This presentation was delivered to Minnesota manufacturing CEOs who attended the April 2019 Enterprise Minnesota event. Manufacturing companies face real information security threats that they need to prepare for.
Information security management requires having a plan to manage security, understanding the business needs, and promoting a security-positive culture. Effective communication and understanding business drivers are important. Information security professionals need to adopt risk-based approaches, classify sensitive information, and ensure compliance with relevant regulations while supporting business objectives. Maintaining security also involves incident response, business continuity planning, and keeping up with emerging threats and technologies.
How To Promote Security Awareness In Your Companydanielblander
The document discusses promoting security awareness at companies. It outlines objectives like making security relevant and easy to understand. It addresses common objections like programs being too expensive or employees not paying attention. The document recommends focusing on cultural change, empowering employees, and using various mediums like training, newsletters and contests to deliver ongoing security awareness messages. The overall goal is for employees to feel security enables and benefits them.
The document discusses approaches for ensuring IT security for NGOs with global presences and limited resources. It emphasizes managing security through the lens of people, procedures, and tools. The presentation outlines key premises of information security, such as treating it as a lifestyle rather than an event. It provides suggestions for dealing with challenges like maintaining security on a limited budget and in a global setting. It stresses the importance of having the right people, clear and simple procedures, and tools used to implement security policies.
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
Get an inside look at practical examples of how hackers target control systems networks from the recent Lunch and Learn event put on by Infonaligy and Flexware Innovation.
It's a Who, What, Where and Why behind cyber risk in today's modern era - how data breaches happen, why they happen, and what you can do to address them.
The document discusses the need for a new information security paradigm as the nature of information flows changes. It outlines some of the key risks like cyber threats, compliance issues, and business transformation challenges. It then discusses how new technologies like cloud, mobile, BYOD and social media require a systemic rather than technical approach. The new paradigm involves information security participating more in innovation, adopting a proactive risk management strategy, and collaborating with business units. The role shifts from saying no to helping business achieve objectives while managing emerging information risks.
Security threats are growing in volume, scale, and complexity. Not a day passes that we don’t hear about another data breach; and the average organization that’s hacked goes bankrupt within a year. From small and medium-size organizations to Fortune 500 companies, across every industry, no one is immune. It’s no longer enough to keep the bad stuff out (threat protection) or just keep the good stuff in (information protection). This session is a practical discussion on the ever evolving threat landscape, how you can keep up and protect yourself, your organization, and its reputation. It will help you build awareness about the types of resources and sensitive data that your nonprofit has, with tips on practical, accessible steps that you can take to ensure that information is safeguarded.
Information security management requires having a plan to manage security, understanding the business needs, and promoting a security-positive culture. Effective communication and understanding business drivers are important. Information security professionals need to adopt risk-based approaches, classify sensitive information, and ensure compliance with relevant regulations while supporting business objectives. Maintaining security also involves incident response, business continuity planning, and keeping up with emerging threats and technologies.
How To Promote Security Awareness In Your Companydanielblander
The document discusses promoting security awareness at companies. It outlines objectives like making security relevant and easy to understand. It addresses common objections like programs being too expensive or employees not paying attention. The document recommends focusing on cultural change, empowering employees, and using various mediums like training, newsletters and contests to deliver ongoing security awareness messages. The overall goal is for employees to feel security enables and benefits them.
The document discusses approaches for ensuring IT security for NGOs with global presences and limited resources. It emphasizes managing security through the lens of people, procedures, and tools. The presentation outlines key premises of information security, such as treating it as a lifestyle rather than an event. It provides suggestions for dealing with challenges like maintaining security on a limited budget and in a global setting. It stresses the importance of having the right people, clear and simple procedures, and tools used to implement security policies.
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
Get an inside look at practical examples of how hackers target control systems networks from the recent Lunch and Learn event put on by Infonaligy and Flexware Innovation.
It's a Who, What, Where and Why behind cyber risk in today's modern era - how data breaches happen, why they happen, and what you can do to address them.
The document discusses the need for a new information security paradigm as the nature of information flows changes. It outlines some of the key risks like cyber threats, compliance issues, and business transformation challenges. It then discusses how new technologies like cloud, mobile, BYOD and social media require a systemic rather than technical approach. The new paradigm involves information security participating more in innovation, adopting a proactive risk management strategy, and collaborating with business units. The role shifts from saying no to helping business achieve objectives while managing emerging information risks.
Security threats are growing in volume, scale, and complexity. Not a day passes that we don’t hear about another data breach; and the average organization that’s hacked goes bankrupt within a year. From small and medium-size organizations to Fortune 500 companies, across every industry, no one is immune. It’s no longer enough to keep the bad stuff out (threat protection) or just keep the good stuff in (information protection). This session is a practical discussion on the ever evolving threat landscape, how you can keep up and protect yourself, your organization, and its reputation. It will help you build awareness about the types of resources and sensitive data that your nonprofit has, with tips on practical, accessible steps that you can take to ensure that information is safeguarded.
12 Simple Cybersecurity Rules For Your Small Business NSUGSCIS
This document provides 12 cybersecurity rules for small businesses. It begins by stating that small businesses have a great need for cybersecurity but limited resources to dedicate to protection. The rules are designed to provide affordable guidelines. The first rule is to focus on the business needs rather than making security the primary focus. Other rules include deciding the appropriate level of security needed, emphasizing prevention over reaction, using existing security software, regularly backing up important data, and creating a written security policy. The document stresses that basic security measures can be effective and affordable for small businesses.
Cultivating security in the small nonprofitRoger Hagedorn
This document discusses steps that small nonprofits can take to improve security and decrease risks. It begins with an overview of six security basics: strong passwords, anti-malware software, using an updated browser, keeping devices patched, backing up data, and installing a firewall. However, it notes that these alone are not sufficient, as there are ways to circumvent defenses like using cloud services, USB drives, rogue wireless networks, smartphones, and social engineering. The document provides tips on how to assess and respond to risks through mitigation, transference, acceptance, or avoidance. It suggests easy initial steps like inventorying devices and software, changing defaults, training staff, and limiting administrative privileges.
