SlideShare uma empresa Scribd logo

AFCOM - Information Security State of the Union

Evan Francen
Evan Francen

A presentation delivered by FRSecure's president Evan Francen at the August, 2015 Twin Cities AFCOM Chapter Meeting. There were more than 50 people in attendance to learn about FRSecure, current information security events and threats, what companies are doing, and basic information security principles.

Serviços
1 de 23
AFCOM Chapter Meeting INFORMATION SECURITY – STATE OF THE UNION AUGUST 19, 2015
Information Security State of the Union Topics • Introduction • FRSecure • Evan Francen (Speaker) • Current Events/Threats • What Companies Are Doing • Let’s Make it Simple • Questions & Answers
Information Security State of the Union Information security is a broad topic. What can I give you in 30 – 45 Minutes? Follow-up discussions are encouraged!
Information Security State of the Union Introduction – FRSecure ◦ Established in 2008 ◦ Information security is all we do. We’re experts. ◦ Product agnostic ◦ We solve complex information security challenges for our clients. We exist “to fix a broken industry” The “industry” The “industry” is the information security industry; consisting of solutions (services and products) designed to protect information.
FRSecure, the company Vision & Mission We exist “to fix a broken industry” What’s “broken”? 1. Confusion - At the core, there is a lack of basic security understanding. ◦ Security is a big thing - We provide SIMPLE, but COMPREHENSIVE and EFFECTIVE solutions. ◦ We’re speaking different languages – Our solutions are CONSISTENT and we TEACH as part of everything we do.
FRSecure, the company Vision & Mission We exist “to fix a broken industry” What’s “broken”? 2. Motives- Motives are often wrong or unclear. Money, politics, and pride all get in the way. ◦ Our motive is clear - Our PRIMARY motive is to make security better, and we are the BEST at doing that. ◦ We are product agnostic for a reason – Representing products may make us more money now, but detracts from our motive and message.
FRSecure, the company Vision & Mission We exist “to fix a broken industry” What’s “broken”? 3. Expertise - There is a general lack of expertise. ◦ We make experts internally – We INVEST in each other to make the BEST security experts in the industry. ◦ We make experts externally – We TEACH everyone every time we get the chance.
FRSecure, the company Vision & Mission We exist “to fix a broken industry” Fixing it… 1. What we’re going to do ◦ FRSecure’s Ten Security Principles™ ◦ FRSecure Information Security Assessment – FISA™ ◦ FRSecure’s Services – Compliance (GLBA/FFIEC, PCI, HIPAA, etc.) ◦ FRSecure’s Services – Other (vCISO, Penetration Testing, Incident Response, Portal, etc.) ◦ FRSecure’s Mentor Program 2. How we’re going to do it Relationships
Information Security State of the Union Introduction – Evan Francen ◦ Founder & President of FRSecure ◦ 20+ information security leadership experience ◦ Specialties: ◦ Information security methodologies (the way to do things…) ◦ Information security risk management ◦ Executive & board of directors education ◦ Building security programs ◦ Social engineering
Information Security State of the Union Current Events/Threats We’ve made a mess…
Information Security State of the Union Current Events/Threats Breaches everywhere. Not new though, eh?
Information Security State of the Union Current Events/Threats State-sponsored attacks increasing; we are in a “cyber war”
Information Security State of the Union Current Events/Threats Internet of Things (“IoT”)
Information Security State of the Union Current Events/Threats I’m not a fear-monger. I promise!
Information Security State of the Union Current Events/Threats All the fad. Money is fast an furious. The worldwide cybersecurity market is defined by market sizing estimates that range from $77 billion in 2015 to $170 billion by 2020. CB Insights reported that in the first half of 2015, venture firms invested $1.2 billion into cybersecurity startups. Yup, you read it correctly - one point two billion in just the first six months of 2015.
Information Security State of the Union Current Events/Threats Money is (always has been) the motive for the bad guys. Follow the money: ◦ Credit card breaches peaked? Sorta. ◦ Next up; health information (PHI/ePHI) ◦ Identity theft is steady ◦ Extortion is steady after a big rise “A new survey of 600 small business owners compiled by Wells Fargo found that more than half of those who accept point-of-sale card payments are unaware of the requirement to change to EMV chip card technology.”
Information Security State of the Union Current Events/Threats ◦ For the datacenter, it’s not the datacenter itself, it’s: ◦ Everything connected to the datacenter ◦ Social engineering
Information Security State of the Union What Companies Are Doing – The GOOD 1. Visibility is higher than it’s ever been. 2. Boards of directors and the executive suite are more involved than ever. 3. Compliance (in general) is getting more effective.
Information Security State of the Union What Companies Are Doing – The BAD 1. Confusion (more than ever) ◦ We’re speaking different languages ◦ We’re making this harder than we should ◦ What to do? – NIST Cybersecurity Framework (CSF), SOC 2 Type 1/2 (less popular now), ISO/IEC 27001, COBIT, HITRUST ◦ How much is too much? 2. Still too IT focused 3. Still looking for an easy button
Information Security State of the Union Let’s Make it Simple • Complexity is the enemy to security (remember this) • Start with a definition of “information security”… Easy, right? Information security is the application of administrative, physical and technical controls to protect the confidentiality, integrity, and availability of information.
Information Security State of the Union Let’s Make it Simple • How ‘bout some truths about security? FRSecure’s Ten Security Principles™ 1. A business is in business to make money 2. Information Security is a business issue 3. Information Security is fun 4. People are the biggest risk 5. “Compliant” and “secure” are different
Information Security State of the Union Let’s Make it Simple • How ‘bout some truths about security? FRSecure’s Ten Security Principles™ 6. There is no common sense in Information Security 7. “Secure” is relative 8. Information Security should drive business 9. Information Security is not one size fits all 10. There is no “easy button”
Information Security State of the Union Questions & Answers Thank You!

