SlideShare a Scribd company logo
1 of 46
WANTED – People Committed to
Solving our Information Security
Language Problem
Evan Francen, CEO, SecurityStudio
IMPORTANT!
Before I get started…
• The World Health Organization states that over 800,000
people die every year due to suicide, and that suicide is the
second leading cause of death in 15-29-year-olds.
• 5 percent of adults (18 or older) experience a mental illness
in any one year
• In the United States, almost half of adults (46.4 percent) will
experience a mental illness during their lifetime.
• In the United States, only 41 percent of the people who had a
mental disorder in the past year received professional health
care or other services.
• https://www.mentalhealthhackers.org/resources-and-links/
IMPORTANT!
Before I get started…
• The World Health Organization states that over 800,000
people die every year due to suicide, and that suicide is the
second leading cause of death in 15-29-year-olds.
• 5 percent of adults (18 or older) experience a mental illness
in any one year
• In the United States, almost half of adults (46.4 percent) will
experience a mental illness during their lifetime.
• In the United States, only 41 percent of the people who had a
mental disorder in the past year received professional health
care or other services.
• https://www.mentalhealthhackers.org/resources-and-links/
ME: Evan Francen, CEO & Founder of FRSecure and SecurityStudio
I do a lot of security stuff…
• Co-inventor of SecurityStudio®, S²Score, S²Org, S²Vendor,
S²Team, and S²Me
• 25+ years of “practical” information security experience
(started as a Cisco Engineer in the early 90s)
• Worked as CISO and vCISO for hundreds of companies.
• Developed the FRSecure Mentor Program; six students in
2010/500+ in 2018
• Advised legal counsel in very public breaches (Target, Blue
Cross/Blue Shield, etc.)
Solving our Information Security Language Problem
AKA: The “Truth”
UNSECURITY: Information Security Is Failing. Breaches Are Epidemic.
How Can We Fix This Broken Industry?
Published January, 2019
Solving our Information Security Language Problem
You know we have an
language problem in
our industry, right?
Our Industry
AI
Blockchain
Penetration Test
Vulnerability
Management
NIST CSF
RiskRisk
Management
Containers
Incident
Management
Cyber
Insurance
Threats
Maturity
Assessment
Malware
Security
Cryptography
Breach
APT
You know we have an
language problem in
our industry, right?
Normal
People See
Us Like
AI
Blockchain
Penetration Test
Vulnerability
Management
NIST CSF
RiskRisk
Management
Containers
Incident
Management
Cyber
Insurance
Threats
Maturity
Assessment
Malware
Security
Cryptography
Breach
APT
Why?
Because we
don’t agree on a
language
Their Language
FIX: Fundamentals and
simplification.
Translation/Communication
WARNING – It’s work and
it’s NOT sexy.
Information Security is
Managing RiskInformation Security is
ComplianceInformation Security is
NOT
Managing RiskInformation Security is
in what?
Managing Risk
Administrative
Controls
Physical
Controls
Technical
Controls
Information Security is
Managing Risk
Administrative
Controls
Physical
Controls
Technical
Controls
Information Security is
Easier to go through your
secretary than your firewall
Firewall doesn’t help when
someone steals your server
YAY! IT stuff
Managing Risk
Administrative
Controls
Physical
Controls
Technical
Controls
Information Security is
What’s risk?
Managing Risk
Likelihood
Impact
Administrative
Controls
Physical
Controls
Technical
Controls
Information Security is
Of something
bad happening.
If it did.
Managing Risk
Likelihood
Impact
Administrative
Controls
Physical
Controls
Technical
Controls
Information Security is
How do you figure out
likelihood and impact?
Managing Risk
Likelihood
Impact
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
Information Security is
Start with vulnerabilities.
Managing Risk
Likelihood
Impact
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
Information Security is
Start with vulnerabilities.
• Vulnerabilities are weaknesses.
• A fully implemented and
functional control has no
weakness.
• Think CMMI, 1 – Initial to 5 –
Optimizing.
Managing Risk
Likelihood
Impact
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
Information Security is
OK, but there’s no risk
in a weakness by itself,
right?
Managing Risk
Likelihood
Impact
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
Information Security is
OK, but there’s no risk
in a weakness by itself,
right?
That’s right! We need threats too.
Managing Risk
Likelihood
Impact
Threats
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
Information Security is
Managing Risk
Likelihood
Impact
Threats
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
Information Security is
There is NO risk
• For vulnerabilities
without a threat.
• For threats without
a vulnerability.
Managing Risk
Likelihood
Impact
Threats
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
Information Security is
There is NO risk
• For vulnerabilities
without a threat.
• For threats without
a vulnerability.
So, what is information
security?
Managing Risk
Likelihood
Impact
Threats
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
Information Security is
Some truth about information security
It’s relative.
Something insecure at the core will always be insecure.
You can’t manage what you can’t measure.
You can’t manage risk without assessing it.
Complexity is the enemy.
Some truth about information security
Must be put on a scale (degrees of security)
Must master the fundamentals
Must measure it.
Must do risk assessments.
Keep it simple!
As much as 90% of
organizations fail to do
fundamental information
security risk assessments.
WHY? Reason #1: Complexity
Managing Risk
Likelihood
Impact
Threats
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
