This presentation was delivered to by FRSecure's Evan Francen to the Uniforum User's Group on November 8th, 2012. There were more than 50 bankers in attendance, and the presentation was very well received.
In this short slide revision, I have made just a major and important summary on Internet Security, IS Security, CIA, Threats to Security on Networks and also there related controls.
Thank you,
Please comment and share your feedback.
In this short slide revision, I have made just a major and important summary on Internet Security, IS Security, CIA, Threats to Security on Networks and also there related controls.
Thank you,
Please comment and share your feedback.
Computer security - , cybersecurity or information technology security (IT security) is the protection of computer systems from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.
The field is becoming more important due to increased reliance on computer systems, the Internet and wireless network standards such as Bluetooth and Wi-Fi, and due to the growth of "smart" devices, including smartphones, televisions, and the various devices that constitute the "Internet of things". Owing to its complexity, both in terms of politics and technology, cybersecurity is also one of the major challenges in the contemporary world.
Just created a slideshare presentation giving a basic introduction to the Confidentiality, Integrity & Availability (CIA) Security Model. You can see more slideshows on http://www.slideshare.net/ImranahmedIT or visit my website: http://imran-ahmed.co.uk
Our bad neighbor makes us early stirrers,
Which is both healthful and good husbandry.
-- William Shakespeare (1564–1616), King Henry, in Henry V, act 4, sc. 1, l. 6-7.
Auth shield information security solution provider for banking sector in indiaAuthShield Labs
AuthShield is a pioneer in the arena of catering Information security solution to businesses of different genres. Innovative features and convenience of services are two important aspects of this company.
Computer security - , cybersecurity or information technology security (IT security) is the protection of computer systems from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.
The field is becoming more important due to increased reliance on computer systems, the Internet and wireless network standards such as Bluetooth and Wi-Fi, and due to the growth of "smart" devices, including smartphones, televisions, and the various devices that constitute the "Internet of things". Owing to its complexity, both in terms of politics and technology, cybersecurity is also one of the major challenges in the contemporary world.
Just created a slideshare presentation giving a basic introduction to the Confidentiality, Integrity & Availability (CIA) Security Model. You can see more slideshows on http://www.slideshare.net/ImranahmedIT or visit my website: http://imran-ahmed.co.uk
Our bad neighbor makes us early stirrers,
Which is both healthful and good husbandry.
-- William Shakespeare (1564–1616), King Henry, in Henry V, act 4, sc. 1, l. 6-7.
Auth shield information security solution provider for banking sector in indiaAuthShield Labs
AuthShield is a pioneer in the arena of catering Information security solution to businesses of different genres. Innovative features and convenience of services are two important aspects of this company.
Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership
Presentation: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment
Presenter: David Knox, Vice President of National Security Solutions, Oracle
Description: With all the constant innovation in cyber, what is “cutting edge”? What constraints hinder innovation? How is technology being used to address the Executive Orders, comply to standards, and other meet other mandates? What areas still need resources, ideas and innovation? Join us to hear advances in cyber security technology and ways to protect and monitor systems that will provide for resilient infrastructures and incorporate new solutions.
GTSC's National Preparedness Month Symposium
Presentation: The Evolving Threats: What Does the Future Hold? A Local Government Perspective
Presenter: Brian Usher, President-Elect, American Public Works Association; Director of Public Works, Largo, Florida
Description: From more violent and frequent weather incidents to long-term recovery efforts and mitigation, FEMA faces greater threats than ever. This panel will identify some of the overarching factors contributing to their increasing challenges and discuss mitigation, response and recovery trends.
This deck will provide an in-depth review of the SOC 2 report objectives, updated from 2015, discuss structure and areas to focus, and participants will also benefit from valuable lessons learned from Schellman’s extensive SOC 2 experience.
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
Summarize the design and build approach for SOC (Security Operation Center) for both end user company and service providers. Defines the approach flow for SOC building and various components and phases involved. Defines design thumb rules and parameters for SOC Design.
Information Security in a Compliance WorldEvan Francen
Presented by Evan Francen at the 2012 RK Dixon Tech Summit
What drives information security in your organization?
What is information security?
Customer requirements
Compliance
Compliant = Secure?
Solution - Strategic Information Security
Top Five Things You Should Do (Tactically & Strategically)
Need Help? – Contact Us!
Information Security For Leaders, By a LeaderEvan Francen
Evan Francen, President of FRSecure, discusses the challenges of building an efficient and effective security program in today’s world. Learn why most leaders have a false assumption of security, and how you can avoid the security mistakes most organizations make. - Delivered on 4/17/12 at TechPulse 2012.
