SlideShare une entreprise Scribd logo

AFCOM - Information Security State of the Union

Evan Francen
Evan Francen

A presentation delivered by FRSecure's president Evan Francen at the August, 2015 Twin Cities AFCOM Chapter Meeting. There were more than 50 people in attendance to learn about FRSecure, current information security events and threats, what companies are doing, and basic information security principles.

Services
1  sur  23
AFCOM Chapter Meeting INFORMATION SECURITY – STATE OF THE UNION AUGUST 19, 2015
Information Security State of the Union Topics • Introduction • FRSecure • Evan Francen (Speaker) • Current Events/Threats • What Companies Are Doing • Let’s Make it Simple • Questions & Answers
Information Security State of the Union Information security is a broad topic. What can I give you in 30 – 45 Minutes? Follow-up discussions are encouraged!
Information Security State of the Union Introduction – FRSecure ◦ Established in 2008 ◦ Information security is all we do. We’re experts. ◦ Product agnostic ◦ We solve complex information security challenges for our clients. We exist “to fix a broken industry” The “industry” The “industry” is the information security industry; consisting of solutions (services and products) designed to protect information.
FRSecure, the company Vision & Mission We exist “to fix a broken industry” What’s “broken”? 1. Confusion - At the core, there is a lack of basic security understanding. ◦ Security is a big thing - We provide SIMPLE, but COMPREHENSIVE and EFFECTIVE solutions. ◦ We’re speaking different languages – Our solutions are CONSISTENT and we TEACH as part of everything we do.
FRSecure, the company Vision & Mission We exist “to fix a broken industry” What’s “broken”? 2. Motives- Motives are often wrong or unclear. Money, politics, and pride all get in the way. ◦ Our motive is clear - Our PRIMARY motive is to make security better, and we are the BEST at doing that. ◦ We are product agnostic for a reason – Representing products may make us more money now, but detracts from our motive and message.
FRSecure, the company Vision & Mission We exist “to fix a broken industry” What’s “broken”? 3. Expertise - There is a general lack of expertise. ◦ We make experts internally – We INVEST in each other to make the BEST security experts in the industry. ◦ We make experts externally – We TEACH everyone every time we get the chance.
FRSecure, the company Vision & Mission We exist “to fix a broken industry” Fixing it… 1. What we’re going to do ◦ FRSecure’s Ten Security Principles™ ◦ FRSecure Information Security Assessment – FISA™ ◦ FRSecure’s Services – Compliance (GLBA/FFIEC, PCI, HIPAA, etc.) ◦ FRSecure’s Services – Other (vCISO, Penetration Testing, Incident Response, Portal, etc.) ◦ FRSecure’s Mentor Program 2. How we’re going to do it Relationships
Information Security State of the Union Introduction – Evan Francen ◦ Founder & President of FRSecure ◦ 20+ information security leadership experience ◦ Specialties: ◦ Information security methodologies (the way to do things…) ◦ Information security risk management ◦ Executive & board of directors education ◦ Building security programs ◦ Social engineering
Information Security State of the Union Current Events/Threats We’ve made a mess…
Information Security State of the Union Current Events/Threats Breaches everywhere. Not new though, eh?
Information Security State of the Union Current Events/Threats State-sponsored attacks increasing; we are in a “cyber war”
Information Security State of the Union Current Events/Threats Internet of Things (“IoT”)
Information Security State of the Union Current Events/Threats I’m not a fear-monger. I promise!
Information Security State of the Union Current Events/Threats All the fad. Money is fast an furious. The worldwide cybersecurity market is defined by market sizing estimates that range from $77 billion in 2015 to $170 billion by 2020. CB Insights reported that in the first half of 2015, venture firms invested $1.2 billion into cybersecurity startups. Yup, you read it correctly - one point two billion in just the first six months of 2015.
Information Security State of the Union Current Events/Threats Money is (always has been) the motive for the bad guys. Follow the money: ◦ Credit card breaches peaked? Sorta. ◦ Next up; health information (PHI/ePHI) ◦ Identity theft is steady ◦ Extortion is steady after a big rise “A new survey of 600 small business owners compiled by Wells Fargo found that more than half of those who accept point-of-sale card payments are unaware of the requirement to change to EMV chip card technology.”
Information Security State of the Union Current Events/Threats ◦ For the datacenter, it’s not the datacenter itself, it’s: ◦ Everything connected to the datacenter ◦ Social engineering
Information Security State of the Union What Companies Are Doing – The GOOD 1. Visibility is higher than it’s ever been. 2. Boards of directors and the executive suite are more involved than ever. 3. Compliance (in general) is getting more effective.
Information Security State of the Union What Companies Are Doing – The BAD 1. Confusion (more than ever) ◦ We’re speaking different languages ◦ We’re making this harder than we should ◦ What to do? – NIST Cybersecurity Framework (CSF), SOC 2 Type 1/2 (less popular now), ISO/IEC 27001, COBIT, HITRUST ◦ How much is too much? 2. Still too IT focused 3. Still looking for an easy button
Information Security State of the Union Let’s Make it Simple • Complexity is the enemy to security (remember this) • Start with a definition of “information security”… Easy, right? Information security is the application of administrative, physical and technical controls to protect the confidentiality, integrity, and availability of information.
Information Security State of the Union Let’s Make it Simple • How ‘bout some truths about security? FRSecure’s Ten Security Principles™ 1. A business is in business to make money 2. Information Security is a business issue 3. Information Security is fun 4. People are the biggest risk 5. “Compliant” and “secure” are different
Information Security State of the Union Let’s Make it Simple • How ‘bout some truths about security? FRSecure’s Ten Security Principles™ 6. There is no common sense in Information Security 7. “Secure” is relative 8. Information Security should drive business 9. Information Security is not one size fits all 10. There is no “easy button”
Information Security State of the Union Questions & Answers Thank You!