Information Security is
Fine for our tribe, but
what about the others?
Managing Risk
Likelihood
Impact
Threats
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
Information Security is
What if we made a
simple score to
represent this?
Managing Risk
Likelihood
Impact
Threats
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
Information Security is
We call it the S2Score.
We did.
Managing Risk
Likelihood
Impact
Threats
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
ControlsThe S2Score is a simple and effective language to
communicate information security to everyone
(executives, other security people, auditors, regulators,
etc.).
Information Security is
Managing Risk
Likelihood
Impact
Threats
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
Information Security is
As much as 90% of
organizations fail to do
fundamental information
security risk assessments.
Reason #2: Cost
Managing Risk
Likelihood
Impact
Threats
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
Information Security is
Let’s make an information security risk assessment that’s
free.
The assessment that creates the S2Score is
available at no cost to anyone.
Managing Risk
Likelihood
Impact
Threats
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
S2Score is
Cool. Speaking the same language should be free.
We have another language problem
What about the language between organizations?
We can use the S2Score to communicate 3rd-party information
security risk too.
Managing Risk
Likelihood
Impact
Threats
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
S2Score is
Managing Risk
Likelihood
Impact
Threats
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
S2Score is
If two organization’s use S2Score as their
language, just share the scores.
SIMPLE!
Managing Risk
Likelihood
Impact
Threats
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
S2Score is
Or through
translation.
Here’s you.
Managing Risk
Likelihood
Impact
Threats
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
S2Score is
Or through
translation.
Company #1’s way. Company #2’s way. Company #3’s way. Company #4’s way.
Here’s you.
Here are your 3rd-
parties.
Managing Risk
Likelihood
Impact
Threats
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
S2Score is
Through
translation.
Company #1’s way. Company #2’s way. Company #3’s way. Company #4’s way.
Let’s say each company
has there own way,
their own language.
Here’s you.
Here are you’re 3rd-
parties.
Managing Risk
Likelihood
Impact
Threats
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
S2Score is
Through
translation.
Company #1’s way. Company #2’s way. Company #3’s way. Company #4’s way.
Let’s say each company
has there own way,
their own language.
Here’s you.
Here are you’re 3rd-
parties.
We built a translator.
Managing Risk
Likelihood
Impact
Threats
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
FISASCORE® is
Through
translation.
Company #1’s way. Company #2’s way. Company #3’s way. Company #4’s way.
Let’s say each company
has there own way,
their own language.
Here’s you.
Here are you’re 3rd-
parties.
We built a translator.
What’s the
point?
Managing Risk
Likelihood
Impact
Threats
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
FISASCORE® is
Through
translation.
Company #1’s way. Company #2’s way. Company #3’s way. Company #4’s way.
Let’s say each company
has there own way,
their own language.
Here’s you.
Here are you’re 3rd-
parties.
We built VENDEFENSE
to be a translator.
What’s the
point?
Information security language and
translations are the point!
People are the point! People within our industry and
people who work with us are confused and we’re wasting
valuable resources on a 1,000 different solutions to the
same problems, all using different languages.
Managing Risk
Likelihood
Impact
Threats
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
FISASCORE® is
Through
translation.
Company #1’s way. Company #2’s way. Company #3’s way. Company #4’s way.
Let’s say each company
has there own way,
their own language.
Here’s you.
Here are you’re 3rd-
parties.
We built VENDEFENSE
to be a translator.
What’s the
point?
Information security language and
translations are the point!
People are the point! People within our industry and
people who work with us are confused and we’re wasting
valuable resources on a 1,000 different solutions to the
same problems, all using different languages.
OK, I get it. Two last
questions.
1. What does the future of
S2Score look like?
2. What should I do now?
What does the future hold for the S2Score Language?
Managing Risk
Likelihood
Impact
Threats
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
S2Score is
Managing Risk
Likelihood
Impact
Threats
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
S2Score is
Other
tools/integrations
These are things that
are coming:
• The roadshow.
• Community
involvement
program.
• Vendor/product
incorporation.
• Integration with
any/all.
What should you do now?
Managing Risk
Likelihood
Impact
Threats
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
S2Score is
Managing Risk
Likelihood
Impact
Threats
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
S2Score is
Other
tools/integrations
Simple.
• Get your S2Score.
• Participate with us; give
us feedback, help us solve
problems.
• The S2Score is mapped to
NIST CSF, ISO 27002, NIST
SP 800-53, CIS, and COBIT.
More to come.
• SIMPLE. FUNDAMENTAL.
COMPLIANT.
Fixing the broken industry starts with speaking the same
language.
Resources & Contact
Want to participate?
Want to partner?
Want these slides?
LET’S WORK TOGETHER!
S2Org/S2Score – https://app.securitystudio.com
• Email: efrancen@securitystudio.com
• @evanfrancen
• @StudioSecurity
#S2Roadshow
• Blog - https://evanfrancen.com
• Podcast (The UNSECURITY Podcast)
Thank you!

