WANTED – People Committed to Solving our Information Security Language ProblemSecurityStudio
The presentation shared with the Greater KC ISACA chapter on 11/14/19. The talk starts with housekeeping, then progresses into the heart of our language problem before ending with the dream to secure America. The talk was very well received, and now you can use it however you wish.
WANTED - People Committed to Solving Our Information Security Language ProblemEvan Francen
Our industry has plenty of problems to solve. The language we use shouldn’t be one of them, and now it’s not. SecurityStudio, a Minnesota-based security SaaS company committed to solving information security problems for our industry has developed a common, easily-understood information security risk assessment that’s comprehensive, foundational, and completely free for all to use.
Today, more than 1,500 organizations are speaking the language. We invite you to do the same.
WANTED – People Committed to Solving our Information Security Language ProblemEvan Francen
The information security industry is broken. It's our duty to fix it, and it starts with getting on the same page. The model isn't broken, but our application is. How do we apply the basics and fundamentals on a wider scale? It starts with defining a common language and a common approach. Next, make it all free.
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013Adrian Wright
Security on the Brain – Using Human Psychology to Achieve Compliance: ISSA-UK Expert Workshop
Presented by Adrian Wright - ISSA-UK VP of Research
One of the biggest wake-up calls in recent times is the realisation that more than 60% of major security breaches and data losses are down to 'human factor' failings.
Our main weapon in mitigating these failings is to spend more on in-house awareness campaigns and on technical measures to minimise any losses - yet incidents and losses continue to increase. Clearly these existing awareness campaigns and controls are not enough, as the message is still not getting through or isn't being complied with.
This presentation and workshop session challenges current thinking and strategies in dealing with people as both an asset and a source of risk, by leveraging human psychology and people's differing motivations to improve communication, change opinions and turn basic awareness into actual compliance.
In this session
Learn:
- The psychology of why we don't comply - why awareness alone won't do
- What motivates people to do - or not do - specific things
- Neurolinguistics - it's not just what you say; but how you say it and to who
- Divide and conquer - adapting your message to target specific personality types
- Changing the security culture by changing people's belief systems
- Dirty tricks (slightly) - tactics that work in changing behaviour
- Selling the unsellable - lessons from other sectors in making boring stuff sexy
Participate:
- Informal group discussion of challenges and successes from your experience
- Identifying your audience’s character types and shaping the message
- Influencing the Board by speaking their language
- Developing an internal PR strategy to improve security's image and influence
- Develop a brand new and more effective mission statement for your team
About the Presenter:
Adrian Wright CISA
20 years experience in Information Security, IT Risk Management & Compliance. Specialist in managing security, risk and compliance awareness campaigns;
9 Years Global CISO Head of InfoSec at Reuters - covering 142 countries and 250,000 systems;
10 years founder and programme director at Secoda Risk Management. Experienced speaker and writer on all things cyber security, governance, risk & compliance.
2 Years Director of Projects & 1 Year VP of Research & Board member at ISSA-UK
Having spent decades looking into the darker recesses and failings within technology; Adrian has recently turned his attention to the darker recesses and failings within the human beings that work with the technology…
Security Trends: From "Silos" to Integrated Risk ManagementResolver Inc.
Learn about the recent trend that sees security practitioners moving away from a traditional “siloed” approach to problem solving that relies heavily on unique individual responsibilities and expertise. By breaking down information “silos” and employing a multi-disciplinary approach to problem solving, organizations can achieve better results through more efficient and effective risk management.
We need to get on the same page as an industry if we stand any hope of getting this right. It starts with understanding and agreeing to fundamentals, including the terminology we use.
WANTED – People Committed to Solving our Information Security Language ProblemSecurityStudio
The presentation shared with the Greater KC ISACA chapter on 11/14/19. The talk starts with housekeeping, then progresses into the heart of our language problem before ending with the dream to secure America. The talk was very well received, and now you can use it however you wish.