Recomendados

Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...XeniT Solutions nv
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationrrepko
 
Cybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureCybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureDr David Probert
 
Digital Age-Preparing Yourself
Digital Age-Preparing YourselfDigital Age-Preparing Yourself
Digital Age-Preparing Yourselfjkl0202
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small BusinessJulius Clark, CISSP, CISA
 
Smart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter OrganizationsSmart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter OrganizationsRick Huijbregts
 
ISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseDavid Berkelmans
 
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014Rick Huijbregts
 

Recomendados

Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...XeniT Solutions nv
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationrrepko
 
Cybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureCybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureDr David Probert
 
Digital Age-Preparing Yourself
Digital Age-Preparing YourselfDigital Age-Preparing Yourself
Digital Age-Preparing Yourselfjkl0202
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small BusinessJulius Clark, CISSP, CISA
 
Smart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter OrganizationsSmart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter OrganizationsRick Huijbregts
 
ISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseDavid Berkelmans
 
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014Rick Huijbregts
 
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...Neil Curran MSc CISSP CRISC CGEIT CISM CISA
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & ManufacturingEvan Francen
 
State of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderState of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderBen Johnson
 
Data theft in india (K K Mookhey)
Data theft in india (K K Mookhey)Data theft in india (K K Mookhey)
Data theft in india (K K Mookhey)ClubHack
 
News letter feb 11
News letter feb 11News letter feb 11
News letter feb 11captsbtyagi
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information SecurityEvan Francen
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT IssueEvan Francen
 
The State of Cyber
The State of CyberThe State of Cyber
The State of Cyberbusinessforward
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Securitylearntransformation0
 
Cyber Safe Southwark
Cyber Safe SouthwarkCyber Safe Southwark
Cyber Safe SouthwarkThe Integrate Agency CIC
 
Running with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsRunning with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsMichael Scheidell
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystemkpatrickwheeler
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021lior mazor
 
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Dana Gardner
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyMighty Guides, Inc.
 
Information Security: Protecting Your Assets
Information Security: Protecting Your AssetsInformation Security: Protecting Your Assets
Information Security: Protecting Your AssetsBert Penney
 
ACFN vISO eBook
ACFN vISO eBookACFN vISO eBook
ACFN vISO eBookPatrick Whelan, CISA
 
WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemEvan Francen
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasEvan Francen
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemEvan Francen
 

Mais conteúdo relacionado

Semelhante a AFCOM - Information Security State of the Union

2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...Neil Curran MSc CISSP CRISC CGEIT CISM CISA
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & ManufacturingEvan Francen
 
State of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderState of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderBen Johnson
 
Data theft in india (K K Mookhey)
Data theft in india (K K Mookhey)Data theft in india (K K Mookhey)
Data theft in india (K K Mookhey)ClubHack
 
News letter feb 11
News letter feb 11News letter feb 11
News letter feb 11captsbtyagi
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information SecurityEvan Francen
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT IssueEvan Francen
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Securitylearntransformation0
 
Running with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsRunning with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsMichael Scheidell
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystemkpatrickwheeler
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021lior mazor
 
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Dana Gardner
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyMighty Guides, Inc.
 