Data Security: What Every Leader Needs to KnowRoger Hagedorn
This document summarizes a presentation on data security for organizational leaders. It covers the key components of an effective security program, including support from management, understanding your data and where it is stored, implementing proper IT controls and monitoring, establishing security policies and procedures, and gaining staff involvement through training. It also discusses how to identify if a breach has occurred based on network traffic and user activity anomalies, and the steps to take in response, such as identifying and quarantining the damage before disinfecting and resecuring the network. The presentation aims to educate leaders on security basics and preparing an incident response plan.
The document discusses various topics related to asset management and data security in an IT environment. It covers:
- The importance of having policies for classifying, retaining, and destroying assets like data, hardware, software and documentation.
- Defining roles for data owners, custodians, system owners and administrators.
- Methods for securely storing, transmitting and destroying sensitive data.
- Vulnerabilities that can affect web-based systems and ways to assess security risks through scanning and testing.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.IGN MANTRA
ISO 27001:2013 Awareness, Seminar & Workshop Indonesia Honeynet Project IHP, Badan Siber dan Sandi Negara BSSN, Universitas Syiah Kuala Unsyiah, 23-24 Oktober 2018
Keynote on why you should make Infosec a board level strategic item, how you should raise it to this level and how to approach Information Security strategically
Training and Tips that are very helpful to gain knowledge in the field of information Security and passing your CISSP Certification Exam.
To be CISSP Certified Please Check out the link below:
http://asmed.com/cissp-isc2/
The document discusses how many companies have experienced data theft due to failures in governance and security. It provides examples of major data breaches at companies like Nortel, Zappos, Stratfor, Subway, universities, transit agencies, music companies, game developers, Sony Pictures, Lockheed Martin, and WordPress. These incidents occurred because companies lacked executive support, documented security plans, adequate budgets, the right controls, and metrics to measure security performance. The document emphasizes that data theft will continue unless companies improve security governance.
The document discusses asset security and data management. It outlines the objectives of classifying information and assets, determining and maintaining ownership, protecting privacy, and establishing handling requirements. It then provides details on determining and maintaining data ownership, including developing sound data policies, defining roles and responsibilities, and ensuring data quality. It also discusses data security controls and standards for protecting data at rest, in transit, and in various states.
What is Information Security and why you should care ...James Mulhern
An interactive introduction to Information Security and Cyber Security for BTEC students studying IT at Swindon College in the UK. The session illustrates the breadth and diversity of the subject and opportunities it can offer. The session illustrates things might not always be as they seem and the impacts can be far more reaching than at first imagined.
Why You’ll Care More About Mobile Security in 2020 - Tom BainEC-Council
What is “mobile security?” Seriously, what is it? Is it hardening controls, policy enforcement, knowing how to test mobile apps, mobile antivirus? And how do I map mobile security into an enterprise security strategy?
A year later, it’s still as ubiquitous as it has ever been. However with the sophistication of device-based attacks and with the sheer volume of mobile malware exploding, mobile security maintains its status as a major pain point and a critical element you have to consider when building a security program.
Given the research available and the increasing threatscape, mobile security preparedness predicated on managing the strategy is a better option than reactionary measures. What’s new in 2015 is there is more sufficient evidence that mobile attacks will further penetrate enterprise systems based on the increase of mobile device ‘involvement’ in many major hacks (not necessarily root cause traced to devices or compromised mobile apps)
This presentation will discuss the key trends impacting mobile security and will lay out an updated set of building blocks to produce a holistic mobile security model: from BYOD to mobile policy development to MDM; common and emerging exploits and targeted malware; the myriad of possible mitigations; and the notion of trusted software vs device-specific consideration.
Additionally, before we look at policy implementation best practices, we’ll look at a few key use cases and review a few sample enterprise models to learn how some of top organizations are managing mobile security. Finally, the presentation will take a five-year look outward to determine what impact mobile security will have long-term.
This document discusses considerations for building a mobile security model. It covers mobile security trends like the rise of BYOD and increased use of mobile devices for work. It also discusses common mobile security issues like inconsistent policies, malware threats, and data leakage. The document provides a checklist for creating a mobile security policy that assesses risks and validates controls. It emphasizes the need to understand how data will be used and accessed across devices to define clear and enforceable policies.
Gdpr demystified - making sense of the regulationJames Mulhern
Slightly out dated introduction to GDPR, that tries to move away from the headlines on fines and emphasises the global nature of the regulation, the numerous forms of lawful processing and the absolute need to manage privacy and be transparent. Goes on to show how using public cloud can help solve part of the problem.
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Paul C. Van Slyke
This document discusses best practices for corporate data security and legal compliance. It begins with an overview of common data breaches in 2014 and the industries most affected. It then outlines best practice protocols from organizations like NIST, recommendations for rapid detection of breaches, and top priority steps to take before an attack like identifying critical data and having backup plans. The document also discusses major data security and privacy laws, creating an incident response team, and proper steps to take when responding to a breach, including notification requirements. The goal is to help companies properly secure data and respond effectively in the event of a security incident.
Gene Scriven, Chief Information Security Officer at Sabre Corporation, discussed the biggest threats to today’s enterprises during his presentation at the 2015 Chief Information Officer Leadership Forum in Dallas on March 11. In his presentation, “Top 12 Threats to Enterprise – aka ‘Gene’s Dirty Dozen,’” Scriven pointed out that information security is a major problem for many organizations, but there are several ways that organizations can protect themselves against myriad cyber threats.
Security threats and controls were discussed, including cryptography and access control. An expert trainer profile was provided, detailing qualifications and experience in IT security management and implementation of standards such as ISO 27001, COBIT 5, and ITIL. Key security concepts such as the CIA triad of confidentiality, integrity and availability were explained.
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...Jane Alexander
Jane Alexander,CIO,Cleveland Museum of Art
Brian Dawson, CDO, Canada Science and Technology Museums Corporation
Yvel Guelce, Director of Infrastructure Technology
Children's Museum of Indianapolis
IT staff are often seen as the "Bad Guys," naysayers to anything new and exciting, in the quest to protect the organization from security breaches. In this session, four museum IT leaders will show how common struggles in security can be turned around to develop positive partnerships with other departments for pro-active risk management.
Ranging from simple to complex, the issues each museum faces transcends cost and institution size. The presenters work at wildly diverse organizations but face surprisingly similar issues. Among the topics they will address are how federal policy requirements and PCI compliance affect their organizations, finding budget-conscious ways to meet the rules, encouraging safe practices by end users, using IT risk management to assist senior staff in making informed decisions, and educating employees at all levels. Attention will be given to the everyday struggles common to all IT professionals--for example, changing passwords, Bring Your Own Device, and securely managing information in the cloud. The discussion will then open up to a roundtable format for sharing of successes and frustrations, questions, and comments.
