SlideShare ist ein Scribd-Unternehmen logo

Information security challenges in today’s banking environment

Evan Francen
Evan Francen

This presentation was delivered to by FRSecure's Evan Francen to the Uniforum User's Group on November 8th, 2012. There were more than 50 bankers in attendance, and the presentation was very well received.

Business
1 von 29
Information Security Challenges in Today’s Banking Environment Uniforum – November 8, 2012 Presented by Evan Francen, President – FRSecure, LLC http://www.frsecure.com | 952-467-6384
Introduction Thank you for attending! Thank you to Uniforum for inviting us! http://www.frsecure.com | 952-467-6384
Introduction Before we get started: • This is not your typical presentation. • What you have to say is as important as what I am going to tell you. • You are encouraged to participate! I will ask you questions, if you don’t ask me some! http://www.frsecure.com | 952-467-6384
Introduction FRSecure • Information security consulting company – it’s all we do. • Established in 2008 by people who have earned their stripes in the field. • We help small to medium sized organizations solve information security challenges. http://www.frsecure.com | 952-467-6384
Introduction Speaker – Evan Francen, CISSP CISM CCSK • President & Co-founder of FRSecure • 20 years of information security experience • Security evangelist with more than 700 published articles • Experience with 150+ public & private organizations. http://www.frsecure.com | 952-467-6384
Introduction Topics • What drives information security in your organization? • What is information security? • Compliance vs. Risk • Current Threats vs. Future Threats • Current Regulations vs. Future Regulations • Solution - Strategic Information Security • Top Five Things You Should Master (Tactically & Strategically) • Need Help? – Contact Us! http://www.frsecure.com | 952-467-6384
What drives information security at your organization? This is a question for you? http://www.frsecure.com | 952-467-6384
Maybe our explanation of information security would help… In your opinion/words, what is information security? http://www.frsecure.com | 952-467-6384
Information Security Is Not an IT Issue The application of Administrative, Physical and Technical controls in an effort to protect the Confidentiality, Integrity, and Availability of Information. IT-centric information security over-emphasizes Technical Control, often at the expense of Administrative and Physical Control. IT-centric information security also places an over-emphasis on Availability of systems, sometimes at the expense of Confidentiality and Integrity. http://www.frsecure.com | 952-467-6384
What is Information Security? http://www.frsecure.com | 952-467-6384
Back to our question; what drives information security at your organization? Compliance vs. Risk • Information security is not one size fits all • Who knows your organization better? • Checklists only work as well as the checklist • Motivation. You’re in business to make money. Right? • Strategy. What is the examiner going to ask vs. what are our risks? Really, there is only one good answer. http://www.frsecure.com | 952-467-6384
Back to our question; what drives information security at your organization? Compliance vs. Risk - Compliance • Do you have a firewall? Check. • Do you have an acceptable use policy? Check. • Do you encrypt the data on your internal network? No?! Well you need to encrypt the data on your internal network. • Do you have filtered network segmentation on your internal LAN? No?! You need to install firewalls between network segments. http://www.frsecure.com | 952-467-6384
Back to our question; what drives information security at your organization? Compliance vs. Risk - Risk • You have a firewall. How well does your firewall provide value? Is the firewall effective in controlling access and reducing risk? Is the firewall adequately managed and monitored? • How does our use of our firewall align with our business objectives? • What is the risk in how the firewall is currently designed, implemented, and managed? • How can we take what we’ve learned about our use of the firewall and plan for the future of our business? http://www.frsecure.com | 952-467-6384
Compliance vs. Risk In summary: Compliance based information security does not lend itself well to strategy, alignment, or cost- effectiveness. http://www.frsecure.com | 952-467-6384
Current Threats vs. Future Threats Hopefully, we know what challenges we face today. How do we determine with any certainty, what threats we face in the future? • Pay attention to the news. • Subscribe to security-related publications. • Continue to participate in user groups. Good Resources; http://www.bankinfosecurity.com/, http://krebsonsecurity.com/, http://isc.sans.edu/, Uniforum, and others. http://www.frsecure.com | 952-467-6384
Current Threats vs. Future Threats Hopefully, we know what challenges we face today. What should be plan for? • Risk management, not compliance management • People are the biggest risk, spend on training & awareness • More regulatory pressure • Detective and corrective controls – Plan to be breached. http://www.frsecure.com | 952-467-6384
Current Regulations vs. Future Regulations Can we all agree that regulatory pressure will not decrease? • Prepare for additional pressure and more intrusive audits/examinations. • Prepare for more regulation. • Letter of the law vs. Intent of the law http://www.frsecure.com | 952-467-6384
Solution – A strategic approach to information security Principles of strategic information security: • Alignment with business objectives • It’s all about people – culture • Management involvement • Proactive vs. Reactive • Forward-looking • Formal OWN IT! http://www.frsecure.com | 952-467-6384
Top Five Things for You Should Master #1 – Risk Management • Where are your most significant risks? • What risk is the highest (priority)? • How will we justify our existence (expenditures)? • How do we measure what we’re doing? http://www.frsecure.com | 952-467-6384
Top Five Things for You Should Master #2 – Documented Policies & Procedures • Policies are one tool we use to set culture. • What is management’s view? • Nobody reads policy; no offense. • People are the biggest risk. • Policies set direction and governance http://www.frsecure.com | 952-467-6384
Top Five Things for You Should Master #3 – Patch Management and Malicious Code Controls • Together, not one in lieu of the other • Might be a pain, but it’s worth it (trust me) • This is the song that never ends… http://www.frsecure.com | 952-467-6384
Top Five Things You Should Master #4 – Training & Awareness • How do users know what to do if you don’t tell them? • Remember culture? http://www.frsecure.com | 952-467-6384
Top Five Things for You Should Master #5 – Incident Response http://www.frsecure.com | 952-467-6384
DON’T FORGET Sometimes information security professionals forget these facts! • Not all risks require mitigation/remediation • Information security must be strategic • Information security strategy must align with business strategy • Avoid business vs. information security scenarios • Information security controls should be as transparent as possible http://www.frsecure.com | 952-467-6384
Top Five Things for You Should Master BONUS Mobile Device Security • Data doesn’t stay home anymore • How do you protect data on mobile devices? http://www.frsecure.com | 952-467-6384
How we help – Risk Assessment http://www.frsecure.com | 952-467-6384
How we help – Risk Management (Build & Manage) http://www.frsecure.com | 952-467-6384
Need Help? Contact FRSecure! Some of our services: • Information Security Assessments • Compliance Assessments (i.e. HIPAA, GLBA, etc.) • Customer Required Assessments • Internal Network Vulnerability Assessments • External Network Security Assessments • Penetration Testing • BC/DR Plans • Policy Creation Evan Francen, CISSP CISM • Outsourced Security Resources President evan@frsecure.com 952-467-6384 (direct) www.frsecure.com http://www.frsecure.com | 952-467-6384
Thank you! Questions? http://www.frsecure.com | 952-467-6384

