SlideShare ist ein Scribd-Unternehmen logo

Mobile Information Security

Evan Francen
Evan Francen

It's not our job to tell business not to use mobile devices, even personally-owned mobile devices. It's our job to enable business to use mobile devices securely for the benefit of the organization, customers, employees, and contractors. In this presentation, given on April 30 at techpulse 2013, Evan Francen from FRSecure teaches how to secure mobile devices in today's business environments.

Technologie
1 von 17
FRSECURE.COM Mobile Information Security Evan Francen CISSP, CISM FRSecure President & Co-founder
FRSECURE.COM What’s on the Menu? 1. Who are these guys? 2. Should you allow personal mobile devices? 3. An example of why stealing is bad. 4. John hacks a laptop…seriously…here…in real time. 5. Encryption. 6. A helpful security thought process.
FRSECURE.COM Who Are These Guys? • Plain-spoken experts. • Information security consulting is all we do. • Established in 2008 by people who have earned their stripes in the field. • Work with small to medium sized organizations in all industries everywhere. “We get paid to tell people the truth”
FRSECURE.COM Who Is This Guy? Evan Francen: CISSP, CISM • President & co-founder of FRSecure • Information security expert: • 20 years of experience • 700+ published articles • 150+ public & private organizations served
FRSECURE.COM Should Personal Mobile Devices Be Allowed? We think so… 1. Cost efficiency 2. Employee satisfaction 3. Increased productivity 4. It’s happening anyway But, there are risks you need to consider…
FRSECURE.COM Pop Quiz? Lost and/or stolen mobile devices such as phones, laptops, thumb drives and tablets accounted for how many sensitive records compromised in 2012* in the U.S.? *According to Privacy Rights Clearing House
FRSECURE.COM Answer 2,614,908 Social Security Numbers Intellectual Property Access Codes Medical Files Protected Health InformationEmployee Files Credit Card NumbersBank Account Numbers
FRSECURE.COM Breach Example A laptop is stolen from an employee of Accretive Health (Fairview Health Services Collections Vendor). • The laptop was inside a locked car in a Minneapolis restaurant parking lot. • The laptop was NOT encrypted (and therefore not protected by Safe Harbor Rule). • The laptop contained 14,000 private records of Fairview patients. - Social Security Numbers - Diagnoses - Names, Addresses, DOB’s
FRSECURE.COM Breach Fallout 1. Fairview sent a letter to the 14,000 patients telling them their information was stolen. 2. Accretive was sued by the State of Minnesota, settled the case for $2.5 million and were “banned” for 6 years. 3. Fairview CEO retires when company doesn’t renew his contract after the incident. 4. Fairview was in the news for about a year for this and other negative incidents regarding the care of patient information. 5. 14,000 people (that we know of) are victims.
FRSECURE.COM John Hacks a Laptop We Need a Volunteer
FRSECURE.COM Encryption Effective and inexpensive. Sustainable with solid policy backing. Keys must be managed correctly. More involved than downloading and enabling software.
FRSECURE.COM Encryption is Not an Easy Button There’s also…. • Policy & Governance • Mobile Device Management • Training & Awareness • Alignment with the Big Picture
FRSECURE.COM Policy & Governance • Information Security Policy • Encryption Policy • Mobile Device Policy • Bring Your Own Device (“BYOD”) Policy • Standards, Guidelines & Procedures (exceptions)
FRSECURE.COM Mobile Device Management Numerous technological solutions on the market today to assist in enforcing what we say in policy. • If we can’t enforce what we stated in policy, how effective is our policy? • Regulators will require evidence of compliance with our policies. • People are people, sometimes we need to protect them from themselves.
FRSECURE.COM Training & Awareness It’s hard to over-invest in training & awareness. Do your people know what to do if: • They lose their mobile device • Their mobile device is stolen • If their mobile device is infected (or suspected to be infected) All of these things should feed into a process for incident response… How is your incident response?
FRSECURE.COM Consider a Business-like Approach to Security Decisions 1. Find the starting point. 2. Have a way to measure progress. 3. Apply a risk-based thought process. 4. Expect continuous evolution. 5. Consider other business factors. 6. Make informed, aligned decisions.
FRSECURE.COM Thank You!

Empfohlen

The Effect Of Lack Of Security On Industry
The Effect Of Lack Of Security On IndustryThe Effect Of Lack Of Security On Industry
The Effect Of Lack Of Security On Industrylilian91
 
The effect-of-lack-of-security-on-industry129
The effect-of-lack-of-security-on-industry129The effect-of-lack-of-security-on-industry129
The effect-of-lack-of-security-on-industry129Izwan Hariz
 
lack of security
lack of securitylack of security
lack of securitySarizah Sariffuddin
 
7 Important Cybersecurity Trends
7 Important Cybersecurity Trends7 Important Cybersecurity Trends
7 Important Cybersecurity TrendsMarco
 
How can EMM help with GDPR compliance?
How can EMM help with GDPR compliance?How can EMM help with GDPR compliance?
How can EMM help with GDPR compliance?Miradore
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile ApplicationsSymosis Security (Previously C-Level Security)
 