Information Security is NOT an IT IssueEvan Francen
This document summarizes a presentation about information security. The presentation argues that information security is not just an IT issue and should be viewed as a business issue. It explains that IT-centric security can overlook important administrative and physical controls. The presentation recommends establishing an information security committee with the right stakeholders to develop policies and oversee a security program. It also describes security services offered by FRSecure to help organizations assess and improve their information security.
Employees are the most vulnerable asset to any organization. General IT training for employees should cover common cybersecurity threats like phishing emails, malware, weak passwords, removable media, unsafe internet habits, social engineering, and physical security risks. Training should teach employees how to identify these threats and the proper procedures to avoid them, such as using unique, strong passwords, vetting email attachments and websites, and protecting devices. Regular security awareness training and enforcement of policies like clean desk can help defend organizations against cyberattacks targeting employees.
12 Simple Cybersecurity Rules For Your Small Business NSUGSCIS
This document provides 12 cybersecurity rules for small businesses. It begins by stating that small businesses have a great need for cybersecurity but limited resources to dedicate to protection. The rules are designed to provide affordable guidelines. The first rule is to focus on the business needs rather than making security the primary focus. Other rules include deciding the appropriate level of security needed, emphasizing prevention over reaction, using existing security software, regularly backing up important data, and creating a written security policy. The document stresses that basic security measures can be effective and affordable for small businesses.
Cultivating security in the small nonprofitRoger Hagedorn
This document discusses steps that small nonprofits can take to improve security and decrease risks. It begins with an overview of six security basics: strong passwords, anti-malware software, using an updated browser, keeping devices patched, backing up data, and installing a firewall. However, it notes that these alone are not sufficient, as there are ways to circumvent defenses like using cloud services, USB drives, rogue wireless networks, smartphones, and social engineering. The document provides tips on how to assess and respond to risks through mitigation, transference, acceptance, or avoidance. It suggests easy initial steps like inventorying devices and software, changing defaults, training staff, and limiting administrative privileges.
Data Security: What Every Leader Needs to KnowRoger Hagedorn
This document summarizes a presentation on data security for organizational leaders. It covers the key components of an effective security program, including support from management, understanding your data and where it is stored, implementing proper IT controls and monitoring, establishing security policies and procedures, and gaining staff involvement through training. It also discusses how to identify if a breach has occurred based on network traffic and user activity anomalies, and the steps to take in response, such as identifying and quarantining the damage before disinfecting and resecuring the network. The presentation aims to educate leaders on security basics and preparing an incident response plan.
The document discusses various topics related to asset management and data security in an IT environment. It covers:
- The importance of having policies for classifying, retaining, and destroying assets like data, hardware, software and documentation.
- Defining roles for data owners, custodians, system owners and administrators.
- Methods for securely storing, transmitting and destroying sensitive data.
- Vulnerabilities that can affect web-based systems and ways to assess security risks through scanning and testing.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.IGN MANTRA
ISO 27001:2013 Awareness, Seminar & Workshop Indonesia Honeynet Project IHP, Badan Siber dan Sandi Negara BSSN, Universitas Syiah Kuala Unsyiah, 23-24 Oktober 2018
Keynote on why you should make Infosec a board level strategic item, how you should raise it to this level and how to approach Information Security strategically
Training and Tips that are very helpful to gain knowledge in the field of information Security and passing your CISSP Certification Exam.
To be CISSP Certified Please Check out the link below:
http://asmed.com/cissp-isc2/
The document discusses how many companies have experienced data theft due to failures in governance and security. It provides examples of major data breaches at companies like Nortel, Zappos, Stratfor, Subway, universities, transit agencies, music companies, game developers, Sony Pictures, Lockheed Martin, and WordPress. These incidents occurred because companies lacked executive support, documented security plans, adequate budgets, the right controls, and metrics to measure security performance. The document emphasizes that data theft will continue unless companies improve security governance.
The document discusses asset security and data management. It outlines the objectives of classifying information and assets, determining and maintaining ownership, protecting privacy, and establishing handling requirements. It then provides details on determining and maintaining data ownership, including developing sound data policies, defining roles and responsibilities, and ensuring data quality. It also discusses data security controls and standards for protecting data at rest, in transit, and in various states.
What is Information Security and why you should care ...James Mulhern
An interactive introduction to Information Security and Cyber Security for BTEC students studying IT at Swindon College in the UK. The session illustrates the breadth and diversity of the subject and opportunities it can offer. The session illustrates things might not always be as they seem and the impacts can be far more reaching than at first imagined.
Why You’ll Care More About Mobile Security in 2020 - Tom BainEC-Council
What is “mobile security?” Seriously, what is it? Is it hardening controls, policy enforcement, knowing how to test mobile apps, mobile antivirus? And how do I map mobile security into an enterprise security strategy?
A year later, it’s still as ubiquitous as it has ever been. However with the sophistication of device-based attacks and with the sheer volume of mobile malware exploding, mobile security maintains its status as a major pain point and a critical element you have to consider when building a security program.
Given the research available and the increasing threatscape, mobile security preparedness predicated on managing the strategy is a better option than reactionary measures. What’s new in 2015 is there is more sufficient evidence that mobile attacks will further penetrate enterprise systems based on the increase of mobile device ‘involvement’ in many major hacks (not necessarily root cause traced to devices or compromised mobile apps)
This presentation will discuss the key trends impacting mobile security and will lay out an updated set of building blocks to produce a holistic mobile security model: from BYOD to mobile policy development to MDM; common and emerging exploits and targeted malware; the myriad of possible mitigations; and the notion of trusted software vs device-specific consideration.
Additionally, before we look at policy implementation best practices, we’ll look at a few key use cases and review a few sample enterprise models to learn how some of top organizations are managing mobile security. Finally, the presentation will take a five-year look outward to determine what impact mobile security will have long-term.
This document discusses considerations for building a mobile security model. It covers mobile security trends like the rise of BYOD and increased use of mobile devices for work. It also discusses common mobile security issues like inconsistent policies, malware threats, and data leakage. The document provides a checklist for creating a mobile security policy that assesses risks and validates controls. It emphasizes the need to understand how data will be used and accessed across devices to define clear and enforceable policies.
