SlideShare una empresa de Scribd logo

AFCOM - Information Security State of the Union

Evan Francen
Evan Francen

A presentation delivered by FRSecure's president Evan Francen at the August, 2015 Twin Cities AFCOM Chapter Meeting. There were more than 50 people in attendance to learn about FRSecure, current information security events and threats, what companies are doing, and basic information security principles.

Servicios
1 de 23
AFCOM Chapter Meeting INFORMATION SECURITY – STATE OF THE UNION AUGUST 19, 2015
Information Security State of the Union Topics • Introduction • FRSecure • Evan Francen (Speaker) • Current Events/Threats • What Companies Are Doing • Let’s Make it Simple • Questions & Answers
Information Security State of the Union Information security is a broad topic. What can I give you in 30 – 45 Minutes? Follow-up discussions are encouraged!
Information Security State of the Union Introduction – FRSecure ◦ Established in 2008 ◦ Information security is all we do. We’re experts. ◦ Product agnostic ◦ We solve complex information security challenges for our clients. We exist “to fix a broken industry” The “industry” The “industry” is the information security industry; consisting of solutions (services and products) designed to protect information.
FRSecure, the company Vision & Mission We exist “to fix a broken industry” What’s “broken”? 1. Confusion - At the core, there is a lack of basic security understanding. ◦ Security is a big thing - We provide SIMPLE, but COMPREHENSIVE and EFFECTIVE solutions. ◦ We’re speaking different languages – Our solutions are CONSISTENT and we TEACH as part of everything we do.
FRSecure, the company Vision & Mission We exist “to fix a broken industry” What’s “broken”? 2. Motives- Motives are often wrong or unclear. Money, politics, and pride all get in the way. ◦ Our motive is clear - Our PRIMARY motive is to make security better, and we are the BEST at doing that. ◦ We are product agnostic for a reason – Representing products may make us more money now, but detracts from our motive and message.
FRSecure, the company Vision & Mission We exist “to fix a broken industry” What’s “broken”? 3. Expertise - There is a general lack of expertise. ◦ We make experts internally – We INVEST in each other to make the BEST security experts in the industry. ◦ We make experts externally – We TEACH everyone every time we get the chance.
FRSecure, the company Vision & Mission We exist “to fix a broken industry” Fixing it… 1. What we’re going to do ◦ FRSecure’s Ten Security Principles™ ◦ FRSecure Information Security Assessment – FISA™ ◦ FRSecure’s Services – Compliance (GLBA/FFIEC, PCI, HIPAA, etc.) ◦ FRSecure’s Services – Other (vCISO, Penetration Testing, Incident Response, Portal, etc.) ◦ FRSecure’s Mentor Program 2. How we’re going to do it Relationships
Information Security State of the Union Introduction – Evan Francen ◦ Founder & President of FRSecure ◦ 20+ information security leadership experience ◦ Specialties: ◦ Information security methodologies (the way to do things…) ◦ Information security risk management ◦ Executive & board of directors education ◦ Building security programs ◦ Social engineering
Information Security State of the Union Current Events/Threats We’ve made a mess…
Information Security State of the Union Current Events/Threats Breaches everywhere. Not new though, eh?
Information Security State of the Union Current Events/Threats State-sponsored attacks increasing; we are in a “cyber war”
Information Security State of the Union Current Events/Threats Internet of Things (“IoT”)
Information Security State of the Union Current Events/Threats I’m not a fear-monger. I promise!
Information Security State of the Union Current Events/Threats All the fad. Money is fast an furious. The worldwide cybersecurity market is defined by market sizing estimates that range from $77 billion in 2015 to $170 billion by 2020. CB Insights reported that in the first half of 2015, venture firms invested $1.2 billion into cybersecurity startups. Yup, you read it correctly - one point two billion in just the first six months of 2015.
Information Security State of the Union Current Events/Threats Money is (always has been) the motive for the bad guys. Follow the money: ◦ Credit card breaches peaked? Sorta. ◦ Next up; health information (PHI/ePHI) ◦ Identity theft is steady ◦ Extortion is steady after a big rise “A new survey of 600 small business owners compiled by Wells Fargo found that more than half of those who accept point-of-sale card payments are unaware of the requirement to change to EMV chip card technology.”
Information Security State of the Union Current Events/Threats ◦ For the datacenter, it’s not the datacenter itself, it’s: ◦ Everything connected to the datacenter ◦ Social engineering
Information Security State of the Union What Companies Are Doing – The GOOD 1. Visibility is higher than it’s ever been. 2. Boards of directors and the executive suite are more involved than ever. 3. Compliance (in general) is getting more effective.
Information Security State of the Union What Companies Are Doing – The BAD 1. Confusion (more than ever) ◦ We’re speaking different languages ◦ We’re making this harder than we should ◦ What to do? – NIST Cybersecurity Framework (CSF), SOC 2 Type 1/2 (less popular now), ISO/IEC 27001, COBIT, HITRUST ◦ How much is too much? 2. Still too IT focused 3. Still looking for an easy button
Information Security State of the Union Let’s Make it Simple • Complexity is the enemy to security (remember this) • Start with a definition of “information security”… Easy, right? Information security is the application of administrative, physical and technical controls to protect the confidentiality, integrity, and availability of information.
Information Security State of the Union Let’s Make it Simple • How ‘bout some truths about security? FRSecure’s Ten Security Principles™ 1. A business is in business to make money 2. Information Security is a business issue 3. Information Security is fun 4. People are the biggest risk 5. “Compliant” and “secure” are different
Information Security State of the Union Let’s Make it Simple • How ‘bout some truths about security? FRSecure’s Ten Security Principles™ 6. There is no common sense in Information Security 7. “Secure” is relative 8. Information Security should drive business 9. Information Security is not one size fits all 10. There is no “easy button”
Information Security State of the Union Questions & Answers Thank You!

