The title is "Cybersecure Schools, Parents, and Kids. The talk was delivered to ~250 people attending the summit. Tackling information security at school and at home requires us to agree to and apply the fundamentals. The S2Org is helping schools become more secure, and the S2Me is helping at home.
ISSA-OC and Webster University Cybersecurity Seminar Series PresentationSecurityStudio
The slide deck used on 11/21/19. There are four parts to this talk; housekeeping (establishing credibility with the audience), the meat (our information security language problem and our solution), the dream (securing America), and the call to action (get your free S2Org and S2Me risk assessments).
People Committed to Solving our Information Security Language ProblemSecurityStudio
The talk given at the ISSA Phoenix Q4 2019 Chapter Meeting on 12/5/19. Four parts to the talk; housekeeping (where we establish some credibility), meat (where we discuss our information security language problem, the dream (where we talk about security America), and the call to action (get involved and get stuff done).
Security is a large topic and so full of jargon that it can be hard to know where to get started when thinking about it. Threat Modeling gives you a framework to help you start building security policies.
In this talk, Dan Hardiker, CTO at Adaptavist, will cover what a security model is, when and why it's useful, what its main components are (assets, actors, and vectors), and how they interact. We'll build a basic threat model, enable you to apply these to your systems, and give you references for further learning.
Business-Critical Backup: Preparing for a DisasterNetWize
Here is a brief presentation on the importance of having a backup and recovery plan for your electronic data, especially planning for that recovery in the event of a natural or man-made disaster.
WANTED – People Committed to Solving our Information Security Language ProblemSecurityStudio
The presentation shared with the Greater KC ISACA chapter on 11/14/19. The talk starts with housekeeping, then progresses into the heart of our language problem before ending with the dream to secure America. The talk was very well received, and now you can use it however you wish.
TITLE: WANTED – People Committed to Solving Our Information Security Language Problem, the presentation given at the inaugural BSides Harrisburg Conference on October 2nd, 2019.
ISSA-OC and Webster University Cybersecurity Seminar Series PresentationSecurityStudio
The slide deck used on 11/21/19. There are four parts to this talk; housekeeping (establishing credibility with the audience), the meat (our information security language problem and our solution), the dream (securing America), and the call to action (get your free S2Org and S2Me risk assessments).
People Committed to Solving our Information Security Language ProblemSecurityStudio
The talk given at the ISSA Phoenix Q4 2019 Chapter Meeting on 12/5/19. Four parts to the talk; housekeeping (where we establish some credibility), meat (where we discuss our information security language problem, the dream (where we talk about security America), and the call to action (get involved and get stuff done).
Security is a large topic and so full of jargon that it can be hard to know where to get started when thinking about it. Threat Modeling gives you a framework to help you start building security policies.
In this talk, Dan Hardiker, CTO at Adaptavist, will cover what a security model is, when and why it's useful, what its main components are (assets, actors, and vectors), and how they interact. We'll build a basic threat model, enable you to apply these to your systems, and give you references for further learning.
Business-Critical Backup: Preparing for a DisasterNetWize
Here is a brief presentation on the importance of having a backup and recovery plan for your electronic data, especially planning for that recovery in the event of a natural or man-made disaster.
WANTED – People Committed to Solving our Information Security Language ProblemSecurityStudio
The presentation shared with the Greater KC ISACA chapter on 11/14/19. The talk starts with housekeeping, then progresses into the heart of our language problem before ending with the dream to secure America. The talk was very well received, and now you can use it however you wish.
TITLE: WANTED – People Committed to Solving Our Information Security Language Problem, the presentation given at the inaugural BSides Harrisburg Conference on October 2nd, 2019.
We need to get on the same page as an industry if we stand any hope of getting this right. It starts with understanding and agreeing to fundamentals, including the terminology we use.
