SlideShare uma empresa Scribd logo

Mobile Information Security

Evan Francen
Evan Francen

It's not our job to tell business not to use mobile devices, even personally-owned mobile devices. It's our job to enable business to use mobile devices securely for the benefit of the organization, customers, employees, and contractors. In this presentation, given on April 30 at techpulse 2013, Evan Francen from FRSecure teaches how to secure mobile devices in today's business environments.

Tecnologia
1 de 17
FRSECURE.COM Mobile Information Security Evan Francen CISSP, CISM FRSecure President & Co-founder
FRSECURE.COM What’s on the Menu? 1. Who are these guys? 2. Should you allow personal mobile devices? 3. An example of why stealing is bad. 4. John hacks a laptop…seriously…here…in real time. 5. Encryption. 6. A helpful security thought process.
FRSECURE.COM Who Are These Guys? • Plain-spoken experts. • Information security consulting is all we do. • Established in 2008 by people who have earned their stripes in the field. • Work with small to medium sized organizations in all industries everywhere. “We get paid to tell people the truth”
FRSECURE.COM Who Is This Guy? Evan Francen: CISSP, CISM • President & co-founder of FRSecure • Information security expert: • 20 years of experience • 700+ published articles • 150+ public & private organizations served
FRSECURE.COM Should Personal Mobile Devices Be Allowed? We think so… 1. Cost efficiency 2. Employee satisfaction 3. Increased productivity 4. It’s happening anyway But, there are risks you need to consider…
FRSECURE.COM Pop Quiz? Lost and/or stolen mobile devices such as phones, laptops, thumb drives and tablets accounted for how many sensitive records compromised in 2012* in the U.S.? *According to Privacy Rights Clearing House
FRSECURE.COM Answer 2,614,908 Social Security Numbers Intellectual Property Access Codes Medical Files Protected Health InformationEmployee Files Credit Card NumbersBank Account Numbers
FRSECURE.COM Breach Example A laptop is stolen from an employee of Accretive Health (Fairview Health Services Collections Vendor). • The laptop was inside a locked car in a Minneapolis restaurant parking lot. • The laptop was NOT encrypted (and therefore not protected by Safe Harbor Rule). • The laptop contained 14,000 private records of Fairview patients. - Social Security Numbers - Diagnoses - Names, Addresses, DOB’s
FRSECURE.COM Breach Fallout 1. Fairview sent a letter to the 14,000 patients telling them their information was stolen. 2. Accretive was sued by the State of Minnesota, settled the case for $2.5 million and were “banned” for 6 years. 3. Fairview CEO retires when company doesn’t renew his contract after the incident. 4. Fairview was in the news for about a year for this and other negative incidents regarding the care of patient information. 5. 14,000 people (that we know of) are victims.
FRSECURE.COM John Hacks a Laptop We Need a Volunteer
FRSECURE.COM Encryption Effective and inexpensive. Sustainable with solid policy backing. Keys must be managed correctly. More involved than downloading and enabling software.
FRSECURE.COM Encryption is Not an Easy Button There’s also…. • Policy & Governance • Mobile Device Management • Training & Awareness • Alignment with the Big Picture
FRSECURE.COM Policy & Governance • Information Security Policy • Encryption Policy • Mobile Device Policy • Bring Your Own Device (“BYOD”) Policy • Standards, Guidelines & Procedures (exceptions)
FRSECURE.COM Mobile Device Management Numerous technological solutions on the market today to assist in enforcing what we say in policy. • If we can’t enforce what we stated in policy, how effective is our policy? • Regulators will require evidence of compliance with our policies. • People are people, sometimes we need to protect them from themselves.
FRSECURE.COM Training & Awareness It’s hard to over-invest in training & awareness. Do your people know what to do if: • They lose their mobile device • Their mobile device is stolen • If their mobile device is infected (or suspected to be infected) All of these things should feed into a process for incident response… How is your incident response?
FRSECURE.COM Consider a Business-like Approach to Security Decisions 1. Find the starting point. 2. Have a way to measure progress. 3. Apply a risk-based thought process. 4. Expect continuous evolution. 5. Consider other business factors. 6. Make informed, aligned decisions.
FRSECURE.COM Thank You!

Recomendados

The Effect Of Lack Of Security On Industry
The Effect Of Lack Of Security On IndustryThe Effect Of Lack Of Security On Industry
The Effect Of Lack Of Security On Industrylilian91
 
The effect-of-lack-of-security-on-industry129
The effect-of-lack-of-security-on-industry129The effect-of-lack-of-security-on-industry129
The effect-of-lack-of-security-on-industry129Izwan Hariz
 
lack of security
lack of securitylack of security
lack of securitySarizah Sariffuddin
 
7 Important Cybersecurity Trends
7 Important Cybersecurity Trends7 Important Cybersecurity Trends
7 Important Cybersecurity TrendsMarco
 
How can EMM help with GDPR compliance?
How can EMM help with GDPR compliance?How can EMM help with GDPR compliance?
How can EMM help with GDPR compliance?Miradore
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile ApplicationsSymosis Security (Previously C-Level Security)
 