Recomendados

Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...XeniT Solutions nv
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationrrepko
 
Cybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureCybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureDr David Probert
 
Digital Age-Preparing Yourself
Digital Age-Preparing YourselfDigital Age-Preparing Yourself
Digital Age-Preparing Yourselfjkl0202
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small BusinessJulius Clark, CISSP, CISA
 
Smart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter OrganizationsSmart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter OrganizationsRick Huijbregts
 
ISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseDavid Berkelmans
 
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014Rick Huijbregts
 

Recomendados

Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...XeniT Solutions nv
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationrrepko
 
Cybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureCybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureDr David Probert
 
Digital Age-Preparing Yourself
Digital Age-Preparing YourselfDigital Age-Preparing Yourself
Digital Age-Preparing Yourselfjkl0202
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small BusinessJulius Clark, CISSP, CISA
 
Smart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter OrganizationsSmart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter OrganizationsRick Huijbregts
 
ISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseDavid Berkelmans
 
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014Rick Huijbregts
 
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...Neil Curran MSc CISSP CRISC CGEIT CISM CISA
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & ManufacturingEvan Francen
 
State of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderState of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderBen Johnson
 
Data theft in india (K K Mookhey)
Data theft in india (K K Mookhey)Data theft in india (K K Mookhey)
Data theft in india (K K Mookhey)ClubHack
 
News letter feb 11
News letter feb 11News letter feb 11
News letter feb 11captsbtyagi
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information SecurityEvan Francen
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT IssueEvan Francen
 
The State of Cyber
The State of CyberThe State of Cyber
The State of Cyberbusinessforward
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Securitylearntransformation0
 
Cyber Safe Southwark
Cyber Safe SouthwarkCyber Safe Southwark
Cyber Safe SouthwarkThe Integrate Agency CIC
 
Running with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsRunning with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsMichael Scheidell
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystemkpatrickwheeler
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021lior mazor
 
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Dana Gardner
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyMighty Guides, Inc.
 
Information Security: Protecting Your Assets
Information Security: Protecting Your AssetsInformation Security: Protecting Your Assets
Information Security: Protecting Your AssetsBert Penney
 
ACFN vISO eBook
ACFN vISO eBookACFN vISO eBook
ACFN vISO eBookPatrick Whelan, CISA
 
WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemEvan Francen
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasEvan Francen
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemEvan Francen
 

Más contenido relacionado

Similar a AFCOM - Information Security State of the Union

2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...Neil Curran MSc CISSP CRISC CGEIT CISM CISA
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & ManufacturingEvan Francen
 
State of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderState of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderBen Johnson
 
Data theft in india (K K Mookhey)
Data theft in india (K K Mookhey)Data theft in india (K K Mookhey)
Data theft in india (K K Mookhey)ClubHack
 
News letter feb 11
News letter feb 11News letter feb 11
News letter feb 11captsbtyagi
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information SecurityEvan Francen
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT IssueEvan Francen
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Securitylearntransformation0
 
Running with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsRunning with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsMichael Scheidell
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystemkpatrickwheeler
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021lior mazor
 
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Dana Gardner
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyMighty Guides, Inc.
 
