SlideShare a Scribd company logo

Information Security & Manufacturing

Download as PPTX, PDF
Evan Francen
Evan Francen

This presentation was delivered to Minnesota manufacturing CEOs who attended the April 2019 Enterprise Minnesota event. Manufacturing companies face real information security threats that they need to prepare for.

Business
1 of 26
INFORMATIONSECURITY & MANUFACTURING EvanFrancen–CEO& Founder, FRSecure February 19, 2019 -----------
• Introduction • Questions Everyone Should Be Able to Answer • What Is Information Security? • How Is Manufacturing Different from Other Industries? • Is Your Company a Target? • What’s Your Role? • Questions You Have for Me INFORMATION SECURITY & MANUFACTURING INTRODUCTION Topics/Agenda 1
Speaker: EvanFrancen,CEO& Founder ofFRSecure andSecurityStudio • Co-inventor of SecurityStudio®, FISA™, FISASCORE® and Vendefense™ • 25+ years of “practical” information security experience (started as a Cisco Engineer in the early 90s) • Have worked with 100s of companies; big (Wells Fargo, US Bank, UHG, etc.) and small • Have written more than 750 articles about information security • Developed the FRSecure Mentor Program; six students in 2010/360+ in 2018 • Dozens of television and radio appearances; numerous topics • Advised legal counsel in very public breaches (Target, Blue Cross/Blue Shield, etc.) INTRODUCTION 2 INFORMATION SECURITY & MANUFACTURING AKA: The “Truth”
Authorof UNSECURITY INTRODUCTION 3 INFORMATION SECURITY & MANUFACTURING
• Information Security Consulting and Management company. It’s all we do. • Our core services include: • Security Risk Analysis – using FISASCORE® • Social Engineering Services • Penetration Testing Services • PCI QSA Services • Incident Management Services • HITRUST Services • Information Security Training & Awareness • vServices (vCISO, vISO, and vISA) • Methodology fanatics, mentoring champions, and product agnostic. INFORMATION SECURITY & MANUFACTURING INTRODUCTION FRSecure 4
INFORMATION SECURITY & MANUFACTURING INTRODUCTION Let’s get started, but first a joke. 5 What do you call fake spaghetti?
INFORMATION SECURITY & MANUFACTURING INTRODUCTION Let’s get started, but first a joke. 6 What do you call fake spaghetti? An impasta.
• Ask 10 “experts” the same question. • 10 different answers • We’ve got egos, so we all think ours is better. UGH! • Simplify! – Complexity is the enemy of information security – Remember this. • Our (my tribe’s) definition… INFORMATION SECURITY & MANUFACTURING QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER Back to work…What is “information security?” 7
• Information security is managing risk to information… • Confidentiality • Integrity • Availability • Using… • Administrative, • Physical, and • Technical controls. INFORMATION SECURITY & MANUFACTURING QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER What is “information security?” 8
• Confidentiality • Integrity • Availability • Using… • Administrative, • Physical, and • Technical Controls. Information security is managing risk to information… 9 • TRUTH: Information security is about MANAGING risk, NOT ELIMINATING risk. Much, much different. • Risk is an overused word, but the meaning is the likelihood of something bad happening and the impact if it did. • You manage risk every day. Most of this risk management is automatic and even subconscious. • TRUTH: Security incidents and breaches are not completely preventable and should be expected. • No matter what you do, you cannot prevent all bad things. • What you can’t prevent, you should be able to detect and respond to. INFORMATION SECURITY & MANUFACTURING QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER
• Confidentiality • Integrity • Availability • Using… • Administrative, • Physical, and • Technical Controls. INFORMATION SECURITY & MANUFACTURING QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER Information security is managing risk to information… 10 • Confidentiality is about keeping things secret. • Only the people/programs who are authorized to access information are permitted to access information. • Most people think that this is the purpose of security, but as you can see, it’s only one purpose. • TRUTH: Everybody’s got secrets. Everybody. • Personal – Social Security Number, passwords, things that go on in their homes, etc. • Business – Intellectual property, customer information, etc. • This is where privacy lives…
• Confidentiality • Integrity • Availability • Using… • Administrative, • Physical, and • Technical Controls. INFORMATION SECURITY & MANUFACTURING QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER Information security is managing risk to information… 11 • Integrity is about making sure the information is accurate. • This is an oft-overlooked part of the definition. • You make decisions every day based on the information you receive and consume. • TRUTH: Poor information = poor decisions. • Wouldn’t it be nice (sort of) to: • Change the balance of your bank account (to the positive)? • Change your grades at school? • Influence (or manipulate) others with false information?
• Confidentiality • Integrity • Availability • Using… • Administrative, • Physical, and • Technical Controls. INFORMATION SECURITY & MANUFACTURING QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER Information security is managing risk to information… 12 • Information must be made available to (authorized) people when they need it. • TRUTH: A business is in business to make money. If we make it harder to make money, we’ve done something wrong. • Common attacks against availability include things like ransomware, denial of service, etc.
• Confidentiality • Integrity • Availability • Using… • Administrative, • Physical, and • Technical Controls. INFORMATION SECURITY & MANUFACTURING QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER Information security is managing risk to information… 13 • How do we protect confidentiality, integrity, and availability? • We use different types of controls.