More Related Content

What's hot

Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019  –  Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019  –  Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...EC-Council
 
Cultivating security in the small nonprofit
Cultivating security in the small nonprofitCultivating security in the small nonprofit
Cultivating security in the small nonprofitRoger Hagedorn
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowRoger Hagedorn
 
Security initiatives here and down under
Security initiatives here and down underSecurity initiatives here and down under
Security initiatives here and down underRoger Hagedorn
 
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...Steve Werby
 
Demonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDemonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDoug Copley
 
Hacker Halted 2009 - Owning People through Technology
Hacker Halted 2009 - Owning People through TechnologyHacker Halted 2009 - Owning People through Technology
Hacker Halted 2009 - Owning People through TechnologyMike Murray
 
Windstream Cloud Security Checklist
Windstream Cloud Security Checklist Windstream Cloud Security Checklist
Windstream Cloud Security Checklist Ideba
 
Security Trends: From "Silos" to Integrated Risk Management
Security Trends: From "Silos" to Integrated Risk ManagementSecurity Trends: From "Silos" to Integrated Risk Management
Security Trends: From "Silos" to Integrated Risk ManagementResolver Inc.
 

What's hot (11)

Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019  –  Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019  –  Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
 
Cultivating security in the small nonprofit
Cultivating security in the small nonprofitCultivating security in the small nonprofit
Cultivating security in the small nonprofit
 
Mind the gap
Mind the gapMind the gap
Mind the gap
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to Know
 
Security initiatives here and down under
Security initiatives here and down underSecurity initiatives here and down under
Security initiatives here and down under
 
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...
Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...
 
Demonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDemonstrating Information Security Program Effectiveness
Demonstrating Information Security Program Effectiveness
 
Hacker Halted 2009 - Owning People through Technology
Hacker Halted 2009 - Owning People through TechnologyHacker Halted 2009 - Owning People through Technology
Hacker Halted 2009 - Owning People through Technology
 
Windstream Cloud Security Checklist
Windstream Cloud Security Checklist Windstream Cloud Security Checklist
Windstream Cloud Security Checklist
 
Security Trends: From "Silos" to Integrated Risk Management
Security Trends: From "Silos" to Integrated Risk ManagementSecurity Trends: From "Silos" to Integrated Risk Management
Security Trends: From "Silos" to Integrated Risk Management
 