Empfohlen

security and ethical challenges in information systems
security and ethical challenges in information systemssecurity and ethical challenges in information systems
security and ethical challenges in information systemshilal12
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
Smart city project's Information Security challenges
Smart city project's Information Security challenges Smart city project's Information Security challenges
Smart city project's Information Security challenges Behak Kangarloo
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKATHEESKUMAR S
 
Information security
Information security Information security
Information security razendar79
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
17 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_201217 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_2012RECIPA
 

Empfohlen

security and ethical challenges in information systems
security and ethical challenges in information systemssecurity and ethical challenges in information systems
security and ethical challenges in information systemshilal12
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
Smart city project's Information Security challenges
Smart city project's Information Security challenges Smart city project's Information Security challenges
Smart city project's Information Security challenges Behak Kangarloo
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKATHEESKUMAR S
 
Information security
Information security Information security
Information security razendar79
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
17 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_201217 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_2012RECIPA
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Computer security
Computer securityComputer security
Computer securityYUSRA FERNANDO
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Cis326week1lesson1
Cis326week1lesson1Cis326week1lesson1
Cis326week1lesson1Fahad_1
 
06. security concept
06. security concept06. security concept
06. security conceptMuhammad Ahad
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security Shreedevi Tharanidharan
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1Vamsee Krishna Kiran
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
Network Security Goals
Network Security GoalsNetwork Security Goals
Network Security GoalsKabul Education University
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3 Kabul Education University
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsSimeon Ogao
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-securityAl Balqa Applied University
 
Information Security
Information SecurityInformation Security
Information Securityvadapav123
 
Auth shield information security solution provider for banking sector in india
Auth shield information security solution provider for banking sector in indiaAuth shield information security solution provider for banking sector in india
Auth shield information security solution provider for banking sector in indiaAuthShield Labs
 
Network Security in a Virtualized Environment
Network Security in a Virtualized EnvironmentNetwork Security in a Virtualized Environment
Network Security in a Virtualized EnvironmentLiveAction Next Generation Network Management Software
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Cis326week1lesson1
Cis326week1lesson1Cis326week1lesson1
Cis326week1lesson1Fahad_1
 
06. security concept
06. security concept06. security concept
06. security conceptMuhammad Ahad
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsSimeon Ogao
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDr. Loganathan R
 
Information Security
Information SecurityInformation Security
Information Securityvadapav123
 

Was ist angesagt? (20)

Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Computer security
Computer securityComputer security
Computer security
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
Cis326week1lesson1
Cis326week1lesson1Cis326week1lesson1
Cis326week1lesson1
 
06. security concept
06. security concept06. security concept
06. security concept
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
Information security
Information securityInformation security
Information security
 
Network Security Goals
Network Security GoalsNetwork Security Goals
Network Security Goals
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
 
Cia security model
Cia security modelCia security model
Cia security model
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information Systems
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-security
 
Information Security
Information SecurityInformation Security
Information Security
 

Andere mochten auch

Auth shield information security solution provider for banking sector in india
Auth shield information security solution provider for banking sector in indiaAuth shield information security solution provider for banking sector in india
Auth shield information security solution provider for banking sector in indiaAuthShield Labs
 
The Evolving Security Environment For Web Services
The Evolving Security Environment For Web ServicesThe Evolving Security Environment For Web Services
The Evolving Security Environment For Web ServicesQanita Ahmad
 
Security environment
Security environmentSecurity environment
Security environmentJay Choudhary
 
Challenges and Benefits of Information Security Management
Challenges and Benefits of Information Security ManagementChallenges and Benefits of Information Security Management
Challenges and Benefits of Information Security ManagementConferencias FIST
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Risk management in e banking
Risk management in e bankingRisk management in e banking
Risk management in e bankingAmer Mushtaq
 
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorEnterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorCONFENIS 2012
 
Security issues in e business
Security issues in e businessSecurity issues in e business
Security issues in e businessRahul Kumar
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
Security And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation TechnologySecurity And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation Technologyparamalways
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...Eric Vanderburg
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commercem8817
 

Andere mochten auch (20)

Auth shield information security solution provider for banking sector in india
Auth shield information security solution provider for banking sector in indiaAuth shield information security solution provider for banking sector in india
Auth shield information security solution provider for banking sector in india
 
Network Security in a Virtualized Environment
Network Security in a Virtualized EnvironmentNetwork Security in a Virtualized Environment
Network Security in a Virtualized Environment
 
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
 
The Evolving Security Environment For Web Services
The Evolving Security Environment For Web ServicesThe Evolving Security Environment For Web Services
The Evolving Security Environment For Web Services
 
Security environment
Security environmentSecurity environment
Security environment
 
Brian Usher: The Evolving Threats: A Local Government Perspective
Brian Usher: The Evolving Threats: A Local Government PerspectiveBrian Usher: The Evolving Threats: A Local Government Perspective
Brian Usher: The Evolving Threats: A Local Government Perspective
 
Challenges and Benefits of Information Security Management
Challenges and Benefits of Information Security ManagementChallenges and Benefits of Information Security Management
Challenges and Benefits of Information Security Management
 
SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and You
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
Risk management in e banking
Risk management in e bankingRisk management in e banking
Risk management in e banking
 
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorEnterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking Sector
 
