Upload File

frsecure's ten security principles to live (or die) by

  • Home
  • Technology
  • FRSecure's Ten Security Principles to Live (or die) By
34
Protecting your Information and your Customer’s Information Ten principles to live (or die) by Copyright Notice Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Upload: frsecure

Post on 12-May-2015

521 views

Category:

Technology


1 download

Report

Tags:

DESCRIPTION

Presentation delivered to attendees of RK Dixon's 2011 Tech Summit on November 8, 2011. Presenter is Evan Francen, president of FRSecure.

TRANSCRIPT

Page 1: FRSecure's Ten Security Principles to Live (or die) By

Protecting your Information and your Customer’s Information

Ten principles to live (or die) by

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Page 2: FRSecure's Ten Security Principles to Live (or die) By

Before we get started:

• This is not your typical presentation.

• What you have to say is as important as what I am going to tell you.

• You are encouraged to participate!

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

I will ask you questions, if you don’t ask me some!

Page 3: FRSecure's Ten Security Principles to Live (or die) By

FRSecure and RK Dixon

• How we got to know each other

• Customers benefit from our work together

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Page 4: FRSecure's Ten Security Principles to Live (or die) By

FRSecure

• Information security consulting company – it’s all we know how to do.

• Established in 2008 by people who have earned their stripes in the field.

• We help small to medium sized organizations solve information security challenges.

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Page 5: FRSecure's Ten Security Principles to Live (or die) By

Speaker – Evan Francen, CISSP CISM CCSK

• President & Co-founder of FRSecure

• 20 years of information security experience

• Security evangelist with more than 700 published articles

• Experience with 150+ public & private organizations.

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Page 6: FRSecure's Ten Security Principles to Live (or die) By

Speaker – Evan Francen, CISSP CISM CCSK

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Page 7: FRSecure's Ten Security Principles to Live (or die) By

Topics

• Some questions to get us started

• Ten principles to live (or die) by

• Information security today

• Information security predictions

• What should you be doing?

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Page 8: FRSecure's Ten Security Principles to Live (or die) By

What is information security?

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

This is really a question for you

Page 9: FRSecure's Ten Security Principles to Live (or die) By

Fundamentally, Information Security is:The application of Administrative, Physical and Technical controls in an effort to protect the Confidentiality, Integrity, and Availability of Information.

Controls:Administrative – Policies, procedures, processesPhysical – Locks, cameras, alarm systemsTechnical – Firewalls, anti-virus software, permissions

Protect:Confidentiality – Disclosure to authorized entitiesIntegrity – Accuracy and completenessAvailability – Accessible when required and authorized

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Page 10: FRSecure's Ten Security Principles to Live (or die) By

Why do we need information security?

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Page 11: FRSecure's Ten Security Principles to Live (or die) By

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

What if you do nothing?

It’s likely that there will be consequences• Civil suits• Regulatory fines• Legal fees• Investigation fees• FBI investigations• Forensic investigations• Loss of consumer confidence• Loss of brand name recognition and status• Loss of customers, potentially to be driven out of business• Potential personal liabilities for company leaders• Loss of Intellectual property• Etc., etc., etc.

Page 12: FRSecure's Ten Security Principles to Live (or die) By

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

When you think of information security, how do you feel?Be honest

Page 13: FRSecure's Ten Security Principles to Live (or die) By

The ten FRSecure principles that we live by.Derived from more than 15 years of information security experience with companies across the board in terms of size, industry, demographic and geographic criteria.

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Page 14: FRSecure's Ten Security Principles to Live (or die) By

#1 - We don’t work well in a bubble.

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Page 15: FRSecure's Ten Security Principles to Live (or die) By

#2 - Information security isn’t an IT issue.

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Page 16: FRSecure's Ten Security Principles to Live (or die) By

#3 - People are the most significant risk.

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Page 17: FRSecure's Ten Security Principles to Live (or die) By

#4 – “Compliant” doesn’t mean “secure”.

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Page 18: FRSecure's Ten Security Principles to Live (or die) By

#5 – Businesses are in business to make money.

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Page 19: FRSecure's Ten Security Principles to Live (or die) By

#6 – There’s no common sense in information security.

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Page 20: FRSecure's Ten Security Principles to Live (or die) By

#7 – “Secure” is relative.

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Page 21: FRSecure's Ten Security Principles to Live (or die) By

#8 – Information security doesn’t always have to be a cost-center.

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Page 22: FRSecure's Ten Security Principles to Live (or die) By

#9 – Information security isn’t a one size fits all solution.

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Page 23: FRSecure's Ten Security Principles to Live (or die) By

#10 – There’s no “easy button”.

