Your SlideShare is downloading. ×
The Truth - FRSecure's Truth #4
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

The Truth - FRSecure's Truth #4

156

Published on

People are your greatest risk to your information security. This presentation was delivered by FRSecure's President Evan Francen at the CTS Security Seminar on January 9th, 2013. In the presentation …

People are your greatest risk to your information security. This presentation was delivered by FRSecure's President Evan Francen at the CTS Security Seminar on January 9th, 2013. In the presentation Evan gave the audience real-world advice and examples from the following topics:

- FRSecure’s Ten Information Commandments (Truths)
- Truth #4 – People are the biggest risk
- Why defeat the firewall; we’ll just go around it.
- Real Life Stories
- Solutions
- Do this now
- Need Help? – Contact Us!

The presentation was very well received, resulting in high marks in evaluations and new customers for FRSecure.

Published in: Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
156
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. The Truth FRSecure’s Truth #4 – People are the biggest risk CTS Security Seminar – January 9, 2013 Presented by Evan Francen, President – FRSecure, LLChttp://www.frsecure.com | 952-467-6384
  • 2. http://www.frsecure.com | 952-467-6384
  • 3. Introduction Thank you for attending! Thank you to CTS for inviting us!http://www.frsecure.com | 952-467-6384
  • 4. Introduction Before we get started: • This is not your typical presentation. • What you have to say is as important as what I am going to tell you. • You are encouraged to participate! I will ask you questions, if you don’t ask me some!http://www.frsecure.com | 952-467-6384
  • 5. Introduction FRSecure • Information security consulting company – it’s all we do. • Established in 2008 by people who have earned their stripes in the field. • We help small to medium sized organizations solve information security challenges. We get paid to tell people the truth.http://www.frsecure.com | 952-467-6384
  • 6. Introduction Speaker – Evan Francen, CISSP CISM CCSK • President & Co-founder of FRSecure • 20 years of information security experience • Security evangelist with more than 700 published articles • Experience with 150+ public & private organizations.http://www.frsecure.com | 952-467-6384
  • 7. Introduction Topics • FRSecure’s Ten Information Commandments (Truths) • Truth #4 – People are the biggest risk • Why defeat the firewall; we’ll just go around it. • Real Life Stories • Solutions • Do this now • Need Help? – Contact Us!http://www.frsecure.com | 952-467-6384
  • 8. FRSecure Information Security 10 Commandments #1 – A business is in business to make money. Information security must align with business objectives. #2 – Information security is a business issue. Information security is NOT an IT issue. #3 – Information security is fun. Seriously. It is. Stop laughing! #4 – People are the biggest risk. Not technology. #5 – “Compliant” and “secure” are different. We shouldn’t confuse the two.http://www.frsecure.com | 952-467-6384
  • 9. FRSecure Information Security 10 Commandments #6 – There is no common sense in information security. If there were, we would have much better information security. #7 – “Secure” is relative. One of many reasons for measurements and comparisons. #8 – Information security should drive business. Identify and focus on information security benefits. It shouldn’t just be a cost- center. #9 – Information security is not one size fits all. No two organizations are alike. #10 – There is no “easy button”. So stop looking for one.http://www.frsecure.com | 952-467-6384
  • 10. Truth #4 – People are the your biggest riskhttp://www.frsecure.com | 952-467-6384
  • 11. Truth #4 – People are the your biggest risk Truths about the truth… It’s easier to go through your secretary than it is to go through your firewall. People don’t read your policies. Social engineering success rates are more than 8x better than technology penetration success rates.http://www.frsecure.com | 952-467-6384
  • 12. Why defeat the firewall; we’ll just go around it 1. Call someone and ask them for their password. 2. Email something interesting. 3. Show up as someone who looks legit. 4. Ask related questions, and infer the rest. 5. People like flash drives.http://www.frsecure.com | 952-467-6384
  • 13. Real Life Stories Physical access to Fortune 100 company headquarters. Password disclosure almost cost someone their retirement. Police help me carry out an attack. I don’t really work for NSP.http://www.frsecure.com | 952-467-6384
  • 14. Solutionshttp://www.frsecure.com | 952-467-6384
  • 15. Solutions Training Don’t worry, you’re probably not overspending on training. Awareness Stay top of mind. Be creative. People can tune you out quickly. Policy Reference materials, not books. Culture Create an information security culture.http://www.frsecure.com | 952-467-6384
  • 16. Do this now Ask yourself these questions: • What is my organization’s information security culture? (management sets culture) • How would I know if someone has been compromised, and what would I do about it? • If I were a “John or Jane Doe” employee, do I know what I need to know in order to protect the organization? Ask your employees what they think about information security. If the answer is something other than what you want it to be, then your culture is not what you want it to be.http://www.frsecure.com | 952-467-6384
  • 17. How we help – Risk Assessmentshttp://www.frsecure.com | 952-467-6384
  • 18. How we help – Management (Build & Manage)http://www.frsecure.com | 952-467-6384
  • 19. Need Help? Contact FRSecure! Some of our services: • Information Security Assessments • Compliance Assessments (i.e. HIPAA, GLBA, etc.) • Customer Required Assessments • Internal Network Vulnerability Assessments • External Network Security Assessments • Penetration Testing and Social Engineering • Information Security Program Development • Security Policies Evan Francen, CISSP CISM • Training & Awareness President • BC/DR Plans evan@frsecure.com • Outsourced Security Resources 952-467-6384 (direct) www.frsecure.comhttp://www.frsecure.com | 952-467-6384
  • 20. Thank you! Questions?http://www.frsecure.com | 952-467-6384

×