WANTED - People Committed to Solving Our Information Security Language ProblemEvan Francen
Our industry has plenty of problems to solve. The language we use shouldn’t be one of them, and now it’s not. SecurityStudio, a Minnesota-based security SaaS company committed to solving information security problems for our industry has developed a common, easily-understood information security risk assessment that’s comprehensive, foundational, and completely free for all to use.
Today, more than 1,500 organizations are speaking the language. We invite you to do the same.
www.thinair.com
Concern about insider threats are rampant. Disgruntled employees that have access to sensitive data are common. When a breach does occur how do you identify which computers were involved in the breach? This session, originally held at Techno Security & Digital Forensics Conference, will discuss some of the major pain points of an insider threat investigation and how to mitigate them. We’ll also review three different case studies that occurred at Google, Palantir and the DOD.
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?dianadvo
Concern about insider threats are rampant. Disgruntled employees that have access to sensitive data are common. When a breach does occur how do you identify which computers were involved in the breach? This session will discuss some of the major pain points of an insider threat investigation and how to mitigate them.
WANTED – People Committed to Solving our Information Security Language ProblemEvan Francen
The information security industry is broken. It's our duty to fix it, and it starts with getting on the same page. The model isn't broken, but our application is. How do we apply the basics and fundamentals on a wider scale? It starts with defining a common language and a common approach. Next, make it all free.
Cloud security expert Tricia Pattee discusses where to get the most bang for your security buck. Topics covered include:
-The five most common security mistakes
-Top six areas of security spend
-How to maximize budget – and minimize risk
-Hidden cloud security costs
ISACA talk - cybersecurity and security cultureCraig McGill
PwC's talented senior cybersecurity and infosec manager Ross Foley recently gave a great talk on the growing importance of security culture within infosec. Here are the slides to help raise awareness of this issue.
Presentation delivered to the Minnesota Counties Computer Cooperative (http://mnccc.org/) on October 30, 2019. The talk was given by SecurityStudio's CEO, Evan Francen and focused on how local governments play a role in protecting all of us.
WANTED – People Committed to Solving our Information Security Language ProblemSecurityStudio
Presentation deck delivered to the Rochester ISSA chapter members as part of the SecurityStudio Roadshow on November 7th, 2019. This presentation explains the language problem we're fighting in the information security industry and contains a realistic call to action for all of us.
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013Adrian Wright
Security on the Brain – Using Human Psychology to Achieve Compliance: ISSA-UK Expert Workshop
Presented by Adrian Wright - ISSA-UK VP of Research
One of the biggest wake-up calls in recent times is the realisation that more than 60% of major security breaches and data losses are down to 'human factor' failings.
Our main weapon in mitigating these failings is to spend more on in-house awareness campaigns and on technical measures to minimise any losses - yet incidents and losses continue to increase. Clearly these existing awareness campaigns and controls are not enough, as the message is still not getting through or isn't being complied with.
This presentation and workshop session challenges current thinking and strategies in dealing with people as both an asset and a source of risk, by leveraging human psychology and people's differing motivations to improve communication, change opinions and turn basic awareness into actual compliance.
In this session
Learn:
- The psychology of why we don't comply - why awareness alone won't do
- What motivates people to do - or not do - specific things
- Neurolinguistics - it's not just what you say; but how you say it and to who
- Divide and conquer - adapting your message to target specific personality types
- Changing the security culture by changing people's belief systems
- Dirty tricks (slightly) - tactics that work in changing behaviour
- Selling the unsellable - lessons from other sectors in making boring stuff sexy
Participate:
- Informal group discussion of challenges and successes from your experience
- Identifying your audience’s character types and shaping the message
- Influencing the Board by speaking their language
- Developing an internal PR strategy to improve security's image and influence
- Develop a brand new and more effective mission statement for your team
About the Presenter:
Adrian Wright CISA
20 years experience in Information Security, IT Risk Management & Compliance. Specialist in managing security, risk and compliance awareness campaigns;
9 Years Global CISO Head of InfoSec at Reuters - covering 142 countries and 250,000 systems;
10 years founder and programme director at Secoda Risk Management. Experienced speaker and writer on all things cyber security, governance, risk & compliance.