Information Security: Protecting Your Assets
Information Security: Protecting Your AssetsInformation Security: Protecting Your Assets
Information Security: Protecting Your AssetsBert Penney
 
WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemEvan Francen
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 

Semelhante a AFCOM - Information Security State of the Union (20)

2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & Manufacturing
 
State of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderState of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry Insider
 
Data theft in india (K K Mookhey)
Data theft in india (K K Mookhey)Data theft in india (K K Mookhey)
Data theft in india (K K Mookhey)
 
News letter feb 11
News letter feb 11News letter feb 11
News letter feb 11
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information Security
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
 
The State of Cyber
The State of CyberThe State of Cyber
The State of Cyber
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Security
 
Cyber Safe Southwark
Cyber Safe SouthwarkCyber Safe Southwark
Cyber Safe Southwark
 
Running with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsRunning with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needs
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystem
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021
 
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
 
Information Security: Protecting Your Assets
Information Security: Protecting Your AssetsInformation Security: Protecting Your Assets
Information Security: Protecting Your Assets
 
ACFN vISO eBook
ACFN vISO eBookACFN vISO eBook
ACFN vISO eBook
 
WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language Problem
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
 

Mais de Evan Francen

Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasEvan Francen
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemEvan Francen
 
Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Evan Francen
 
Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyEvan Francen
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksEvan Francen
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudEvan Francen
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917Evan Francen
 
People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017Evan Francen
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceEvan Francen
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceEvan Francen
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance WorldEvan Francen
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderEvan Francen
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByEvan Francen
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisEvan Francen
 
An Introduction to Information Security
An Introduction to Information SecurityAn Introduction to Information Security
An Introduction to Information SecurityEvan Francen
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales DeckEvan Francen
 

Mais de Evan Francen (18)

Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware Dallas
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
 
Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219
 
Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk Effectively
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party Risks
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment Fraud
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
 
People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to Compliance
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology Conference
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance World
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a Leader
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) By
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
 
An Introduction to Information Security
An Introduction to Information SecurityAn Introduction to Information Security
An Introduction to Information Security
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 

Último

Call Girls in Rawalpindi | 🍆💦 03280288848
Call Girls in Rawalpindi | 🍆💦 03280288848Call Girls in Rawalpindi | 🍆💦 03280288848
Call Girls in Rawalpindi | 🍆💦 03280288848Ifra Zohaib
 
Call Now ☎9870417354|| Call Girls in Noida Sector 18 Escort Service Noida N.C.R.
Call Now ☎9870417354|| Call Girls in Noida Sector 18 Escort Service Noida N.C.R.Call Now ☎9870417354|| Call Girls in Noida Sector 18 Escort Service Noida N.C.R.
Call Now ☎9870417354|| Call Girls in Noida Sector 18 Escort Service Noida N.C.R.riyadelhic riyadelhic
 
+91-9899900591 Russian Call Girls In New Delhi Independent Russian Call Girls...
+91-9899900591 Russian Call Girls In New Delhi Independent Russian Call Girls...+91-9899900591 Russian Call Girls In New Delhi Independent Russian Call Girls...
+91-9899900591 Russian Call Girls In New Delhi Independent Russian Call Girls...kauryashika82
 
Guwahati ❣️ Call Girl 97487*63073 Call Girls in Guwahati Escort service book now
Guwahati ❣️ Call Girl 97487*63073 Call Girls in Guwahati Escort service book nowGuwahati ❣️ Call Girl 97487*63073 Call Girls in Guwahati Escort service book now
Guwahati ❣️ Call Girl 97487*63073 Call Girls in Guwahati Escort service book nowapshanarani255
 
Hire 💕 8617370543 Uttara Kannada Call Girls Service Call Girls Agency
Hire 💕 8617370543 Uttara Kannada Call Girls Service Call Girls AgencyHire 💕 8617370543 Uttara Kannada Call Girls Service Call Girls Agency
Hire 💕 8617370543 Uttara Kannada Call Girls Service Call Girls AgencyJia Oberoi
 