Recommandé

Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...
XeniT Solutions nv
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperation
rrepko
 
Cybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureCybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information Infrastructure
Dr David Probert
 
Digital Age-Preparing Yourself
Digital Age-Preparing YourselfDigital Age-Preparing Yourself
Digital Age-Preparing Yourself
jkl0202
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small Business
Julius Clark, CISSP, CISA
 
Smart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter OrganizationsSmart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter Organizations
Rick Huijbregts
 
ISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press release
David Berkelmans
 
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Rick Huijbregts
 

Recommandé

Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...
XeniT Solutions nv
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperation
rrepko
 
Cybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureCybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information Infrastructure
Dr David Probert
 
Digital Age-Preparing Yourself
Digital Age-Preparing YourselfDigital Age-Preparing Yourself
Digital Age-Preparing Yourself
jkl0202
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small Business
Julius Clark, CISSP, CISA
 
Smart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter OrganizationsSmart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter Organizations
Rick Huijbregts
 
ISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press release
David Berkelmans
 
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Rick Huijbregts
 
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
Neil Curran MSc CISSP CRISC CGEIT CISM CISA
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & Manufacturing
Evan Francen
 
State of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderState of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry Insider
Ben Johnson
 
Data theft in india (K K Mookhey)
Data theft in india (K K Mookhey)Data theft in india (K K Mookhey)
Data theft in india (K K Mookhey)
ClubHack
 
News letter feb 11
News letter feb 11News letter feb 11
News letter feb 11
captsbtyagi
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information Security
Evan Francen
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
Evan Francen
 
The State of Cyber
The State of CyberThe State of Cyber
The State of Cyber
businessforward
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Security
learntransformation0
 
Cyber Safe Southwark
Cyber Safe SouthwarkCyber Safe Southwark
Cyber Safe Southwark
The Integrate Agency CIC
 
Running with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsRunning with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needs
Michael Scheidell
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystem
kpatrickwheeler
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021
lior mazor
 
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Dana Gardner
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Mighty Guides, Inc.
 
Information Security: Protecting Your Assets
Information Security: Protecting Your AssetsInformation Security: Protecting Your Assets
Information Security: Protecting Your Assets
Bert Penney
 
ACFN vISO eBook
ACFN vISO eBookACFN vISO eBook
ACFN vISO eBook
Patrick Whelan, CISA
 
WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language Problem
Evan Francen
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Sherry Jones
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Sherry Jones
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware Dallas
Evan Francen
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
Evan Francen
 

Contenu connexe

Similaire à AFCOM - Information Security State of the Union

2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
Neil Curran MSc CISSP CRISC CGEIT CISM CISA
 
Data theft in india (K K Mookhey)
Data theft in india (K K Mookhey)Data theft in india (K K Mookhey)
Data theft in india (K K Mookhey)
ClubHack
 