Top 5 IT challenges for 2017
Top 5 IT challenges for 2017Top 5 IT challenges for 2017
Top 5 IT challenges for 2017
 
Security issues in e business
Security issues in e businessSecurity issues in e business
Security issues in e business
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
 
Security And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation TechnologySecurity And Ethical Challenges Of Infornation Technology
Security And Ethical Challenges Of Infornation Technology
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commerce
 

Ähnlich wie Information security challenges in today’s banking environment

Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance WorldEvan Francen
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderEvan Francen
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT IssueEvan Francen
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...EC-Council
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
2020 FRsecure CISSP Mentor Program - Class 1
2020 FRsecure CISSP Mentor Program - Class 12020 FRsecure CISSP Mentor Program - Class 1
2020 FRsecure CISSP Mentor Program - Class 1FRSecure
 
Security 101 for No- techies
Security 101 for No- techiesSecurity 101 for No- techies
Security 101 for No- techiesBrenton Johnson
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company OverviewKevin Orth
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overviewstevemarsden
 
The 5 ws of Cyber Security
The 5 ws of Cyber SecurityThe 5 ws of Cyber Security
The 5 ws of Cyber SecurityMisha Hanin
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxinfosec train
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?PECB
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessCBIZ, Inc.
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramFRSecure
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesJohn Rapa
 

Ähnlich wie Information security challenges in today’s banking environment (20)

Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance World
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a Leader
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
2020 FRsecure CISSP Mentor Program - Class 1
2020 FRsecure CISSP Mentor Program - Class 12020 FRsecure CISSP Mentor Program - Class 1
2020 FRsecure CISSP Mentor Program - Class 1
 
Security 101 for No- techies
Security 101 for No- techiesSecurity 101 for No- techies
Security 101 for No- techies
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overview
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overview
 
The 5 ws of Cyber Security
The 5 ws of Cyber SecurityThe 5 ws of Cyber Security
The 5 ws of Cyber Security
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
 
Security beyond compliance
Security beyond complianceSecurity beyond compliance
Security beyond compliance
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and Tools
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security Awareness
 
Trofi Security Service Catalogue (1)
Trofi Security Service Catalogue (1)Trofi Security Service Catalogue (1)
Trofi Security Service Catalogue (1)
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial Services
 

Mehr von Evan Francen

WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemEvan Francen
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasEvan Francen
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemEvan Francen
 
Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Evan Francen
 
Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyEvan Francen
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksEvan Francen
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & ManufacturingEvan Francen
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudEvan Francen
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917Evan Francen
 
People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017Evan Francen
 
AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionEvan Francen
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceEvan Francen
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceEvan Francen
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information SecurityEvan Francen
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByEvan Francen
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisEvan Francen
 
An Introduction to Information Security
An Introduction to Information SecurityAn Introduction to Information Security
An Introduction to Information SecurityEvan Francen
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales DeckEvan Francen
 

Mehr von Evan Francen (18)

WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language Problem
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware Dallas
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
 
Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219
 
Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk Effectively
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party Risks
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & Manufacturing
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment Fraud
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
 
People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017
 
AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the Union
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to Compliance
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology Conference
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information Security
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) By
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
 
An Introduction to Information Security
An Introduction to Information SecurityAn Introduction to Information Security
An Introduction to Information Security
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 

Kürzlich hochgeladen

Excvation Safety for safety officers reference
Excvation Safety for safety officers referenceExcvation Safety for safety officers reference
Excvation Safety for safety officers referencessuser2c065e
 
TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024Adnet Communications
 
Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterJamesConcepcion7
 
Onemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring CapabilitiesOnemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring CapabilitiesOne Monitar
 
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdfChris Skinner
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdfShaun Heinrichs
 
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...ssuserf63bd7
 
Pitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckPitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckHajeJanKamps
 
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...Hector Del Castillo, CPM, CPMM
 
Welding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsWelding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsIndiaMART InterMESH Limited
 
Planetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in LifePlanetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in LifeBhavana Pujan Kendra
 