Security is now a c-level responsibility and can't just be outsourced to the IT manager. These are slides from a 90 hour session I run for some business owners and C-Levels in July 2016
Building an effective Information Security RoadmapElliott Franklin
As company information security functions continue to grow each year with increasing attacks and regulations, how are you handling the
pressure? Are you constantly battling to run the business projects and reacting to customer requests? Have you blocked off a few hours each week
on your calendar to close your email, turn off your phone and try to build, assess and maintain an effective vision for your security team? This
presentation will discuss a cascading approach to creating such a roadmap that is easily understood by executives and has helped gain quick buy
in for multiple enterprise wide security projects.
It's a Who, What, Where and Why behind cyber risk in today's modern era - how data breaches happen, why they happen, and what you can do to address them.
Cyber security practices involve preventing malicious attacks on computers, servers, mobile devices, electronic systems, networks, and data. It is also called information technology security or electronic information security.
https://www.infosectrain.com/courses/ceh-v11-certification-training/
How to Boost your Cyber Risk Management Program and Capabilities?PECB
The webinar explores how understanding your organization in crisis due to an exploitation of risk can develop the organization’s resilience and team in the drive for a stronger level of compliance maturity.
Main points covered:
• Information Security maturity
• ROPI
• Risk Management
• Incident Response
• Forensic Readiness
• Table Top Exercises
• Training
• Legislation
Presenter:
Our presenter for this webinar is Peter Jones, an experienced management professional, digital forensic analyst, cybersecurity professional, ISO 27001 and ISO 17025 auditor and University Lecturer. Peter has a wealth of experience and expertise which incorporates knowledge from being an academic and a practitioner in relation to best practice, data management, cyber security, digital system security and digital forensics, where he has conducted thousands of examinations on behalf of law enforcement and the private sector. Peter has extensive information technology and telecommunications experience which ranges from retail to enterprise environments including supporting the BBC with their hit drama series, ‘Silent Witness’.
Link the the YouTube video: https://youtu.be/aREo4l-pDgc
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
Everyone should now understand that no bank or financial institution is immune from cyber risk. Many are now ready to move forward with improving their cyber risk posture but do not know what to do next or how to prioritize their resources. Recognizing that cybersecurity is an overall business risk issue that must be properly managed to comply with many laws and regulations governing banks and financial institutions, this presentation will provide a strategy for how to better understand and manage such risks by:
(1) Providing an overview of the legal and regulatory framework;
(2) Examining the most likely real-world risks; and
(3) Providing strategies for how to manage such risks, including cyber insurance and the development and implementation of an appropriate cyber risk management program (which is not as difficult as it sounds).
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled Cybersecurity: Cyber Risk Management for Banks & Financial Institutions (and Attorneys Who Represent Them) at the Southwest Association of Bank Counsel 42nd Annual Convention on September 20, 2018 (formerly, Texas Association of Bank Counsel).
Welcome to the CISSP Mentor Program! What is the CISSP Mentor Program • History: 1st class was 2010; 6 students • Today’s class; 80 students. Why do we do it • Success Stories • Heck, it’s free! If you aren’t satisfied, we’ll refund everything you paid us. We need MORE good information security people!
WANTED - People Committed to Solving Our Information Security Language ProblemEvan Francen
Our industry has plenty of problems to solve. The language we use shouldn’t be one of them, and now it’s not. SecurityStudio, a Minnesota-based security SaaS company committed to solving information security problems for our industry has developed a common, easily-understood information security risk assessment that’s comprehensive, foundational, and completely free for all to use.
Today, more than 1,500 organizations are speaking the language. We invite you to do the same.
We need to get on the same page as an industry if we stand any hope of getting this right. It starts with understanding and agreeing to fundamentals, including the terminology we use.
WANTED – People Committed to Solving our Information Security Language ProblemEvan Francen
The information security industry is broken. It's our duty to fix it, and it starts with getting on the same page. The model isn't broken, but our application is. How do we apply the basics and fundamentals on a wider scale? It starts with defining a common language and a common approach. Next, make it all free.
TITLE: WANTED – People Committed to Solving Our Information Security Language Problem, the presentation given at the inaugural BSides Harrisburg Conference on October 2nd, 2019.