News letter feb 11
News letter feb 11News letter feb 11
News letter feb 11
captsbtyagi
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Sherry Jones
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Sherry Jones
 

Similaire à AFCOM - Information Security State of the Union (20)

2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & Manufacturing
 
State of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderState of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry Insider
 
Data theft in india (K K Mookhey)
Data theft in india (K K Mookhey)Data theft in india (K K Mookhey)
Data theft in india (K K Mookhey)
 
News letter feb 11
News letter feb 11News letter feb 11
News letter feb 11
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information Security
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
 
The State of Cyber
The State of CyberThe State of Cyber
The State of Cyber
 
The significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information SecurityThe significance of the 7 Colors of Information Security
The significance of the 7 Colors of Information Security
 
Cyber Safe Southwark
Cyber Safe SouthwarkCyber Safe Southwark
Cyber Safe Southwark
 
Running with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsRunning with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needs
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystem
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021
 
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
 
Information Security: Protecting Your Assets
Information Security: Protecting Your AssetsInformation Security: Protecting Your Assets
Information Security: Protecting Your Assets
 
ACFN vISO eBook
ACFN vISO eBookACFN vISO eBook
ACFN vISO eBook
 
WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language Problem
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
 

Plus de Evan Francen

People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
Evan Francen
 

Plus de Evan Francen (18)

Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware Dallas
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
 
Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219
 
Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk Effectively
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party Risks
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment Fraud
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
 
People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to Compliance
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology Conference
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance World
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a Leader
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) By
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
 
An Introduction to Information Security
An Introduction to Information SecurityAn Introduction to Information Security
An Introduction to Information Security
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 

Dernier

Call Girls In Lahore || 03280288848 ||Lahore Call Girl Available 24/7
Call Girls In Lahore || 03280288848 ||Lahore Call Girl Available 24/7Call Girls In Lahore || 03280288848 ||Lahore Call Girl Available 24/7
Call Girls In Lahore || 03280288848 ||Lahore Call Girl Available 24/7
Ifra Zohaib
 
chittorgarh 💋 Call Girl 9748763073 Call Girls in Chittorgarh Escort service ...
chittorgarh 💋 Call Girl 9748763073 Call Girls in Chittorgarh Escort service ...chittorgarh 💋 Call Girl 9748763073 Call Girls in Chittorgarh Escort service ...
chittorgarh 💋 Call Girl 9748763073 Call Girls in Chittorgarh Escort service ...
apshanarani255
 
💚Call Girls Chandigarh 💯Riya 📲🔝8868886958🔝Call Girls In Chandigarh No💰Advance...
💚Call Girls Chandigarh 💯Riya 📲🔝8868886958🔝Call Girls In Chandigarh No💰Advance...💚Call Girls Chandigarh 💯Riya 📲🔝8868886958🔝Call Girls In Chandigarh No💰Advance...
💚Call Girls Chandigarh 💯Riya 📲🔝8868886958🔝Call Girls In Chandigarh No💰Advance...
Sheetaleventcompany
 
❤️Zirakpur Escort Service☎️7837612180☎️ Call Girl service in Zirakpur☎️ Zirak...
❤️Zirakpur Escort Service☎️7837612180☎️ Call Girl service in Zirakpur☎️ Zirak...❤️Zirakpur Escort Service☎️7837612180☎️ Call Girl service in Zirakpur☎️ Zirak...
❤️Zirakpur Escort Service☎️7837612180☎️ Call Girl service in Zirakpur☎️ Zirak...
Sheetaleventcompany
 
Call Now ☎8264348440|| Call Girls in Mehrauli Escort Service Delhi N.C.R..pdf
Call Now ☎8264348440|| Call Girls in Mehrauli Escort Service Delhi N.C.R..pdfCall Now ☎8264348440|| Call Girls in Mehrauli Escort Service Delhi N.C.R..pdf
Call Now ☎8264348440|| Call Girls in Mehrauli Escort Service Delhi N.C.R..pdf
soniya singh
 
Unnao 💋 Call Girl 97487*63073 Call Girls in unnao Escort service book now
Unnao 💋 Call Girl 97487*63073 Call Girls in unnao Escort service book nowUnnao 💋 Call Girl 97487*63073 Call Girls in unnao Escort service book now
Unnao 💋 Call Girl 97487*63073 Call Girls in unnao Escort service book now
apshanarani255
 
