SlideShare a Scribd company logo

Ten Information Security Principles to Live (or Die) By

Evan Francen
Evan Francen

The presentation slides delivered by Evan Francen (FRSecure president) to Secure360 attendees on May 9th, 2012. The ten principles are: 1. A business is in business to make money. 2. Information security is a business issue. 3. Make information security fun. 4. People are the most significant risk. 5. "Compliant" and "Secure" are different. 6. There's no common sense in information security 7. Secure is relative 8. Information security should enable business 9. Information security is not one-size-fits-all 10. There is no "easy button" The presentation was very well-received, and we sincerely thank all who attended!

Technology
1 of 28
WELCOME TO SECURE360 2012  Did you remember to scan your badge for CPE Credits? Ask your Room Volunteer for assistance.  Please complete the Session Survey front and back (this is Room 12), and leave on your seat. Note: “Session” is Tuesday or Wednesday  Are you tweeting? #Sec360
BEFORE WE GET STARTED • This is not your typical presentation. • What you have to say is as important as what I am going to tell you. • You are encouraged to participate! 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
SPEAKER – EVAN FRANCEN, CISSP CISM • President & Co-founder of FRSecure • 20 years of information security experience • Security evangelist with more than 700 published articles • Experience with 150+ public & private organizations. 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
SPEAKER – EVAN FRANCEN, CISSP CISM NOT ME, BUT KIND OF 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
ABOUT FRSECURE • Information security consulting company – it’s all we know how to do. • Established in 2008 by people who have earned their stripes in the field. • We help small to medium sized organizations solve information security challenges. 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
HOW DO “NORMAL” PEOPLE FEEL? About information security… 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
TEN INFORMATION SECURITY TRUTHS Nothing earth-shattering, but too often forgotten by those of us in the industry. “rules of the game” 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
#1 – A BUSINESS IS IN BUSINESS TO MAKE MONEY • Some risks are worth taking • Not all risks require remediation • All information security expenses need justification • There is no ROI in information security, right? 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
#2 – INFORMATION SECURITY IS A BUSINESS ISSUE • It is NOT an IT issue! • Executive management probably doesn’t need the detailed specs of your new NGFW • Executive management does need to be aware of strategic direction and most significant risks. • Ultimately, it’s executive management that’s responsible 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
#3 – INFORMATION SECURITY IS FUN • That’s right, we said FUN! • Information security is more effective if people enjoy it. • Look for opportunities to make information security fun • Laugh at yourself sometimes (not always others) • We can be serious AND fun. They don’t have to be exclusive. 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
#3 – INFORMATION SECURITY IS FUN Fun like this? 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
#3 – INFORMATION SECURITY IS FUN Or this… 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
#3 – INFORMATION SECURITY IS FUN Not this… 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
#3 – INFORMATION SECURITY IS FUN Or this… 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
#4 – PEOPLE ARE THE BIGGEST RISK • It’s not the technology • Change the culture of the business • Training & Awareness is critical • Personalize information security 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
#4 – PEOPLE ARE THE BIGGEST RISK Risky? 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
#4 – PEOPLE ARE THE BIGGEST RISK “An employee at a car dealership who was authorized to view Minnesotans' vehicle data allegedly shared his login information with a friend working at a vehicle repossession company, leading to unlawful data access that could affect about 3,700 people, the state said Friday, April 27.” 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
#4 – PEOPLE ARE THE BIGGEST RISK 1. Why was this guy running in the first place? 2. Has this guy been here before? 3. Uh sir, you dropped your gun! 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
#5 – “COMPLIANT” AND “SECURE” ARE DIFFERENT 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
#6 – THERE IS NO COMMON SENSE IN INFORMATION SECURITY • What makes perfect sense to you, probably doesn’t make perfect sense to everyone else. • Users feel justified in their actions. • Try to see the world the way they see it. 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
#7 – “SECURE” IS RELATIVE • Have you ever been asked “Are we secure?” or “Are you secure?” • We can only answer “how” secure we are • Find metrics that you can measure - CVSS Scoring for technical vulnerabilities - Gap analysis • Without measurement you don’t know 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
#8 – INFORMATION SECURITY SHOULD DRIVE BUSINESS • We have a bad rap for getting in the way of business, and for being a cost-center. • What opportunities does information security have for enabling business and adding to the bottom line? • Information security objectives must align with business objectives. • You won’t succeed unless you engage with key business process owners. 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
#9 – INFORMATION SECURITY IS NOT ONE SIZE FITS ALL • What works for one, may not work for another: - Policies - Technologies - Compliance • Information security is a custom solution 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
#10 – THERE IS NO “EASY BUTTON” WHAT, You mean that I can’t buy a solution to solve all my information security problems?! • Don’t sacrifice ease for missing fundamentals • Information security is work, sorry. 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
THE TEN PRINCIPLES 1. A business is in business to make money. 2. Information security is a business issue. 3. Make information security fun. 4. People are the most significant risk. 5. “Compliant” and “Secure” are different 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
THE TEN PRINCIPLES 6. There’s no common sense in information security 7. Secure is relative 8. Information security should drive business 9. Information security is not one size fits all 10. There is no “easy button” 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
THANK YOU! Questions? Comments? Evan Francen FRSecure LLC evan@frsecure.com 952-467-6384 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com