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdftrending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdfMintel Group
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdfChris Skinner
 
digital marketing , introduction of digital marketing
digital marketing , introduction of digital marketingdigital marketing , introduction of digital marketing
digital marketing , introduction of digital marketingrajputmeenakshi733
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFChandresh Chudasama
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxRakhi Bazaar
 
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...Operational Excellence Consulting
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdfShaun Heinrichs
 

Kürzlich hochgeladen (20)

WAM Corporate Presentation April 12 2024.pdf
WAM Corporate Presentation April 12 2024.pdfWAM Corporate Presentation April 12 2024.pdf
WAM Corporate Presentation April 12 2024.pdf
 
Excvation Safety for safety officers reference
Excvation Safety for safety officers referenceExcvation Safety for safety officers reference
Excvation Safety for safety officers reference
 
TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024
 
Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare Newsletter
 
Onemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring CapabilitiesOnemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
 
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf
 
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
 
Pitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckPitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deck
 
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
 
Welding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsWelding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan Dynamics
 
Planetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in LifePlanetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in Life
 
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdftrending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf
 
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptxThe Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
 
digital marketing , introduction of digital marketing
digital marketing , introduction of digital marketingdigital marketing , introduction of digital marketing
digital marketing , introduction of digital marketing
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDF
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
 