Satara call girl 8797040791♥️ call girls in satara escort service
Satara call girl 8797040791♥️ call girls in satara escort serviceSatara call girl 8797040791♥️ call girls in satara escort service
Satara call girl 8797040791♥️ call girls in satara escort service
Mumbai Call girl
 
Call Girls Pune Call WhatsApp 7870993772 Top Class Call Girl Service Availab...
Call Girls Pune Call WhatsApp 7870993772 Top Class Call Girl Service Availab...Call Girls Pune Call WhatsApp 7870993772 Top Class Call Girl Service Availab...
Call Girls Pune Call WhatsApp 7870993772 Top Class Call Girl Service Availab...
Monika Rani
 
RAIPUR CALL GIRL 9661985112 LOW PRICE ESCORT SERVICE RAIPUR
RAIPUR CALL GIRL 9661985112 LOW PRICE ESCORT SERVICE RAIPURRAIPUR CALL GIRL 9661985112 LOW PRICE ESCORT SERVICE RAIPUR
RAIPUR CALL GIRL 9661985112 LOW PRICE ESCORT SERVICE RAIPUR
Sapna Call girl
 
Call Girls In Chandigarh ☎ 08868886958✅ Just Genuine Call Call Girls Chandiga...
Call Girls In Chandigarh ☎ 08868886958✅ Just Genuine Call Call Girls Chandiga...Call Girls In Chandigarh ☎ 08868886958✅ Just Genuine Call Call Girls Chandiga...
Call Girls In Chandigarh ☎ 08868886958✅ Just Genuine Call Call Girls Chandiga...
Sheetaleventcompany
 
Call Girls Nagpur 💋Just Call WhatsApp 7870993772 Top Class Call Girl Service ...
Call Girls Nagpur 💋Just Call WhatsApp 7870993772 Top Class Call Girl Service ...Call Girls Nagpur 💋Just Call WhatsApp 7870993772 Top Class Call Girl Service ...
Call Girls Nagpur 💋Just Call WhatsApp 7870993772 Top Class Call Girl Service ...
Monika Rani
 
Mysore❤CALL GIRL 9647466585 ❤CALL GIRLS IN Mysore ESCORT SERVICE
Mysore❤CALL GIRL 9647466585 ❤CALL GIRLS IN Mysore ESCORT SERVICEMysore❤CALL GIRL 9647466585 ❤CALL GIRLS IN Mysore ESCORT SERVICE
Mysore❤CALL GIRL 9647466585 ❤CALL GIRLS IN Mysore ESCORT SERVICE
shivam142808
 
Udaipur Call Girls ☎ 9602870969✅ Just Genuine Call Girl in Udaipur Escort Ser...
Udaipur Call Girls ☎ 9602870969✅ Just Genuine Call Girl in Udaipur Escort Ser...Udaipur Call Girls ☎ 9602870969✅ Just Genuine Call Girl in Udaipur Escort Ser...
Udaipur Call Girls ☎ 9602870969✅ Just Genuine Call Girl in Udaipur Escort Ser...
Apsara Of India
 
Rehabilitation centres in zimbabwe | 📲 +263788080001
Rehabilitation centres in zimbabwe | 📲 +263788080001Rehabilitation centres in zimbabwe | 📲 +263788080001
Rehabilitation centres in zimbabwe | 📲 +263788080001
Rehabilitation Centre
 

Dernier (20)

BHOPAL CALL GIRL 9262871154 HIGH PROFILE BHOPAL ESCORT SERVICE
BHOPAL CALL GIRL 9262871154 HIGH PROFILE BHOPAL ESCORT SERVICEBHOPAL CALL GIRL 9262871154 HIGH PROFILE BHOPAL ESCORT SERVICE
BHOPAL CALL GIRL 9262871154 HIGH PROFILE BHOPAL ESCORT SERVICE
 
Call Girls In Lahore || 03280288848 ||Lahore Call Girl Available 24/7
Call Girls In Lahore || 03280288848 ||Lahore Call Girl Available 24/7Call Girls In Lahore || 03280288848 ||Lahore Call Girl Available 24/7
Call Girls In Lahore || 03280288848 ||Lahore Call Girl Available 24/7
 