Top 12 Threats to Enterprise
Top 12 Threats to EnterpriseTop 12 Threats to Enterprise
Top 12 Threats to Enterprise
 

Similar to Harrisburg BSides Presentation - 100219

WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemSecurityStudio
 
ISSA-OC and Webster University Cybersecurity Seminar Series Presentation
ISSA-OC and Webster University Cybersecurity Seminar Series PresentationISSA-OC and Webster University Cybersecurity Seminar Series Presentation
ISSA-OC and Webster University Cybersecurity Seminar Series PresentationSecurityStudio
 
People Committed to Solving our Information Security Language Problem
People Committed to Solving our Information Security Language ProblemPeople Committed to Solving our Information Security Language Problem
People Committed to Solving our Information Security Language ProblemSecurityStudio
 
Keynote @ ECMECC School Security Summit
Keynote @ ECMECC School Security SummitKeynote @ ECMECC School Security Summit
Keynote @ ECMECC School Security SummitSecurityStudio
 
How to Spend Your Cloud Security Dollar
How to Spend Your Cloud Security DollarHow to Spend Your Cloud Security Dollar
How to Spend Your Cloud Security DollarHostway|HOSTING
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party  Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party  Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Rishi Singh
 
Microsoft power point closing presentation-greenberg
Microsoft power point   closing presentation-greenbergMicrosoft power point   closing presentation-greenberg
Microsoft power point closing presentation-greenbergISSA LA
 
Measurement, Quantitative vs. Qualitative and Other Cool Stuff
Measurement, Quantitative vs. Qualitative and Other Cool StuffMeasurement, Quantitative vs. Qualitative and Other Cool Stuff
Measurement, Quantitative vs. Qualitative and Other Cool StuffJody Keyser
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionIvanti
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 
Measurement, Qualitative vs Quantitative Methods, and other Cool Stuff
Measurement, Qualitative vs Quantitative Methods, and other Cool StuffMeasurement, Qualitative vs Quantitative Methods, and other Cool Stuff
Measurement, Qualitative vs Quantitative Methods, and other Cool StuffPatrick Florer
 
Cybersecurity Risk Management Tools and Techniques (1).pptx
Cybersecurity Risk Management Tools and Techniques (1).pptxCybersecurity Risk Management Tools and Techniques (1).pptx
Cybersecurity Risk Management Tools and Techniques (1).pptxClintonKelvin
 
Risk bridges business and security
Risk bridges business and securityRisk bridges business and security
Risk bridges business and securityM. Isaiah McGowan
 
InfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AInfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AWard Pyles
 
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Dana Gardner
 
Quality in Cyber security Awareness
Quality in Cyber security AwarenessQuality in Cyber security Awareness
Quality in Cyber security AwarenessFadi Abdulwahab
 
Will there be an IT Risk Management 2.0?
Will there be an IT Risk Management 2.0?Will there be an IT Risk Management 2.0?
Will there be an IT Risk Management 2.0?Luke O'Connor
 
Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013EY
 
Bad Advice, Unintended Consequences, and Broken Paradigms: Think & Act Di...
Bad Advice, Unintended Consequences, and Broken Paradigms: Think & Act Di...Bad Advice, Unintended Consequences, and Broken Paradigms: Think & Act Di...
Bad Advice, Unintended Consequences, and Broken Paradigms: Think & Act Di...Steve Werby
 
Declaration of Mal(WAR)e
Declaration of Mal(WAR)eDeclaration of Mal(WAR)e
Declaration of Mal(WAR)eNetSPI
 

Similar to Harrisburg BSides Presentation - 100219 (20)

WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
 
ISSA-OC and Webster University Cybersecurity Seminar Series Presentation
ISSA-OC and Webster University Cybersecurity Seminar Series PresentationISSA-OC and Webster University Cybersecurity Seminar Series Presentation
ISSA-OC and Webster University Cybersecurity Seminar Series Presentation
 
People Committed to Solving our Information Security Language Problem
People Committed to Solving our Information Security Language ProblemPeople Committed to Solving our Information Security Language Problem
People Committed to Solving our Information Security Language Problem
 