Girls For Night in Islamabad | 03274100048 🔞
Girls For Night in Islamabad | 03274100048 🔞Girls For Night in Islamabad | 03274100048 🔞
Girls For Night in Islamabad | 03274100048 🔞Ifra Zohaib
 
Call Now ☎9870417354|| Call Girls in Noida Sector 12 Escort Service Noida N.C.R.
Call Now ☎9870417354|| Call Girls in Noida Sector 12 Escort Service Noida N.C.R.Call Now ☎9870417354|| Call Girls in Noida Sector 12 Escort Service Noida N.C.R.
Call Now ☎9870417354|| Call Girls in Noida Sector 12 Escort Service Noida N.C.R.riyadelhic riyadelhic
 
MYSORE CALL GIRLS ESCORT SER 92628/71154
MYSORE CALL GIRLS ESCORT SER 92628/71154MYSORE CALL GIRLS ESCORT SER 92628/71154
MYSORE CALL GIRLS ESCORT SER 92628/71154NiteshKumar82226
 
Indore ❣️Call Girl 97487*63073 Call Girls in Indore Escort service book now
Indore ❣️Call Girl 97487*63073 Call Girls in Indore Escort service book nowIndore ❣️Call Girl 97487*63073 Call Girls in Indore Escort service book now
Indore ❣️Call Girl 97487*63073 Call Girls in Indore Escort service book nowapshanarani255
 
Best VIP Call Girls Noida Sector 24 Call Me: 8700611579
Best VIP Call Girls Noida Sector 24 Call Me: 8700611579Best VIP Call Girls Noida Sector 24 Call Me: 8700611579
Best VIP Call Girls Noida Sector 24 Call Me: 8700611579diyaspanoida
 
Indore Call girl service 6289102337 indore escort service
Indore Call girl service 6289102337 indore escort serviceIndore Call girl service 6289102337 indore escort service
Indore Call girl service 6289102337 indore escort servicemaheshsingh64440
 
Call Girls In {Connaught Place Delhi} 9667938988 IndianRussian High Profile E...
Call Girls In {Connaught Place Delhi} 9667938988 IndianRussian High Profile E...Call Girls In {Connaught Place Delhi} 9667938988 IndianRussian High Profile E...
Call Girls In {Connaught Place Delhi} 9667938988 IndianRussian High Profile E...aakahthapa70
 
9999266834 Call Girls In Noida Sector 18 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 18 (Delhi) Call Girl Service9999266834 Call Girls In Noida Sector 18 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 18 (Delhi) Call Girl Servicenishacall1
 
Radhika Call Girls In Jaipur 9358660226 Escorts service
Radhika Call Girls In Jaipur 9358660226 Escorts serviceRadhika Call Girls In Jaipur 9358660226 Escorts service
Radhika Call Girls In Jaipur 9358660226 Escorts servicerahul222jai
 
Call Now ☎9870417354|| Call Girls in Dwarka Escort Service Delhi N.C.R.
Call Now ☎9870417354|| Call Girls in Dwarka Escort Service Delhi N.C.R.Call Now ☎9870417354|| Call Girls in Dwarka Escort Service Delhi N.C.R.
Call Now ☎9870417354|| Call Girls in Dwarka Escort Service Delhi N.C.R.riyadelhic riyadelhic
 
Best VIP Call Girl Noida Sector 48 Call Me: 8700611579
Best VIP Call Girl Noida Sector 48 Call Me: 8700611579Best VIP Call Girl Noida Sector 48 Call Me: 8700611579
Best VIP Call Girl Noida Sector 48 Call Me: 8700611579diyaspanoida
 
Low Rate Russian Call Girls In Lajpat Nagar ➡️ 7836950116 Call Girls Service ...
Low Rate Russian Call Girls In Lajpat Nagar ➡️ 7836950116 Call Girls Service ...Low Rate Russian Call Girls In Lajpat Nagar ➡️ 7836950116 Call Girls Service ...
Low Rate Russian Call Girls In Lajpat Nagar ➡️ 7836950116 Call Girls Service ...riyasharma00119
 
Call Now ☎9870417354|| Call Girls in Gurgaon Sector 13 Escort Service Gurgaon...
Call Now ☎9870417354|| Call Girls in Gurgaon Sector 13 Escort Service Gurgaon...Call Now ☎9870417354|| Call Girls in Gurgaon Sector 13 Escort Service Gurgaon...
Call Now ☎9870417354|| Call Girls in Gurgaon Sector 13 Escort Service Gurgaon...riyadelhic riyadelhic
 
