The document outlines ten principles for protecting information and customer data according to FRSecure LLC. The principles emphasize that information security is a shared responsibility, not just an IT issue, and that people are the biggest risks. While compliance is important, it does not guarantee security. Businesses need practical and cost-effective security that is tailored to their unique needs. There are no quick fixes for security problems.
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Protecting Your Info and Customers' Data
1. Protecting your Information and your
Customer’s Information
Ten principles to live (or die) by
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
2. Before we get started:
• This is not your typical presentation.
• What you have to say is as important as what I
am going to tell you.
• You are encouraged to participate!
I will ask you questions, if you don’t ask me some!
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
3. FRSecure and RK Dixon
• How we got to know each other
• Customers benefit from our work together
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
4. FRSecure
• Information security consulting company – it’s
all we know how to do.
• Established in 2008 by people who have earned
their stripes in the field.
• We help small to medium sized organizations
solve information security challenges.
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
5. Speaker – Evan Francen, CISSP CISM CCSK
• President & Co-founder of FRSecure
• 20 years of information security experience
• Security evangelist with more than 700
published articles
• Experience with 150+ public & private
organizations.
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
6. Speaker – Evan Francen, CISSP CISM CCSK
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
7. Topics
• Some questions to get us started
• Ten principles to live (or die) by
• Information security today
• Information security predictions
• What should you be doing?
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
8. What is information
security?
This is really a question for you
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
9. Fundamentally, Information Security is:
The application of Administrative, Physical and Technical controls in an effort
to protect the Confidentiality, Integrity, and Availability of Information.
Controls:
Administrative – Policies, procedures, processes
Physical – Locks, cameras, alarm systems
Technical – Firewalls, anti-virus software, permissions
Protect:
Confidentiality – Disclosure to authorized entities
Integrity – Accuracy and completeness
Availability – Accessible when required and authorized
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
10. Why do we need information security?
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
11. What if you do nothing?
It’s likely that there will be consequences
• Civil suits
• Regulatory fines
• Legal fees
• Investigation fees
• FBI investigations
• Forensic investigations
• Loss of consumer confidence
• Loss of brand name recognition and status
• Loss of customers, potentially to be driven out of business
• Potential personal liabilities for company leaders
• Loss of Intellectual property
• Etc., etc., etc.
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
12. When you think of information
security, how do you feel?
Be honest
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
13. The ten FRSecure principles that we live by.
Derived from more than 15 years of information security experience with companies
across the board in terms of size, industry, demographic and geographic criteria.
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
14. #1 - We don’t work well in a bubble.
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
15. #2 - Information security isn’t an IT issue.
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
16. #3 - People are the most significant risk.
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
17. #4 – “Compliant” doesn’t mean “secure”.
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
18. #5 – Businesses are in business to make
money.
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
19. #6 – There’s no common sense in information
security.
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
20. #7 – “Secure” is relative.
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
21. #8 – Information security doesn’t always have
to be a cost-center.
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
22. #9 – Information security isn’t a one size fits
all solution.
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
23. #10 – There’s no “easy button”.
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
24. Information Security Today - Compliance
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
25. Information Security Today - Breaches
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
26. Information Security Today – The Cloud
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
27. Information Security Today – Mobile
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
28. What does the future hold?
Do you want the good news
or the bad news first?
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
29. What does the future hold?
The good news
There will be real rewards for organizations that take security seriously
• Incentive-based regulations
• Lower costs in other areas of business; insurance, process efficiencies, etc.
• Competitive advantage
In general, there will be a greater awareness of information security
Real quantifiable data will be available to determine the most optimal
investments
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
30. What does the future hold?
The bad news
We expect more:
• Attacks targeted at small firms
• Pressure from customers
• Legislation & regulation
• Hacktivism
• State-sponsored attacks
• Mobile device attacks
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
31. What Should I Be Doing?
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
32. What should you be doing?
• Practice “due care”
• Formalize a risk-based approach
• Make yourself defensible
• Prevention
• Detection
• Correction
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
33. Conclusion
• Take the time to understand basic information security concepts
• Stay current on world events, but don’t lose focus on your
specific needs
• Choose risk as your driver; not compliance or customer
requirements
• Capitalize on benefits
Call us if you have questions or need help!
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.
34. YOU MADE IT! - Questions?
About FRSecure
FRSecure LLC is a full-service information security consulting company. We are
dedicated to information security education, awareness, application, and
improvement. FRSecure helps clients understand, design, implement, and manage
best-in-class information security solutions; thereby achieving optimal value for every
information security dollar spent. Our clients are in business to make money, so we
design secure solutions that drive business, protect sensitive information assets, and
improve the bottom line.
Want a copy of these slides? Leave a business
card
Copyright Notice
Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the
confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in
any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.