2 Years Director of Projects & 1 Year VP of Research & Board member at ISSA-UK
Having spent decades looking into the darker recesses and failings within technology; Adrian has recently turned his attention to the darker recesses and failings within the human beings that work with the technology…
NIST Cybersecurity Framework is a good starting point for many enterprises to harden their security posture against advanced threats. In this webinar, we will share the major take-aways from the framework. More importantly, we will explain the 5 critical factors in implementing cybersecurity defense, and how to handle them with best practice.
This presentation was delivered to Minnesota manufacturing CEOs who attended the April 2019 Enterprise Minnesota event. Manufacturing companies face real information security threats that they need to prepare for.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
More Related Content
Similar to Keynote @ ECMECC School Security Summit
We need to get on the same page as an industry if we stand any hope of getting this right. It starts with understanding and agreeing to fundamentals, including the terminology we use.
WANTED - People Committed to Solving Our Information Security Language ProblemEvan Francen
Our industry has plenty of problems to solve. The language we use shouldn’t be one of them, and now it’s not. SecurityStudio, a Minnesota-based security SaaS company committed to solving information security problems for our industry has developed a common, easily-understood information security risk assessment that’s comprehensive, foundational, and completely free for all to use.
Today, more than 1,500 organizations are speaking the language. We invite you to do the same.
www.thinair.com
Concern about insider threats are rampant. Disgruntled employees that have access to sensitive data are common. When a breach does occur how do you identify which computers were involved in the breach? This session, originally held at Techno Security & Digital Forensics Conference, will discuss some of the major pain points of an insider threat investigation and how to mitigate them. We’ll also review three different case studies that occurred at Google, Palantir and the DOD.
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?dianadvo
Concern about insider threats are rampant. Disgruntled employees that have access to sensitive data are common. When a breach does occur how do you identify which computers were involved in the breach? This session will discuss some of the major pain points of an insider threat investigation and how to mitigate them.
WANTED – People Committed to Solving our Information Security Language ProblemEvan Francen
The information security industry is broken. It's our duty to fix it, and it starts with getting on the same page. The model isn't broken, but our application is. How do we apply the basics and fundamentals on a wider scale? It starts with defining a common language and a common approach. Next, make it all free.
Cloud security expert Tricia Pattee discusses where to get the most bang for your security buck. Topics covered include:
-The five most common security mistakes
-Top six areas of security spend
-How to maximize budget – and minimize risk
-Hidden cloud security costs
ISACA talk - cybersecurity and security cultureCraig McGill
PwC's talented senior cybersecurity and infosec manager Ross Foley recently gave a great talk on the growing importance of security culture within infosec. Here are the slides to help raise awareness of this issue.
Presentation delivered to the Minnesota Counties Computer Cooperative (http://mnccc.org/) on October 30, 2019. The talk was given by SecurityStudio's CEO, Evan Francen and focused on how local governments play a role in protecting all of us.
WANTED – People Committed to Solving our Information Security Language ProblemSecurityStudio
Presentation deck delivered to the Rochester ISSA chapter members as part of the SecurityStudio Roadshow on November 7th, 2019. This presentation explains the language problem we're fighting in the information security industry and contains a realistic call to action for all of us.
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013Adrian Wright
Security on the Brain – Using Human Psychology to Achieve Compliance: ISSA-UK Expert Workshop
Presented by Adrian Wright - ISSA-UK VP of Research
One of the biggest wake-up calls in recent times is the realisation that more than 60% of major security breaches and data losses are down to 'human factor' failings.
Our main weapon in mitigating these failings is to spend more on in-house awareness campaigns and on technical measures to minimise any losses - yet incidents and losses continue to increase. Clearly these existing awareness campaigns and controls are not enough, as the message is still not getting through or isn't being complied with.