Step Up Your Data Security Against Third-Party RisksEvan Francen
This presentation was delivered to the Hacks & Hops event attendees in the Spring of 2019. The event featured a short keynote following by a moderated panel discussion. The panel experts provided excellent guidance for all risk managers, CISOs, vendor managers, etc.
This presentation was delivered to Minnesota manufacturing CEOs who attended the April 2019 Enterprise Minnesota event. Manufacturing companies face real information security threats that they need to prepare for.
Simple Training for Information Security and Payment FraudEvan Francen
The frequency of financial scams and payment fraud have been increasing substantially. We put these simple training slides together as a way to help our clients and friends.
People. The Social Engineer's Dream - TechPulse 2017Evan Francen
Presentation given by Evan Francen at TechPulse 2017. The presentation was about social engineering, including common tactics and basic protections. Topics such as phishing, vishing, and physical access attacks were discussed. Evan also shared some of the real-life stories that he has experienced during his 20+ career.
AFCOM - Information Security State of the UnionEvan Francen
A presentation delivered by FRSecure's president Evan Francen at the August, 2015 Twin Cities AFCOM Chapter Meeting. There were more than 50 people in attendance to learn about FRSecure, current information security events and threats, what companies are doing, and basic information security principles.
It's not our job to tell business not to use mobile devices, even personally-owned mobile devices. It's our job to enable business to use mobile devices securely for the benefit of the organization, customers, employees, and contractors.
In this presentation, given on April 30 at techpulse 2013, Evan Francen from FRSecure teaches how to secure mobile devices in today's business environments.
Meaningful Use and Security Risk AnalysisEvan Francen
Presentation delivered by FRSecure president, Evan Francen to the 100+ Iowa CPSI User Group attendees on October 18th, 2011.
Meaningful Use Core Requirement "Security Risk Analysis"
An Introduction to Information SecurityEvan Francen
A recent presentation given by FRSecure at the Action, Inc. Data Security Event on August 17th, 2011. This presentation was delivered by FRSecure president, Evan Francen CISSP CISM CCSK
The key differences between the MDR and IVDR in the EUAllensmith572606
In the European Union (EU), two significant regulations have been introduced to enhance the safety and effectiveness of medical devices – the In Vitro Diagnostic Regulation (IVDR) and the Medical Device Regulation (MDR).
https://mavenprofserv.com/comparison-and-highlighting-of-the-key-differences-between-the-mdr-and-ivdr-in-the-eu/
LA HUG - Video Testimonials with Chynna Morgan - June 2024Lital Barkan
Have you ever heard that user-generated content or video testimonials can take your brand to the next level? We will explore how you can effectively use video testimonials to leverage and boost your sales, content strategy, and increase your CRM data.🤯
We will dig deeper into:
1. How to capture video testimonials that convert from your audience 🎥
2. How to leverage your testimonials to boost your sales 💲
3. How you can capture more CRM data to understand your audience better through video testimonials. 📊
At Techbox Square, in Singapore, we're not just creative web designers and developers, we're the driving force behind your brand identity. Contact us today.
Putting the SPARK into Virtual Training.pptxCynthia Clay
This 60-minute webinar, sponsored by Adobe, was delivered for the Training Mag Network. It explored the five elements of SPARK: Storytelling, Purpose, Action, Relationships, and Kudos. Knowing how to tell a well-structured story is key to building long-term memory. Stating a clear purpose that doesn't take away from the discovery learning process is critical. Ensuring that people move from theory to practical application is imperative. Creating strong social learning is the key to commitment and engagement. Validating and affirming participants' comments is the way to create a positive learning environment.
Affordable Stationery Printing Services in Jaipur | Navpack n PrintNavpack & Print
Looking for professional printing services in Jaipur? Navpack n Print offers high-quality and affordable stationery printing for all your business needs. Stand out with custom stationery designs and fast turnaround times. Contact us today for a quote!
Kseniya Leshchenko: Shared development support service model as the way to ma...Lviv Startup Club
Kseniya Leshchenko: Shared development support service model as the way to make small projects with small budgets profitable for the company (UA)
Kyiv PMDay 2024 Summer
Website – www.pmday.org
Youtube – https://www.youtube.com/startuplviv
FB – https://www.facebook.com/pmdayconference
The world of search engine optimization (SEO) is buzzing with discussions after Google confirmed that around 2,500 leaked internal documents related to its Search feature are indeed authentic. The revelation has sparked significant concerns within the SEO community. The leaked documents were initially reported by SEO experts Rand Fishkin and Mike King, igniting widespread analysis and discourse. For More Info:- https://news.arihantwebtech.com/search-disrupted-googles-leaked-documents-rock-the-seo-world/
VAT Registration Outlined In UAE: Benefits and Requirementsuae taxgpt
Vat Registration is a legal obligation for businesses meeting the threshold requirement, helping companies avoid fines and ramifications. Contact now!