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad Técnica
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad TécnicaDocumentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad Técnica
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad TécnicaProyecto Red Eureka
 
Fistulas genitourinarias y gastrointestinales
Fistulas genitourinarias y gastrointestinalesFistulas genitourinarias y gastrointestinales
Fistulas genitourinarias y gastrointestinalesGaspar Alberto Motta Ramírez
 

Empfohlen

The Effect Of Lack Of Security On Industry
The Effect Of Lack Of Security On IndustryThe Effect Of Lack Of Security On Industry
The Effect Of Lack Of Security On Industrylilian91
 
The effect-of-lack-of-security-on-industry129
The effect-of-lack-of-security-on-industry129The effect-of-lack-of-security-on-industry129
The effect-of-lack-of-security-on-industry129Izwan Hariz
 
lack of security
lack of securitylack of security
lack of securitySarizah Sariffuddin
 
7 Important Cybersecurity Trends
7 Important Cybersecurity Trends7 Important Cybersecurity Trends
7 Important Cybersecurity TrendsMarco
 
How can EMM help with GDPR compliance?
How can EMM help with GDPR compliance?How can EMM help with GDPR compliance?
How can EMM help with GDPR compliance?Miradore
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile ApplicationsSymosis Security (Previously C-Level Security)
 
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad Técnica
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad TécnicaDocumentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad Técnica
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad TécnicaProyecto Red Eureka
 
Fistulas genitourinarias y gastrointestinales
Fistulas genitourinarias y gastrointestinalesFistulas genitourinarias y gastrointestinales
Fistulas genitourinarias y gastrointestinalesGaspar Alberto Motta Ramírez
 
AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionEvan Francen
 
How to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeHow to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeRocket Matter, LLC
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR
 
Pitss
PitssPitss
Pitssbinosh bruce
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Securitylearntransformation0
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourYasser Mohammed
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & ManufacturingEvan Francen
 
Network Security - What Every Business Needs to Know
Network Security - What Every Business Needs to KnowNetwork Security - What Every Business Needs to Know
Network Security - What Every Business Needs to Knowmapletronics
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveDawn Yankeelov
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security SeminarJeremy Quadri
 
BYOD and the Law (May I Text You That Writ?)
BYOD and the Law (May I Text You That Writ?)BYOD and the Law (May I Text You That Writ?)
BYOD and the Law (May I Text You That Writ?)JISC Legal
 
Data Protection – How Not to Panic and Make it a Positive
Data Protection – How Not to Panic and Make it a PositiveData Protection – How Not to Panic and Make it a Positive
Data Protection – How Not to Panic and Make it a PositiveTargetX
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
Cyber laws
Cyber lawsCyber laws
Cyber lawsMukesh Tekwani
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovEric Vanderburg
 
Tim Nolan
Tim NolanTim Nolan
Tim Nolantimnolan1961
 
Cyber Laws
Cyber LawsCyber Laws
Cyber LawsMukesh Tekwani
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemSimon Aderinlola
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT IssueEvan Francen
 
WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemEvan Francen
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasEvan Francen
 

Weitere ähnliche Inhalte

Ähnlich wie Mobile Information Security

AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionEvan Francen
 
How to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeHow to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeRocket Matter, LLC
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Securitylearntransformation0
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourYasser Mohammed
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & ManufacturingEvan Francen
 
Network Security - What Every Business Needs to Know
Network Security - What Every Business Needs to KnowNetwork Security - What Every Business Needs to Know
Network Security - What Every Business Needs to Knowmapletronics
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveDawn Yankeelov
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security SeminarJeremy Quadri
 
BYOD and the Law (May I Text You That Writ?)
BYOD and the Law (May I Text You That Writ?)BYOD and the Law (May I Text You That Writ?)
BYOD and the Law (May I Text You That Writ?)JISC Legal
 
Data Protection – How Not to Panic and Make it a Positive
Data Protection – How Not to Panic and Make it a PositiveData Protection – How Not to Panic and Make it a Positive
Data Protection – How Not to Panic and Make it a PositiveTargetX
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovEric Vanderburg
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemSimon Aderinlola
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT IssueEvan Francen
 

Ähnlich wie Mobile Information Security (20)

AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the Union
 
How to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeHow to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data Safe
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
 
Pitss
PitssPitss
Pitss
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Security
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & Manufacturing
 
Network Security - What Every Business Needs to Know
Network Security - What Every Business Needs to KnowNetwork Security - What Every Business Needs to Know
Network Security - What Every Business Needs to Know
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate Perspective
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security Seminar
 
BYOD and the Law (May I Text You That Writ?)
BYOD and the Law (May I Text You That Writ?)BYOD and the Law (May I Text You That Writ?)
BYOD and the Law (May I Text You That Writ?)
 