Book_ A Project based approach CHAPTER 1 summary.pptx
Book_ A Project based approach CHAPTER 1 summary.pptxBook_ A Project based approach CHAPTER 1 summary.pptx
Book_ A Project based approach CHAPTER 1 summary.pptxssuser8fd809
 

Último (20)

Call Girls in Rawalpindi | 🍆💦 03280288848
Call Girls in Rawalpindi | 🍆💦 03280288848Call Girls in Rawalpindi | 🍆💦 03280288848
Call Girls in Rawalpindi | 🍆💦 03280288848
 
Call Now ☎9870417354|| Call Girls in Noida Sector 18 Escort Service Noida N.C.R.
Call Now ☎9870417354|| Call Girls in Noida Sector 18 Escort Service Noida N.C.R.Call Now ☎9870417354|| Call Girls in Noida Sector 18 Escort Service Noida N.C.R.
Call Now ☎9870417354|| Call Girls in Noida Sector 18 Escort Service Noida N.C.R.
 
+91-9899900591 Russian Call Girls In New Delhi Independent Russian Call Girls...
+91-9899900591 Russian Call Girls In New Delhi Independent Russian Call Girls...+91-9899900591 Russian Call Girls In New Delhi Independent Russian Call Girls...
+91-9899900591 Russian Call Girls In New Delhi Independent Russian Call Girls...
 
Guwahati ❣️ Call Girl 97487*63073 Call Girls in Guwahati Escort service book now
Guwahati ❣️ Call Girl 97487*63073 Call Girls in Guwahati Escort service book nowGuwahati ❣️ Call Girl 97487*63073 Call Girls in Guwahati Escort service book now
Guwahati ❣️ Call Girl 97487*63073 Call Girls in Guwahati Escort service book now
 
Hire 💕 8617370543 Uttara Kannada Call Girls Service Call Girls Agency
Hire 💕 8617370543 Uttara Kannada Call Girls Service Call Girls AgencyHire 💕 8617370543 Uttara Kannada Call Girls Service Call Girls Agency
Hire 💕 8617370543 Uttara Kannada Call Girls Service Call Girls Agency
 
Girls For Night in Islamabad | 03274100048 🔞
Girls For Night in Islamabad | 03274100048 🔞Girls For Night in Islamabad | 03274100048 🔞
Girls For Night in Islamabad | 03274100048 🔞
 
Call Now ☎9870417354|| Call Girls in Noida Sector 12 Escort Service Noida N.C.R.
Call Now ☎9870417354|| Call Girls in Noida Sector 12 Escort Service Noida N.C.R.Call Now ☎9870417354|| Call Girls in Noida Sector 12 Escort Service Noida N.C.R.
Call Now ☎9870417354|| Call Girls in Noida Sector 12 Escort Service Noida N.C.R.
 
MYSORE CALL GIRLS ESCORT SER 92628/71154
MYSORE CALL GIRLS ESCORT SER 92628/71154MYSORE CALL GIRLS ESCORT SER 92628/71154
MYSORE CALL GIRLS ESCORT SER 92628/71154
 
Indore ❣️Call Girl 97487*63073 Call Girls in Indore Escort service book now
Indore ❣️Call Girl 97487*63073 Call Girls in Indore Escort service book nowIndore ❣️Call Girl 97487*63073 Call Girls in Indore Escort service book now
Indore ❣️Call Girl 97487*63073 Call Girls in Indore Escort service book now
 
Best VIP Call Girls Noida Sector 24 Call Me: 8700611579
Best VIP Call Girls Noida Sector 24 Call Me: 8700611579Best VIP Call Girls Noida Sector 24 Call Me: 8700611579
Best VIP Call Girls Noida Sector 24 Call Me: 8700611579
 
9953056974 Call Girls In Ashok Nagar, Escorts (Delhi) NCR.
9953056974 Call Girls In Ashok Nagar, Escorts (Delhi) NCR.9953056974 Call Girls In Ashok Nagar, Escorts (Delhi) NCR.
9953056974 Call Girls In Ashok Nagar, Escorts (Delhi) NCR.
 