Information Security: Protecting Your Assets
Information Security: Protecting Your AssetsInformation Security: Protecting Your Assets
Information Security: Protecting Your AssetsBert Penney
 
WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemEvan Francen
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 

Similar a AFCOM - Information Security State of the Union (20)

2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & Manufacturing
 
State of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderState of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry Insider
 
Data theft in india (K K Mookhey)
Data theft in india (K K Mookhey)Data theft in india (K K Mookhey)
Data theft in india (K K Mookhey)
 
News letter feb 11
News letter feb 11News letter feb 11
News letter feb 11
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information Security
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
 
The State of Cyber
The State of CyberThe State of Cyber
The State of Cyber
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Security
 
Cyber Safe Southwark
Cyber Safe SouthwarkCyber Safe Southwark
Cyber Safe Southwark
 
Running with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsRunning with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needs
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystem
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021
 
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
 
Information Security: Protecting Your Assets
Information Security: Protecting Your AssetsInformation Security: Protecting Your Assets
Information Security: Protecting Your Assets
 
ACFN vISO eBook
ACFN vISO eBookACFN vISO eBook
ACFN vISO eBook
 
WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language Problem
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
 

Más de Evan Francen

Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasEvan Francen
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemEvan Francen
 
Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Evan Francen
 
Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyEvan Francen
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksEvan Francen
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudEvan Francen
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917Evan Francen
 
People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017Evan Francen
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceEvan Francen
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceEvan Francen
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance WorldEvan Francen
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderEvan Francen
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByEvan Francen
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisEvan Francen
 
An Introduction to Information Security
An Introduction to Information SecurityAn Introduction to Information Security
An Introduction to Information SecurityEvan Francen
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales DeckEvan Francen
 

Más de Evan Francen (18)

Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware Dallas
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
 
Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219
 
Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk Effectively
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party Risks
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment Fraud
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
 
People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to Compliance
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology Conference
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance World
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a Leader
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) By
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
 
An Introduction to Information Security
An Introduction to Information SecurityAn Introduction to Information Security
An Introduction to Information Security
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 

Último

BARASAT CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
BARASAT CALL GIRL 7857803690 LOW PRICE ESCORT SERVICEBARASAT CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
BARASAT CALL GIRL 7857803690 LOW PRICE ESCORT SERVICEayushi9330
 
Vip profile Call Girls In Hyderabad 9748763073 For Genuine Sex Service At Jus...
Vip profile Call Girls In Hyderabad 9748763073 For Genuine Sex Service At Jus...Vip profile Call Girls In Hyderabad 9748763073 For Genuine Sex Service At Jus...
Vip profile Call Girls In Hyderabad 9748763073 For Genuine Sex Service At Jus...Monika Rani
 
Call Girls in Sialkot || 🥵👙 || 03280288848
Call Girls in Sialkot || 🥵👙 || 03280288848Call Girls in Sialkot || 🥵👙 || 03280288848
Call Girls in Sialkot || 🥵👙 || 03280288848Ifra Zohaib
 
Jodhpur Call Girl 97487*63073 Call Girls in Jodhpur Escort service book now
Jodhpur Call Girl 97487*63073 Call Girls in Jodhpur Escort service book nowJodhpur Call Girl 97487*63073 Call Girls in Jodhpur Escort service book now
Jodhpur Call Girl 97487*63073 Call Girls in Jodhpur Escort service book nowapshanarani255
 
Hire 💕 8617370543 Uttara Kannada Call Girls Service Call Girls Agency
Hire 💕 8617370543 Uttara Kannada Call Girls Service Call Girls AgencyHire 💕 8617370543 Uttara Kannada Call Girls Service Call Girls Agency
Hire 💕 8617370543 Uttara Kannada Call Girls Service Call Girls AgencyJia Oberoi
 