Gdpr demystified - making sense of the regulationJames Mulhern
Slightly out dated introduction to GDPR, that tries to move away from the headlines on fines and emphasises the global nature of the regulation, the numerous forms of lawful processing and the absolute need to manage privacy and be transparent. Goes on to show how using public cloud can help solve part of the problem.
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Paul C. Van Slyke
This document discusses best practices for corporate data security and legal compliance. It begins with an overview of common data breaches in 2014 and the industries most affected. It then outlines best practice protocols from organizations like NIST, recommendations for rapid detection of breaches, and top priority steps to take before an attack like identifying critical data and having backup plans. The document also discusses major data security and privacy laws, creating an incident response team, and proper steps to take when responding to a breach, including notification requirements. The goal is to help companies properly secure data and respond effectively in the event of a security incident.
Gene Scriven, Chief Information Security Officer at Sabre Corporation, discussed the biggest threats to today’s enterprises during his presentation at the 2015 Chief Information Officer Leadership Forum in Dallas on March 11. In his presentation, “Top 12 Threats to Enterprise – aka ‘Gene’s Dirty Dozen,’” Scriven pointed out that information security is a major problem for many organizations, but there are several ways that organizations can protect themselves against myriad cyber threats.
Security threats and controls were discussed, including cryptography and access control. An expert trainer profile was provided, detailing qualifications and experience in IT security management and implementation of standards such as ISO 27001, COBIT 5, and ITIL. Key security concepts such as the CIA triad of confidentiality, integrity and availability were explained.
#MCN2014 - Risk Management, Security, and Getting Things Done: Creating Win-W...Jane Alexander
Jane Alexander,CIO,Cleveland Museum of Art
Brian Dawson, CDO, Canada Science and Technology Museums Corporation
Yvel Guelce, Director of Infrastructure Technology
Children's Museum of Indianapolis
IT staff are often seen as the "Bad Guys," naysayers to anything new and exciting, in the quest to protect the organization from security breaches. In this session, four museum IT leaders will show how common struggles in security can be turned around to develop positive partnerships with other departments for pro-active risk management.
Ranging from simple to complex, the issues each museum faces transcends cost and institution size. The presenters work at wildly diverse organizations but face surprisingly similar issues. Among the topics they will address are how federal policy requirements and PCI compliance affect their organizations, finding budget-conscious ways to meet the rules, encouraging safe practices by end users, using IT risk management to assist senior staff in making informed decisions, and educating employees at all levels. Attention will be given to the everyday struggles common to all IT professionals--for example, changing passwords, Bring Your Own Device, and securely managing information in the cloud. The discussion will then open up to a roundtable format for sharing of successes and frustrations, questions, and comments.
Information Security is NOT an IT IssueEvan Francen
This document summarizes a presentation about information security. The presentation argues that information security is not just an IT issue and should be viewed as a business issue. It explains that IT-centric security can overlook important administrative and physical controls. The presentation recommends establishing an information security committee with the right stakeholders to develop policies and oversee a security program. It also describes security services offered by FRSecure to help organizations assess and improve their information security.
Employees are the most vulnerable asset to any organization. General IT training for employees should cover common cybersecurity threats like phishing emails, malware, weak passwords, removable media, unsafe internet habits, social engineering, and physical security risks. Training should teach employees how to identify these threats and the proper procedures to avoid them, such as using unique, strong passwords, vetting email attachments and websites, and protecting devices. Regular security awareness training and enforcement of policies like clean desk can help defend organizations against cyberattacks targeting employees.
GRRCON 2013: Imparting security awareness to all levels of usersJoel Cardella
My GRRCON 2013 talk on imparting security awareness. This is based on a highly successful and well received awareness program I created and rolled out for both blue collar and white collar users.
How to Boost your Cyber Risk Management Program and Capabilities?PECB
The webinar explores how understanding your organization in crisis due to an exploitation of risk can develop the organization’s resilience and team in the drive for a stronger level of compliance maturity.
Main points covered:
• Information Security maturity
• ROPI
• Risk Management
• Incident Response
• Forensic Readiness
• Table Top Exercises
• Training
• Legislation
Presenter:
Our presenter for this webinar is Peter Jones, an experienced management professional, digital forensic analyst, cybersecurity professional, ISO 27001 and ISO 17025 auditor and University Lecturer. Peter has a wealth of experience and expertise which incorporates knowledge from being an academic and a practitioner in relation to best practice, data management, cyber security, digital system security and digital forensics, where he has conducted thousands of examinations on behalf of law enforcement and the private sector. Peter has extensive information technology and telecommunications experience which ranges from retail to enterprise environments including supporting the BBC with their hit drama series, ‘Silent Witness’.
Link the the YouTube video: https://youtu.be/aREo4l-pDgc
Trending it security threats in the public sectorCore Security
State and local information security leaders continue to be challenged with the “new norm,” to do more with less, while remaining on top of technology trends driving the marketplace. Traditional information security approaches often have limited impact and require more attention and resources.
Please join Grayson Walters, Information Security Officer of Virginia Department of Taxation, and Eric Cowperthwaite, Vice President of Advanced Security and Strategy at Core Security as they discuss some of the top IT security trends and developments in the public sector, more specifically, within state and local governments.
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
I developed "Cyber Security 101: Training, awareness, strategies for small to medium sized business" for the second annual Small Business Summit on Security, Privacy, and Trust, co-hosted by ADP in New Jersey, October 2013.
The presentation I use to introduce the post-grad module on information security and governance I teach at Edinburgh Napier University. If you want to find out more, google for 'INF11109' on the napier.ac.uk site.
This document provides information about information security. It lists the group members and defines information security as processes and tools to protect sensitive business information from threats. It discusses primary security principles like confidentiality, integrity and availability. It also describes types of information security like critical infrastructure security, application security and network security. Finally, it briefly outlines some information security certifications and best practices.
BSIDES DETROIT 2015: Data breaches cost of doing businessJoel Cardella
Joel Cardella has over 20 years of experience in IT, including infrastructure operations, data centers, sales support, network operations, and security. He provides his email and Twitter contact information. The document discusses using a risk-based approach to cybersecurity and focusing on reducing risks to the business using positive return on investment. It provides examples of security strategies and a layered security model.