• Confidentiality • Integrity • Availability • Using… • Administrative, • Physical, and • Technical Controls. INFORMATION SECURITY & MANUFACTURING QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER Information security is managing risk to information… 14 • Administrative controls apply to the “people part” of security. • Policies, procedures, training, awareness, etc. are all administrative controls. • People are always the greatest risk. • It’s easier to go through your secretary than it is your firewall. • TRUTH: Information security is NOT an IT issue. It’s a business issue. • Policies get a bad rap because people stink at using them. • They’re the rules, think a board game. • They’re not supposed to be read by everyone. • They’re reference documents. • They’re supposed to reflect you (your rules).
• Confidentiality • Integrity • Availability • Using… • Administrative, • Physical, and • Technical Controls. INFORMATION SECURITY & MANUFACTURING QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER Information security is managing risk to information… 15 • Physical controls are used to protect and detect physical access to the things you want to protect. • Physical controls are also used to respond to unauthorized access. • It doesn’t matter how well your firewall works if someone can steal your server. • TRUTH: Information security is NOT an IT issue. It’s a business issue.
• Confidentiality • Integrity • Availability • Using… • Administrative, • Physical, and • Technical Controls. INFORMATION SECURITY & MANUFACTURING QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER Information security is managing risk to information… 16 • This is the IT part of information security. • This is also what many people think is “information security,” but they do so at their own peril. • Technical controls include things like passwords, firewalls, anti-virus software, etc. • TRUTH: Information security is NOT an IT issue. It’s a business issue.
• Confidentiality • Integrity • Availability • Using… • Administrative, • Physical, and • Technical controls. INFORMATION SECURITY & MANUFACTURING QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER Informationsecurity is managingrisk toinformation… 17 • So, there you have it. • What does this mean for you? • Let’s recap the truths quickly: • TRUTH: Information security is about MANAGING risk, NOT ELIMINATING risk. • TRUTH: Security incidents and breaches are not completely preventable and should be expected. • TRUTH: Everybody’s got secrets. Everybody. • TRUTH: Poor information = poor decisions. • TRUTH: A business is in business to make money. • TRUTH: Information security is NOT an IT issue. It’s a business issue.
• In one respect, it’s not. The definition we just covered applies in all industries. • Manufacturing is lagging behind other industries. • In terms of understanding security. • In terms of managing risk. Most manufacturing companies have never done an information security risk assessment, thus management does not know their current status or where there most significant risk is. • The average FISASCORE® for manufacturing is 608.74. INFORMATION SECURITY & MANUFACTURING HOW MANUFACTURING IS DIFFERENT FROM OTHER INDUSTRIES How Is ManufacturingDifferent fromOtherIndustries? 18
• Manufacturing is one of the most heavily targeted industries. • Targeted by nation-state actors and money-motivated “hackers” • Reasons: • Ease of compromise. • Easy access to vast amounts of intellectual property. • Ransomware has a great impact – more likely to pay. • Successful financial attacks are more likely; against executives and accounting personnel. INFORMATION SECURITY & MANUFACTURING HOW MANUFACTURING IS DIFFERENT FROM OTHER INDUSTRIES How Is ManufacturingDifferent fromOtherIndustries? 19
• Most likely, the answer is yes. • It’s reality. We’re all targets. • False logic tells you that you have nothing that anyone would want. • This instills fear in some people, but that’s OK. • Fear can be healthy. • Fear motivates people. • Fear dictates what actions you take. • The more real the threat, the more heroic your actions. INFORMATION SECURITY & MANUFACTURING IS YOUR COMPANY ATARGET? IsYourCompany a Target? 20
• You can’t possibly manage something that you don’t understand. • An information security risk assessment is absolutely the place to start. • Depends on your role within the company. • Your failure to manage security well doesn’t only affect you. INFORMATION SECURITY & MANUFACTURING WHAT’S YOUR ROLE? If information securityis about managing risk… 21
• Executive Management – ultimately security is your responsibility (NOT IT’s). • You must understand 1) current state, 2) future/planned state, 3) when you’re going to get there, and 4) how much it will cost. • You set the rules and control the culture. • Information Security Personnel – Provide accurate risk data to Executive Management, assist in risk decision-making, and manage risk to the best of your ability within the context of management’s direction. • Everybody else – Play by the rules. INFORMATION SECURITY & MANUFACTURING WHAT’S YOUR ROLE? Some examples… 22
1. Current state – what’s your current FISASCORE®? 2. Future/planned state – what’s your target FISASCORE®? 1. Taking the results of the original assessment, decisions are made. 2. The decisions are: what are we going to do, when are we going to do it, and who’s going to do it? –This is called the roadmap (or strategic plan). – The planned state should not be a shot in the dark. 3. When you’re going to get there (the planned state). 4. How much it will cost (your budget). INFORMATION SECURITY & MANUFACTURING WHAT’S YOUR ROLE? How we do it… 23
• Defensibility is critical. • Assumed breach mentality. • What would a reasonable person do in the same situation? • When a bad thing happens, what do you have to defend yourself from: • Customers. • The press. • Opposing counsel. INFORMATION SECURITY & MANUFACTURING WHAT’S YOUR ROLE? How we do it… 24
Questions? Hopefully about security. Thank you! For a copy of this presentation, text ENTMN19 to 555888 Evan Francen – https://evanfrancen.com • FRSecure – https://frsecure.com • evan@frsecure.com • @evanfrancen INFORMATION SECURITY & MANUFACTURING QUESTIONS? 25 Now you know the basics. ...and the basics are what’s most important.