Karachi Sexy Girls || 03280288848 || Sex services in Karachi
Karachi Sexy Girls || 03280288848 || Sex services in KarachiKarachi Sexy Girls || 03280288848 || Sex services in Karachi
Karachi Sexy Girls || 03280288848 || Sex services in KarachiAwais Yousaf
 
Guwahati ❣️ Call Girl 97487*63073 Call Girls in Guwahati Escort service book now
Guwahati ❣️ Call Girl 97487*63073 Call Girls in Guwahati Escort service book nowGuwahati ❣️ Call Girl 97487*63073 Call Girls in Guwahati Escort service book now
Guwahati ❣️ Call Girl 97487*63073 Call Girls in Guwahati Escort service book nowapshanarani255
 
Udupi Call girl service 6289102337 Udupi escort service
Udupi Call girl service 6289102337 Udupi escort serviceUdupi Call girl service 6289102337 Udupi escort service
Udupi Call girl service 6289102337 Udupi escort servicemaheshsingh64440
 
Mysore Call girl service 6289102337 Mysore escort service
Mysore Call girl service 6289102337 Mysore escort serviceMysore Call girl service 6289102337 Mysore escort service
Mysore Call girl service 6289102337 Mysore escort servicemaheshsingh64440
 
Shimla 💋 Call Girl 9748763073 Call Girls in Shimla Escort service book now
Shimla 💋 Call Girl 9748763073 Call Girls in Shimla Escort service book nowShimla 💋 Call Girl 9748763073 Call Girls in Shimla Escort service book now
Shimla 💋 Call Girl 9748763073 Call Girls in Shimla Escort service book nowapshanarani255
 
lahore night girls 👉03250114445 || girls for night in lahore
lahore night girls 👉03250114445 || girls for night in lahorelahore night girls 👉03250114445 || girls for night in lahore
lahore night girls 👉03250114445 || girls for night in lahoreDeny Daniel
 
Dehradun ❣️ Call Girl 97487*63073 Call Girls in Dehradun Escort service book...
Dehradun ❣️ Call Girl 97487*63073 Call Girls in Dehradun Escort service book...Dehradun ❣️ Call Girl 97487*63073 Call Girls in Dehradun Escort service book...
Dehradun ❣️ Call Girl 97487*63073 Call Girls in Dehradun Escort service book...apshanarani255
 
Chennai ❣️ Call Girl 97487*63073 Call Girls in Chennai Escort service book now
Chennai ❣️ Call Girl 97487*63073 Call Girls in Chennai Escort service book nowChennai ❣️ Call Girl 97487*63073 Call Girls in Chennai Escort service book now
Chennai ❣️ Call Girl 97487*63073 Call Girls in Chennai Escort service book nowapshanarani255
 
Digha Call Girl Service 97487*63073 Call Girls in Digha Escort service book...
Digha Call Girl Service 97487*63073 Call Girls in Digha Escort service book...Digha Call Girl Service 97487*63073 Call Girls in Digha Escort service book...
Digha Call Girl Service 97487*63073 Call Girls in Digha Escort service book...apshanarani255
 
Call Girls in Saket (delhi) call me [8264348440 ] escort service 24X7
Call Girls in Saket (delhi) call me [8264348440 ] escort service 24X7Call Girls in Saket (delhi) call me [8264348440 ] escort service 24X7
Call Girls in Saket (delhi) call me [8264348440 ] escort service 24X7soniya singh
 
Rajkot Call Girls Contact Number +919358341802 Call Girls In Rajkot
Rajkot Call Girls Contact Number +919358341802 Call Girls In RajkotRajkot Call Girls Contact Number +919358341802 Call Girls In Rajkot
Rajkot Call Girls Contact Number +919358341802 Call Girls In RajkotSivanyaPandeya
 
NAGPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
NAGPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICENAGPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
NAGPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICEayushi9330
 
9999266834 Call Girls In Noida Sector 37 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 37 (Delhi) Call Girl Service9999266834 Call Girls In Noida Sector 37 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 37 (Delhi) Call Girl Servicenishacall1
 
