Ce diaporama a bien été signalé.
Le téléchargement de votre SlideShare est en cours. ×

FRSecure Sales Deck


Consultez-les par la suite

1 sur 35 Publicité

Plus De Contenu Connexe

Diaporamas pour vous (20)

Similaire à FRSecure Sales Deck (20)


Plus par Evan Francen (20)

Plus récents (20)


FRSecure Sales Deck

  1. 1. Corporate and Services Overview
  2. 2. • About Us • Information Security Explained • The Need for Information Security • Information Security Assessment Overview • Information Security Assessment Deliverables • Full-Service Consulting Presentation Topics
  3. 3. • What’s in it for them? • What’s in it for you? • Preliminary Assessment • Who else do we work with? • Where can you find us? • What’s the bottom line? Presentation Topics (cont.)
  4. 4. • Formed in 2008, FRSecure LLC is a full-service information security consulting company dedicated to information security education, awareness, application, and improvement. FRSecure helps clients understand, design, implement, and manage best-in-class information security solutions; thereby, achieving optimal value for every information security dollar spent. • Regulatory and industry compliance is built into all of our solutions. • Over 50 successful assessments performed in the past 18 months About Us
  5. 5. • EVAN FRANCEN, CISSP CISM • President • Over 15 years as a leading information security professional and corporate leader in both private and public companies • Well versed in governmental and industry-specific regulations, standards and guidelines including ISO/IEC 27002 (17799:2005), HIPAA, GLBA, PCI-DSS, FDA CFR Part 11, SOX and COBIT • Active participant in numerous information security trade associations including ISACA, ISSA, and ISC2 About Us
  6. 6. At FRSecure, our job is to find risks, and we’ve been helping businesses of all sizes and industries for more than 15 years. Our clients include well-known names in: ● Banking ● Insurance ● Accounting ● Health care ● Legal ● Data storage ● Mortgage ● Printing ● And more. About Us
  7. 7. Information Security Explained Fundamentally, Information Security is: The application of Administrative, Physical and Technical controls in an effort to protect the Confidentiality, Integrity, and Availability of Information. “Effective information security requires the assessment and accounting for all risks to information in all of its forms throughout the enterprise. Anything less results in wasted resources and the increased likelihood of catastrophic loss.” – Evan Francen Fundamentally, information security is NOT: • An IT issue; it is a business issue • Compliance-based; it is risk-based
  8. 8. Information Security Explained Administrative Control Questions • Do you have formal information security policies? If so, do your policies adequately cover all areas of information security? • How are your information security policies communicated to employees and relevant 3rd -parties? • Do you have a defined review schedule for your information security policies? • Has your organization defined a formal risk assessment methodology? • Does your organization conduct background checks on potential employees prior to hire? • Do you have an acceptable use policy? • Do you have a formal information security awareness training program?
  9. 9. Information Security Explained Physical Control Questions • Has a risk assessment of physical security been performed? • Should your company utilize a multi-tiered approach to physical security? • Have you developed a physical security policy? • How are public areas in and/or around your facility monitored? • How is roof access at your facility secured? • Do you log the date, time of entry, and time of departure of visitors, contractors, and third-party personnel? • How do you prevent unauthorized access to office spaces? • How do you prevent unauthorized access to restricted areas? • What access controls are implemented for office spaces?
  10. 10. Information Security Explained Technical Control Questions • What are the minimum encryption key strength requirements? • Is your network adequately segmented and controlled to prevent unauthorized access to sensitive information resources? • What types of devices and technologies are used to control the flow of network traffic; especially between different “security zones”? • Has your organization deployed one or more external applications? • Which ports and services are allowed to remain enabled on network devices? • How do you ensure that patches are consistently applied to all devices, applications, and systems? • What types of authentication mechanisms are used to establish a wireless connection?
  11. 11. Information Security Explained In an effort to protect: Confidentiality Ensuring information is disclosed to, and reviewed exclusively by intended recipients / authorized individuals Integrity Ensuring the accuracy and completeness of information and processing methods Availability Ensuring that information and associated assets are accessible, whenever necessary, by authorized individuals The opposite of C. I. A. is D. A. D. (Disclosure, Alteration and Destruction)
  12. 12. The Need for Information Security • It’s the Law • Sarbanes-Oxley Act of 2002 • Gramm–Leach–Bliley Act (GLBA) • FDA CFR Title 21 • Computer Fraud and Abuse Act • Various state and local laws • Protect intellectual property (IP) • Protect Financial Data • Protect Personally Identifiable Information (PII) • Protect other “Confidential” Data • Clinical trial data • Safety data • Regulatory filings 94,000,000 records 8,500,000 records8,500,000 records 130,000,000 records