This presentation and workshop session challenges current thinking and strategies in dealing with people as both an asset and a source of risk, by leveraging human psychology and people's differing motivations to improve communication, change opinions and turn basic awareness into actual compliance.
In this session
Learn:
- The psychology of why we don't comply - why awareness alone won't do
- What motivates people to do - or not do - specific things
- Neurolinguistics - it's not just what you say; but how you say it and to who
- Divide and conquer - adapting your message to target specific personality types
- Changing the security culture by changing people's belief systems
- Dirty tricks (slightly) - tactics that work in changing behaviour
- Selling the unsellable - lessons from other sectors in making boring stuff sexy
Participate:
- Informal group discussion of challenges and successes from your experience
- Identifying your audience’s character types and shaping the message
- Influencing the Board by speaking their language
- Developing an internal PR strategy to improve security's image and influence
- Develop a brand new and more effective mission statement for your team
About the Presenter:
Adrian Wright CISA
20 years experience in Information Security, IT Risk Management & Compliance. Specialist in managing security, risk and compliance awareness campaigns;
9 Years Global CISO Head of InfoSec at Reuters - covering 142 countries and 250,000 systems;
10 years founder and programme director at Secoda Risk Management. Experienced speaker and writer on all things cyber security, governance, risk & compliance.
2 Years Director of Projects & 1 Year VP of Research & Board member at ISSA-UK
Having spent decades looking into the darker recesses and failings within technology; Adrian has recently turned his attention to the darker recesses and failings within the human beings that work with the technology…
NIST Cybersecurity Framework is a good starting point for many enterprises to harden their security posture against advanced threats. In this webinar, we will share the major take-aways from the framework. More importantly, we will explain the 5 critical factors in implementing cybersecurity defense, and how to handle them with best practice.
This presentation was delivered to Minnesota manufacturing CEOs who attended the April 2019 Enterprise Minnesota event. Manufacturing companies face real information security threats that they need to prepare for.
Similar to Keynote @ ECMECC School Security Summit (20)
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
How to Add Chatter in the odoo 17 ERP ModuleCeline George
In Odoo, the chatter is like a chat tool that helps you work together on records. You can leave notes and track things, making it easier to talk with your team and partners. Inside chatter, all communication history, activity, and changes will be displayed.
it describes the bony anatomy including the femoral head , acetabulum, labrum . also discusses the capsule , ligaments . muscle that act on the hip joint and the range of motion are outlined. factors affecting hip joint stability and weight transmission through the joint are summarized.
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionTechSoup
Let’s explore the intersection of technology and equity in the final session of our DEI series. Discover how AI tools, like ChatGPT, can be used to support and enhance your nonprofit's DEI initiatives. Participants will gain insights into practical AI applications and get tips for leveraging technology to advance their DEI goals.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
The simplified electron and muon model, Oscillating Spacetime: The Foundation...RitikBhardwaj56
Discover the Simplified Electron and Muon Model: A New Wave-Based Approach to Understanding Particles delves into a groundbreaking theory that presents electrons and muons as rotating soliton waves within oscillating spacetime. Geared towards students, researchers, and science buffs, this book breaks down complex ideas into simple explanations. It covers topics such as electron waves, temporal dynamics, and the implications of this model on particle physics. With clear illustrations and easy-to-follow explanations, readers will gain a new outlook on the universe's fundamental nature.
3. ME: Evan Francen, CEO & Founder of FRSecure and SecurityStudio
I do a lot of security stuff…
• Co-inventor of SecurityStudio®, S²Score, S²Org, S²Vendor,
S²Team, and S²Me
• 25+ years of “practical” information security experience
(started as a Cisco Engineer in the early 90s)
• Worked as CISO and vCISO for hundreds of companies.
• Developed the FRSecure Mentor Program; six students in
2010/500+ in 2018
• Advised legal counsel in very public breaches (Target, Blue
Cross/Blue Shield, etc.)