Pune ❤CALL GIRL 9874883814 ❤CALL GIRLS IN pune ESCORT SERVICE❤CALL GIRL IN We...
Pune ❤CALL GIRL 9874883814 ❤CALL GIRLS IN pune ESCORT SERVICE❤CALL GIRL IN We...Pune ❤CALL GIRL 9874883814 ❤CALL GIRLS IN pune ESCORT SERVICE❤CALL GIRL IN We...
Pune ❤CALL GIRL 9874883814 ❤CALL GIRLS IN pune ESCORT SERVICE❤CALL GIRL IN We...oyomaster143
 

Último (20)

BARASAT CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
BARASAT CALL GIRL 7857803690 LOW PRICE ESCORT SERVICEBARASAT CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
BARASAT CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
 
Vip profile Call Girls In Hyderabad 9748763073 For Genuine Sex Service At Jus...
Vip profile Call Girls In Hyderabad 9748763073 For Genuine Sex Service At Jus...Vip profile Call Girls In Hyderabad 9748763073 For Genuine Sex Service At Jus...
Vip profile Call Girls In Hyderabad 9748763073 For Genuine Sex Service At Jus...
 
➥🔝9953056974 🔝▻ Anand Vihar Call-girl in Women Seeking Men 🔝Delhi🔝 NCR
➥🔝9953056974 🔝▻ Anand Vihar Call-girl in Women Seeking Men 🔝Delhi🔝 NCR➥🔝9953056974 🔝▻ Anand Vihar Call-girl in Women Seeking Men 🔝Delhi🔝 NCR
➥🔝9953056974 🔝▻ Anand Vihar Call-girl in Women Seeking Men 🔝Delhi🔝 NCR
 
Call Girls in Sialkot || 🥵👙 || 03280288848
Call Girls in Sialkot || 🥵👙 || 03280288848Call Girls in Sialkot || 🥵👙 || 03280288848
Call Girls in Sialkot || 🥵👙 || 03280288848
 
Jodhpur Call Girl 97487*63073 Call Girls in Jodhpur Escort service book now
Jodhpur Call Girl 97487*63073 Call Girls in Jodhpur Escort service book nowJodhpur Call Girl 97487*63073 Call Girls in Jodhpur Escort service book now
Jodhpur Call Girl 97487*63073 Call Girls in Jodhpur Escort service book now
 
Hire 💕 8617370543 Uttara Kannada Call Girls Service Call Girls Agency
Hire 💕 8617370543 Uttara Kannada Call Girls Service Call Girls AgencyHire 💕 8617370543 Uttara Kannada Call Girls Service Call Girls Agency
Hire 💕 8617370543 Uttara Kannada Call Girls Service Call Girls Agency
 
Karachi Sexy Girls || 03280288848 || Sex services in Karachi
Karachi Sexy Girls || 03280288848 || Sex services in KarachiKarachi Sexy Girls || 03280288848 || Sex services in Karachi
Karachi Sexy Girls || 03280288848 || Sex services in Karachi
 
Guwahati ❣️ Call Girl 97487*63073 Call Girls in Guwahati Escort service book now
Guwahati ❣️ Call Girl 97487*63073 Call Girls in Guwahati Escort service book nowGuwahati ❣️ Call Girl 97487*63073 Call Girls in Guwahati Escort service book now
Guwahati ❣️ Call Girl 97487*63073 Call Girls in Guwahati Escort service book now
 
Udupi Call girl service 6289102337 Udupi escort service
Udupi Call girl service 6289102337 Udupi escort serviceUdupi Call girl service 6289102337 Udupi escort service
Udupi Call girl service 6289102337 Udupi escort service
 
Mysore Call girl service 6289102337 Mysore escort service
Mysore Call girl service 6289102337 Mysore escort serviceMysore Call girl service 6289102337 Mysore escort service
Mysore Call girl service 6289102337 Mysore escort service
 
Shimla 💋 Call Girl 9748763073 Call Girls in Shimla Escort service book now
Shimla 💋 Call Girl 9748763073 Call Girls in Shimla Escort service book nowShimla 💋 Call Girl 9748763073 Call Girls in Shimla Escort service book now
Shimla 💋 Call Girl 9748763073 Call Girls in Shimla Escort service book now
 
lahore night girls 👉03250114445 || girls for night in lahore
lahore night girls 👉03250114445 || girls for night in lahorelahore night girls 👉03250114445 || girls for night in lahore
lahore night girls 👉03250114445 || girls for night in lahore
 
Dehradun ❣️ Call Girl 97487*63073 Call Girls in Dehradun Escort service book...
Dehradun ❣️ Call Girl 97487*63073 Call Girls in Dehradun Escort service book...Dehradun ❣️ Call Girl 97487*63073 Call Girls in Dehradun Escort service book...
Dehradun ❣️ Call Girl 97487*63073 Call Girls in Dehradun Escort service book...
 