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf
 

Information security challenges in today’s banking environment

  • 1. Information Security Challenges in Today’s Banking Environment Uniforum – November 8, 2012 Presented by Evan Francen, President – FRSecure, LLC http://www.frsecure.com | 952-467-6384
  • 2. Introduction Thank you for attending! Thank you to Uniforum for inviting us! http://www.frsecure.com | 952-467-6384
  • 3. Introduction Before we get started: • This is not your typical presentation. • What you have to say is as important as what I am going to tell you. • You are encouraged to participate! I will ask you questions, if you don’t ask me some! http://www.frsecure.com | 952-467-6384
  • 4. Introduction FRSecure • Information security consulting company – it’s all we do. • Established in 2008 by people who have earned their stripes in the field. • We help small to medium sized organizations solve information security challenges. http://www.frsecure.com | 952-467-6384
  • 5. Introduction Speaker – Evan Francen, CISSP CISM CCSK • President & Co-founder of FRSecure • 20 years of information security experience • Security evangelist with more than 700 published articles • Experience with 150+ public & private organizations. http://www.frsecure.com | 952-467-6384
  • 6. Introduction Topics • What drives information security in your organization? • What is information security? • Compliance vs. Risk • Current Threats vs. Future Threats • Current Regulations vs. Future Regulations • Solution - Strategic Information Security • Top Five Things You Should Master (Tactically & Strategically) • Need Help? – Contact Us! http://www.frsecure.com | 952-467-6384
  • 7. What drives information security at your organization? This is a question for you? http://www.frsecure.com | 952-467-6384
  • 8. Maybe our explanation of information security would help… In your opinion/words, what is information security? http://www.frsecure.com | 952-467-6384
  • 9. Information Security Is Not an IT Issue The application of Administrative, Physical and Technical controls in an effort to protect the Confidentiality, Integrity, and Availability of Information. IT-centric information security over-emphasizes Technical Control, often at the expense of Administrative and Physical Control. IT-centric information security also places an over-emphasis on Availability of systems, sometimes at the expense of Confidentiality and Integrity. http://www.frsecure.com | 952-467-6384
  • 10. What is Information Security? http://www.frsecure.com | 952-467-6384
  • 11. Back to our question; what drives information security at your organization? Compliance vs. Risk • Information security is not one size fits all • Who knows your organization better? • Checklists only work as well as the checklist • Motivation. You’re in business to make money. Right? • Strategy. What is the examiner going to ask vs. what are our risks? Really, there is only one good answer. http://www.frsecure.com | 952-467-6384
  • 12. Back to our question; what drives information security at your organization? Compliance vs. Risk - Compliance • Do you have a firewall? Check. • Do you have an acceptable use policy? Check. • Do you encrypt the data on your internal network? No?! Well you need to encrypt the data on your internal network. • Do you have filtered network segmentation on your internal LAN? No?! You need to install firewalls between network segments. http://www.frsecure.com | 952-467-6384
  • 13. Back to our question; what drives information security at your organization? Compliance vs. Risk - Risk • You have a firewall. How well does your firewall provide value? Is the firewall effective in controlling access and reducing risk? Is the firewall adequately managed and monitored? • How does our use of our firewall align with our business objectives? • What is the risk in how the firewall is currently designed, implemented, and managed? • How can we take what we’ve learned about our use of the firewall and plan for the future of our business? http://www.frsecure.com | 952-467-6384