  13. 13. The Need for Information Security In the news…
  14. 14. The Need for Information Security The consequences of insufficient security • Many times the victim is you, the individual • Loss of competitive advantage • Compromised customer confidence; loss of business • Identity theft • Embarrassing media coverage • Equipment theft • Service interruption • Legal penalties
  15. 15. FRSecure performs an Enterprise Information Security Assessment to determine: • what type of information you need to protect, • the risks related to how you are currently using and protecting information; • and how to best proceed in reducing risks. Information Security Assessment Overview
  16. 16. The FRSecure Information Security Assessment: • Comprehensive – We review and assess all of your current physical, administrative, and technical protections. • Standardized – Our assessment is based on and mapped to the ISO 27002 (17799:2005) international standard • Compliant – Comprehensive enough to satisfy all major industry and regulatory requirements including GLBA, HIPAA, SOX, and various state laws • Functional – The results from our assessment are easily understood and our recommendations are functionally sound Information Security Assessment Overview
  17. 17. How do we assess their current environment? We walk through as many as 3000 aspects of your information security program with you during our assessment. Our questions are tailored around the specific information that you need and want to protect. We focus our questions in these main areas: • Security Policy Management • Corporate Security Management • Organizational Asset Management • Human Resource Security Management • Physical Security Management • Environmental Security Management • Compliance Management • Communications Management • Operations Management • Information Access Control Management • Information Systems Security Management • Information Security Incident Management • Business Continuity Management Information Security Assessment Overview
  18. 18. What do you get from an FRSecure Information Security Assessment? – Executive Summary • Overview of most significant risks • High level mitigation plans – Technical Specification • Detailed documentation of all findings, including risks, risk ratings, and mitigation strategies – Action Plan* • Detailed risk mitigation plan *We don’t just tell you what’s wrong and leave you to figure out how to fix it. Information Security Assessment Deliverables
  19. 19.   How do we help you implement the action plan? We determine the areas where we can make simple, low cost changes that  will improve security significantly.  We then plan and coordinate the  larger changes needed to fully implement the security plan.  We act as your Information Security department, if needed.  We create  policies and procedures, as well as help with training and corporate  acceptance. Once the Action Plan is complete, typically 6-12 months, we will do a second  Assessment to show that your environment is now adequately secure. Implementing the Action Plan
  20. 20. A full accounting of FRSecure’s Services: • Information Security Assessment • Information Security Program Development • Information Security Management • Penetration Testing • Business Continuity Planning • Incident Response • Training & Awareness • Legal Expert Witness and Testimony Full-Service Consulting
  21. 21. Information Security Assessment An independent and objective assessment of your current information security program. We have a keen understanding of practical information security in business,  not just theory and academics.  FRSecure personnel average more than 10  years of direct information security experience.  The reasons for  conducting an information security assessment range from just wanting to  know where you stand, to satisfying compliance requirements.  FRSecure  information security assessments are specifically customized to meet (or  exceed) your objectives and provide you with valuable, actionable  information.  Most of our information security assessments are based on  the ISO 27002 international standard   Full-Service Consulting
  22. 22. Information Security Program Development Cost-effective and customized information security program development that reduces risk and improves efficiency. In order to maximize your information security investments, you need to take  a formal, risk-based approach.  FRSecure has developed cost-effective  information security programs for companies of all shapes and sizes,  public and private, in a variety of industries.  Over the years we have  gained a tremendous amount of experience, and this experience has led to  principles that guide each one of our information security development  projects.  Most organizations know that they need to something in regards  to information security, but don’t have the expertise to implement a  program themselves.   Full-Service Consulting
  23. 23. Information Security Management Leverage years of expertise without the tremendous expense that can accompany it. An information security professional on par with those employed by  FRSecure can be costly and unaffordable for many companies.  After  factoring in salary, benefits, bonuses, and office space, an experienced  information security professional can cost as much as $180,000 annually.   FRSecure saves our clients money by using our proven approach to  information security management.   Full-Service Consulting