Chennai ❣️ Call Girl 97487*63073 Call Girls in Chennai Escort service book now
Chennai ❣️ Call Girl 97487*63073 Call Girls in Chennai Escort service book nowChennai ❣️ Call Girl 97487*63073 Call Girls in Chennai Escort service book now
Chennai ❣️ Call Girl 97487*63073 Call Girls in Chennai Escort service book now
 
Digha Call Girl Service 97487*63073 Call Girls in Digha Escort service book...
Digha Call Girl Service 97487*63073 Call Girls in Digha Escort service book...Digha Call Girl Service 97487*63073 Call Girls in Digha Escort service book...
Digha Call Girl Service 97487*63073 Call Girls in Digha Escort service book...
 
Call Girls in Saket (delhi) call me [8264348440 ] escort service 24X7
Call Girls in Saket (delhi) call me [8264348440 ] escort service 24X7Call Girls in Saket (delhi) call me [8264348440 ] escort service 24X7
Call Girls in Saket (delhi) call me [8264348440 ] escort service 24X7
 
Rajkot Call Girls Contact Number +919358341802 Call Girls In Rajkot
Rajkot Call Girls Contact Number +919358341802 Call Girls In RajkotRajkot Call Girls Contact Number +919358341802 Call Girls In Rajkot
Rajkot Call Girls Contact Number +919358341802 Call Girls In Rajkot
 
NAGPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
NAGPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICENAGPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
NAGPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
 
9999266834 Call Girls In Noida Sector 37 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 37 (Delhi) Call Girl Service9999266834 Call Girls In Noida Sector 37 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 37 (Delhi) Call Girl Service
 
Pune ❤CALL GIRL 9874883814 ❤CALL GIRLS IN pune ESCORT SERVICE❤CALL GIRL IN We...
Pune ❤CALL GIRL 9874883814 ❤CALL GIRLS IN pune ESCORT SERVICE❤CALL GIRL IN We...Pune ❤CALL GIRL 9874883814 ❤CALL GIRLS IN pune ESCORT SERVICE❤CALL GIRL IN We...
Pune ❤CALL GIRL 9874883814 ❤CALL GIRLS IN pune ESCORT SERVICE❤CALL GIRL IN We...
 