Recommended

(2016_01_20)_IS_Management_Basics_LinkedIn
(2016_01_20)_IS_Management_Basics_LinkedIn(2016_01_20)_IS_Management_Basics_LinkedIn
(2016_01_20)_IS_Management_Basics_LinkedIn
Ian Naumenko, CISSP, CRISC
 
How To Promote Security Awareness In Your Company
How To Promote Security Awareness In Your CompanyHow To Promote Security Awareness In Your Company
How To Promote Security Awareness In Your Company
danielblander
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and Tools
Andrew S. Baker (ASB)
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control Systems
Infonaligy
 
The 5 ws of Cyber Security
The 5 ws of Cyber SecurityThe 5 ws of Cyber Security
The 5 ws of Cyber Security
Misha Hanin
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
Edward Wendling
 
Infosec russia cnemeth_v1.2.ppt
Infosec russia cnemeth_v1.2.pptInfosec russia cnemeth_v1.2.ppt
Infosec russia cnemeth_v1.2.ppt
Christophe Németh (CISSP / CISM)
 
Mind the gap
Mind the gapMind the gap
Mind the gap
Roger Hagedorn
 

Recommended

(2016_01_20)_IS_Management_Basics_LinkedIn
(2016_01_20)_IS_Management_Basics_LinkedIn(2016_01_20)_IS_Management_Basics_LinkedIn
(2016_01_20)_IS_Management_Basics_LinkedIn
Ian Naumenko, CISSP, CRISC
 
How To Promote Security Awareness In Your Company
How To Promote Security Awareness In Your CompanyHow To Promote Security Awareness In Your Company
How To Promote Security Awareness In Your Company
danielblander
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and Tools
Andrew S. Baker (ASB)
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control Systems
Infonaligy
 
The 5 ws of Cyber Security
The 5 ws of Cyber SecurityThe 5 ws of Cyber Security
The 5 ws of Cyber Security
Misha Hanin
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
Edward Wendling
 
