SlideShare ist ein Scribd-Unternehmen logo

Mobile Information Security

Evan Francen
Evan Francen

It's not our job to tell business not to use mobile devices, even personally-owned mobile devices. It's our job to enable business to use mobile devices securely for the benefit of the organization, customers, employees, and contractors. In this presentation, given on April 30 at techpulse 2013, Evan Francen from FRSecure teaches how to secure mobile devices in today's business environments.

Technologie
1 von 17
FRSECURE.COM Mobile Information Security Evan Francen CISSP, CISM FRSecure President & Co-founder
FRSECURE.COM What’s on the Menu? 1. Who are these guys? 2. Should you allow personal mobile devices? 3. An example of why stealing is bad. 4. John hacks a laptop…seriously…here…in real time. 5. Encryption. 6. A helpful security thought process.
FRSECURE.COM Who Are These Guys? • Plain-spoken experts. • Information security consulting is all we do. • Established in 2008 by people who have earned their stripes in the field. • Work with small to medium sized organizations in all industries everywhere. “We get paid to tell people the truth”
FRSECURE.COM Who Is This Guy? Evan Francen: CISSP, CISM • President & co-founder of FRSecure • Information security expert: • 20 years of experience • 700+ published articles • 150+ public & private organizations served
FRSECURE.COM Should Personal Mobile Devices Be Allowed? We think so… 1. Cost efficiency 2. Employee satisfaction 3. Increased productivity 4. It’s happening anyway But, there are risks you need to consider…
FRSECURE.COM Pop Quiz? Lost and/or stolen mobile devices such as phones, laptops, thumb drives and tablets accounted for how many sensitive records compromised in 2012* in the U.S.? *According to Privacy Rights Clearing House
FRSECURE.COM Answer 2,614,908 Social Security Numbers Intellectual Property Access Codes Medical Files Protected Health InformationEmployee Files Credit Card NumbersBank Account Numbers
FRSECURE.COM Breach Example A laptop is stolen from an employee of Accretive Health (Fairview Health Services Collections Vendor). • The laptop was inside a locked car in a Minneapolis restaurant parking lot. • The laptop was NOT encrypted (and therefore not protected by Safe Harbor Rule). • The laptop contained 14,000 private records of Fairview patients. - Social Security Numbers - Diagnoses - Names, Addresses, DOB’s
FRSECURE.COM Breach Fallout 1. Fairview sent a letter to the 14,000 patients telling them their information was stolen. 2. Accretive was sued by the State of Minnesota, settled the case for $2.5 million and were “banned” for 6 years. 3. Fairview CEO retires when company doesn’t renew his contract after the incident. 4. Fairview was in the news for about a year for this and other negative incidents regarding the care of patient information. 5. 14,000 people (that we know of) are victims.
FRSECURE.COM John Hacks a Laptop We Need a Volunteer
FRSECURE.COM Encryption Effective and inexpensive. Sustainable with solid policy backing. Keys must be managed correctly. More involved than downloading and enabling software.
FRSECURE.COM Encryption is Not an Easy Button There’s also…. • Policy & Governance • Mobile Device Management • Training & Awareness • Alignment with the Big Picture
FRSECURE.COM Policy & Governance • Information Security Policy • Encryption Policy • Mobile Device Policy • Bring Your Own Device (“BYOD”) Policy • Standards, Guidelines & Procedures (exceptions)
FRSECURE.COM Mobile Device Management Numerous technological solutions on the market today to assist in enforcing what we say in policy. • If we can’t enforce what we stated in policy, how effective is our policy? • Regulators will require evidence of compliance with our policies. • People are people, sometimes we need to protect them from themselves.
FRSECURE.COM Training & Awareness It’s hard to over-invest in training & awareness. Do your people know what to do if: • They lose their mobile device • Their mobile device is stolen • If their mobile device is infected (or suspected to be infected) All of these things should feed into a process for incident response… How is your incident response?
FRSECURE.COM Consider a Business-like Approach to Security Decisions 1. Find the starting point. 2. Have a way to measure progress. 3. Apply a risk-based thought process. 4. Expect continuous evolution. 5. Consider other business factors. 6. Make informed, aligned decisions.
FRSECURE.COM Thank You!

Empfohlen

The Effect Of Lack Of Security On Industry
The Effect Of Lack Of Security On IndustryThe Effect Of Lack Of Security On Industry
The Effect Of Lack Of Security On Industrylilian91
 
The effect-of-lack-of-security-on-industry129
The effect-of-lack-of-security-on-industry129The effect-of-lack-of-security-on-industry129
The effect-of-lack-of-security-on-industry129Izwan Hariz
 
lack of security
lack of securitylack of security
lack of securitySarizah Sariffuddin
 
7 Important Cybersecurity Trends
7 Important Cybersecurity Trends7 Important Cybersecurity Trends
7 Important Cybersecurity TrendsMarco
 
How can EMM help with GDPR compliance?
How can EMM help with GDPR compliance?How can EMM help with GDPR compliance?
How can EMM help with GDPR compliance?Miradore
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile ApplicationsSymosis Security (Previously C-Level Security)
 
