An Introduction to Information Security

739 views

Published on

A recent presentation given by FRSecure at the Action, Inc. Data Security Event on August 17th, 2011. This presentation was delivered by FRSecure president, Evan Francen CISSP CISM CCSK

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
739
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

An Introduction to Information Security

  1. 1. FRSecure/Action, Inc. <br />Introduction to Information Security<br />Copyright Notice<br />Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.<br />
  2. 2. Before we get started:<br /><ul><li>This is not your typical presentation.
  3. 3. What you have to say is as important as what I am going to tell you.
  4. 4. You are encouraged to participate!</li></ul>Copyright Notice<br />Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.<br />
  5. 5. FRSecure and Action, Inc.<br /><ul><li>How we got to know each other
  6. 6. What does FRSecure think about the Action, Inc. approach to information security?</li></ul>Copyright Notice<br />Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.<br />
  7. 7. FRSecure<br /><ul><li>Information security consulting company – it’s all we know how to do.
  8. 8. Established in 2008 by a few people who have earned their stripes in the field.
  9. 9. We help small to medium sized organizations solve information security challenges.</li></ul>Copyright Notice<br />Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.<br />
  10. 10. Speaker – Evan Francen, CISSP CISM CCSK<br /><ul><li>President & Co-founder of FRSecure
  11. 11. 20 years of information security experience
  12. 12. Security evangelist with more than 700 published articles
  13. 13. Experience with 150+ public & private organizations.</li></ul>Copyright Notice<br />Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.<br />
  14. 14. Speaker – Evan Francen, CISSP CISM CCSK<br />Copyright Notice<br />Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.<br />
  15. 15. Topics<br /><ul><li>What is information security?
  16. 16. Current Events & Challenges
  17. 17. What should you be doing?
  18. 18. Why should I care?
  19. 19. What does the future look like?</li></ul>Copyright Notice<br />Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.<br />
  20. 20. What is information security?<br />This is really a question for you<br />Copyright Notice<br />Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.<br />
  21. 21. Fundamentally, Information Security is:<br />The application of Administrative, Physical and Technical controls in an effort to protect the Confidentiality, Integrity, and Availability of Information.<br />Controls:<br />Administrative – Policies, procedures, processes<br />Physical – Locks, cameras, alarm systems<br />Technical – Firewalls, anti-virus software, permissions<br />Protect:<br />Confidentiality – Disclosure to authorized entities<br />Integrity – Accuracy and completeness<br />Availability – Accessible when required and authorized<br />Copyright Notice<br />Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.<br />
  22. 22. Information Security Current Events<br />Copyright Notice<br />Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.<br />
  23. 23. Information Security Challenges<br />Copyright Notice<br />Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.<br />
  24. 24. Small to Medium-Sized Businesses<br />(40 – 2,000 employees)<br />Top 5 Drivers:<br /><ul><li>Customer Requirements
  25. 25. Compliance
  26. 26. Reputation
  27. 27. Aren’t Sure
  28. 28. Risk</li></ul>Choose the correct driver:<br />RISK<br />Copyright Notice<br />Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.<br />
  29. 29. What should you be doing?<br /><ul><li>Practice “due care”
  30. 30. Formalize a risk-based approach
  31. 31. Make yourself defensible
  32. 32. Prevention
  33. 33. Detection
  34. 34. Correction</li></ul>Copyright Notice<br />Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.<br />
  35. 35. What if you do nothing?<br />It’s likely that there will be consequences<br /><ul><li>Civil suits
  36. 36. Regulatory fines
  37. 37. Legal fees
  38. 38. Investigation fees
  39. 39. FBI investigations
  40. 40. Forensic investigations
  41. 41. Loss of consumer confidence
  42. 42. Loss of brand name recognition and status
  43. 43. Loss of customers, potentially to be driven out of business
  44. 44. Potential personal liabilities for company leaders
  45. 45. Loss of Intellectual property
  46. 46. Etc., etc., etc.</li></ul>Copyright Notice<br />Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.<br />
  47. 47. BUT WAIT…<br />Information security has benefits!<br /><ul><li>Protection of your company’s information assets
  48. 48. Protection of your customer’s information
  49. 49. Assurance that you’re doing the right things to protect information
  50. 50. Protection from legal liability
  51. 51. Reduced likelihood of a breach
  52. 52. Reduced impact if a breach occurs
  53. 53. Improved customer confidence
  54. 54. A great marketing tool!</li></ul>Copyright Notice<br />Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.<br />
  55. 55. What does the future hold? <br />Do you want the good news or the bad news first?<br />Copyright Notice<br />Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.<br />
  56. 56. What does the future hold? <br />The good news<br />There will be real rewards for organizations that take security seriously<br /><ul><li>Incentive-based regulations
  57. 57. Lower costs in other areas of business; insurance, process efficiencies, etc.
  58. 58. Competitive advantage</li></ul>In general, there will be a greater awareness of information security<br />Real quantifiable data will be available to determine the most optimal investments<br />Copyright Notice<br />Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.<br />
  59. 59. What does the future hold? <br />The bad news<br />We expect more:<br /><ul><li>attacks targeted at small firms
  60. 60. pressure from customers
  61. 61. legislation & regulation
  62. 62. hacktivism
  63. 63. state-sponsored attacks
  64. 64. mobile device attacks</li></ul>Copyright Notice<br />Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.<br />
  65. 65. Conclusion<br /><ul><li>Take the time to understand basic information security concepts
  66. 66. Stay current on world events, but don’t lose focus on your specific needs
  67. 67. Choose risk as your driver; not compliance or customer requirements
  68. 68. Capitalize on benefits</li></ul>Sleep well!<br />Copyright Notice<br />Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.<br />
  69. 69. YOU MADE IT! - Questions?<br />About FRSecure<br />FRSecure LLC is a full-service information security consulting company. We are dedicated to information security education, awareness, application, and improvement. FRSecure helps clients understand, design, implement, and manage best-in-class information security solutions; thereby achieving optimal value for every information security dollar spent. Our clients are in business to make money, so we design secure solutions that drive business, protect sensitive information assets, and improve the bottom line.<br />Regulatory and industry compliance is built into all of our solutions.<br /> <br />FRSecure information security professionals average over 15 years of experience<br />Copyright Notice<br />Material contained in this document is proprietary to FRSecure LLC and is to be treated confidentially by all recipients. Acceptance of delivery of this material constitutes acknowledgment of the confidential relationship under which disclosure and delivery are made. FRSecure copyrights this material and all rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system without permission in writing from FRSecure.<br />

×