  24. 24. Penetration Testing An active evaluation or assessment of your information security controls. You have taken the time and spent the money in an effort to protect your  information assets, but how secure are you?  How effective are your  controls?  The only true way to be sure that your controls are effectively  protecting your information assets is to test them.  Expert engineers who  understand current, real-world threats conduct our penetration testing  services.  Before we start any penetration test, we take the time to  understand your goals and objectives and then customize an approach to  maximize your value.     Full-Service Consulting
  25. 25. Business Continuity Planning Planning that keeps your business in business if bad things happen. The wrong time to find out that your business continuity plan is ineffective is  when you have to use it.  Good business continuity planning keeps your  business up and running through interruptions of any kind; power failures,  IT system crashes, natural disasters, supply chain problems and more.   FRSecure business continuity planning has helped our clients avoid  disaster when disaster strikes. Full-Service Consulting
  26. 26. Incident Response Professional assistance in helping you respond appropriately to an information security incident. Any good information security professional will tell you that it is impossible  to stop all threats to your information security assets.  Realized threats  must be detected promptly and responded to systematically.  A poor  incident response can be more costly than the incident alone.  FRSecure  has responded to hundreds of incidents, which has led to minimized  financial impact, improved processes, and thorough investigations leading  to civil and/or criminal prosecutions.   Full-Service Consulting
  27. 27. Training & Awareness Effective training and awareness programs proven to improve employee compliance with your requirements. Another fact; people present the most significant risks to your company’s  information assets.  Poor information security practices are a common  cause of breaches.  One of the best investments you can make in regards  to information security is in the area of employee training and awareness.   FRSecure has developed and delivered over a thousand hours of  information security training for our clients.   Full-Service Consulting
  28. 28. Legal Expert Witness and Testimony Making a case is difficult enough, but making a case without the right expertise is nearly impossible. We are not lawyers, but we help lawyers understand information security related matters and decipher the facts involved in their cases. We help lawyers win cases for their clients. Full-Service Consulting
  29. 29. • Have you done a SAS70 or are you being asked to perform one? • Are you in a regulated industry? • Has a valued client ever asked you to answer an information security questionnaire? • Do you have a formal information security program? • Do you have problems getting executives or employees to buy into your information security ideas, changes, or programs? • Do you have regular training for employees regarding securing information? • Do you already know that there are holes, but you don’t know what to do about them? • What percentage of your time is spent on information security? What should it be? • What information security challenges do you currently face? • How would you announce a sensitive information breach to the public? • How confident are you that your data protection is what it should be? Good Questions to Ask
  30. 30. Experts that act as their Information Security Department or CSO (Chief Security Officer) Signoff on regulatory compliance issues Signoff on client required security audits Ability to add additional sales channels Competitor differentiation Knowledge that they’re doing everything they can to protect their business. What’s in it for them?
  31. 31. Revenue Sharing • 10% of all realized revenue will be paid as a commission for all revenue generated within 1 year of the original SOW. • This commission will be paid as 1099 income for any business you refer us. Sub Contracting We can also be included in a project as a sub contractor. In this case, we will quote you our cost, and you can mark up as appropriate. What’s in it for you?
  32. 32. We offer a free Preliminary Assessment to any prospective client. A Preliminary Assessment includes a short questionnaire and a 30 minute phone conference with one of our experts. The goal of this Preliminary Assessment is to find out if there is information that needs to be protected, as well as establishing credibility within their organization. Preliminary Assessment
  33. 33. In order to help our clients address specific needs that are outside of FRSecure’s core business, we have established partnerships with respected organization that we are pleased to work with and refer to. Who else do we work with? With more to come!
  34. 34. FRSecure is actively participating online through our Web site, blog, and social media sites. • Web: http://www.frsecure.com • Blog: http://www.breachblog.com • Facebook: http://www.facebook.com/frsecure • Twitter: http://www.twitter.com/frsecure • LinkedIn: http://www.linkedin.com/company/frsecure-llc Coming soon – Redesigned blog and podcasts Where can you find us?
  35. 35. FRSecure is the best solution for you to assess your information security needs, address those needs and partner with you for the future. Questions? Contact Us – info@frsecure.com or http://www.frsecure.com It’s not just protecting your information. It’s protecting your business. What is the bottom line?