SlideShare una empresa de Scribd logo

Mobile Information Security

Evan Francen
Evan Francen

It's not our job to tell business not to use mobile devices, even personally-owned mobile devices. It's our job to enable business to use mobile devices securely for the benefit of the organization, customers, employees, and contractors. In this presentation, given on April 30 at techpulse 2013, Evan Francen from FRSecure teaches how to secure mobile devices in today's business environments.

Tecnología
1 de 17
FRSECURE.COM Mobile Information Security Evan Francen CISSP, CISM FRSecure President & Co-founder
FRSECURE.COM What’s on the Menu? 1. Who are these guys? 2. Should you allow personal mobile devices? 3. An example of why stealing is bad. 4. John hacks a laptop…seriously…here…in real time. 5. Encryption. 6. A helpful security thought process.
FRSECURE.COM Who Are These Guys? • Plain-spoken experts. • Information security consulting is all we do. • Established in 2008 by people who have earned their stripes in the field. • Work with small to medium sized organizations in all industries everywhere. “We get paid to tell people the truth”
FRSECURE.COM Who Is This Guy? Evan Francen: CISSP, CISM • President & co-founder of FRSecure • Information security expert: • 20 years of experience • 700+ published articles • 150+ public & private organizations served
FRSECURE.COM Should Personal Mobile Devices Be Allowed? We think so… 1. Cost efficiency 2. Employee satisfaction 3. Increased productivity 4. It’s happening anyway But, there are risks you need to consider…
FRSECURE.COM Pop Quiz? Lost and/or stolen mobile devices such as phones, laptops, thumb drives and tablets accounted for how many sensitive records compromised in 2012* in the U.S.? *According to Privacy Rights Clearing House
FRSECURE.COM Answer 2,614,908 Social Security Numbers Intellectual Property Access Codes Medical Files Protected Health InformationEmployee Files Credit Card NumbersBank Account Numbers
FRSECURE.COM Breach Example A laptop is stolen from an employee of Accretive Health (Fairview Health Services Collections Vendor). • The laptop was inside a locked car in a Minneapolis restaurant parking lot. • The laptop was NOT encrypted (and therefore not protected by Safe Harbor Rule). • The laptop contained 14,000 private records of Fairview patients. - Social Security Numbers - Diagnoses - Names, Addresses, DOB’s
FRSECURE.COM Breach Fallout 1. Fairview sent a letter to the 14,000 patients telling them their information was stolen. 2. Accretive was sued by the State of Minnesota, settled the case for $2.5 million and were “banned” for 6 years. 3. Fairview CEO retires when company doesn’t renew his contract after the incident. 4. Fairview was in the news for about a year for this and other negative incidents regarding the care of patient information. 5. 14,000 people (that we know of) are victims.
FRSECURE.COM John Hacks a Laptop We Need a Volunteer
FRSECURE.COM Encryption Effective and inexpensive. Sustainable with solid policy backing. Keys must be managed correctly. More involved than downloading and enabling software.
FRSECURE.COM Encryption is Not an Easy Button There’s also…. • Policy & Governance • Mobile Device Management • Training & Awareness • Alignment with the Big Picture
FRSECURE.COM Policy & Governance • Information Security Policy • Encryption Policy • Mobile Device Policy • Bring Your Own Device (“BYOD”) Policy • Standards, Guidelines & Procedures (exceptions)
FRSECURE.COM Mobile Device Management Numerous technological solutions on the market today to assist in enforcing what we say in policy. • If we can’t enforce what we stated in policy, how effective is our policy? • Regulators will require evidence of compliance with our policies. • People are people, sometimes we need to protect them from themselves.
FRSECURE.COM Training & Awareness It’s hard to over-invest in training & awareness. Do your people know what to do if: • They lose their mobile device • Their mobile device is stolen • If their mobile device is infected (or suspected to be infected) All of these things should feed into a process for incident response… How is your incident response?
FRSECURE.COM Consider a Business-like Approach to Security Decisions 1. Find the starting point. 2. Have a way to measure progress. 3. Apply a risk-based thought process. 4. Expect continuous evolution. 5. Consider other business factors. 6. Make informed, aligned decisions.
FRSECURE.COM Thank You!