  • 14. Compliance vs. Risk In summary: Compliance based information security does not lend itself well to strategy, alignment, or cost- effectiveness. http://www.frsecure.com | 952-467-6384
  • 15. Current Threats vs. Future Threats Hopefully, we know what challenges we face today. How do we determine with any certainty, what threats we face in the future? • Pay attention to the news. • Subscribe to security-related publications. • Continue to participate in user groups. Good Resources; http://www.bankinfosecurity.com/, http://krebsonsecurity.com/, http://isc.sans.edu/, Uniforum, and others. http://www.frsecure.com | 952-467-6384
  • 16. Current Threats vs. Future Threats Hopefully, we know what challenges we face today. What should be plan for? • Risk management, not compliance management • People are the biggest risk, spend on training & awareness • More regulatory pressure • Detective and corrective controls – Plan to be breached. http://www.frsecure.com | 952-467-6384
  • 17. Current Regulations vs. Future Regulations Can we all agree that regulatory pressure will not decrease? • Prepare for additional pressure and more intrusive audits/examinations. • Prepare for more regulation. • Letter of the law vs. Intent of the law http://www.frsecure.com | 952-467-6384
  • 18. Solution – A strategic approach to information security Principles of strategic information security: • Alignment with business objectives • It’s all about people – culture • Management involvement • Proactive vs. Reactive • Forward-looking • Formal OWN IT! http://www.frsecure.com | 952-467-6384
  • 19. Top Five Things for You Should Master #1 – Risk Management • Where are your most significant risks? • What risk is the highest (priority)? • How will we justify our existence (expenditures)? • How do we measure what we’re doing? http://www.frsecure.com | 952-467-6384
  • 20. Top Five Things for You Should Master #2 – Documented Policies & Procedures • Policies are one tool we use to set culture. • What is management’s view? • Nobody reads policy; no offense. • People are the biggest risk. • Policies set direction and governance http://www.frsecure.com | 952-467-6384
  • 21. Top Five Things for You Should Master #3 – Patch Management and Malicious Code Controls • Together, not one in lieu of the other • Might be a pain, but it’s worth it (trust me) • This is the song that never ends… http://www.frsecure.com | 952-467-6384
  • 22. Top Five Things You Should Master #4 – Training & Awareness • How do users know what to do if you don’t tell them? • Remember culture? http://www.frsecure.com | 952-467-6384
  • 23. Top Five Things for You Should Master #5 – Incident Response http://www.frsecure.com | 952-467-6384
  • 24. DON’T FORGET Sometimes information security professionals forget these facts! • Not all risks require mitigation/remediation • Information security must be strategic • Information security strategy must align with business strategy • Avoid business vs. information security scenarios • Information security controls should be as transparent as possible http://www.frsecure.com | 952-467-6384
  • 25. Top Five Things for You Should Master BONUS Mobile Device Security • Data doesn’t stay home anymore • How do you protect data on mobile devices? http://www.frsecure.com | 952-467-6384
  • 26. How we help – Risk Assessment http://www.frsecure.com | 952-467-6384
  • 27. How we help – Risk Management (Build & Manage) http://www.frsecure.com | 952-467-6384
  • 28. Need Help? Contact FRSecure! Some of our services: • Information Security Assessments • Compliance Assessments (i.e. HIPAA, GLBA, etc.) • Customer Required Assessments • Internal Network Vulnerability Assessments • External Network Security Assessments • Penetration Testing • BC/DR Plans • Policy Creation Evan Francen, CISSP CISM • Outsourced Security Resources President evan@frsecure.com 952-467-6384 (direct) www.frsecure.com http://www.frsecure.com | 952-467-6384
  • 29. Thank you! Questions? http://www.frsecure.com | 952-467-6384