The Hacking Team Hack: Lessons Learned for Enterprise SecurityStephen Cobb
Recent aggressive hacks on companies underline the need for good risk analysis, situational awareness, and incident response. Just ask AshleyMadison, Hacking Team, and Sony Pictures.
Computer Usage Policy
Password Policy
Email Usage Policy
Social Media Policy
Remote Access Policy
Data Classification and Handling Policy
Incident Response Policy
Business Continuity and Disaster Recovery Policy
These policies help protect business assets and define expected
employee behavior. They should be reviewed and updated regularly.
This document discusses information security for small businesses. It begins by introducing the author and their background and outlines an agenda covering key topics like the importance of information security, what information security entails, components of an information security architecture, cybercrime statistics, business continuity planning, identifying critical assets, and recommended security practices. The document emphasizes that information security is important for protecting a small business, its information, technology, and reputation from various threats.
Be More Secure than your Competition: MePush Cyber Security for Small BusinessArt Ocain
The document provides guidance on improving cybersecurity through basic training and awareness. It discusses how people are often the biggest vulnerability and outlines common social engineering tactics like playing on emotions, creating a sense of urgency, and using hyperlinks or attachments in emails. It recommends continuous education and emphasizes that antivirus alone is not sufficient, and that email filtering and training are important defenses against phishing attacks. Additional resources are provided to help test for phishing vulnerabilities and check if email addresses have been involved in data breaches. Physical security controls and separating financial duties are also recommended to reduce fraud risks.
The document discusses information technology security assessments and threats. It notes that information security is not just paperwork, as there are dangerous adversaries capable of launching serious attacks that can damage critical infrastructure and threaten economic and national security. It provides examples of critical infrastructures like energy, transportation, and banking. It also notes that over 30% of nonprofit organizations acknowledged their computer security practices need improvement and discusses common threats like connectivity and complexity. The document outlines best practices for an effective information security program.
Data Security in the Insurance Industry: what you need to know about data pro...XeniT Solutions nv
With the amount of personal and sensitive customer information needed to accurately ensure a client, it’s no wonder the Insurance industry is a target for data security threats.
While all businesses across every industry are at risk, there are a few things that make the insurance industry particularly attractive – and susceptible – to data breaches and cyber-attacks.
- The sheer volume of information available
- The highly sensitive nature of the information
- Large amounts of unstructured data
In this webinar, our speakers illustrated the state of art, including the technical and legal framework, to protect your most relevant information from cyberattacks. You will learn:
- How to define a roadmap that optimizes the impact of cyber security expenditure
- How to adopt a general risk management approach to identify Cyber security risks
- What are the most relevant technologies available today to protect your data
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovEric Vanderburg
This document discusses cybersecurity threats facing accounting firms and their clients. It provides examples of major data breaches in recent years that impacted millions of customer accounts. While many firms believe they are protected, the document cites statistics showing that most have no formal cybersecurity or internet use policies. It also discusses new regulations and standards, like the HIPAA Omnibus Rules and a recent Executive Order, that require firms to improve their cybersecurity practices to safeguard sensitive data. The role of a Virtual Chief Security Officer is introduced to help firms address these growing risks and compliance requirements.
Cyber security practices involve preventing malicious attacks on computers, servers, mobile devices, electronic systems, networks, and data. It is also called information technology security or electronic information security.
https://www.infosectrain.com/courses/ceh-v11-certification-training/
Similar to Information Security & Manufacturing (20)
WANTED - People Committed to Solving Our Information Security Language ProblemEvan Francen
The document discusses solving the language problem in information security. It begins by explaining that information security is about managing risk by assessing threats and vulnerabilities, and using administrative, physical, and technical controls. It then introduces the S2Score as a simple scoring system to communicate security in a common language. The document advocates for making security assessments free and accessible to all, and developing translation tools to map different organizations' risk scoring systems to a common scale. The overall goal is to establish a shared security language to improve understanding and coordination across the industry.
This document discusses solving the language problem in the information security industry. It proposes using a simple scoring system called S2Score to communicate security risk and status across organizations using a common language. S2Score assessments are available for free online and can also translate between different scoring systems used by organizations. The future of S2Score includes community involvement, integration with other tools, and adoption by vendors to help standardize security language industry-wide and make risk management more effective and efficient.
WANTED – People Committed to Solving our Information Security Language ProblemEvan Francen
The information security industry is broken. It's our duty to fix it, and it starts with getting on the same page. The model isn't broken, but our application is. How do we apply the basics and fundamentals on a wider scale? It starts with defining a common language and a common approach. Next, make it all free.
TITLE: WANTED – People Committed to Solving Our Information Security Language Problem, the presentation given at the inaugural BSides Harrisburg Conference on October 2nd, 2019.
Step Up Your Data Security Against Third-Party RisksEvan Francen
This presentation was delivered to the Hacks & Hops event attendees in the Spring of 2019. The event featured a short keynote following by a moderated panel discussion. The panel experts provided excellent guidance for all risk managers, CISOs, vendor managers, etc.
Simple Training for Information Security and Payment FraudEvan Francen
The document discusses payment fraud risks and protections. It summarizes a survey finding that 74% of organizations were victims of payment fraud in 2016. Checks and wire transfers are most commonly targeted. Business email compromise scams targeting wire transfers are on the rise. The document provides 7 tips for protection, including employing dual control for transactions and monitoring accounts daily.
People. The Social Engineer's Dream - TechPulse 2017Evan Francen
Presentation given by Evan Francen at TechPulse 2017. The presentation was about social engineering, including common tactics and basic protections. Topics such as phishing, vishing, and physical access attacks were discussed. Evan also shared some of the real-life stories that he has experienced during his 20+ career.
AFCOM - Information Security State of the UnionEvan Francen
A presentation delivered by FRSecure's president Evan Francen at the August, 2015 Twin Cities AFCOM Chapter Meeting. There were more than 50 people in attendance to learn about FRSecure, current information security events and threats, what companies are doing, and basic information security principles.
It's not our job to tell business not to use mobile devices, even personally-owned mobile devices. It's our job to enable business to use mobile devices securely for the benefit of the organization, customers, employees, and contractors.
In this presentation, given on April 30 at techpulse 2013, Evan Francen from FRSecure teaches how to secure mobile devices in today's business environments.