Recomendados

The Effect Of Lack Of Security On Industry
The Effect Of Lack Of Security On IndustryThe Effect Of Lack Of Security On Industry
The Effect Of Lack Of Security On Industry
lilian91
 
The effect-of-lack-of-security-on-industry129
The effect-of-lack-of-security-on-industry129The effect-of-lack-of-security-on-industry129
The effect-of-lack-of-security-on-industry129
Izwan Hariz
 
lack of security
lack of securitylack of security
lack of security
Sarizah Sariffuddin
 
7 Important Cybersecurity Trends
7 Important Cybersecurity Trends7 Important Cybersecurity Trends
7 Important Cybersecurity Trends
Marco
 
How can EMM help with GDPR compliance?
How can EMM help with GDPR compliance?How can EMM help with GDPR compliance?
How can EMM help with GDPR compliance?
Miradore
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile Applications
Symosis Security (Previously C-Level Security)
 
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad Técnica
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad TécnicaDocumentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad Técnica
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad Técnica
Proyecto Red Eureka
 
Fistulas genitourinarias y gastrointestinales
Fistulas genitourinarias y gastrointestinalesFistulas genitourinarias y gastrointestinales
Fistulas genitourinarias y gastrointestinales
Gaspar Alberto Motta Ramírez
 

Recomendados

The Effect Of Lack Of Security On Industry
The Effect Of Lack Of Security On IndustryThe Effect Of Lack Of Security On Industry
The Effect Of Lack Of Security On Industry
lilian91
 
The effect-of-lack-of-security-on-industry129
The effect-of-lack-of-security-on-industry129The effect-of-lack-of-security-on-industry129
The effect-of-lack-of-security-on-industry129
Izwan Hariz
 
lack of security
lack of securitylack of security
lack of security
Sarizah Sariffuddin
 
7 Important Cybersecurity Trends
7 Important Cybersecurity Trends7 Important Cybersecurity Trends
7 Important Cybersecurity Trends
Marco
 
How can EMM help with GDPR compliance?
How can EMM help with GDPR compliance?How can EMM help with GDPR compliance?
How can EMM help with GDPR compliance?
Miradore
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile Applications
Symosis Security (Previously C-Level Security)
 
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad Técnica
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad TécnicaDocumentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad Técnica
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad Técnica
Proyecto Red Eureka
 
Fistulas genitourinarias y gastrointestinales
Fistulas genitourinarias y gastrointestinalesFistulas genitourinarias y gastrointestinales
Fistulas genitourinarias y gastrointestinales
Gaspar Alberto Motta Ramírez
 
AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the Union
Evan Francen
 
How to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeHow to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data Safe
Rocket Matter, LLC
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
CCIAOR
 
Pitss
PitssPitss
Pitss
binosh bruce
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Security
learntransformation0
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
Yasser Mohammed
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & Manufacturing
Evan Francen
 
Network Security - What Every Business Needs to Know
Network Security - What Every Business Needs to KnowNetwork Security - What Every Business Needs to Know
Network Security - What Every Business Needs to Know
mapletronics
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Stephanie McVitty
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate Perspective
Dawn Yankeelov
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security Seminar
Jeremy Quadri
 
BYOD and the Law (May I Text You That Writ?)
BYOD and the Law (May I Text You That Writ?)BYOD and the Law (May I Text You That Writ?)
BYOD and the Law (May I Text You That Writ?)
JISC Legal
 
Data Protection – How Not to Panic and Make it a Positive
Data Protection – How Not to Panic and Make it a PositiveData Protection – How Not to Panic and Make it a Positive
Data Protection – How Not to Panic and Make it a Positive
TargetX
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
Evan Francen
 
Cyber laws
Cyber lawsCyber laws
Cyber laws
Mukesh Tekwani
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Eric Vanderburg
 
Tim Nolan
Tim NolanTim Nolan
Tim Nolan
timnolan1961
 
Cyber Laws
Cyber LawsCyber Laws
Cyber Laws
Mukesh Tekwani
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal system
Simon Aderinlola
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
Evan Francen
 
WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language Problem
Evan Francen
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware Dallas
Evan Francen
 

Más contenido relacionado

Similar a Mobile Information Security

EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
Yasser Mohammed
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Stephanie McVitty
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal system
Simon Aderinlola
 

Similar a Mobile Information Security (20)

AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the Union
 
How to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeHow to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data Safe
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
 
Pitss
PitssPitss
Pitss
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Security
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & Manufacturing
 
Network Security - What Every Business Needs to Know
Network Security - What Every Business Needs to KnowNetwork Security - What Every Business Needs to Know
Network Security - What Every Business Needs to Know
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate Perspective
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security Seminar
 
BYOD and the Law (May I Text You That Writ?)
BYOD and the Law (May I Text You That Writ?)BYOD and the Law (May I Text You That Writ?)
BYOD and the Law (May I Text You That Writ?)
 