NAGPUR ESCORT SERVICE 9262871154 LOW PRICE NAGPUR ESCORT SERVICE
NAGPUR ESCORT SERVICE 9262871154 LOW PRICE NAGPUR ESCORT SERVICENAGPUR ESCORT SERVICE 9262871154 LOW PRICE NAGPUR ESCORT SERVICE
NAGPUR ESCORT SERVICE 9262871154 LOW PRICE NAGPUR ESCORT SERVICE
 
chittorgarh 💋 Call Girl 9748763073 Call Girls in Chittorgarh Escort service ...
chittorgarh 💋 Call Girl 9748763073 Call Girls in Chittorgarh Escort service ...chittorgarh 💋 Call Girl 9748763073 Call Girls in Chittorgarh Escort service ...
chittorgarh 💋 Call Girl 9748763073 Call Girls in Chittorgarh Escort service ...
 
Motihari ❤CALL GIRL 7870993772 ❤CALL GIRLS ESCORT SERVICE In motihari ❤ Low ...
Motihari ❤CALL GIRL 7870993772 ❤CALL GIRLS ESCORT SERVICE In motihari ❤ Low ...Motihari ❤CALL GIRL 7870993772 ❤CALL GIRLS ESCORT SERVICE In motihari ❤ Low ...
Motihari ❤CALL GIRL 7870993772 ❤CALL GIRLS ESCORT SERVICE In motihari ❤ Low ...
 
💚Call Girls Chandigarh 💯Riya 📲🔝8868886958🔝Call Girls In Chandigarh No💰Advance...
💚Call Girls Chandigarh 💯Riya 📲🔝8868886958🔝Call Girls In Chandigarh No💰Advance...💚Call Girls Chandigarh 💯Riya 📲🔝8868886958🔝Call Girls In Chandigarh No💰Advance...
💚Call Girls Chandigarh 💯Riya 📲🔝8868886958🔝Call Girls In Chandigarh No💰Advance...
 
❤️Zirakpur Escort Service☎️7837612180☎️ Call Girl service in Zirakpur☎️ Zirak...
❤️Zirakpur Escort Service☎️7837612180☎️ Call Girl service in Zirakpur☎️ Zirak...❤️Zirakpur Escort Service☎️7837612180☎️ Call Girl service in Zirakpur☎️ Zirak...
❤️Zirakpur Escort Service☎️7837612180☎️ Call Girl service in Zirakpur☎️ Zirak...
 
MORADABAD CALL GIRL 9661985112 IN CALL GIRLS ESCORT SERVICE
MORADABAD CALL GIRL 9661985112 IN CALL GIRLS ESCORT SERVICEMORADABAD CALL GIRL 9661985112 IN CALL GIRLS ESCORT SERVICE
MORADABAD CALL GIRL 9661985112 IN CALL GIRLS ESCORT SERVICE
 
Call Now ☎8264348440|| Call Girls in Mehrauli Escort Service Delhi N.C.R..pdf
Call Now ☎8264348440|| Call Girls in Mehrauli Escort Service Delhi N.C.R..pdfCall Now ☎8264348440|| Call Girls in Mehrauli Escort Service Delhi N.C.R..pdf
Call Now ☎8264348440|| Call Girls in Mehrauli Escort Service Delhi N.C.R..pdf
 
Unnao 💋 Call Girl 97487*63073 Call Girls in unnao Escort service book now
Unnao 💋 Call Girl 97487*63073 Call Girls in unnao Escort service book nowUnnao 💋 Call Girl 97487*63073 Call Girls in unnao Escort service book now
Unnao 💋 Call Girl 97487*63073 Call Girls in unnao Escort service book now
 
Satara call girl 8797040791♥️ call girls in satara escort service
Satara call girl 8797040791♥️ call girls in satara escort serviceSatara call girl 8797040791♥️ call girls in satara escort service
Satara call girl 8797040791♥️ call girls in satara escort service
 
Call Girls Pune Call WhatsApp 7870993772 Top Class Call Girl Service Availab...
Call Girls Pune Call WhatsApp 7870993772 Top Class Call Girl Service Availab...Call Girls Pune Call WhatsApp 7870993772 Top Class Call Girl Service Availab...
Call Girls Pune Call WhatsApp 7870993772 Top Class Call Girl Service Availab...
 