https://viralsocialtrends.com/vat-registration-outlined-in-uae/
Improving profitability for small businessBen Wann
In this comprehensive presentation, we will explore strategies and practical tips for enhancing profitability in small businesses. Tailored to meet the unique challenges faced by small enterprises, this session covers various aspects that directly impact the bottom line. Attendees will learn how to optimize operational efficiency, manage expenses, and increase revenue through innovative marketing and customer engagement techniques.
Digital Transformation and IT Strategy Toolkit and TemplatesAurelien Domont, MBA
This Digital Transformation and IT Strategy Toolkit was created by ex-McKinsey, Deloitte and BCG Management Consultants, after more than 5,000 hours of work. It is considered the world's best & most comprehensive Digital Transformation and IT Strategy Toolkit. It includes all the Frameworks, Best Practices & Templates required to successfully undertake the Digital Transformation of your organization and define a robust IT Strategy.
Editable Toolkit to help you reuse our content: 700 Powerpoint slides | 35 Excel sheets | 84 minutes of Video training
This PowerPoint presentation is only a small preview of our Toolkits. For more details, visit www.domontconsulting.com
Business Valuation Principles for EntrepreneursBen Wann
This insightful presentation is designed to equip entrepreneurs with the essential knowledge and tools needed to accurately value their businesses. Understanding business valuation is crucial for making informed decisions, whether you're seeking investment, planning to sell, or simply want to gauge your company's worth.
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...BBPMedia1
Grote partijen zijn al een tijdje onderweg met retail media. Ondertussen worden in dit domein ook de kansen zichtbaar voor andere spelers in de markt. Maar met die kansen ontstaan ook vragen: Zelf retail media worden of erop adverteren? In welke fase van de funnel past het en hoe integreer je het in een mediaplan? Wat is nu precies het verschil met marketplaces en Programmatic ads? In dit half uur beslechten we de dilemma's en krijg je antwoorden op wanneer het voor jou tijd is om de volgende stap te zetten.
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
Information security challenges in today’s banking environment
1. Information Security Challenges
in Today’s Banking Environment
Uniforum – November 8, 2012
Presented by Evan Francen, President – FRSecure, LLC
http://www.frsecure.com | 952-467-6384
2. Introduction
Thank you for attending!
Thank you to Uniforum for inviting us!
http://www.frsecure.com | 952-467-6384
3. Introduction
Before we get started:
• This is not your typical presentation.
• What you have to say is as important as what I am
going to tell you.
• You are encouraged to participate!
I will ask you questions, if you don’t ask me some!
http://www.frsecure.com | 952-467-6384
4. Introduction
FRSecure
• Information security consulting company – it’s all
we do.
• Established in 2008 by people who have earned
their stripes in the field.
• We help small to medium sized organizations
solve information security challenges.
http://www.frsecure.com | 952-467-6384
5. Introduction
Speaker – Evan Francen, CISSP CISM CCSK
• President & Co-founder of FRSecure
• 20 years of information security experience
• Security evangelist with more than 700 published articles
• Experience with 150+ public & private organizations.
http://www.frsecure.com | 952-467-6384
6. Introduction
Topics
• What drives information security in your organization?
• What is information security?
• Compliance vs. Risk
• Current Threats vs. Future Threats
• Current Regulations vs. Future Regulations
• Solution - Strategic Information Security
• Top Five Things You Should Master (Tactically & Strategically)
• Need Help? – Contact Us!
http://www.frsecure.com | 952-467-6384
7. What drives information security
at your organization?
This is a question for you?
http://www.frsecure.com | 952-467-6384
8. Maybe our explanation of
information security would help…
In your opinion/words, what is
information security?
http://www.frsecure.com | 952-467-6384
9. Information Security Is Not an IT Issue
The application of Administrative, Physical and Technical controls in an effort
to protect the Confidentiality, Integrity, and Availability of Information.
IT-centric information security over-emphasizes Technical Control, often at
the expense of Administrative and Physical Control.
IT-centric information security also places an over-emphasis on Availability of
systems, sometimes at the expense of Confidentiality and Integrity.
http://www.frsecure.com | 952-467-6384
11. Back to our question; what drives information
security at your organization?