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Page 24: FRSecure's Ten Security Principles to Live (or die) By

Information Security Today - Compliance

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Page 25: FRSecure's Ten Security Principles to Live (or die) By

Information Security Today - Breaches

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Page 26: FRSecure's Ten Security Principles to Live (or die) By

Information Security Today – The Cloud

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Page 27: FRSecure's Ten Security Principles to Live (or die) By

Information Security Today – Mobile

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Page 28: FRSecure's Ten Security Principles to Live (or die) By

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

What does the future hold?

Do you want the good news or the bad news first?

Page 29: FRSecure's Ten Security Principles to Live (or die) By

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

What does the future hold?

The good newsThere will be real rewards for organizations that take security seriously

• Incentive-based regulations

• Lower costs in other areas of business; insurance, process efficiencies, etc.

• Competitive advantage

In general, there will be a greater awareness of information security

Real quantifiable data will be available to determine the most optimal investments

Page 30: FRSecure's Ten Security Principles to Live (or die) By

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

What does the future hold?

The bad newsWe expect more:

• Attacks targeted at small firms• Pressure from customers• Legislation & regulation• Hacktivism• State-sponsored attacks• Mobile device attacks

Page 31: FRSecure's Ten Security Principles to Live (or die) By

What Should I Be Doing?

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Page 32: FRSecure's Ten Security Principles to Live (or die) By

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

What should you be doing?

•Practice “due care”

•Formalize a risk-based approach

•Make yourself defensible• Prevention

• Detection

• Correction

Page 33: FRSecure's Ten Security Principles to Live (or die) By

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

Conclusion• Take the time to understand basic information security concepts

• Stay current on world events, but don’t lose focus on your specific needs

• Choose risk as your driver; not compliance or customer requirements

• Capitalize on benefits

Call us if you have questions or need help!

Page 34: FRSecure's Ten Security Principles to Live (or die) By

Copyright NoticeMaterial contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.

YOU MADE IT! - Questions?About FRSecureFRSecure LLC is a full-service information security consulting company. We are

dedicated to information security education, awareness, application, and improvement. FRSecure helps clients understand, design, implement, and manage best-in-class information security solutions; thereby achieving optimal value for every information security dollar spent. Our clients are in business to make money, so we design secure solutions that drive business, protect sensitive information assets, and improve the bottom line.

Want a copy of these slides? Leave a business card


Live! you didn't die!

Resthaven Live Well Die Well Coordinator's Handbook

Ten DIY Beauty Products & Tips You Can’t Live Without

…unifiedskatesupply.com/link_files/sugar_catalog_2011.pdf · Live & Die 7.875 Alomar Guest 8.25 Roper Horror 7.75 Live & Die 7.75 Scarface 8 Triumph 8.125 Shine Script 8 Nix Gator

We Live To Die

POLAROID – Live by the Category Die by

Steve jobs how to live before you die

Don't die to look beautiful, live to remain beautiful

How to live before you die

Twenty-fourth Sunday in Ordinary Time September 13, 2020 · 13/09/2020  · if we live, we live for the Lord, and if we die, we die for the Lord; so then, whether we live or die,

To Live and Die in CA

Modules and Packages: Live and Let Die!

One must die so others may live - Tyndale House

"I'm gonna live live live live live until I die" - palliative care

LIVE IN MAGDEBURG STEFAN MROSS MAXIMILIAN ARLAND DIE

Ten things You can do to Live Sustainably

Live longer die faster osa 2 maria klemetz press

Ethics the Right to Live and Die in Dignity

Never let your dreams die... make them live safe

Supporting people to live and die well

WAT DIE - Live With Purpose Church

Städte, Planeten Warum heißt die Wurst „Salami“? · Die Französin Suzanne Lenglen war wohl die berühmteste und beste Ten nisspielerin ihrer Zeit. Sie hatte die ein malige

Live as if You Were to Die

Ten Techniques to Try When Greens Nearly Die

DIE EFFEKTIVITAT UND DIE STELLUNG ...978-94-011-9023...Die allgemeine Bedeutung des Effektivitatsbegriffes im VR (Ansich-ten) und sein Einfluf3 auf die Rechtsstellung nichtanerkannter

Ten things to live by

Stiftungslehrstuhl Bank- und Finanzmanagement - …...ten Ausprägungen. Die vorliegende Arbeit behandelt deshalb nur diejenigen Instrumen-te, die sich spezifisch für die Refinanzierung

· PDF fileemng der All Die ten Cha rd an Die der Die Behandlung der allergische Rhinitis ruht aur drei Såulen: Karemzmaßnahmen, Auneimittcltherapie, Allergen

Live for you, Die for you

Live And Let Die

Ten Pieces Party Live Lesson - BBCdownloads.bbc.co.uk/learning/livelessons/tenpiecespartyteacher... · BBC LEARNING PRESENTS Ten Pieces Party Live Lesson Date: Friday, 23rd September

Live and Let Die - Big Band version

Die Applikationsfelder optrodengest¼tzter Live-Cell

Die Hard: How Paraguayan snakes avoid predation and live

“Dream as if you'll live forever, live as if you'll die today.”