RAIPUR CALL GIRL 9661985112 LOW PRICE ESCORT SERVICE RAIPUR
RAIPUR CALL GIRL 9661985112 LOW PRICE ESCORT SERVICE RAIPURRAIPUR CALL GIRL 9661985112 LOW PRICE ESCORT SERVICE RAIPUR
RAIPUR CALL GIRL 9661985112 LOW PRICE ESCORT SERVICE RAIPUR
 
Call Girls In Chandigarh ☎ 08868886958✅ Just Genuine Call Call Girls Chandiga...
Call Girls In Chandigarh ☎ 08868886958✅ Just Genuine Call Call Girls Chandiga...Call Girls In Chandigarh ☎ 08868886958✅ Just Genuine Call Call Girls Chandiga...
Call Girls In Chandigarh ☎ 08868886958✅ Just Genuine Call Call Girls Chandiga...
 
Call Girls Nagpur 💋Just Call WhatsApp 7870993772 Top Class Call Girl Service ...
Call Girls Nagpur 💋Just Call WhatsApp 7870993772 Top Class Call Girl Service ...Call Girls Nagpur 💋Just Call WhatsApp 7870993772 Top Class Call Girl Service ...
Call Girls Nagpur 💋Just Call WhatsApp 7870993772 Top Class Call Girl Service ...
 
AGARTALA CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
AGARTALA CALL GIRL 7857803690 LOW PRICE ESCORT SERVICEAGARTALA CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
AGARTALA CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
 
Mysore❤CALL GIRL 9647466585 ❤CALL GIRLS IN Mysore ESCORT SERVICE
Mysore❤CALL GIRL 9647466585 ❤CALL GIRLS IN Mysore ESCORT SERVICEMysore❤CALL GIRL 9647466585 ❤CALL GIRLS IN Mysore ESCORT SERVICE
Mysore❤CALL GIRL 9647466585 ❤CALL GIRLS IN Mysore ESCORT SERVICE
 
Udaipur Call Girls ☎ 9602870969✅ Just Genuine Call Girl in Udaipur Escort Ser...
Udaipur Call Girls ☎ 9602870969✅ Just Genuine Call Girl in Udaipur Escort Ser...Udaipur Call Girls ☎ 9602870969✅ Just Genuine Call Girl in Udaipur Escort Ser...
Udaipur Call Girls ☎ 9602870969✅ Just Genuine Call Girl in Udaipur Escort Ser...
 
Prince Armahs(Tinky) Brochure, for Funeral service
Prince Armahs(Tinky) Brochure, for Funeral servicePrince Armahs(Tinky) Brochure, for Funeral service
Prince Armahs(Tinky) Brochure, for Funeral service
 
Rehabilitation centres in zimbabwe | 📲 +263788080001
Rehabilitation centres in zimbabwe | 📲 +263788080001Rehabilitation centres in zimbabwe | 📲 +263788080001
Rehabilitation centres in zimbabwe | 📲 +263788080001
 