Information security challenges in today’s banking environmentEvan Francen
This presentation was delivered to by FRSecure's Evan Francen to the Uniforum User's Group on November 8th, 2012. There were more than 50 bankers in attendance, and the presentation was very well received.
Information Security in a Compliance WorldEvan Francen
Presented by Evan Francen at the 2012 RK Dixon Tech Summit
What drives information security in your organization?
What is information security?
Customer requirements
Compliance
Compliant = Secure?
Solution - Strategic Information Security
Top Five Things You Should Do (Tactically & Strategically)
Need Help? – Contact Us!
Information Security For Leaders, By a LeaderEvan Francen
Evan Francen, President of FRSecure, discusses the challenges of building an efficient and effective security program in today’s world. Learn why most leaders have a false assumption of security, and how you can avoid the security mistakes most organizations make. - Delivered on 4/17/12 at TechPulse 2012.
FRSecure's Ten Security Principles to Live (or die) ByEvan Francen
The document outlines ten principles for protecting information and customer data according to FRSecure LLC. The principles emphasize that information security is a shared responsibility, not just an IT issue, and that people are the biggest risks. While compliance is important, it does not guarantee security. Businesses need practical and cost-effective security that is tailored to their unique needs. There are no quick fixes for security problems.
Meaningful Use and Security Risk AnalysisEvan Francen
Presentation delivered by FRSecure president, Evan Francen to the 100+ Iowa CPSI User Group attendees on October 18th, 2011.
Meaningful Use Core Requirement "Security Risk Analysis"
An Introduction to Information SecurityEvan Francen
A recent presentation given by FRSecure at the Action, Inc. Data Security Event on August 17th, 2011. This presentation was delivered by FRSecure president, Evan Francen CISSP CISM CCSK
This document provides an overview of FRSecure LLC, a full-service information security consulting company. It describes FRSecure's services such as information security assessments, program development, management, penetration testing, and training. The document discusses the need for information security to protect organizations from risks. It also outlines FRSecure's approach to performing security assessments based on ISO 27002 standards and delivering actionable recommendations and implementation assistance. Presentation topics are provided to discuss the benefits of partnering with FRSecure.
Storytelling is an incredibly valuable tool to share data and information. To get the most impact from stories there are a number of key ingredients. These are based on science and human nature. Using these elements in a story you can deliver information impactfully, ensure action and drive change.
Easily Verify Compliance and Security with Binance KYCAny kyc Account
Use our simple KYC verification guide to make sure your Binance account is safe and compliant. Discover the fundamentals, appreciate the significance of KYC, and trade on one of the biggest cryptocurrency exchanges with confidence.
[To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
This presentation is a curated compilation of PowerPoint diagrams and templates designed to illustrate 20 different digital transformation frameworks and models. These frameworks are based on recent industry trends and best practices, ensuring that the content remains relevant and up-to-date.
Key highlights include Microsoft's Digital Transformation Framework, which focuses on driving innovation and efficiency, and McKinsey's Ten Guiding Principles, which provide strategic insights for successful digital transformation. Additionally, Forrester's framework emphasizes enhancing customer experiences and modernizing IT infrastructure, while IDC's MaturityScape helps assess and develop organizational digital maturity. MIT's framework explores cutting-edge strategies for achieving digital success.
These materials are perfect for enhancing your business or classroom presentations, offering visual aids to supplement your insights. Please note that while comprehensive, these slides are intended as supplementary resources and may not be complete for standalone instructional purposes.
Frameworks/Models included:
Microsoft’s Digital Transformation Framework
McKinsey’s Ten Guiding Principles of Digital Transformation
Forrester’s Digital Transformation Framework
IDC’s Digital Transformation MaturityScape
MIT’s Digital Transformation Framework
Gartner’s Digital Transformation Framework
Accenture’s Digital Strategy & Enterprise Frameworks
Deloitte’s Digital Industrial Transformation Framework
Capgemini’s Digital Transformation Framework
PwC’s Digital Transformation Framework
Cisco’s Digital Transformation Framework
Cognizant’s Digital Transformation Framework
DXC Technology’s Digital Transformation Framework
The BCG Strategy Palette
McKinsey’s Digital Transformation Framework
Digital Transformation Compass
Four Levels of Digital Maturity
Design Thinking Framework
Business Model Canvas
Customer Journey Map
Company Valuation webinar series - Tuesday, 4 June 2024FelixPerez547899
This session provided an update as to the latest valuation data in the UK and then delved into a discussion on the upcoming election and the impacts on valuation. We finished, as always with a Q&A
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesHolger Mueller
Holger Mueller of Constellation Research shares his key takeaways from SAP's Sapphire confernece, held in Orlando, June 3rd till 5th 2024, in the Orange Convention Center.
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf46adnanshahzad
How to Start Up a Company: A Step-by-Step Guide Starting a company is an exciting adventure that combines creativity, strategy, and hard work. It can seem overwhelming at first, but with the right guidance, anyone can transform a great idea into a successful business. Let's dive into how to start up a company, from the initial spark of an idea to securing funding and launching your startup.
Introduction
Have you ever dreamed of turning your innovative idea into a thriving business? Starting a company involves numerous steps and decisions, but don't worry—we're here to help. Whether you're exploring how to start a startup company or wondering how to start up a small business, this guide will walk you through the process, step by step.
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdfthesiliconleaders
In the recent edition, The 10 Most Influential Leaders Guiding Corporate Evolution, 2024, The Silicon Leaders magazine gladly features Dejan Štancer, President of the Global Chamber of Business Leaders (GCBL), along with other leaders.
The Genesis of BriansClub.cm Famous Dark WEb PlatformSabaaSudozai
BriansClub.cm, a famous platform on the dark web, has become one of the most infamous carding marketplaces, specializing in the sale of stolen credit card data.
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...Neil Horowitz
On episode 272 of the Digital and Social Media Sports Podcast, Neil chatted with Brian Fitzsimmons, Director of Licensing and Business Development for Barstool Sports.
What follows is a collection of snippets from the podcast. To hear the full interview and more, check out the podcast on all podcast platforms and at www.dsmsports.net
Building Your Employer Brand with Social MediaLuanWise
Presented at The Global HR Summit, 6th June 2024
In this keynote, Luan Wise will provide invaluable insights to elevate your employer brand on social media platforms including LinkedIn, Facebook, Instagram, X (formerly Twitter) and TikTok. You'll learn how compelling content can authentically showcase your company culture, values, and employee experiences to support your talent acquisition and retention objectives. Additionally, you'll understand the power of employee advocacy to amplify reach and engagement – helping to position your organization as an employer of choice in today's competitive talent landscape.
