-467-6384
  • 14. The Answer: Understand Risk and Manage it. • Risk is unique to your business and environment; information security is not a one-size-fits-all solution • Likelihood x Impact • Risks change as your business environment changes • There is no “easy button” • You don’t need to know about every risk, but you must know about the significant ones. http://www.frsecure.com | 952-467-6384
  • 15. How we help – Risk Assessment http://www.frsecure.com | 952-467-6384
  • 16. How we help – Risk Management (Build & Manage) http://www.frsecure.com | 952-467-6384
  • 17. Where should you start? Conduct a risk assessment • Do it right • Comprehensive • Quantified/Measured/Scored • Choose a standard (ISO, NIST, COBIT, etc.) http://www.frsecure.com | 952-467-6384
  • 18. Where should you start? Make Decisions Once you understand your risks, You can: decide what you want to do • Accept some risk about them. • Mitigate some risk • Transfer some risk Where organizations get in trouble is in ignoring risks and/or assuming that they don’t exist. http://www.frsecure.com | 952-467-6384
  • 19. Where should you start? Your own information security risk management program: • Conduct Risk Assessment • Make Decisions • Plan Strategically • Update Regularly http://www.frsecure.com | 952-467-6384
  • 20. Need Help? Contact FRSecure! Some of our services: • Information Security Assessments • Compliance Assessments (i.e. HIPAA, GLBA, etc.) • Customer Required Assessments • Internal Network Vulnerability Assessments • External Network Security Assessments • Penetration Testing • BC/DR Plans • Policy Creation Evan Francen, CISSP CISM • Outsourced Security Resources President evan@frsecure.com 952-467-6384 (direct) www.frsecure.com http://www.frsecure.com | 952-467-6384
  • 21. Thank you! Questions? http://www.frsecure.com | 952-467-6384