Infosec russia cnemeth_v1.2.ppt
Infosec russia cnemeth_v1.2.pptInfosec russia cnemeth_v1.2.ppt
Infosec russia cnemeth_v1.2.ppt
Christophe Németh (CISSP / CISM)
 
Mind the gap
Mind the gapMind the gap
Mind the gap
Roger Hagedorn
 
12 Simple Cybersecurity Rules For Your Small Business
12 Simple Cybersecurity Rules For Your Small Business 12 Simple Cybersecurity Rules For Your Small Business
12 Simple Cybersecurity Rules For Your Small Business
NSUGSCIS
 
Cultivating security in the small nonprofit
Cultivating security in the small nonprofitCultivating security in the small nonprofit
Cultivating security in the small nonprofit
Roger Hagedorn
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to Know
Roger Hagedorn
 
Secuntialesse
SecuntialesseSecuntialesse
Secuntialesse
Anne Starr
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
IGN MANTRA
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security services
Hinne Hettema
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
Claus Cramon Houmann
 
Rothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professionalRothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professional
Ben Rothke
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
Hamed Moghaddam
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security fail
EnclaveSecurity
 
CISSP Certification-Asset Security
CISSP Certification-Asset SecurityCISSP Certification-Asset Security
CISSP Certification-Asset Security
Hamed Moghaddam
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum 2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
Carolyn Slade, MS-HIM
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...
James Mulhern
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
EC-Council
 
Building a Mobile Security Model
Building a Mobile Security Model Building a Mobile Security Model
Building a Mobile Security Model
tmbainjr131
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulation
James Mulhern
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Paul C. Van Slyke
 
Top 12 Threats to Enterprise
Top 12 Threats to EnterpriseTop 12 Threats to Enterprise
Top 12 Threats to Enterprise
Argyle Executive Forum
 
)k
)k)k
)k
Anne Starr
 
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
Jane Alexander
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
Evan Francen
 
Team black
Team blackTeam black
Team black
hetvi naik
 

More Related Content

What's hot

12 Simple Cybersecurity Rules For Your Small Business
12 Simple Cybersecurity Rules For Your Small Business 12 Simple Cybersecurity Rules For Your Small Business
12 Simple Cybersecurity Rules For Your Small Business
NSUGSCIS
 
Cultivating security in the small nonprofit
Cultivating security in the small nonprofitCultivating security in the small nonprofit
Cultivating security in the small nonprofit
Roger Hagedorn
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to Know
Roger Hagedorn
 
Secuntialesse
SecuntialesseSecuntialesse
Secuntialesse
Anne Starr
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
IGN MANTRA
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security services
Hinne Hettema
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
Claus Cramon Houmann
 
Rothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professionalRothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professional
Ben Rothke
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
Hamed Moghaddam
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security fail
EnclaveSecurity
 
CISSP Certification-Asset Security
CISSP Certification-Asset SecurityCISSP Certification-Asset Security
CISSP Certification-Asset Security
Hamed Moghaddam
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum 2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
Carolyn Slade, MS-HIM
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...
James Mulhern
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
EC-Council
 
Building a Mobile Security Model
Building a Mobile Security Model Building a Mobile Security Model
Building a Mobile Security Model
tmbainjr131
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulation
James Mulhern
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Paul C. Van Slyke
 
Top 12 Threats to Enterprise
Top 12 Threats to EnterpriseTop 12 Threats to Enterprise
Top 12 Threats to Enterprise
Argyle Executive Forum
 
)k
)k)k
)k
Anne Starr
 
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
Jane Alexander
 

What's hot (20)

12 Simple Cybersecurity Rules For Your Small Business
12 Simple Cybersecurity Rules For Your Small Business 12 Simple Cybersecurity Rules For Your Small Business
12 Simple Cybersecurity Rules For Your Small Business
 
Cultivating security in the small nonprofit
Cultivating security in the small nonprofitCultivating security in the small nonprofit
Cultivating security in the small nonprofit
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to Know
 
Secuntialesse
SecuntialesseSecuntialesse
Secuntialesse
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security services
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
 
Rothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professionalRothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professional
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security fail
 
CISSP Certification-Asset Security
CISSP Certification-Asset SecurityCISSP Certification-Asset Security
CISSP Certification-Asset Security
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum 2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...
 