Data Protection – How Not to Panic and Make it a Positive
Data Protection – How Not to Panic and Make it a PositiveData Protection – How Not to Panic and Make it a Positive
Data Protection – How Not to Panic and Make it a Positive
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
 
Cyber laws
Cyber lawsCyber laws
Cyber laws
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
 
Tim Nolan
Tim NolanTim Nolan
Tim Nolan
 
Cyber Laws
Cyber LawsCyber Laws
Cyber Laws
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal system
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
 

Mehr von Evan Francen

WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemEvan Francen
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasEvan Francen
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemEvan Francen
 
Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Evan Francen
 
Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyEvan Francen
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksEvan Francen
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudEvan Francen
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917Evan Francen
 
People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017Evan Francen
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceEvan Francen
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceEvan Francen
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance WorldEvan Francen
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderEvan Francen
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByEvan Francen
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisEvan Francen
 
An Introduction to Information Security
An Introduction to Information SecurityAn Introduction to Information Security
An Introduction to Information SecurityEvan Francen
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales DeckEvan Francen
 

Mehr von Evan Francen (18)

WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language Problem
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware Dallas
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
 
Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219
 
Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk Effectively
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party Risks
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment Fraud
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
 
People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to Compliance
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology Conference
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance World
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a Leader
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) By
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
 
An Introduction to Information Security
An Introduction to Information SecurityAn Introduction to Information Security
An Introduction to Information Security
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 

Kürzlich hochgeladen

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 

Kürzlich hochgeladen (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 

Mobile Information Security

  • 1. FRSECURE.COM Mobile Information Security Evan Francen CISSP, CISM FRSecure President & Co-founder
  • 2. FRSECURE.COM What’s on the Menu? 1. Who are these guys? 2. Should you allow personal mobile devices? 3. An example of why stealing is bad. 4. John hacks a laptop…seriously…here…in real time. 5. Encryption. 6. A helpful security thought process.
  • 3. FRSECURE.COM Who Are These Guys? • Plain-spoken experts. • Information security consulting is all we do. • Established in 2008 by people who have earned their stripes in the field. • Work with small to medium sized organizations in all industries everywhere. “We get paid to tell people the truth”
  • 4. FRSECURE.COM Who Is This Guy? Evan Francen: CISSP, CISM • President & co-founder of FRSecure • Information security expert: • 20 years of experience • 700+ published articles • 150+ public & private organizations served
  • 5. FRSECURE.COM Should Personal Mobile Devices Be Allowed? We think so… 1. Cost efficiency 2. Employee satisfaction 3. Increased productivity 4. It’s happening anyway But, there are risks you need to consider…
  • 6. FRSECURE.COM Pop Quiz? Lost and/or stolen mobile devices such as phones, laptops, thumb drives and tablets accounted for how many sensitive records compromised in 2012* in the U.S.? *According to Privacy Rights Clearing House
  • 7. FRSECURE.COM Answer 2,614,908 Social Security Numbers Intellectual Property Access Codes Medical Files Protected Health InformationEmployee Files Credit Card NumbersBank Account Numbers
  • 8. FRSECURE.COM Breach Example A laptop is stolen from an employee of Accretive Health (Fairview Health Services Collections Vendor). • The laptop was inside a locked car in a Minneapolis restaurant parking lot. • The laptop was NOT encrypted (and therefore not protected by Safe Harbor Rule). • The laptop contained 14,000 private records of Fairview patients. - Social Security Numbers - Diagnoses - Names, Addresses, DOB’s
  • 9. FRSECURE.COM Breach Fallout 1. Fairview sent a letter to the 14,000 patients telling them their information was stolen. 2. Accretive was sued by the State of Minnesota, settled the case for $2.5 million and were “banned” for 6 years. 3. Fairview CEO retires when company doesn’t renew his contract after the incident. 4. Fairview was in the news for about a year for this and other negative incidents regarding the care of patient information. 5. 14,000 people (that we know of) are victims.
  • 10. FRSECURE.COM John Hacks a Laptop We Need a Volunteer
  • 11. FRSECURE.COM Encryption Effective and inexpensive. Sustainable with solid policy backing. Keys must be managed correctly. More involved than downloading and enabling software.
  • 12. FRSECURE.COM Encryption is Not an Easy Button There’s also…. • Policy & Governance • Mobile Device Management • Training & Awareness • Alignment with the Big Picture
  • 13. FRSECURE.COM Policy & Governance • Information Security Policy • Encryption Policy • Mobile Device Policy • Bring Your Own Device (“BYOD”) Policy • Standards, Guidelines & Procedures (exceptions)
  • 14. FRSECURE.COM Mobile Device Management Numerous technological solutions on the market today to assist in enforcing what we say in policy. • If we can’t enforce what we stated in policy, how effective is our policy? • Regulators will require evidence of compliance with our policies. • People are people, sometimes we need to protect them from themselves.
  • 15. FRSECURE.COM Training & Awareness It’s hard to over-invest in training & awareness. Do your people know what to do if: • They lose their mobile device • Their mobile device is stolen • If their mobile device is infected (or suspected to be infected) All of these things should feed into a process for incident response… How is your incident response?
  • 16. FRSECURE.COM Consider a Business-like Approach to Security Decisions 1. Find the starting point. 2. Have a way to measure progress. 3. Apply a risk-based thought process. 4. Expect continuous evolution. 5. Consider other business factors. 6. Make informed, aligned decisions.