• Save
Information security challenges in today’s banking environment
Upcoming SlideShare
Loading in...5
×
 

Information security challenges in today’s banking environment

on

  • 667 views

This presentation was delivered to by FRSecure's Evan Francen to the Uniforum User's Group on November 8th, 2012. There were more than 50 bankers in attendance, and the presentation was very well ...

This presentation was delivered to by FRSecure's Evan Francen to the Uniforum User's Group on November 8th, 2012. There were more than 50 bankers in attendance, and the presentation was very well received.

Statistics

Views

Total Views
667
Views on SlideShare
665
Embed Views
2

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 2

https://www.linkedin.com 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Information security challenges in today’s banking environment Information security challenges in today’s banking environment Presentation Transcript

  • Information Security Challenges in Today’s Banking Environment Uniforum – November 8, 2012 Presented by Evan Francen, President – FRSecure, LLChttp://www.frsecure.com | 952-467-6384
  • Introduction Thank you for attending! Thank you to Uniforum for inviting us!http://www.frsecure.com | 952-467-6384
  • Introduction Before we get started: • This is not your typical presentation. • What you have to say is as important as what I am going to tell you. • You are encouraged to participate! I will ask you questions, if you don’t ask me some!http://www.frsecure.com | 952-467-6384
  • Introduction FRSecure • Information security consulting company – it’s all we do. • Established in 2008 by people who have earned their stripes in the field. • We help small to medium sized organizations solve information security challenges.http://www.frsecure.com | 952-467-6384
  • Introduction Speaker – Evan Francen, CISSP CISM CCSK • President & Co-founder of FRSecure • 20 years of information security experience • Security evangelist with more than 700 published articles • Experience with 150+ public & private organizations.http://www.frsecure.com | 952-467-6384
  • Introduction Topics • What drives information security in your organization? • What is information security? • Compliance vs. Risk • Current Threats vs. Future Threats • Current Regulations vs. Future Regulations • Solution - Strategic Information Security • Top Five Things You Should Master (Tactically & Strategically) • Need Help? – Contact Us!http://www.frsecure.com | 952-467-6384
  • What drives information security at your organization? This is a question for you?http://www.frsecure.com | 952-467-6384
  • Maybe our explanation of information security would help… In your opinion/words, what is information security?http://www.frsecure.com | 952-467-6384
  • Information Security Is Not an IT Issue The application of Administrative, Physical and Technical controls in an effort to protect the Confidentiality, Integrity, and Availability of Information. IT-centric information security over-emphasizes Technical Control, often at the expense of Administrative and Physical Control. IT-centric information security also places an over-emphasis on Availability of systems, sometimes at the expense of Confidentiality and Integrity.http://www.frsecure.com | 952-467-6384
  • What is Information Security?http://www.frsecure.com | 952-467-6384
  • Back to our question; what drives information security at your organization? Compliance vs. Risk • Information security is not one size fits all • Who knows your organization better? • Checklists only work as well as the checklist • Motivation. You’re in business to make money. Right? • Strategy. What is the examiner going to ask vs. what are our risks? Really, there is only one good answer.http://www.frsecure.com | 952-467-6384
  • Back to our question; what drives information security at your organization? Compliance vs. Risk - Compliance • Do you have a firewall? Check. • Do you have an acceptable use policy? Check. • Do you encrypt the data on your internal network? No?! Well you need to encrypt the data on your internal network. • Do you have filtered network segmentation on your internal LAN? No?! You need to install firewalls between network segments.http://www.frsecure.com | 952-467-6384
  • Back to our question; what drives information security at your organization? Compliance vs. Risk - Risk • You have a firewall. How well does your firewall provide value? Is the firewall effective in controlling access and reducing risk? Is the firewall adequately managed and monitored? • How does our use of our firewall align with our business objectives? • What is the risk in how the firewall is currently designed, implemented, and managed? • How can we take what we’ve learned about our use of the firewall and plan for the future of our business?http://www.frsecure.com | 952-467-6384
  • Compliance vs. Risk In summary: Compliance based information security does not lend itself well to strategy, alignment, or cost- effectiveness.http://www.frsecure.com | 952-467-6384
  • Current Threats vs. Future Threats Hopefully, we know what challenges we face today. How do we determine with any certainty, what threats we face in the future? • Pay attention to the news. • Subscribe to security-related publications. • Continue to participate in user groups. Good Resources; http://www.bankinfosecurity.com/, http://krebsonsecurity.com/, http://isc.sans.edu/, Uniforum, and others.http://www.frsecure.com | 952-467-6384
  • Current Threats vs. Future Threats Hopefully, we know what challenges we face today. What should be plan for? • Risk management, not compliance management • People are the biggest risk, spend on training & awareness • More regulatory pressure • Detective and corrective controls – Plan to be breached.http://www.frsecure.com | 952-467-6384
  • Current Regulations vs. Future Regulations Can we all agree that regulatory pressure will not decrease? • Prepare for additional pressure and more intrusive audits/examinations. • Prepare for more regulation. • Letter of the law vs. Intent of the lawhttp://www.frsecure.com | 952-467-6384
  • Solution – A strategic approach to information security Principles of strategic information security: • Alignment with business objectives • It’s all about people – culture • Management involvement • Proactive vs. Reactive • Forward-looking • Formal OWN IT!http://www.frsecure.com | 952-467-6384
  • Top Five Things for You Should Master #1 – Risk Management • Where are your most significant risks? • What risk is the highest (priority)? • How will we justify our existence (expenditures)? • How do we measure what we’re doing?http://www.frsecure.com | 952-467-6384
  • Top Five Things for You Should Master #2 – Documented Policies & Procedures • Policies are one tool we use to set culture. • What is management’s view? • Nobody reads policy; no offense. • People are the biggest risk. • Policies set direction and governancehttp://www.frsecure.com | 952-467-6384
  • Top Five Things for You Should Master #3 – Patch Management and Malicious Code Controls • Together, not one in lieu of the other • Might be a pain, but it’s worth it (trust me) • This is the song that never ends…http://www.frsecure.com | 952-467-6384
  • Top Five Things You Should Master #4 – Training & Awareness • How do users know what to do if you don’t tell them? • Remember culture?http://www.frsecure.com | 952-467-6384
  • Top Five Things for You Should Master #5 – Incident Responsehttp://www.frsecure.com | 952-467-6384
  • DON’T FORGET Sometimes information security professionals forget these facts! • Not all risks require mitigation/remediation • Information security must be strategic • Information security strategy must align with business strategy • Avoid business vs. information security scenarios • Information security controls should be as transparent as possiblehttp://www.frsecure.com | 952-467-6384
  • Top Five Things for You Should Master BONUS Mobile Device Security • Data doesn’t stay home anymore • How do you protect data on mobile devices?http://www.frsecure.com | 952-467-6384
  • How we help – Risk Assessmenthttp://www.frsecure.com | 952-467-6384
  • How we help – Risk Management (Build & Manage)http://www.frsecure.com | 952-467-6384
  • Need Help? Contact FRSecure! Some of our services: • Information Security Assessments • Compliance Assessments (i.e. HIPAA, GLBA, etc.) • Customer Required Assessments • Internal Network Vulnerability Assessments • External Network Security Assessments • Penetration Testing • BC/DR Plans • Policy Creation Evan Francen, CISSP CISM • Outsourced Security Resources President evan@frsecure.com 952-467-6384 (direct) www.frsecure.comhttp://www.frsecure.com | 952-467-6384
  • Thank you! Questions?http://www.frsecure.com | 952-467-6384