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
 
Building a Mobile Security Model
Building a Mobile Security Model Building a Mobile Security Model
Building a Mobile Security Model
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulation
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
 
Top 12 Threats to Enterprise
Top 12 Threats to EnterpriseTop 12 Threats to Enterprise
Top 12 Threats to Enterprise
 
)k
)k)k
)k
 
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...
 

Similar to Information Security & Manufacturing

Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
Evan Francen
 
Team black
Team blackTeam black
Team black
hetvi naik
 
GRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersGRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of users
Joel Cardella
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
PECB
 
Trending it security threats in the public sector
Trending it security threats in the public sectorTrending it security threats in the public sector
Trending it security threats in the public sector
Core Security
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
Security, Audit and Compliance: course overview
Security, Audit and Compliance: course overviewSecurity, Audit and Compliance: course overview
Security, Audit and Compliance: course overview
Edinburgh Napier University
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to Compliance
Evan Francen
 
Presentation 1.pptx
Presentation 1.pptxPresentation 1.pptx
Presentation 1.pptx
rabeetkashif
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
Evan Francen
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing business
Joel Cardella
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise Security
Stephen Cobb
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small Business
Julius Clark, CISSP, CISA
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small Business
Julius Clark, CISSP, CISA
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
EC-Council
 
Be More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small BusinessBe More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small Business
Art Ocain
 
Security analysis
Security analysisSecurity analysis
Security analysis
Yulisa Rosliana S.Kom
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...
XeniT Solutions nv
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Eric Vanderburg
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
infosec train
 

Similar to Information Security & Manufacturing (20)

Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
 
Team black
Team blackTeam black
Team black
 
GRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersGRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of users
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
 
Trending it security threats in the public sector
Trending it security threats in the public sectorTrending it security threats in the public sector
Trending it security threats in the public sector
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Security, Audit and Compliance: course overview
Security, Audit and Compliance: course overviewSecurity, Audit and Compliance: course overview
Security, Audit and Compliance: course overview
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to Compliance
 
Presentation 1.pptx
Presentation 1.pptxPresentation 1.pptx
Presentation 1.pptx
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing business
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise Security
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small Business
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small Business
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
 
Be More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small BusinessBe More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small Business
 
Security analysis
Security analysisSecurity analysis
Security analysis
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
 

More from Evan Francen

WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language Problem
Evan Francen
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware Dallas
Evan Francen
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
Evan Francen
 
Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219
Evan Francen
 
Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk Effectively
Evan Francen
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party Risks
Evan Francen
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment Fraud
Evan Francen
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
Evan Francen
 
People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017
Evan Francen
 
AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the Union
Evan Francen
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology Conference
Evan Francen
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information Security
Evan Francen
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
Evan Francen
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance World
Evan Francen
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a Leader
Evan Francen
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) By
Evan Francen
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
Evan Francen
 
An Introduction to Information Security
An Introduction to Information SecurityAn Introduction to Information Security
An Introduction to Information Security
Evan Francen
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
Evan Francen
 

More from Evan Francen (19)

WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language Problem
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware Dallas
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
 
Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219
 
Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk Effectively
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party Risks
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment Fraud
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
 
People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017
 
AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the Union
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology Conference
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information Security
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance World
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a Leader
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) By
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
 
An Introduction to Information Security
An Introduction to Information SecurityAn Introduction to Information Security
An Introduction to Information Security
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 

Recently uploaded

Business storytelling: key ingredients to a story
Business storytelling: key ingredients to a storyBusiness storytelling: key ingredients to a story
Business storytelling: key ingredients to a story
Alexandra Fulford
 
Easily Verify Compliance and Security with Binance KYC
Easily Verify Compliance and Security with Binance KYCEasily Verify Compliance and Security with Binance KYC
Easily Verify Compliance and Security with Binance KYC
Any kyc Account
 
Authentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto RicoAuthentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto Rico
Corey Perlman, Social Media Speaker and Consultant
 
Digital Transformation Frameworks: Driving Digital Excellence
Digital Transformation Frameworks: Driving Digital ExcellenceDigital Transformation Frameworks: Driving Digital Excellence
Digital Transformation Frameworks: Driving Digital Excellence
Operational Excellence Consulting
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
FelixPerez547899
 
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesEvent Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Holger Mueller
 
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdfHOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
46adnanshahzad
 
Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431
ecamare2
 
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdfThe 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
thesiliconleaders
 