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad Técnica
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad TécnicaDocumentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad Técnica
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad TécnicaProyecto Red Eureka
 
Fistulas genitourinarias y gastrointestinales
Fistulas genitourinarias y gastrointestinalesFistulas genitourinarias y gastrointestinales
Fistulas genitourinarias y gastrointestinalesGaspar Alberto Motta Ramírez
 

Recomendados

The Effect Of Lack Of Security On Industry
The Effect Of Lack Of Security On IndustryThe Effect Of Lack Of Security On Industry
The Effect Of Lack Of Security On Industrylilian91
 
The effect-of-lack-of-security-on-industry129
The effect-of-lack-of-security-on-industry129The effect-of-lack-of-security-on-industry129
The effect-of-lack-of-security-on-industry129Izwan Hariz
 
lack of security
lack of securitylack of security
lack of securitySarizah Sariffuddin
 
7 Important Cybersecurity Trends
7 Important Cybersecurity Trends7 Important Cybersecurity Trends
7 Important Cybersecurity TrendsMarco
 
How can EMM help with GDPR compliance?
How can EMM help with GDPR compliance?How can EMM help with GDPR compliance?
How can EMM help with GDPR compliance?Miradore
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile ApplicationsSymosis Security (Previously C-Level Security)
 
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad Técnica
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad TécnicaDocumentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad Técnica
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad TécnicaProyecto Red Eureka
 
Fistulas genitourinarias y gastrointestinales
Fistulas genitourinarias y gastrointestinalesFistulas genitourinarias y gastrointestinales
Fistulas genitourinarias y gastrointestinalesGaspar Alberto Motta Ramírez
 
AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionEvan Francen
 
How to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeHow to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeRocket Matter, LLC
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR
 
Pitss
PitssPitss
Pitssbinosh bruce
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Securitylearntransformation0
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourYasser Mohammed
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & ManufacturingEvan Francen
 
Network Security - What Every Business Needs to Know
Network Security - What Every Business Needs to KnowNetwork Security - What Every Business Needs to Know
Network Security - What Every Business Needs to Knowmapletronics
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveDawn Yankeelov
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security SeminarJeremy Quadri
 
BYOD and the Law (May I Text You That Writ?)
BYOD and the Law (May I Text You That Writ?)BYOD and the Law (May I Text You That Writ?)
BYOD and the Law (May I Text You That Writ?)JISC Legal
 
Data Protection – How Not to Panic and Make it a Positive
Data Protection – How Not to Panic and Make it a PositiveData Protection – How Not to Panic and Make it a Positive
Data Protection – How Not to Panic and Make it a PositiveTargetX
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
Cyber laws
Cyber lawsCyber laws
Cyber lawsMukesh Tekwani
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovEric Vanderburg
 
Tim Nolan
Tim NolanTim Nolan
Tim Nolantimnolan1961
 
Cyber Laws
Cyber LawsCyber Laws
Cyber LawsMukesh Tekwani
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemSimon Aderinlola
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT IssueEvan Francen
 
WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemEvan Francen
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasEvan Francen
 

Mais conteúdo relacionado

Semelhante a Mobile Information Security

AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionEvan Francen
 
How to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeHow to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeRocket Matter, LLC
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Securitylearntransformation0
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourYasser Mohammed
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & ManufacturingEvan Francen
 
Network Security - What Every Business Needs to Know
Network Security - What Every Business Needs to KnowNetwork Security - What Every Business Needs to Know
Network Security - What Every Business Needs to Knowmapletronics
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveDawn Yankeelov
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security SeminarJeremy Quadri
 
BYOD and the Law (May I Text You That Writ?)
BYOD and the Law (May I Text You That Writ?)BYOD and the Law (May I Text You That Writ?)
BYOD and the Law (May I Text You That Writ?)JISC Legal
 
Data Protection – How Not to Panic and Make it a Positive
Data Protection – How Not to Panic and Make it a PositiveData Protection – How Not to Panic and Make it a Positive
Data Protection – How Not to Panic and Make it a PositiveTargetX
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovEric Vanderburg
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemSimon Aderinlola
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT IssueEvan Francen
 

Semelhante a Mobile Information Security (20)

AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the Union
 
How to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeHow to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data Safe
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
 
Pitss
PitssPitss
Pitss
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Security
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & Manufacturing
 
Network Security - What Every Business Needs to Know
Network Security - What Every Business Needs to KnowNetwork Security - What Every Business Needs to Know
Network Security - What Every Business Needs to Know
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate Perspective
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security Seminar
 
BYOD and the Law (May I Text You That Writ?)
BYOD and the Law (May I Text You That Writ?)BYOD and the Law (May I Text You That Writ?)
BYOD and the Law (May I Text You That Writ?)
 