AFCOM - Information Security State of the Union

  • 1. AFCOM Chapter Meeting INFORMATION SECURITY – STATE OF THE UNION AUGUST 19, 2015
  • 2. Information Security State of the Union Topics • Introduction • FRSecure • Evan Francen (Speaker) • Current Events/Threats • What Companies Are Doing • Let’s Make it Simple • Questions & Answers
  • 3. Information Security State of the Union Information security is a broad topic. What can I give you in 30 – 45 Minutes? Follow-up discussions are encouraged!
  • 4. Information Security State of the Union Introduction – FRSecure ◦ Established in 2008 ◦ Information security is all we do. We’re experts. ◦ Product agnostic ◦ We solve complex information security challenges for our clients. We exist “to fix a broken industry” The “industry” The “industry” is the information security industry; consisting of solutions (services and products) designed to protect information.
  • 5. FRSecure, the company Vision & Mission We exist “to fix a broken industry” What’s “broken”? 1. Confusion - At the core, there is a lack of basic security understanding. ◦ Security is a big thing - We provide SIMPLE, but COMPREHENSIVE and EFFECTIVE solutions. ◦ We’re speaking different languages – Our solutions are CONSISTENT and we TEACH as part of everything we do.
  • 6. FRSecure, the company Vision & Mission We exist “to fix a broken industry” What’s “broken”? 2. Motives- Motives are often wrong or unclear. Money, politics, and pride all get in the way. ◦ Our motive is clear - Our PRIMARY motive is to make security better, and we are the BEST at doing that. ◦ We are product agnostic for a reason – Representing products may make us more money now, but detracts from our motive and message.
  • 7. FRSecure, the company Vision & Mission We exist “to fix a broken industry” What’s “broken”? 3. Expertise - There is a general lack of expertise. ◦ We make experts internally – We INVEST in each other to make the BEST security experts in the industry. ◦ We make experts externally – We TEACH everyone every time we get the chance.
  • 8. FRSecure, the company Vision & Mission We exist “to fix a broken industry” Fixing it… 1. What we’re going to do ◦ FRSecure’s Ten Security Principles™ ◦ FRSecure Information Security Assessment – FISA™ ◦ FRSecure’s Services – Compliance (GLBA/FFIEC, PCI, HIPAA, etc.) ◦ FRSecure’s Services – Other (vCISO, Penetration Testing, Incident Response, Portal, etc.) ◦ FRSecure’s Mentor Program 2. How we’re going to do it Relationships
  • 9. Information Security State of the Union Introduction – Evan Francen ◦ Founder & President of FRSecure ◦ 20+ information security leadership experience ◦ Specialties: ◦ Information security methodologies (the way to do things…) ◦ Information security risk management ◦ Executive & board of directors education ◦ Building security programs ◦ Social engineering
  • 10. Information Security State of the Union Current Events/Threats We’ve made a mess…
  • 11. Information Security State of the Union Current Events/Threats Breaches everywhere. Not new though, eh?
  • 12. Information Security State of the Union Current Events/Threats State-sponsored attacks increasing; we are in a “cyber war”
  • 13. Information Security State of the Union Current Events/Threats Internet of Things (“IoT”)
  • 14. Information Security State of the Union Current Events/Threats I’m not a fear-monger. I promise!
  • 15. Information Security State of the Union Current Events/Threats All the fad. Money is fast an furious. The worldwide cybersecurity market is defined by market sizing estimates that range from $77 billion in 2015 to $170 billion by 2020. CB Insights reported that in the first half of 2015, venture firms invested $1.2 billion into cybersecurity startups. Yup, you read it correctly - one point two billion in just the first six months of 2015.
  • 16. Information Security State of the Union Current Events/Threats Money is (always has been) the motive for the bad guys. Follow the money: ◦ Credit card breaches peaked? Sorta. ◦ Next up; health information (PHI/ePHI) ◦ Identity theft is steady ◦ Extortion is steady after a big rise “A new survey of 600 small business owners compiled by Wells Fargo found that more than half of those who accept point-of-sale card payments are unaware of the requirement to change to EMV chip card technology.”
  • 17. Information Security State of the Union Current Events/Threats ◦ For the datacenter, it’s not the datacenter itself, it’s: ◦ Everything connected to the datacenter ◦ Social engineering
  • 18. Information Security State of the Union What Companies Are Doing – The GOOD 1. Visibility is higher than it’s ever been. 2. Boards of directors and the executive suite are more involved than ever. 3. Compliance (in general) is getting more effective.
  • 19. Information Security State of the Union What Companies Are Doing – The BAD 1. Confusion (more than ever) ◦ We’re speaking different languages ◦ We’re making this harder than we should ◦ What to do? – NIST Cybersecurity Framework (CSF), SOC 2 Type 1/2 (less popular now), ISO/IEC 27001, COBIT, HITRUST ◦ How much is too much? 2. Still too IT focused 3. Still looking for an easy button
  • 20. Information Security State of the Union Let’s Make it Simple • Complexity is the enemy to security (remember this) • Start with a definition of “information security”… Easy, right? Information security is the application of administrative, physical and technical controls to protect the confidentiality, integrity, and availability of information.
  • 21. Information Security State of the Union Let’s Make it Simple • How ‘bout some truths about security? FRSecure’s Ten Security Principles™ 1. A business is in business to make money 2. Information Security is a business issue 3. Information Security is fun 4. People are the biggest risk 5. “Compliant” and “secure” are different
  • 22. Information Security State of the Union Let’s Make it Simple • How ‘bout some truths about security? FRSecure’s Ten Security Principles™ 6. There is no common sense in Information Security 7. “Secure” is relative 8. Information Security should drive business 9. Information Security is not one size fits all 10. There is no “easy button”
  • 23. Information Security State of the Union Questions & Answers Thank You!