Cybersecure Schools, Parents, and Kids
AKA: The “Truth”
AKA: The “Preacher”
4. UNSECURITY: Information Security Is Failing. Breaches Are Epidemic.
How Can We Fix This Broken Industry?
Published January, 2019
Cybersecure Schools, Parents, and Kids
5. IMPORTANT!
Before I get started…
• The World Health Organization states that over 800,000
people die every year due to suicide, and that suicide is the
second leading cause of death in 15-29-year-olds.
• 5 percent of adults (18 or older) experience a mental illness
in any one year
• In the United States, almost half of adults (46.4 percent) will
experience a mental illness during their lifetime.
• In the United States, only 41 percent of the people who had a
mental disorder in the past year received professional health
care or other services.
• https://www.mentalhealthhackers.org/resources-and-links/
6. A simple CTF challenge in Robby’s Memory.
qr fbir ygdblcg yafr erodkganc hbd oneqrde oe yb ygr zrcannanc bh ygr kbefbe.
oe qr kgoncrj pwonre qoayanc hbd yafr yb kbfr onj cby bhh ygae powr zwlr jby hbd o
kbefak zwans bh on rmr,
qr kolcgy o cwafper bh ebfryganc jrrprd / fbdr fronanchlw ygon oneqrde; pldr zrolym:
glfonaym.
qgawr eyaww kopyaioyrj onj rnygdowwrj zm ygae jaekbirdm,
qr zoes an bld lybpao, ydmanc yb fosr ygance hoad onj rtlow,
eb ah qr qrdr yb jrpody onj cry zoks bn zbodj bld oadpwonr onj yafr hanowwm kofr yb cry
le,
qr qblwj goir frfbdare zwaeehlw rnblcg yb woey le lnyaw bld nrvy oddaiow onj cair ygrf
yb
ygr hlyldr, hbd ydlwm mbl snbq grd, zly ah nby, a oeeldr mbl, egr oweb goe o zrolyahlw
eblw.
-dbzzm onjdrq qowwrnzrdc zdocc mbld hwoc ae drfrfzrdancwbeygoksrde
One way to get a free book.
Solve this and email me; efrancen@securitystudio.com.
7. The #Truth
1. Information security isn’t about information or
security as much as it is about people.
2. You cannot separate information security,
privacy, and safety.
3. Everybody has something that somebody wants.
4. We are all in this together.
Security people and
“normal” people.
8. You know we have an
language problem in
our industry, right?
Our Industry
AI
Blockchain
Penetration Test
Vulnerability
Management
NIST CSF
RiskRisk
Management
Containers
Incident
Management
Cyber
Insurance
Threats
Maturity
Assessment
Malware
Security
Cryptography
Breach
APT
Cybersecurity
BCDR
Malware
Trojan
Spoofing UTM
Phishing
Vishing
DDoS Worm
Botnet ML
Vulnerability
Zero-Day
Layered
Exploit
Threat Actor
Attribution
Kali
OSCP
CISSP
NIST CSF
How many of you
are security people
(my tribe)?
9. You know we have an
language problem in
our industry, right?
Normal
People See
Us Like
AI
Blockchain
Penetration Test
Vulnerability
Management
NIST CSF
RiskRisk
Management
Containers
Incident
Management
Cyber
Insurance
Threats
Maturity
Assessment
Malware
Security
Cryptography
Breach
APT
Cybersecurity
BCDR
Malware
Trojan
Spoofing UTM
Phishing
Vishing
DDoS Worm
Botnet ML
Vulnerability
Zero-Day
Layered
Exploit
Threat Actor
Attribution
Kali
OSCP
CISSP
NIST CSF
10. Why?
Because we
don’t agree on a
language
Their Language
FIX: Fundamentals and
simplification.
Translation/Communication
Let’s test this…
31. Some more #truth about information security
It’s relative.