Keynote @ ECMECC School Security Summit
Keynote @ ECMECC School Security SummitKeynote @ ECMECC School Security Summit
Keynote @ ECMECC School Security Summit
 
How to Spend Your Cloud Security Dollar
How to Spend Your Cloud Security DollarHow to Spend Your Cloud Security Dollar
How to Spend Your Cloud Security Dollar
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party  Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party  Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
 
Microsoft power point closing presentation-greenberg
Microsoft power point   closing presentation-greenbergMicrosoft power point   closing presentation-greenberg
Microsoft power point closing presentation-greenberg
 
Measurement, Quantitative vs. Qualitative and Other Cool Stuff
Measurement, Quantitative vs. Qualitative and Other Cool StuffMeasurement, Quantitative vs. Qualitative and Other Cool Stuff
Measurement, Quantitative vs. Qualitative and Other Cool Stuff
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
Measurement, Qualitative vs Quantitative Methods, and other Cool Stuff
Measurement, Qualitative vs Quantitative Methods, and other Cool StuffMeasurement, Qualitative vs Quantitative Methods, and other Cool Stuff
Measurement, Qualitative vs Quantitative Methods, and other Cool Stuff
 
Cybersecurity Risk Management Tools and Techniques (1).pptx
Cybersecurity Risk Management Tools and Techniques (1).pptxCybersecurity Risk Management Tools and Techniques (1).pptx
Cybersecurity Risk Management Tools and Techniques (1).pptx
 
Risk bridges business and security
Risk bridges business and securityRisk bridges business and security
Risk bridges business and security
 
InfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AInfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 A
 
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
 
Quality in Cyber security Awareness
Quality in Cyber security AwarenessQuality in Cyber security Awareness
Quality in Cyber security Awareness
 
Will there be an IT Risk Management 2.0?
Will there be an IT Risk Management 2.0?Will there be an IT Risk Management 2.0?
Will there be an IT Risk Management 2.0?
 
Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013
 
Bad Advice, Unintended Consequences, and Broken Paradigms: Think & Act Di...
Bad Advice, Unintended Consequences, and Broken Paradigms: Think & Act Di...Bad Advice, Unintended Consequences, and Broken Paradigms: Think & Act Di...
Bad Advice, Unintended Consequences, and Broken Paradigms: Think & Act Di...
 
Declaration of Mal(WAR)e
Declaration of Mal(WAR)eDeclaration of Mal(WAR)e
Declaration of Mal(WAR)e
 

More from Evan Francen

Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyEvan Francen
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksEvan Francen
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & ManufacturingEvan Francen
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudEvan Francen
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917Evan Francen
 
People. The Social Engineer's Dream - TechPulse 2017
People.  The Social Engineer's Dream - TechPulse 2017People.  The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017Evan Francen
 
AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionEvan Francen
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceEvan Francen
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information SecurityEvan Francen
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance WorldEvan Francen
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderEvan Francen
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT IssueEvan Francen
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByEvan Francen
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisEvan Francen
 
An Introduction to Information Security
An Introduction to Information SecurityAn Introduction to Information Security
An Introduction to Information SecurityEvan Francen
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales DeckEvan Francen
 

More from Evan Francen (18)

Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk Effectively
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party Risks
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & Manufacturing
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment Fraud
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
 
People. The Social Engineer's Dream - TechPulse 2017
People.  The Social Engineer's Dream - TechPulse 2017People.  The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017
 
AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the Union
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology Conference
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information Security
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance World
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a Leader
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) By
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
 
An Introduction to Information Security
An Introduction to Information SecurityAn Introduction to Information Security
An Introduction to Information Security
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 

Recently uploaded

Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Riya Pathan
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...ShrutiBose4
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfrichard876048
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailAriel592675
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...ssuserf63bd7
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionMintel Group
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCRashishs7044
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menzaictsugar
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCRashishs7044
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckHajeJanKamps
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxMarkAnthonyAurellano
 

Recently uploaded (20)

Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdf
 
Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted Version
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
 
Call Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North GoaCall Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North Goa
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
 

Harrisburg BSides Presentation - 100219