The Genesis of BriansClub.cm Famous Dark WEb Platform
The Genesis of BriansClub.cm Famous Dark WEb PlatformThe Genesis of BriansClub.cm Famous Dark WEb Platform
The Genesis of BriansClub.cm Famous Dark WEb Platform
SabaaSudozai
 
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Neil Horowitz
 
BeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdfBeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdf
DerekIwanaka1
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
LuanWise
 
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
Lacey Max
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
SOFTTECHHUB
 
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
hartfordclub1
 
Best practices for project execution and delivery
Best practices for project execution and deliveryBest practices for project execution and delivery
Best practices for project execution and delivery
CLIVE MINCHIN
 
Income Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IACIncome Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IAC
CA Dr. Prithvi Ranjan Parhi
 
Structural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for BuildingsStructural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for Buildings
Chandresh Chudasama
 
Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
Kirill Klimov
 

Recently uploaded (20)

Business storytelling: key ingredients to a story
Business storytelling: key ingredients to a storyBusiness storytelling: key ingredients to a story
Business storytelling: key ingredients to a story
 
Easily Verify Compliance and Security with Binance KYC
Easily Verify Compliance and Security with Binance KYCEasily Verify Compliance and Security with Binance KYC
Easily Verify Compliance and Security with Binance KYC
 
Authentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto RicoAuthentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto Rico
 
Digital Transformation Frameworks: Driving Digital Excellence
Digital Transformation Frameworks: Driving Digital ExcellenceDigital Transformation Frameworks: Driving Digital Excellence
Digital Transformation Frameworks: Driving Digital Excellence
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
 
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesEvent Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
 
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdfHOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
 
Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431
 
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdfThe 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
 
The Genesis of BriansClub.cm Famous Dark WEb Platform
The Genesis of BriansClub.cm Famous Dark WEb PlatformThe Genesis of BriansClub.cm Famous Dark WEb Platform
The Genesis of BriansClub.cm Famous Dark WEb Platform
 
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
 
BeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdfBeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdf
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
 
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
 
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
 
Best practices for project execution and delivery
Best practices for project execution and deliveryBest practices for project execution and delivery
Best practices for project execution and delivery
 
Income Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IACIncome Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IAC
 
Structural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for BuildingsStructural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for Buildings
 
Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
 

Information Security & Manufacturing

  • 2. • Introduction • Questions Everyone Should Be Able to Answer • What Is Information Security? • How Is Manufacturing Different from Other Industries? • Is Your Company a Target? • What’s Your Role? • Questions You Have for Me INFORMATION SECURITY & MANUFACTURING INTRODUCTION Topics/Agenda 1
  • 3. Speaker: EvanFrancen,CEO& Founder ofFRSecure andSecurityStudio • Co-inventor of SecurityStudio®, FISA™, FISASCORE® and Vendefense™ • 25+ years of “practical” information security experience (started as a Cisco Engineer in the early 90s) • Have worked with 100s of companies; big (Wells Fargo, US Bank, UHG, etc.) and small • Have written more than 750 articles about information security • Developed the FRSecure Mentor Program; six students in 2010/360+ in 2018 • Dozens of television and radio appearances; numerous topics • Advised legal counsel in very public breaches (Target, Blue Cross/Blue Shield, etc.) INTRODUCTION 2 INFORMATION SECURITY & MANUFACTURING AKA: The “Truth”
  • 5. • Information Security Consulting and Management company. It’s all we do. • Our core services include: • Security Risk Analysis – using FISASCORE® • Social Engineering Services • Penetration Testing Services • PCI QSA Services • Incident Management Services • HITRUST Services • Information Security Training & Awareness • vServices (vCISO, vISO, and vISA) • Methodology fanatics, mentoring champions, and product agnostic. INFORMATION SECURITY & MANUFACTURING INTRODUCTION FRSecure 4
  • 6. INFORMATION SECURITY & MANUFACTURING INTRODUCTION Let’s get started, but first a joke. 5 What do you call fake spaghetti?
  • 7. INFORMATION SECURITY & MANUFACTURING INTRODUCTION Let’s get started, but first a joke. 6 What do you call fake spaghetti? An impasta.
  • 8. • Ask 10 “experts” the same question. • 10 different answers • We’ve got egos, so we all think ours is better. UGH! • Simplify! – Complexity is the enemy of information security – Remember this. • Our (my tribe’s) definition… INFORMATION SECURITY & MANUFACTURING QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER Back to work…What is “information security?” 7
  • 9. • Information security is managing risk to information… • Confidentiality • Integrity • Availability • Using… • Administrative, • Physical, and • Technical controls. INFORMATION SECURITY & MANUFACTURING QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER What is “information security?” 8
  • 10. • Confidentiality • Integrity • Availability • Using… • Administrative, • Physical, and • Technical Controls. Information security is managing risk to information… 9 • TRUTH: Information security is about MANAGING risk, NOT ELIMINATING risk. Much, much different. • Risk is an overused word, but the meaning is the likelihood of something bad happening and the impact if it did. • You manage risk every day. Most of this risk management is automatic and even subconscious. • TRUTH: Security incidents and breaches are not completely preventable and should be expected. • No matter what you do, you cannot prevent all bad things. • What you can’t prevent, you should be able to detect and respond to. INFORMATION SECURITY & MANUFACTURING QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER
  • 11. • Confidentiality • Integrity • Availability • Using… • Administrative, • Physical, and • Technical Controls. INFORMATION SECURITY & MANUFACTURING QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER Information security is managing risk to information… 10 • Confidentiality is about keeping things secret. • Only the people/programs who are authorized to access information are permitted to access information. • Most people think that this is the purpose of security, but as you can see, it’s only one purpose. • TRUTH: Everybody’s got secrets. Everybody. • Personal – Social Security Number, passwords, things that go on in their homes, etc. • Business – Intellectual property, customer information, etc. • This is where privacy lives…
  • 12. • Confidentiality • Integrity • Availability • Using… • Administrative, • Physical, and • Technical Controls. INFORMATION SECURITY & MANUFACTURING QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER Information security is managing risk to information… 11 • Integrity is about making sure the information is accurate. • This is an oft-overlooked part of the definition. • You make decisions every day based on the information you receive and consume. • TRUTH: Poor information = poor decisions. • Wouldn’t it be nice (sort of) to: • Change the balance of your bank account (to the positive)? • Change your grades at school? • Influence (or manipulate) others with false information?
  • 13. • Confidentiality • Integrity • Availability • Using… • Administrative, • Physical, and • Technical Controls. INFORMATION SECURITY & MANUFACTURING QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER Information security is managing risk to information… 12 • Information must be made available to (authorized) people when they need it. • TRUTH: A business is in business to make money. If we make it harder to make money, we’ve done something wrong. • Common attacks against availability include things like ransomware, denial of service, etc.
  • 14. • Confidentiality • Integrity • Availability • Using… • Administrative, • Physical, and • Technical Controls. INFORMATION SECURITY & MANUFACTURING QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER Information security is managing risk to information… 13 • How do we protect confidentiality, integrity, and availability? • We use different types of controls.