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....Lacey Max
“After being the most listed dog breed in the United States for 31
years in a row, the Labrador Retriever has dropped to second place
in the American Kennel Club's annual survey of the country's most
popular canines. The French Bulldog is the new top dog in the
United States as of 2022. The stylish puppy has ascended the
rankings in rapid time despite having health concerns and limited
color choices.”
IMPACT Silver is a pure silver zinc producer with over $260 million in revenue since 2008 and a large 100% owned 210km Mexico land package - 2024 catalysts includes new 14% grade zinc Plomosas mine and 20,000m of fully funded exploration drilling.
Best practices for project execution and deliveryCLIVE MINCHIN
A select set of project management best practices to keep your project on-track, on-cost and aligned to scope. Many firms have don't have the necessary skills, diligence, methods and oversight of their projects; this leads to slippage, higher costs and longer timeframes. Often firms have a history of projects that simply failed to move the needle. These best practices will help your firm avoid these pitfalls but they require fortitude to apply.
Structural Design Process: Step-by-Step Guide for BuildingsChandresh Chudasama
The structural design process is explained: Follow our step-by-step guide to understand building design intricacies and ensure structural integrity. Learn how to build wonderful buildings with the help of our detailed information. Learn how to create structures with durability and reliability and also gain insights on ways of managing structures.
2. • Introduction
• Questions Everyone Should Be Able to Answer
• What Is Information Security?
• How Is Manufacturing Different from Other Industries?
• Is Your Company a Target?
• What’s Your Role?
• Questions You Have for Me
INFORMATION SECURITY & MANUFACTURING
INTRODUCTION
Topics/Agenda
1
3. Speaker: EvanFrancen,CEO& Founder ofFRSecure andSecurityStudio
• Co-inventor of SecurityStudio®, FISA™, FISASCORE® and Vendefense™
• 25+ years of “practical” information security experience (started as a Cisco
Engineer in the early 90s)
• Have worked with 100s of companies; big (Wells Fargo, US Bank, UHG, etc.)
and small
• Have written more than 750 articles about information security
• Developed the FRSecure Mentor Program; six students in 2010/360+ in 2018
• Dozens of television and radio appearances; numerous topics
• Advised legal counsel in very public breaches (Target, Blue Cross/Blue Shield,
etc.)
INTRODUCTION
2
INFORMATION SECURITY & MANUFACTURING
AKA: The “Truth”
5. • Information Security Consulting and Management company. It’s all we do.
• Our core services include:
• Security Risk Analysis – using FISASCORE®
• Social Engineering Services
• Penetration Testing Services
• PCI QSA Services
• Incident Management Services
• HITRUST Services
• Information Security Training & Awareness
• vServices (vCISO, vISO, and vISA)
• Methodology fanatics, mentoring champions, and product agnostic.
INFORMATION SECURITY & MANUFACTURING
INTRODUCTION
FRSecure
4
6. INFORMATION SECURITY & MANUFACTURING
INTRODUCTION
Let’s get started, but first a joke.
5
What do you call
fake spaghetti?
7. INFORMATION SECURITY & MANUFACTURING
INTRODUCTION
Let’s get started, but first a joke.
6
What do you call
fake spaghetti?
An impasta.
8. • Ask 10 “experts” the same question.
• 10 different answers
• We’ve got egos, so we all think ours is better. UGH!
• Simplify! – Complexity is the enemy of information security – Remember this.
• Our (my tribe’s) definition…
INFORMATION SECURITY & MANUFACTURING
QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER
Back to work…What is “information security?”
7
9. • Information security is managing risk to information…
• Confidentiality
• Integrity
• Availability
• Using…
• Administrative,
• Physical, and
• Technical controls.
INFORMATION SECURITY & MANUFACTURING
QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER
What is “information security?”
8
10. • Confidentiality
• Integrity
• Availability
• Using…
• Administrative,
• Physical, and
• Technical Controls.
Information security is managing risk to information…
9
• TRUTH: Information security is about MANAGING risk,
NOT ELIMINATING risk. Much, much different.
• Risk is an overused word, but the meaning is the
likelihood of something bad happening and the impact if it did.
• You manage risk every day. Most of this risk management is
automatic and even subconscious.
• TRUTH: Security incidents and breaches are not completely
preventable and should be expected.
• No matter what you do, you cannot prevent all bad things.
• What you can’t prevent, you should be able to detect and
respond to.
INFORMATION SECURITY & MANUFACTURING
QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER
11. • Confidentiality
• Integrity
• Availability
• Using…
• Administrative,
• Physical, and
• Technical Controls.
INFORMATION SECURITY & MANUFACTURING
QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER
Information security is managing risk to information…
10
• Confidentiality is about keeping things secret.
• Only the people/programs who are authorized to access
information are permitted to access information.
• Most people think that this is the purpose of security,
but as you can see, it’s only one purpose.
• TRUTH: Everybody’s got secrets. Everybody.
• Personal – Social Security Number, passwords, things that
go on in their homes, etc.
• Business – Intellectual property, customer information, etc.
• This is where privacy lives…
12. • Confidentiality
• Integrity
• Availability
• Using…
• Administrative,
• Physical, and
• Technical Controls.
INFORMATION SECURITY & MANUFACTURING
QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER
Information security is managing risk to information…
11
• Integrity is about making sure the information is accurate.
• This is an oft-overlooked part of the definition.
• You make decisions every day based on the information you
receive and consume.
• TRUTH: Poor information = poor decisions.
• Wouldn’t it be nice (sort of) to:
• Change the balance of your bank account (to the positive)?
• Change your grades at school?
• Influence (or manipulate) others with false information?
13. • Confidentiality
• Integrity
• Availability
• Using…
• Administrative,
• Physical, and
• Technical Controls.
INFORMATION SECURITY & MANUFACTURING
QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER
Information security is managing risk to information…
12
• Information must be made available to (authorized) people when
they need it.
• TRUTH: A business is in business to make money. If we make it harder to
make money, we’ve done something wrong.
• Common attacks against availability include things like ransomware,
denial of service, etc.