Data Protection – How Not to Panic and Make it a Positive
Data Protection – How Not to Panic and Make it a PositiveData Protection – How Not to Panic and Make it a Positive
Data Protection – How Not to Panic and Make it a Positive
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
 
Cyber laws
Cyber lawsCyber laws
Cyber laws
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
 
Tim Nolan
Tim NolanTim Nolan
Tim Nolan
 
Cyber Laws
Cyber LawsCyber Laws
Cyber Laws
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal system
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
 

Mais de Evan Francen

WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemEvan Francen
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasEvan Francen
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemEvan Francen
 
Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Evan Francen
 
Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyEvan Francen
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksEvan Francen
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudEvan Francen
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917Evan Francen
 
People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017Evan Francen
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceEvan Francen
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceEvan Francen
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance WorldEvan Francen
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderEvan Francen
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByEvan Francen
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisEvan Francen
 
An Introduction to Information Security
An Introduction to Information SecurityAn Introduction to Information Security
An Introduction to Information SecurityEvan Francen
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales DeckEvan Francen
 

Mais de Evan Francen (18)

WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language Problem
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware Dallas
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
 
Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219
 
Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk Effectively
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party Risks
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment Fraud
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
 
People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to Compliance
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology Conference
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance World
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a Leader
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) By
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
 
An Introduction to Information Security
An Introduction to Information SecurityAn Introduction to Information Security
An Introduction to Information Security
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 

Último

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 

Último (20)

Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

Mobile Information Security

  • 1. FRSECURE.COM Mobile Information Security Evan Francen CISSP, CISM FRSecure President & Co-founder
  • 2. FRSECURE.COM What’s on the Menu? 1. Who are these guys? 2. Should you allow personal mobile devices? 3. An example of why stealing is bad. 4. John hacks a laptop…seriously…here…in real time. 5. Encryption. 6. A helpful security thought process.
  • 3. FRSECURE.COM Who Are These Guys? • Plain-spoken experts. • Information security consulting is all we do. • Established in 2008 by people who have earned their stripes in the field. • Work with small to medium sized organizations in all industries everywhere. “We get paid to tell people the truth”
  • 4. FRSECURE.COM Who Is This Guy? Evan Francen: CISSP, CISM • President & co-founder of FRSecure • Information security expert: • 20 years of experience • 700+ published articles • 150+ public & private organizations served
  • 5. FRSECURE.COM Should Personal Mobile Devices Be Allowed? We think so… 1. Cost efficiency 2. Employee satisfaction 3. Increased productivity 4. It’s happening anyway But, there are risks you need to consider…
  • 6. FRSECURE.COM Pop Quiz? Lost and/or stolen mobile devices such as phones, laptops, thumb drives and tablets accounted for how many sensitive records compromised in 2012* in the U.S.? *According to Privacy Rights Clearing House
  • 7. FRSECURE.COM Answer 2,614,908 Social Security Numbers Intellectual Property Access Codes Medical Files Protected Health InformationEmployee Files Credit Card NumbersBank Account Numbers
  • 8. FRSECURE.COM Breach Example A laptop is stolen from an employee of Accretive Health (Fairview Health Services Collections Vendor). • The laptop was inside a locked car in a Minneapolis restaurant parking lot. • The laptop was NOT encrypted (and therefore not protected by Safe Harbor Rule). • The laptop contained 14,000 private records of Fairview patients. - Social Security Numbers - Diagnoses - Names, Addresses, DOB’s
  • 9. FRSECURE.COM Breach Fallout 1. Fairview sent a letter to the 14,000 patients telling them their information was stolen. 2. Accretive was sued by the State of Minnesota, settled the case for $2.5 million and were “banned” for 6 years. 3. Fairview CEO retires when company doesn’t renew his contract after the incident. 4. Fairview was in the news for about a year for this and other negative incidents regarding the care of patient information. 5. 14,000 people (that we know of) are victims.
  • 10. FRSECURE.COM John Hacks a Laptop We Need a Volunteer
  • 11. FRSECURE.COM Encryption Effective and inexpensive. Sustainable with solid policy backing. Keys must be managed correctly. More involved than downloading and enabling software.
  • 12. FRSECURE.COM Encryption is Not an Easy Button There’s also…. • Policy & Governance • Mobile Device Management • Training & Awareness • Alignment with the Big Picture
  • 13. FRSECURE.COM Policy & Governance • Information Security Policy • Encryption Policy • Mobile Device Policy • Bring Your Own Device (“BYOD”) Policy • Standards, Guidelines & Procedures (exceptions)
  • 14. FRSECURE.COM Mobile Device Management Numerous technological solutions on the market today to assist in enforcing what we say in policy. • If we can’t enforce what we stated in policy, how effective is our policy? • Regulators will require evidence of compliance with our policies. • People are people, sometimes we need to protect them from themselves.
  • 15. FRSECURE.COM Training & Awareness It’s hard to over-invest in training & awareness. Do your people know what to do if: • They lose their mobile device • Their mobile device is stolen • If their mobile device is infected (or suspected to be infected) All of these things should feed into a process for incident response… How is your incident response?
  • 16. FRSECURE.COM Consider a Business-like Approach to Security Decisions 1. Find the starting point. 2. Have a way to measure progress. 3. Apply a risk-based thought process. 4. Expect continuous evolution. 5. Consider other business factors. 6. Make informed, aligned decisions.