Your SlideShare is downloading. ×
Information Security in a Compliance World
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Information Security in a Compliance World

114
views

Published on

Presented by Evan Francen at the 2012 RK Dixon Tech Summit …

Presented by Evan Francen at the 2012 RK Dixon Tech Summit

What drives information security in your organization?
What is information security?
Customer requirements
Compliance
Compliant = Secure?
Solution - Strategic Information Security
Top Five Things You Should Do (Tactically & Strategically)
Need Help? – Contact Us!

Published in: Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
114
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Information Security in a Compliance World RK Dixon Tech Summit ‘12 – November 7, 2012 Presented by Evan Francen, President – FRSecure, LLChttp://www.frsecure.com | 952-467-6384
  • 2. Introduction Thank you for attending! Thank you to RK Dixon for inviting us!http://www.frsecure.com | 952-467-6384
  • 3. Introduction Before we get started: • This is not your typical presentation. • What you have to say is as important as what I am going to tell you. • You are encouraged to participate! I will ask you questions, if you don’t ask me some!http://www.frsecure.com | 952-467-6384
  • 4. Introduction FRSecure • Information security consulting company – it’s all we do. • Established in 2008 by people who have earned their stripes in the field. • We help small to medium sized organizations solve information security challenges.http://www.frsecure.com | 952-467-6384
  • 5. Introduction Speaker – Evan Francen, CISSP CISM CCSK • President & Co-founder of FRSecure • 20 years of information security experience • Security evangelist with more than 700 published articles • Experience with 150+ public & private organizations.http://www.frsecure.com | 952-467-6384
  • 6. Introduction Topics • What drives information security in your organization? • What is information security? • Customer requirements • Compliance • Compliant = Secure? • Solution - Strategic Information Security • Top Five Things You Should Do (Tactically & Strategically) • Need Help? – Contact Us!http://www.frsecure.com | 952-467-6384
  • 7. What drives information security at your organization? This is a question for you?http://www.frsecure.com | 952-467-6384
  • 8. Maybe an explanation of information security would help… In your opinion/words, what is information security?http://www.frsecure.com | 952-467-6384
  • 9. What is Information Security?http://www.frsecure.com | 952-467-6384
  • 10. Information Security Is Not an IT Issue The application of Administrative, Physical and Technical controls in an effort to protect the Confidentiality, Integrity, and Availability of Information. IT-centric information security over-emphasizes Technical Control, often at the expense of Administrative and Physical Control. IT-centric information security also places an over-emphasis on Availability of systems, sometimes at the expense of Confidentiality and Integrity.http://www.frsecure.com | 952-467-6384
  • 11. Back to our question; what drives information security at your organization? Customer Requirements? Regulations? • HIPAA, GLBA, FTC, FERPA, Computer Fraud and Abuse Act, etc. Risk? Really, there is only one good answer.http://www.frsecure.com | 952-467-6384
  • 12. Customer Requirements What’s the problem with customer requirements? • Different customers, different requirements • Customers don’t know your business like you do • Customer protection is more important than your success • Customers are probably more confused than you are Should the basis of your information security strategy be customer requirements?http://www.frsecure.com | 952-467-6384
  • 13. What’s the problem with compliance? • You’re in business to make money, right? • Information security is not one size fits all • Regulators and examiners are not information security professionals • Compliance is confusing, yes? Should the basis of your information security strategy be compliance?http://www.frsecure.com | 952-467-6384
  • 14. Compliant DOESN’T mean Secure! Today’s compliance landscape is confusing! Federal Regulations: • HIPAA, GLBA, FTC, FERPA, Computer Fraud and Abuse Act, etc. State Regulations: • Breach notification laws, data destruction laws, data protection laws Industry Regulations: • Payment Card Industry Data Security Standard (PCI-DSS) Customer Requirements: • Good luck!http://www.frsecure.com | 952-467-6384
  • 15. Solution – A strategic approach to information security Principles of strategic information security: • Alignment with business objectives • It’s all about people – culture • Management involvement • Proactive vs. Reactive • Forward-looking • Formal OWN IT!http://www.frsecure.com | 952-467-6384
  • 16. Top Five Things for You To Do #1 – Conduct a risk assessment • Where are your most significant risks? • What risk is the highest (priority)? • How will we justify our existence (expenditures)? • How do we measure what we’re doing?http://www.frsecure.com | 952-467-6384
  • 17. Top Five Things for You To Do #2 – Documented Policies & Procedures • Policies are one tool we use to set culture. • What is management’s view? • Nobody reads policy, bummer. • People are the biggest risk. • Policies set direction and governancehttp://www.frsecure.com | 952-467-6384
  • 18. Top Five Things for You To Do #3 – Patch your systems & install antivirus • Together, not one in lieu of the other • Might be a pain, but it’s worth it (trust me) • This is the song that never ends…http://www.frsecure.com | 952-467-6384
  • 19. Top Five Things for You To Do #4 – Training & Awareness • How do users know what to do if you don’t tell them? • Remember culture?http://www.frsecure.com | 952-467-6384
  • 20. Top Five Things for You To Do #5 – Incident Responsehttp://www.frsecure.com | 952-467-6384
  • 21. DON’T FORGET Sometimes information security professionals forget this fact! • Not all risks require mitigation/remediation • Information security must be strategic • Information security strategy must align with business strategy • Avoid business vs. information security scenarios • Information security controls should be as transparent as possiblehttp://www.frsecure.com | 952-467-6384
  • 22. Top Five Things for You To Do BONUS Govern mobile devices • Data doesn’t stay home anymore • How do you protect data on mobile devices?http://www.frsecure.com | 952-467-6384
  • 23. How we help – Risk Assessmenthttp://www.frsecure.com | 952-467-6384
  • 24. How we help – Risk Management (Build & Manage)http://www.frsecure.com | 952-467-6384
  • 25. Need Help? Contact FRSecure! Some of our services: • Information Security Assessments • Compliance Assessments (i.e. HIPAA, GLBA, etc.) • Customer Required Assessments • Internal Network Vulnerability Assessments • External Network Security Assessments • Penetration Testing • BC/DR Plans • Policy Creation Evan Francen, CISSP CISM • Outsourced Security Resources President evan@frsecure.com 952-467-6384 (direct) www.frsecure.comhttp://www.frsecure.com | 952-467-6384
  • 26. Thank you! Questions?http://www.frsecure.com | 952-467-6384