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad Técnica
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad TécnicaDocumentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad Técnica
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad TécnicaProyecto Red Eureka
 
Fistulas genitourinarias y gastrointestinales
Fistulas genitourinarias y gastrointestinalesFistulas genitourinarias y gastrointestinales
Fistulas genitourinarias y gastrointestinalesGaspar Alberto Motta Ramírez
 

Empfohlen

The Effect Of Lack Of Security On Industry
The Effect Of Lack Of Security On IndustryThe Effect Of Lack Of Security On Industry
The Effect Of Lack Of Security On Industrylilian91
 
The effect-of-lack-of-security-on-industry129
The effect-of-lack-of-security-on-industry129The effect-of-lack-of-security-on-industry129
The effect-of-lack-of-security-on-industry129Izwan Hariz
 
lack of security
lack of securitylack of security
lack of securitySarizah Sariffuddin
 
7 Important Cybersecurity Trends
7 Important Cybersecurity Trends7 Important Cybersecurity Trends
7 Important Cybersecurity TrendsMarco
 
How can EMM help with GDPR compliance?
How can EMM help with GDPR compliance?How can EMM help with GDPR compliance?
How can EMM help with GDPR compliance?Miradore
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile ApplicationsSymosis Security (Previously C-Level Security)
 
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad Técnica
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad TécnicaDocumentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad Técnica
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad TécnicaProyecto Red Eureka
 
Fistulas genitourinarias y gastrointestinales
Fistulas genitourinarias y gastrointestinalesFistulas genitourinarias y gastrointestinales
Fistulas genitourinarias y gastrointestinalesGaspar Alberto Motta Ramírez
 
AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionEvan Francen
 
How to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeHow to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeRocket Matter, LLC
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR
 
Pitss
PitssPitss
Pitssbinosh bruce
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Securitylearntransformation0
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourYasser Mohammed
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & ManufacturingEvan Francen
 
Network Security - What Every Business Needs to Know
Network Security - What Every Business Needs to KnowNetwork Security - What Every Business Needs to Know
Network Security - What Every Business Needs to Knowmapletronics
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveDawn Yankeelov
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security SeminarJeremy Quadri
 
BYOD and the Law (May I Text You That Writ?)
BYOD and the Law (May I Text You That Writ?)BYOD and the Law (May I Text You That Writ?)
BYOD and the Law (May I Text You That Writ?)JISC Legal
 
Data Protection – How Not to Panic and Make it a Positive
Data Protection – How Not to Panic and Make it a PositiveData Protection – How Not to Panic and Make it a Positive
Data Protection – How Not to Panic and Make it a PositiveTargetX
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
Cyber laws
Cyber lawsCyber laws
Cyber lawsMukesh Tekwani
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovEric Vanderburg
 
Tim Nolan
Tim NolanTim Nolan
Tim Nolantimnolan1961
 
Cyber Laws
Cyber LawsCyber Laws
Cyber LawsMukesh Tekwani
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemSimon Aderinlola
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT IssueEvan Francen
 
WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemEvan Francen
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasEvan Francen
 

Weitere ähnliche Inhalte

Ähnlich wie Mobile Information Security

AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionEvan Francen
 
How to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeHow to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeRocket Matter, LLC
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Securitylearntransformation0
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourYasser Mohammed
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & ManufacturingEvan Francen
 
Network Security - What Every Business Needs to Know
Network Security - What Every Business Needs to KnowNetwork Security - What Every Business Needs to Know
Network Security - What Every Business Needs to Knowmapletronics
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveDawn Yankeelov
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security SeminarJeremy Quadri
 
BYOD and the Law (May I Text You That Writ?)
BYOD and the Law (May I Text You That Writ?)BYOD and the Law (May I Text You That Writ?)
BYOD and the Law (May I Text You That Writ?)JISC Legal
 
Data Protection – How Not to Panic and Make it a Positive
Data Protection – How Not to Panic and Make it a PositiveData Protection – How Not to Panic and Make it a Positive
Data Protection – How Not to Panic and Make it a PositiveTargetX
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovEric Vanderburg
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemSimon Aderinlola
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT IssueEvan Francen
 

Ähnlich wie Mobile Information Security (20)

AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the Union
 
How to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeHow to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data Safe
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
 
Pitss
PitssPitss
Pitss
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Security
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & Manufacturing
 
Network Security - What Every Business Needs to Know
Network Security - What Every Business Needs to KnowNetwork Security - What Every Business Needs to Know
Network Security - What Every Business Needs to Know
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate Perspective
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security Seminar
 
BYOD and the Law (May I Text You That Writ?)
BYOD and the Law (May I Text You That Writ?)BYOD and the Law (May I Text You That Writ?)
BYOD and the Law (May I Text You That Writ?)
 