Compliance vs. Risk
• Information security is not one size fits all
• Who knows your organization better?
• Checklists only work as well as the checklist
• Motivation. You’re in business to make money. Right?
• Strategy. What is the examiner going to ask vs. what are our risks?
Really, there is only one good answer.
http://www.frsecure.com | 952-467-6384
12. Back to our question; what drives information
security at your organization?
Compliance vs. Risk - Compliance
• Do you have a firewall? Check.
• Do you have an acceptable use policy? Check.
• Do you encrypt the data on your internal network? No?! Well
you need to encrypt the data on your internal network.
• Do you have filtered network segmentation on your internal
LAN? No?! You need to install firewalls between network
segments.
http://www.frsecure.com | 952-467-6384
13. Back to our question; what drives information
security at your organization?
Compliance vs. Risk - Risk
• You have a firewall. How well does your firewall provide value? Is the
firewall effective in controlling access and reducing risk? Is the firewall
adequately managed and monitored?
• How does our use of our firewall align with our business objectives?
• What is the risk in how the firewall is currently designed, implemented,
and managed?
• How can we take what we’ve learned about our use of the firewall and
plan for the future of our business?
http://www.frsecure.com | 952-467-6384
14. Compliance vs. Risk
In summary:
Compliance based information security does not
lend itself well to strategy, alignment, or cost-
effectiveness.
http://www.frsecure.com | 952-467-6384
15. Current Threats vs. Future Threats
Hopefully, we know what challenges we face today.
How do we determine with any certainty, what threats we face
in the future?
• Pay attention to the news.
• Subscribe to security-related publications.
• Continue to participate in user groups.
Good Resources; http://www.bankinfosecurity.com/,
http://krebsonsecurity.com/, http://isc.sans.edu/, Uniforum, and others.
http://www.frsecure.com | 952-467-6384
16. Current Threats vs. Future Threats
Hopefully, we know what challenges we face today.
What should be plan for?
• Risk management, not compliance management
• People are the biggest risk, spend on training & awareness
• More regulatory pressure
• Detective and corrective controls – Plan to be breached.
http://www.frsecure.com | 952-467-6384
17. Current Regulations vs. Future Regulations
Can we all agree that regulatory pressure will not
decrease?
• Prepare for additional pressure and more intrusive audits/examinations.
• Prepare for more regulation.
• Letter of the law vs. Intent of the law
http://www.frsecure.com | 952-467-6384
18. Solution – A strategic approach to information
security
Principles of strategic information security:
• Alignment with business objectives
• It’s all about people – culture
• Management involvement
• Proactive vs. Reactive
• Forward-looking
• Formal
OWN IT!
http://www.frsecure.com | 952-467-6384
19. Top Five Things for You Should Master
#1 – Risk Management
• Where are your most significant risks?
• What risk is the highest (priority)?
• How will we justify our existence (expenditures)?
• How do we measure what we’re doing?
http://www.frsecure.com | 952-467-6384
20. Top Five Things for You Should Master
#2 – Documented Policies & Procedures
• Policies are one tool we use to set culture.
• What is management’s view?
• Nobody reads policy; no offense.
• People are the biggest risk.
• Policies set direction and governance
http://www.frsecure.com | 952-467-6384
21. Top Five Things for You Should Master
#3 – Patch Management and Malicious Code Controls
• Together, not one in lieu of the other
• Might be a pain, but it’s worth it (trust me)
• This is the song that never ends…
http://www.frsecure.com | 952-467-6384
22. Top Five Things You Should Master
#4 – Training & Awareness
• How do users know what to do if you don’t tell them?
• Remember culture?
http://www.frsecure.com | 952-467-6384
23. Top Five Things for You Should Master
#5 – Incident Response
http://www.frsecure.com | 952-467-6384
24. DON’T FORGET
Sometimes information security professionals forget
these facts!
• Not all risks require mitigation/remediation
• Information security must be strategic
• Information security strategy must align with business strategy
• Avoid business vs. information security scenarios
• Information security controls should be as transparent as possible
http://www.frsecure.com | 952-467-6384
25. Top Five Things for You Should Master
BONUS
Mobile Device Security
• Data doesn’t stay home anymore
• How do you protect data on mobile devices?
http://www.frsecure.com | 952-467-6384
26. How we help – Risk Assessment
http://www.frsecure.com | 952-467-6384
27. How we help – Risk Management (Build &
Manage)
http://www.frsecure.com | 952-467-6384