Recommended

Information Security
Information SecurityInformation Security
Information Securityhaneefvf1
 
Information system security wk5-1-pki
Information system security wk5-1-pkiInformation system security wk5-1-pki
Information system security wk5-1-pkiBee Lalita
 
Information system security wk3-1
Information system security wk3-1Information system security wk3-1
Information system security wk3-1Bee Lalita
 
Hashing
HashingHashing
HashingTanzila Islam
 
Information system security wk6-1
Information system security wk6-1Information system security wk6-1
Information system security wk6-1Bee Lalita
 
Information systems 365 lecture four - Security Policy Development, Data Clas...
Information systems 365 lecture four - Security Policy Development, Data Clas...Information systems 365 lecture four - Security Policy Development, Data Clas...
Information systems 365 lecture four - Security Policy Development, Data Clas...Nicholas Davis
 
8 Access Control
8 Access Control8 Access Control
8 Access ControlAlfred Ouyang
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 

Recommended

Information Security
Information SecurityInformation Security
Information Securityhaneefvf1
 
Information system security wk5-1-pki
Information system security wk5-1-pkiInformation system security wk5-1-pki
Information system security wk5-1-pkiBee Lalita
 
Information system security wk3-1
Information system security wk3-1Information system security wk3-1
Information system security wk3-1Bee Lalita
 
Hashing
HashingHashing
HashingTanzila Islam
 
Information system security wk6-1
Information system security wk6-1Information system security wk6-1
Information system security wk6-1Bee Lalita
 
Information systems 365 lecture four - Security Policy Development, Data Clas...
Information systems 365 lecture four - Security Policy Development, Data Clas...Information systems 365 lecture four - Security Policy Development, Data Clas...
Information systems 365 lecture four - Security Policy Development, Data Clas...Nicholas Davis
 
8 Access Control
8 Access Control8 Access Control
8 Access ControlAlfred Ouyang
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemEvan Francen
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasEvan Francen
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemEvan Francen
 
Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Evan Francen
 
Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyEvan Francen
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksEvan Francen
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & ManufacturingEvan Francen
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudEvan Francen
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917Evan Francen
 
People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017Evan Francen
 
AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionEvan Francen
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceEvan Francen
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceEvan Francen
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information SecurityEvan Francen
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance WorldEvan Francen
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderEvan Francen
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT IssueEvan Francen
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByEvan Francen
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 

More Related Content

More from Evan Francen

WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemEvan Francen
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasEvan Francen
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemEvan Francen
 
Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Evan Francen
 
Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyEvan Francen
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksEvan Francen
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & ManufacturingEvan Francen
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudEvan Francen
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917Evan Francen
 
People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017Evan Francen
 
AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionEvan Francen
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceEvan Francen
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceEvan Francen
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information SecurityEvan Francen
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance WorldEvan Francen
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderEvan Francen
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT IssueEvan Francen
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByEvan Francen
 

More from Evan Francen (20)

WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language Problem
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware Dallas
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
 
Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219
 
Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk Effectively
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party Risks
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & Manufacturing
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment Fraud
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
 
People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017
 
AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the Union
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to Compliance
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology Conference
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information Security
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance World
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a Leader
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) By
 