Indore Call girl service 6289102337 indore escort service
Indore Call girl service 6289102337 indore escort serviceIndore Call girl service 6289102337 indore escort service
Indore Call girl service 6289102337 indore escort service
 
Call Girls In {Connaught Place Delhi} 9667938988 IndianRussian High Profile E...
Call Girls In {Connaught Place Delhi} 9667938988 IndianRussian High Profile E...Call Girls In {Connaught Place Delhi} 9667938988 IndianRussian High Profile E...
Call Girls In {Connaught Place Delhi} 9667938988 IndianRussian High Profile E...
 
9999266834 Call Girls In Noida Sector 18 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 18 (Delhi) Call Girl Service9999266834 Call Girls In Noida Sector 18 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 18 (Delhi) Call Girl Service
 
Radhika Call Girls In Jaipur 9358660226 Escorts service
Radhika Call Girls In Jaipur 9358660226 Escorts serviceRadhika Call Girls In Jaipur 9358660226 Escorts service
Radhika Call Girls In Jaipur 9358660226 Escorts service
 
Call Now ☎9870417354|| Call Girls in Dwarka Escort Service Delhi N.C.R.
Call Now ☎9870417354|| Call Girls in Dwarka Escort Service Delhi N.C.R.Call Now ☎9870417354|| Call Girls in Dwarka Escort Service Delhi N.C.R.
Call Now ☎9870417354|| Call Girls in Dwarka Escort Service Delhi N.C.R.
 
Best VIP Call Girl Noida Sector 48 Call Me: 8700611579
Best VIP Call Girl Noida Sector 48 Call Me: 8700611579Best VIP Call Girl Noida Sector 48 Call Me: 8700611579
Best VIP Call Girl Noida Sector 48 Call Me: 8700611579
 
Low Rate Russian Call Girls In Lajpat Nagar ➡️ 7836950116 Call Girls Service ...
Low Rate Russian Call Girls In Lajpat Nagar ➡️ 7836950116 Call Girls Service ...Low Rate Russian Call Girls In Lajpat Nagar ➡️ 7836950116 Call Girls Service ...
Low Rate Russian Call Girls In Lajpat Nagar ➡️ 7836950116 Call Girls Service ...
 
Call Now ☎9870417354|| Call Girls in Gurgaon Sector 13 Escort Service Gurgaon...
Call Now ☎9870417354|| Call Girls in Gurgaon Sector 13 Escort Service Gurgaon...Call Now ☎9870417354|| Call Girls in Gurgaon Sector 13 Escort Service Gurgaon...
Call Now ☎9870417354|| Call Girls in Gurgaon Sector 13 Escort Service Gurgaon...
 
Book_ A Project based approach CHAPTER 1 summary.pptx
Book_ A Project based approach CHAPTER 1 summary.pptxBook_ A Project based approach CHAPTER 1 summary.pptx
Book_ A Project based approach CHAPTER 1 summary.pptx
 