Data Protection – How Not to Panic and Make it a Positive
Data Protection – How Not to Panic and Make it a PositiveData Protection – How Not to Panic and Make it a Positive
Data Protection – How Not to Panic and Make it a Positive
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
 
Cyber laws
Cyber lawsCyber laws
Cyber laws
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
 
Tim Nolan
Tim NolanTim Nolan
Tim Nolan
 
Cyber Laws
Cyber LawsCyber Laws
Cyber Laws
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal system
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
 

Más de Evan Francen

People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
Evan Francen
 

Más de Evan Francen (18)

WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language Problem
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware Dallas
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
 
Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219
 
Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk Effectively
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party Risks
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment Fraud
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
 
People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to Compliance
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology Conference
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance World
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a Leader
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) By
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
 
An Introduction to Information Security
An Introduction to Information SecurityAn Introduction to Information Security
An Introduction to Information Security
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 

Último

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Último (20)

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 

Mobile Information Security

  • 1. FRSECURE.COM Mobile Information Security Evan Francen CISSP, CISM FRSecure President & Co-founder
  • 2. FRSECURE.COM What’s on the Menu? 1. Who are these guys? 2. Should you allow personal mobile devices? 3. An example of why stealing is bad. 4. John hacks a laptop…seriously…here…in real time. 5. Encryption. 6. A helpful security thought process.
  • 3. FRSECURE.COM Who Are These Guys? • Plain-spoken experts. • Information security consulting is all we do. • Established in 2008 by people who have earned their stripes in the field. • Work with small to medium sized organizations in all industries everywhere. “We get paid to tell people the truth”
  • 4. FRSECURE.COM Who Is This Guy? Evan Francen: CISSP, CISM • President & co-founder of FRSecure • Information security expert: • 20 years of experience • 700+ published articles • 150+ public & private organizations served
  • 5. FRSECURE.COM Should Personal Mobile Devices Be Allowed? We think so… 1. Cost efficiency 2. Employee satisfaction 3. Increased productivity 4. It’s happening anyway But, there are risks you need to consider…
  • 6. FRSECURE.COM Pop Quiz? Lost and/or stolen mobile devices such as phones, laptops, thumb drives and tablets accounted for how many sensitive records compromised in 2012* in the U.S.? *According to Privacy Rights Clearing House
  • 7. FRSECURE.COM Answer 2,614,908 Social Security Numbers Intellectual Property Access Codes Medical Files Protected Health InformationEmployee Files Credit Card NumbersBank Account Numbers
  • 8. FRSECURE.COM Breach Example A laptop is stolen from an employee of Accretive Health (Fairview Health Services Collections Vendor). • The laptop was inside a locked car in a Minneapolis restaurant parking lot. • The laptop was NOT encrypted (and therefore not protected by Safe Harbor Rule). • The laptop contained 14,000 private records of Fairview patients. - Social Security Numbers - Diagnoses - Names, Addresses, DOB’s
  • 9. FRSECURE.COM Breach Fallout 1. Fairview sent a letter to the 14,000 patients telling them their information was stolen. 2. Accretive was sued by the State of Minnesota, settled the case for $2.5 million and were “banned” for 6 years. 3. Fairview CEO retires when company doesn’t renew his contract after the incident. 4. Fairview was in the news for about a year for this and other negative incidents regarding the care of patient information. 5. 14,000 people (that we know of) are victims.
  • 10. FRSECURE.COM John Hacks a Laptop We Need a Volunteer
  • 11. FRSECURE.COM Encryption Effective and inexpensive. Sustainable with solid policy backing. Keys must be managed correctly. More involved than downloading and enabling software.
  • 12. FRSECURE.COM Encryption is Not an Easy Button There’s also…. • Policy & Governance • Mobile Device Management • Training & Awareness • Alignment with the Big Picture
  • 13. FRSECURE.COM Policy & Governance • Information Security Policy • Encryption Policy • Mobile Device Policy • Bring Your Own Device (“BYOD”) Policy • Standards, Guidelines & Procedures (exceptions)
  • 14. FRSECURE.COM Mobile Device Management Numerous technological solutions on the market today to assist in enforcing what we say in policy. • If we can’t enforce what we stated in policy, how effective is our policy? • Regulators will require evidence of compliance with our policies. • People are people, sometimes we need to protect them from themselves.
  • 15. FRSECURE.COM Training & Awareness It’s hard to over-invest in training & awareness. Do your people know what to do if: • They lose their mobile device • Their mobile device is stolen • If their mobile device is infected (or suspected to be infected) All of these things should feed into a process for incident response… How is your incident response?
  • 16. FRSECURE.COM Consider a Business-like Approach to Security Decisions 1. Find the starting point. 2. Have a way to measure progress. 3. Apply a risk-based thought process. 4. Expect continuous evolution. 5. Consider other business factors. 6. Make informed, aligned decisions.