Data Protection – How Not to Panic and Make it a Positive
Data Protection – How Not to Panic and Make it a PositiveData Protection – How Not to Panic and Make it a Positive
Data Protection – How Not to Panic and Make it a Positive
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
 
Cyber laws
Cyber lawsCyber laws
Cyber laws
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
 
Tim Nolan
Tim NolanTim Nolan
Tim Nolan
 
Cyber Laws
Cyber LawsCyber Laws
Cyber Laws
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal system
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
 

Mehr von Evan Francen

WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemEvan Francen
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasEvan Francen
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemEvan Francen
 
Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Evan Francen
 
Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyEvan Francen
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksEvan Francen
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudEvan Francen
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917Evan Francen
 
People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017Evan Francen
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceEvan Francen
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceEvan Francen
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance WorldEvan Francen
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderEvan Francen
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByEvan Francen
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisEvan Francen
 
An Introduction to Information Security
An Introduction to Information SecurityAn Introduction to Information Security
An Introduction to Information SecurityEvan Francen
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales DeckEvan Francen
 

Mehr von Evan Francen (18)

WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language Problem
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware Dallas
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
 
Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219
 
Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk Effectively
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party Risks
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment Fraud
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
 
People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to Compliance
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology Conference
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance World
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a Leader
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) By
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
 
An Introduction to Information Security
An Introduction to Information SecurityAn Introduction to Information Security
An Introduction to Information Security
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 

Kürzlich hochgeladen

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Kürzlich hochgeladen (20)

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Mobile Information Security

  • 1. FRSECURE.COM Mobile Information Security Evan Francen CISSP, CISM FRSecure President & Co-founder
  • 2. FRSECURE.COM What’s on the Menu? 1. Who are these guys? 2. Should you allow personal mobile devices? 3. An example of why stealing is bad. 4. John hacks a laptop…seriously…here…in real time. 5. Encryption. 6. A helpful security thought process.
  • 3. FRSECURE.COM Who Are These Guys? • Plain-spoken experts. • Information security consulting is all we do. • Established in 2008 by people who have earned their stripes in the field. • Work with small to medium sized organizations in all industries everywhere. “We get paid to tell people the truth”
  • 4. FRSECURE.COM Who Is This Guy? Evan Francen: CISSP, CISM • President & co-founder of FRSecure • Information security expert: • 20 years of experience • 700+ published articles • 150+ public & private organizations served
  • 5. FRSECURE.COM Should Personal Mobile Devices Be Allowed? We think so… 1. Cost efficiency 2. Employee satisfaction 3. Increased productivity 4. It’s happening anyway But, there are risks you need to consider…
  • 6. FRSECURE.COM Pop Quiz? Lost and/or stolen mobile devices such as phones, laptops, thumb drives and tablets accounted for how many sensitive records compromised in 2012* in the U.S.? *According to Privacy Rights Clearing House
  • 7. FRSECURE.COM Answer 2,614,908 Social Security Numbers Intellectual Property Access Codes Medical Files Protected Health InformationEmployee Files Credit Card NumbersBank Account Numbers
  • 8. FRSECURE.COM Breach Example A laptop is stolen from an employee of Accretive Health (Fairview Health Services Collections Vendor). • The laptop was inside a locked car in a Minneapolis restaurant parking lot. • The laptop was NOT encrypted (and therefore not protected by Safe Harbor Rule). • The laptop contained 14,000 private records of Fairview patients. - Social Security Numbers - Diagnoses - Names, Addresses, DOB’s
  • 9. FRSECURE.COM Breach Fallout 1. Fairview sent a letter to the 14,000 patients telling them their information was stolen. 2. Accretive was sued by the State of Minnesota, settled the case for $2.5 million and were “banned” for 6 years. 3. Fairview CEO retires when company doesn’t renew his contract after the incident. 4. Fairview was in the news for about a year for this and other negative incidents regarding the care of patient information. 5. 14,000 people (that we know of) are victims.
  • 10. FRSECURE.COM John Hacks a Laptop We Need a Volunteer
  • 11. FRSECURE.COM Encryption Effective and inexpensive. Sustainable with solid policy backing. Keys must be managed correctly. More involved than downloading and enabling software.
  • 12. FRSECURE.COM Encryption is Not an Easy Button There’s also…. • Policy & Governance • Mobile Device Management • Training & Awareness • Alignment with the Big Picture
  • 13. FRSECURE.COM Policy & Governance • Information Security Policy • Encryption Policy • Mobile Device Policy • Bring Your Own Device (“BYOD”) Policy • Standards, Guidelines & Procedures (exceptions)
  • 14. FRSECURE.COM Mobile Device Management Numerous technological solutions on the market today to assist in enforcing what we say in policy. • If we can’t enforce what we stated in policy, how effective is our policy? • Regulators will require evidence of compliance with our policies. • People are people, sometimes we need to protect them from themselves.
  • 15. FRSECURE.COM Training & Awareness It’s hard to over-invest in training & awareness. Do your people know what to do if: • They lose their mobile device • Their mobile device is stolen • If their mobile device is infected (or suspected to be infected) All of these things should feed into a process for incident response… How is your incident response?
  • 16. FRSECURE.COM Consider a Business-like Approach to Security Decisions 1. Find the starting point. 2. Have a way to measure progress. 3. Apply a risk-based thought process. 4. Expect continuous evolution. 5. Consider other business factors. 6. Make informed, aligned decisions.