Something insecure at the core will always be insecure.
You can’t manage what you can’t measure.
You can’t manage risk without assessing it.
Complexity is the enemy.
The better you know yourself, the better you can
protect yourself.
32. Some truth about information security
It’s relative.
Something insecure at the core will always be insecure.
You can’t manage what you can’t measure.
You can’t manage risk without assessing it.
Complexity is the enemy.
You cannot build any effective
security program or strategy in a
school or at home without an
assessment.
33. Some truth about information security
It’s relative.
Something insecure at the core will always be insecure.
You can’t manage what you can’t measure.
You can’t manage risk without assessing it.
Complexity is the enemy.
You cannot build any effective
security program or strategy in a
school or at home without an
assessment.
As many as 90% of schools fail
to do fundamental information
security risk assessments.
WHY? Reason #1: Complexity
43. Managing Risk
Likelihood
Impact
Threats
Vulnerabilities
Administrative
Controls
Physical
Controls
Technical
Controls
Information Security is
Let’s make an information security risk assessment that’s
FREE!
The assessment that creates the S2Score is
available at no cost to anyone.
There’s no
catch.
For those who like our snazzy
standards and acronyms, the S2Org
is derived from and mapped to:
• NIST CSF
• NIST SP 800-53
• NIST SP 800-171
• ISO 27002
• COBIT
• Others…
That’s for schools…
S2Org is free. https://securitystudio.com. ECMECC is a
trusted partner helping schools.
44. What about parents and kids?
(security is security, which is good)
People are creatures of habit.
We can’t address issues that we don’t know about.
The same people at home are the same people at work
and school.
This also requires an assessment.
The better you know yourself, the better you can
protect yourself.
45. What about parents and kids?
(security is security, which is good)
Motivation will come from understanding.
In information security, ignorance isn’t bliss!
If data security doesn’t motivate…
Surely safety will!
The default is risk ignorance.
DANGER! It’s breach.
Maybe privacy will. If privacy doesn’t motivate…
46. S2Me is also free. Always will be. https://s2me.io.
What about parents and kids?
Here’s what we’ll do…
47. S2Me is also free. Always will be. https://s2me.io.
What about parents and kids?
Here’s what we’ll do…
Eventually (maybe soon),
we create an S2Teen too.
48. What to do NOW!
By speaking a common language we can work on what really matters (our most
significant risks).
What we’re going to do:
• Keep preaching.
• Work politically.
• Keep improving (by listening). What you need to do:
• Get your S2Org Assessment and do it!
• Help us preach.
• Get your free S2Me Assessment.
• Get your family, friends, and parents to do
one too.
• Help us improve (by talking).
What’s the
point?
49. What to do NOW!
By speaking a common language we can work on what really matters (our most
significant risks).
What we’re going to do:
• Keep preaching.
• Work politically.
• Keep improving (by listening). What you need to do:
• Get your S2Org Assessment and do it!
• Help us preach.
• Get your free S2Me Assessment.
• Get your family, friends, and parents to do
one too.
• Help us improve (by talking).
What’s the
point?
People are the point!
Information security is not about information or security
as much as it is about people.
People within our industry and people who work with us
are confused and we’re wasting valuable resources.
50. What to do NOW!
By speaking a common language we can work on what really matters (our most
significant risks).
What we’re going to do:
• Keep preaching.
• Work politically.
• Keep improving (by listening). What you need to do:
• Get your S2Org Assessment and do it!
• Help us preach.
• Get your free S2Me Assessment.
• Get your family, friends, and parents to do
one too.
• Help us improve (by talking).
What’s the
point?
People are the point!
Information security is not about information or security
as much as it is about people.
People within our industry and people who work with us
are confused and we’re wasting valuable resources.
ECMECC is a trusted partner!
Ask them for help or more information.
Follow me/us on Twitter:
@evanfrancen
@StudioSecurity
Thank you!