AFCOM - Information Security State of the Union

  • 1. AFCOM Chapter Meeting INFORMATION SECURITY – STATE OF THE UNION AUGUST 19, 2015
  • 2. Information Security State of the Union Topics • Introduction • FRSecure • Evan Francen (Speaker) • Current Events/Threats • What Companies Are Doing • Let’s Make it Simple • Questions & Answers
  • 3. Information Security State of the Union Information security is a broad topic. What can I give you in 30 – 45 Minutes? Follow-up discussions are encouraged!
  • 4. Information Security State of the Union Introduction – FRSecure ◦ Established in 2008 ◦ Information security is all we do. We’re experts. ◦ Product agnostic ◦ We solve complex information security challenges for our clients. We exist “to fix a broken industry” The “industry” The “industry” is the information security industry; consisting of solutions (services and products) designed to protect information.
  • 5. FRSecure, the company Vision & Mission We exist “to fix a broken industry” What’s “broken”? 1. Confusion - At the core, there is a lack of basic security understanding. ◦ Security is a big thing - We provide SIMPLE, but COMPREHENSIVE and EFFECTIVE solutions. ◦ We’re speaking different languages – Our solutions are CONSISTENT and we TEACH as part of everything we do.
  • 6. FRSecure, the company Vision & Mission We exist “to fix a broken industry” What’s “broken”? 2. Motives- Motives are often wrong or unclear. Money, politics, and pride all get in the way. ◦ Our motive is clear - Our PRIMARY motive is to make security better, and we are the BEST at doing that. ◦ We are product agnostic for a reason – Representing products may make us more money now, but detracts from our motive and message.
  • 7. FRSecure, the company Vision & Mission We exist “to fix a broken industry” What’s “broken”? 3. Expertise - There is a general lack of expertise. ◦ We make experts internally – We INVEST in each other to make the BEST security experts in the industry. ◦ We make experts externally – We TEACH everyone every time we get the chance.
  • 8. FRSecure, the company Vision & Mission We exist “to fix a broken industry” Fixing it… 1. What we’re going to do ◦ FRSecure’s Ten Security Principles™ ◦ FRSecure Information Security Assessment – FISA™ ◦ FRSecure’s Services – Compliance (GLBA/FFIEC, PCI, HIPAA, etc.) ◦ FRSecure’s Services – Other (vCISO, Penetration Testing, Incident Response, Portal, etc.) ◦ FRSecure’s Mentor Program 2. How we’re going to do it Relationships
  • 9. Information Security State of the Union Introduction – Evan Francen ◦ Founder & President of FRSecure ◦ 20+ information security leadership experience ◦ Specialties: ◦ Information security methodologies (the way to do things…) ◦ Information security risk management ◦ Executive & board of directors education ◦ Building security programs ◦ Social engineering
  • 10. Information Security State of the Union Current Events/Threats We’ve made a mess…
  • 11. Information Security State of the Union Current Events/Threats Breaches everywhere. Not new though, eh?
  • 12. Information Security State of the Union Current Events/Threats State-sponsored attacks increasing; we are in a “cyber war”
  • 13. Information Security State of the Union Current Events/Threats Internet of Things (“IoT”)
  • 14. Information Security State of the Union Current Events/Threats I’m not a fear-monger. I promise!
  • 15. Information Security State of the Union Current Events/Threats All the fad. Money is fast an furious. The worldwide cybersecurity market is defined by market sizing estimates that range from $77 billion in 2015 to $170 billion by 2020. CB Insights reported that in the first half of 2015, venture firms invested $1.2 billion into cybersecurity startups. Yup, you read it correctly - one point two billion in just the first six months of 2015.
  • 16. Information Security State of the Union Current Events/Threats Money is (always has been) the motive for the bad guys. Follow the money: ◦ Credit card breaches peaked? Sorta. ◦ Next up; health information (PHI/ePHI) ◦ Identity theft is steady ◦ Extortion is steady after a big rise “A new survey of 600 small business owners compiled by Wells Fargo found that more than half of those who accept point-of-sale card payments are unaware of the requirement to change to EMV chip card technology.”
  • 17. Information Security State of the Union Current Events/Threats ◦ For the datacenter, it’s not the datacenter itself, it’s: ◦ Everything connected to the datacenter ◦ Social engineering
  • 18. Information Security State of the Union What Companies Are Doing – The GOOD 1. Visibility is higher than it’s ever been. 2. Boards of directors and the executive suite are more involved than ever. 3. Compliance (in general) is getting more effective.
  • 19. Information Security State of the Union What Companies Are Doing – The BAD 1. Confusion (more than ever) ◦ We’re speaking different languages ◦ We’re making this harder than we should ◦ What to do? – NIST Cybersecurity Framework (CSF), SOC 2 Type 1/2 (less popular now), ISO/IEC 27001, COBIT, HITRUST ◦ How much is too much? 2. Still too IT focused 3. Still looking for an easy button
  • 20. Information Security State of the Union Let’s Make it Simple • Complexity is the enemy to security (remember this) • Start with a definition of “information security”… Easy, right? Information security is the application of administrative, physical and technical controls to protect the confidentiality, integrity, and availability of information.
  • 21. Information Security State of the Union Let’s Make it Simple • How ‘bout some truths about security? FRSecure’s Ten Security Principles™ 1. A business is in business to make money 2. Information Security is a business issue 3. Information Security is fun 4. People are the biggest risk 5. “Compliant” and “secure” are different
  • 22. Information Security State of the Union Let’s Make it Simple • How ‘bout some truths about security? FRSecure’s Ten Security Principles™ 6. There is no common sense in Information Security 7. “Secure” is relative 8. Information Security should drive business 9. Information Security is not one size fits all 10. There is no “easy button”
  • 23. Information Security State of the Union Questions & Answers Thank You!