Recently uploaded

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 

Recently uploaded (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 

Ten Information Security Principles to Live (or Die) By

  • 1.
  • 2. WELCOME TO SECURE360 2012  Did you remember to scan your badge for CPE Credits? Ask your Room Volunteer for assistance.  Please complete the Session Survey front and back (this is Room 12), and leave on your seat. Note: “Session” is Tuesday or Wednesday  Are you tweeting? #Sec360
  • 3. BEFORE WE GET STARTED • This is not your typical presentation. • What you have to say is as important as what I am going to tell you. • You are encouraged to participate! 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
  • 4. SPEAKER – EVAN FRANCEN, CISSP CISM • President & Co-founder of FRSecure • 20 years of information security experience • Security evangelist with more than 700 published articles • Experience with 150+ public & private organizations. 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
  • 5. SPEAKER – EVAN FRANCEN, CISSP CISM NOT ME, BUT KIND OF 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
  • 6. ABOUT FRSECURE • Information security consulting company – it’s all we know how to do. • Established in 2008 by people who have earned their stripes in the field. • We help small to medium sized organizations solve information security challenges. 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
  • 7. HOW DO “NORMAL” PEOPLE FEEL? About information security… 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
  • 8. TEN INFORMATION SECURITY TRUTHS Nothing earth-shattering, but too often forgotten by those of us in the industry. “rules of the game” 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
  • 9. #1 – A BUSINESS IS IN BUSINESS TO MAKE MONEY • Some risks are worth taking • Not all risks require remediation • All information security expenses need justification • There is no ROI in information security, right? 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
  • 10. #2 – INFORMATION SECURITY IS A BUSINESS ISSUE • It is NOT an IT issue! • Executive management probably doesn’t need the detailed specs of your new NGFW • Executive management does need to be aware of strategic direction and most significant risks. • Ultimately, it’s executive management that’s responsible 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
  • 11. #3 – INFORMATION SECURITY IS FUN • That’s right, we said FUN! • Information security is more effective if people enjoy it. • Look for opportunities to make information security fun • Laugh at yourself sometimes (not always others) • We can be serious AND fun. They don’t have to be exclusive. 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
  • 12. #3 – INFORMATION SECURITY IS FUN Fun like this? 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
  • 13. #3 – INFORMATION SECURITY IS FUN Or this… 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
  • 14. #3 – INFORMATION SECURITY IS FUN Not this… 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
  • 15. #3 – INFORMATION SECURITY IS FUN Or this… 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
  • 16. #4 – PEOPLE ARE THE BIGGEST RISK • It’s not the technology • Change the culture of the business • Training & Awareness is critical • Personalize information security 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
  • 17. #4 – PEOPLE ARE THE BIGGEST RISK Risky? 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
  • 18. #4 – PEOPLE ARE THE BIGGEST RISK “An employee at a car dealership who was authorized to view Minnesotans' vehicle data allegedly shared his login information with a friend working at a vehicle repossession company, leading to unlawful data access that could affect about 3,700 people, the state said Friday, April 27.” 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
  • 19. #4 – PEOPLE ARE THE BIGGEST RISK 1. Why was this guy running in the first place? 2. Has this guy been here before? 3. Uh sir, you dropped your gun! 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
  • 20. #5 – “COMPLIANT” AND “SECURE” ARE DIFFERENT 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
  • 21. #6 – THERE IS NO COMMON SENSE IN INFORMATION SECURITY • What makes perfect sense to you, probably doesn’t make perfect sense to everyone else. • Users feel justified in their actions. • Try to see the world the way they see it. 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
  • 22. #7 – “SECURE” IS RELATIVE • Have you ever been asked “Are we secure?” or “Are you secure?” • We can only answer “how” secure we are • Find metrics that you can measure - CVSS Scoring for technical vulnerabilities - Gap analysis • Without measurement you don’t know 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
  • 23. #8 – INFORMATION SECURITY SHOULD DRIVE BUSINESS • We have a bad rap for getting in the way of business, and for being a cost-center. • What opportunities does information security have for enabling business and adding to the bottom line? • Information security objectives must align with business objectives. • You won’t succeed unless you engage with key business process owners. 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
  • 24. #9 – INFORMATION SECURITY IS NOT ONE SIZE FITS ALL • What works for one, may not work for another: - Policies - Technologies - Compliance • Information security is a custom solution 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
  • 25. #10 – THERE IS NO “EASY BUTTON” WHAT, You mean that I can’t buy a solution to solve all my information security problems?! • Don’t sacrifice ease for missing fundamentals • Information security is work, sorry. 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
  • 26. THE TEN PRINCIPLES 1. A business is in business to make money. 2. Information security is a business issue. 3. Make information security fun. 4. People are the most significant risk. 5. “Compliant” and “Secure” are different 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
  • 27. THE TEN PRINCIPLES 6. There’s no common sense in information security 7. Secure is relative 8. Information security should drive business 9. Information security is not one size fits all 10. There is no “easy button” 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com
  • 28. THANK YOU! Questions? Comments? Evan Francen FRSecure LLC evan@frsecure.com 952-467-6384 10 Information Security Principles to Live (or die) By Speaker: Evan Francen, FRSecure www.frsecure.com