  • 15. • Confidentiality • Integrity • Availability • Using… • Administrative, • Physical, and • Technical Controls. INFORMATION SECURITY & MANUFACTURING QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER Information security is managing risk to information… 14 • Administrative controls apply to the “people part” of security. • Policies, procedures, training, awareness, etc. are all administrative controls. • People are always the greatest risk. • It’s easier to go through your secretary than it is your firewall. • TRUTH: Information security is NOT an IT issue. It’s a business issue. • Policies get a bad rap because people stink at using them. • They’re the rules, think a board game. • They’re not supposed to be read by everyone. • They’re reference documents. • They’re supposed to reflect you (your rules).
  • 16. • Confidentiality • Integrity • Availability • Using… • Administrative, • Physical, and • Technical Controls. INFORMATION SECURITY & MANUFACTURING QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER Information security is managing risk to information… 15 • Physical controls are used to protect and detect physical access to the things you want to protect. • Physical controls are also used to respond to unauthorized access. • It doesn’t matter how well your firewall works if someone can steal your server. • TRUTH: Information security is NOT an IT issue. It’s a business issue.
  • 17. • Confidentiality • Integrity • Availability • Using… • Administrative, • Physical, and • Technical Controls. INFORMATION SECURITY & MANUFACTURING QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER Information security is managing risk to information… 16 • This is the IT part of information security. • This is also what many people think is “information security,” but they do so at their own peril. • Technical controls include things like passwords, firewalls, anti-virus software, etc. • TRUTH: Information security is NOT an IT issue. It’s a business issue.
  • 18. • Confidentiality • Integrity • Availability • Using… • Administrative, • Physical, and • Technical controls. INFORMATION SECURITY & MANUFACTURING QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER Informationsecurity is managingrisk toinformation… 17 • So, there you have it. • What does this mean for you? • Let’s recap the truths quickly: • TRUTH: Information security is about MANAGING risk, NOT ELIMINATING risk. • TRUTH: Security incidents and breaches are not completely preventable and should be expected. • TRUTH: Everybody’s got secrets. Everybody. • TRUTH: Poor information = poor decisions. • TRUTH: A business is in business to make money. • TRUTH: Information security is NOT an IT issue. It’s a business issue.
  • 19. • In one respect, it’s not. The definition we just covered applies in all industries. • Manufacturing is lagging behind other industries. • In terms of understanding security. • In terms of managing risk. Most manufacturing companies have never done an information security risk assessment, thus management does not know their current status or where there most significant risk is. • The average FISASCORE® for manufacturing is 608.74. INFORMATION SECURITY & MANUFACTURING HOW MANUFACTURING IS DIFFERENT FROM OTHER INDUSTRIES How Is ManufacturingDifferent fromOtherIndustries? 18
  • 20. • Manufacturing is one of the most heavily targeted industries. • Targeted by nation-state actors and money-motivated “hackers” • Reasons: • Ease of compromise. • Easy access to vast amounts of intellectual property. • Ransomware has a great impact – more likely to pay. • Successful financial attacks are more likely; against executives and accounting personnel. INFORMATION SECURITY & MANUFACTURING HOW MANUFACTURING IS DIFFERENT FROM OTHER INDUSTRIES How Is ManufacturingDifferent fromOtherIndustries? 19
  • 21. • Most likely, the answer is yes. • It’s reality. We’re all targets. • False logic tells you that you have nothing that anyone would want. • This instills fear in some people, but that’s OK. • Fear can be healthy. • Fear motivates people. • Fear dictates what actions you take. • The more real the threat, the more heroic your actions. INFORMATION SECURITY & MANUFACTURING IS YOUR COMPANY ATARGET? IsYourCompany a Target? 20
  • 22. • You can’t possibly manage something that you don’t understand. • An information security risk assessment is absolutely the place to start. • Depends on your role within the company. • Your failure to manage security well doesn’t only affect you. INFORMATION SECURITY & MANUFACTURING WHAT’S YOUR ROLE? If information securityis about managing risk… 21
  • 23. • Executive Management – ultimately security is your responsibility (NOT IT’s). • You must understand 1) current state, 2) future/planned state, 3) when you’re going to get there, and 4) how much it will cost. • You set the rules and control the culture. • Information Security Personnel – Provide accurate risk data to Executive Management, assist in risk decision-making, and manage risk to the best of your ability within the context of management’s direction. • Everybody else – Play by the rules. INFORMATION SECURITY & MANUFACTURING WHAT’S YOUR ROLE? Some examples… 22
  • 24. 1. Current state – what’s your current FISASCORE®? 2. Future/planned state – what’s your target FISASCORE®? 1. Taking the results of the original assessment, decisions are made. 2. The decisions are: what are we going to do, when are we going to do it, and who’s going to do it? –This is called the roadmap (or strategic plan). – The planned state should not be a shot in the dark. 3. When you’re going to get there (the planned state). 4. How much it will cost (your budget). INFORMATION SECURITY & MANUFACTURING WHAT’S YOUR ROLE? How we do it… 23
  • 25. • Defensibility is critical. • Assumed breach mentality. • What would a reasonable person do in the same situation? • When a bad thing happens, what do you have to defend yourself from: • Customers. • The press. • Opposing counsel. INFORMATION SECURITY & MANUFACTURING WHAT’S YOUR ROLE? How we do it… 24
  • 26. Questions? Hopefully about security. Thank you! For a copy of this presentation, text ENTMN19 to 555888 Evan Francen – https://evanfrancen.com • FRSecure – https://frsecure.com • evan@frsecure.com • @evanfrancen INFORMATION SECURITY & MANUFACTURING QUESTIONS? 25 Now you know the basics. ...and the basics are what’s most important.