14. • Confidentiality
• Integrity
• Availability
• Using…
• Administrative,
• Physical, and
• Technical Controls.
INFORMATION SECURITY & MANUFACTURING
QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER
Information security is managing risk to information…
13
• How do we protect confidentiality, integrity, and availability?
• We use different types of controls.
15. • Confidentiality
• Integrity
• Availability
• Using…
• Administrative,
• Physical, and
• Technical Controls.
INFORMATION SECURITY & MANUFACTURING
QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER
Information security is managing risk to information…
14
• Administrative controls apply to the “people part” of security.
• Policies, procedures, training, awareness, etc. are all
administrative controls.
• People are always the greatest risk.
• It’s easier to go through your secretary than it is your firewall.
• TRUTH: Information security is NOT an IT issue. It’s a business issue.
• Policies get a bad rap because people stink at using them.
• They’re the rules, think a board game.
• They’re not supposed to be read by everyone.
• They’re reference documents.
• They’re supposed to reflect you (your rules).
16. • Confidentiality
• Integrity
• Availability
• Using…
• Administrative,
• Physical, and
• Technical Controls.
INFORMATION SECURITY & MANUFACTURING
QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER
Information security is managing risk to information…
15
• Physical controls are used to protect and detect physical access to the
things you want to protect.
• Physical controls are also used to respond to unauthorized access.
• It doesn’t matter how well your firewall works if someone can steal your
server.
• TRUTH: Information security is NOT an IT issue. It’s a business issue.
17. • Confidentiality
• Integrity
• Availability
• Using…
• Administrative,
• Physical, and
• Technical Controls.
INFORMATION SECURITY & MANUFACTURING
QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER
Information security is managing risk to information…
16
• This is the IT part of information security.
• This is also what many people think is “information security,” but
they do so at their own peril.
• Technical controls include things like passwords, firewalls, anti-virus
software, etc.
• TRUTH: Information security is NOT an IT issue. It’s a business issue.
18. • Confidentiality
• Integrity
• Availability
• Using…
• Administrative,
• Physical, and
• Technical controls.
INFORMATION SECURITY & MANUFACTURING
QUESTIONS EVERYONE SHOULD BE ABLE TO ANSWER
Informationsecurity is managingrisk toinformation…
17
• So, there you have it.
• What does this mean for you?
• Let’s recap the truths quickly:
• TRUTH: Information security is about MANAGING risk,
NOT ELIMINATING risk.
• TRUTH: Security incidents and breaches are not completely
preventable and should be expected.
• TRUTH: Everybody’s got secrets. Everybody.
• TRUTH: Poor information = poor decisions.
• TRUTH: A business is in business to make money.
• TRUTH: Information security is NOT an IT issue. It’s a business issue.
19. • In one respect, it’s not. The definition we just covered applies in all industries.
• Manufacturing is lagging behind other industries.
• In terms of understanding security.
• In terms of managing risk. Most manufacturing companies have never done
an information security risk assessment, thus management does not know
their current status or where there most significant risk is.
• The average FISASCORE® for manufacturing is 608.74.
INFORMATION SECURITY & MANUFACTURING
HOW MANUFACTURING IS DIFFERENT FROM OTHER INDUSTRIES
How Is ManufacturingDifferent fromOtherIndustries?
18
20. • Manufacturing is one of the most heavily targeted industries.
• Targeted by nation-state actors and money-motivated “hackers”
• Reasons:
• Ease of compromise.
• Easy access to vast amounts of intellectual property.
• Ransomware has a great impact – more likely to pay.
• Successful financial attacks are more likely; against executives and
accounting personnel.
INFORMATION SECURITY & MANUFACTURING
HOW MANUFACTURING IS DIFFERENT FROM OTHER INDUSTRIES
How Is ManufacturingDifferent fromOtherIndustries?
19
21. • Most likely, the answer is yes.
• It’s reality. We’re all targets.
• False logic tells you that you have nothing that anyone would
want.
• This instills fear in some people, but that’s OK.
• Fear can be healthy.
• Fear motivates people.
• Fear dictates what actions you take.
• The more real the threat, the more heroic your actions.
INFORMATION SECURITY & MANUFACTURING
IS YOUR COMPANY ATARGET?
IsYourCompany a Target?
20
22. • You can’t possibly manage something that you don’t
understand.
• An information security risk assessment is absolutely the
place to start.
• Depends on your role within the company.
• Your failure to manage security well doesn’t only affect
you.
INFORMATION SECURITY & MANUFACTURING
WHAT’S YOUR ROLE?
If information securityis about managing risk…
21
23. • Executive Management – ultimately security is your responsibility (NOT IT’s).
• You must understand
1) current state,
2) future/planned state,
3) when you’re going to get there, and
4) how much it will cost.
• You set the rules and control the culture.
• Information Security Personnel – Provide accurate risk data to Executive Management, assist in
risk decision-making, and manage risk to the best of your ability within the context of
management’s direction.
• Everybody else – Play by the rules.
INFORMATION SECURITY & MANUFACTURING
WHAT’S YOUR ROLE?
Some examples…
22
24. 1. Current state – what’s your current FISASCORE®?
2. Future/planned state – what’s your target FISASCORE®?
1. Taking the results of the original assessment, decisions are made.
2. The decisions are: what are we going to do, when are we going to do it, and who’s
going to do it? –This is called the roadmap (or strategic plan). – The planned state
should not be a shot in the dark.
3. When you’re going to get there (the planned state).
4. How much it will cost (your budget).
INFORMATION SECURITY & MANUFACTURING
WHAT’S YOUR ROLE?
How we do it…
23
25. • Defensibility is critical.
• Assumed breach mentality.
• What would a reasonable person do in the same situation?
• When a bad thing happens, what do you have to defend yourself from:
• Customers.
• The press.
• Opposing counsel.
INFORMATION SECURITY & MANUFACTURING
WHAT’S YOUR ROLE?
How we do it…
24
26. Questions?
Hopefully about security.
Thank you!
For a copy of this presentation,
text ENTMN19 to 555888
Evan Francen – https://evanfrancen.com
• FRSecure – https://frsecure.com
• evan@frsecure.com
• @evanfrancen
INFORMATION SECURITY & MANUFACTURING
QUESTIONS?
25
Now you know the basics.
...and the basics are what’s most important.