AFCOM - Information Security State of the Union

  • 1. AFCOM Chapter Meeting INFORMATION SECURITY – STATE OF THE UNION AUGUST 19, 2015
  • 2. Information Security State of the Union Topics • Introduction • FRSecure • Evan Francen (Speaker) • Current Events/Threats • What Companies Are Doing • Let’s Make it Simple • Questions & Answers
  • 3. Information Security State of the Union Information security is a broad topic. What can I give you in 30 – 45 Minutes? Follow-up discussions are encouraged!
  • 4. Information Security State of the Union Introduction – FRSecure ◦ Established in 2008 ◦ Information security is all we do. We’re experts. ◦ Product agnostic ◦ We solve complex information security challenges for our clients. We exist “to fix a broken industry” The “industry” The “industry” is the information security industry; consisting of solutions (services and products) designed to protect information.
  • 5. FRSecure, the company Vision & Mission We exist “to fix a broken industry” What’s “broken”? 1. Confusion - At the core, there is a lack of basic security understanding. ◦ Security is a big thing - We provide SIMPLE, but COMPREHENSIVE and EFFECTIVE solutions. ◦ We’re speaking different languages – Our solutions are CONSISTENT and we TEACH as part of everything we do.
  • 6. FRSecure, the company Vision & Mission We exist “to fix a broken industry” What’s “broken”? 2. Motives- Motives are often wrong or unclear. Money, politics, and pride all get in the way. ◦ Our motive is clear - Our PRIMARY motive is to make security better, and we are the BEST at doing that. ◦ We are product agnostic for a reason – Representing products may make us more money now, but detracts from our motive and message.
  • 7. FRSecure, the company Vision & Mission We exist “to fix a broken industry” What’s “broken”? 3. Expertise - There is a general lack of expertise. ◦ We make experts internally – We INVEST in each other to make the BEST security experts in the industry. ◦ We make experts externally – We TEACH everyone every time we get the chance.
  • 8. FRSecure, the company Vision & Mission We exist “to fix a broken industry” Fixing it… 1. What we’re going to do ◦ FRSecure’s Ten Security Principles™ ◦ FRSecure Information Security Assessment – FISA™ ◦ FRSecure’s Services – Compliance (GLBA/FFIEC, PCI, HIPAA, etc.) ◦ FRSecure’s Services – Other (vCISO, Penetration Testing, Incident Response, Portal, etc.) ◦ FRSecure’s Mentor Program 2. How we’re going to do it Relationships
  • 9. Information Security State of the Union Introduction – Evan Francen ◦ Founder & President of FRSecure ◦ 20+ information security leadership experience ◦ Specialties: ◦ Information security methodologies (the way to do things…) ◦ Information security risk management ◦ Executive & board of directors education ◦ Building security programs ◦ Social engineering
  • 10. Information Security State of the Union Current Events/Threats We’ve made a mess…
  • 11. Information Security State of the Union Current Events/Threats Breaches everywhere. Not new though, eh?
  • 12. Information Security State of the Union Current Events/Threats State-sponsored attacks increasing; we are in a “cyber war”
  • 13. Information Security State of the Union Current Events/Threats Internet of Things (“IoT”)
  • 14. Information Security State of the Union Current Events/Threats I’m not a fear-monger. I promise!
  • 15. Information Security State of the Union Current Events/Threats All the fad. Money is fast an furious. The worldwide cybersecurity market is defined by market sizing estimates that range from $77 billion in 2015 to $170 billion by 2020. CB Insights reported that in the first half of 2015, venture firms invested $1.2 billion into cybersecurity startups. Yup, you read it correctly - one point two billion in just the first six months of 2015.
  • 16. Information Security State of the Union Current Events/Threats Money is (always has been) the motive for the bad guys. Follow the money: ◦ Credit card breaches peaked? Sorta. ◦ Next up; health information (PHI/ePHI) ◦ Identity theft is steady ◦ Extortion is steady after a big rise “A new survey of 600 small business owners compiled by Wells Fargo found that more than half of those who accept point-of-sale card payments are unaware of the requirement to change to EMV chip card technology.”
  • 17. Information Security State of the Union Current Events/Threats ◦ For the datacenter, it’s not the datacenter itself, it’s: ◦ Everything connected to the datacenter ◦ Social engineering
  • 18. Information Security State of the Union What Companies Are Doing – The GOOD 1. Visibility is higher than it’s ever been. 2. Boards of directors and the executive suite are more involved than ever. 3. Compliance (in general) is getting more effective.
  • 19. Information Security State of the Union What Companies Are Doing – The BAD 1. Confusion (more than ever) ◦ We’re speaking different languages ◦ We’re making this harder than we should ◦ What to do? – NIST Cybersecurity Framework (CSF), SOC 2 Type 1/2 (less popular now), ISO/IEC 27001, COBIT, HITRUST ◦ How much is too much? 2. Still too IT focused 3. Still looking for an easy button
  • 20. Information Security State of the Union Let’s Make it Simple • Complexity is the enemy to security (remember this) • Start with a definition of “information security”… Easy, right? Information security is the application of administrative, physical and technical controls to protect the confidentiality, integrity, and availability of information.
  • 21. Information Security State of the Union Let’s Make it Simple • How ‘bout some truths about security? FRSecure’s Ten Security Principles™ 1. A business is in business to make money 2. Information Security is a business issue 3. Information Security is fun 4. People are the biggest risk 5. “Compliant” and “secure” are different
  • 22. Information Security State of the Union Let’s Make it Simple • How ‘bout some truths about security? FRSecure’s Ten Security Principles™ 6. There is no common sense in Information Security 7. “Secure” is relative 8. Information Security should drive business 9. Information Security is not one size fits all 10. There is no “easy button”
  • 23. Information Security State of the Union Questions & Answers Thank You!