WANTED - People Committed to Solving Our Information Security Language ProblemEvan Francen
Our industry has plenty of problems to solve. The language we use shouldn’t be one of them, and now it’s not. SecurityStudio, a Minnesota-based security SaaS company committed to solving information security problems for our industry has developed a common, easily-understood information security risk assessment that’s comprehensive, foundational, and completely free for all to use.
Today, more than 1,500 organizations are speaking the language. We invite you to do the same.
WANTED – People Committed to Solving our Information Security Language ProblemEvan Francen
The information security industry is broken. It's our duty to fix it, and it starts with getting on the same page. The model isn't broken, but our application is. How do we apply the basics and fundamentals on a wider scale? It starts with defining a common language and a common approach. Next, make it all free.
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013Adrian Wright
Security on the Brain – Using Human Psychology to Achieve Compliance: ISSA-UK Expert Workshop
Presented by Adrian Wright - ISSA-UK VP of Research
One of the biggest wake-up calls in recent times is the realisation that more than 60% of major security breaches and data losses are down to 'human factor' failings.
Our main weapon in mitigating these failings is to spend more on in-house awareness campaigns and on technical measures to minimise any losses - yet incidents and losses continue to increase. Clearly these existing awareness campaigns and controls are not enough, as the message is still not getting through or isn't being complied with.
This presentation and workshop session challenges current thinking and strategies in dealing with people as both an asset and a source of risk, by leveraging human psychology and people's differing motivations to improve communication, change opinions and turn basic awareness into actual compliance.
In this session
Learn:
- The psychology of why we don't comply - why awareness alone won't do
- What motivates people to do - or not do - specific things
- Neurolinguistics - it's not just what you say; but how you say it and to who
- Divide and conquer - adapting your message to target specific personality types
- Changing the security culture by changing people's belief systems
- Dirty tricks (slightly) - tactics that work in changing behaviour
- Selling the unsellable - lessons from other sectors in making boring stuff sexy
Participate:
- Informal group discussion of challenges and successes from your experience
- Identifying your audience’s character types and shaping the message
- Influencing the Board by speaking their language
- Developing an internal PR strategy to improve security's image and influence
- Develop a brand new and more effective mission statement for your team
About the Presenter:
Adrian Wright CISA
20 years experience in Information Security, IT Risk Management & Compliance. Specialist in managing security, risk and compliance awareness campaigns;
9 Years Global CISO Head of InfoSec at Reuters - covering 142 countries and 250,000 systems;
10 years founder and programme director at Secoda Risk Management. Experienced speaker and writer on all things cyber security, governance, risk & compliance.
2 Years Director of Projects & 1 Year VP of Research & Board member at ISSA-UK
Having spent decades looking into the darker recesses and failings within technology; Adrian has recently turned his attention to the darker recesses and failings within the human beings that work with the technology…
Security Trends: From "Silos" to Integrated Risk ManagementResolver Inc.
Learn about the recent trend that sees security practitioners moving away from a traditional “siloed” approach to problem solving that relies heavily on unique individual responsibilities and expertise. By breaking down information “silos” and employing a multi-disciplinary approach to problem solving, organizations can achieve better results through more efficient and effective risk management.
We need to get on the same page as an industry if we stand any hope of getting this right. It starts with understanding and agreeing to fundamentals, including the terminology we use.
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...centralohioissa
Have you ever felt that the security problems you're faced with would be so simple to solve if only your colleagues had your perspective on them? Are you frustrated that security does not have a more prominent seat at the table?
Often times identifying security problems and developing the appropriate controls is the easiest part of the security job. Getting our peers and superiors to buy-in to those solutions and understand the risk decisions they're making is an under-appreciated but arguably much more important part of our jobs in security.
Chris and Jack will share techniques that help to turn your employees into an army of human security sensors, to get security done regardless of where it sits on the org chart, and to earn major security victories even with a meager budget and a small team. Along the way you’ll learn about the “10 Critical Habits” which we have observed effective security leaders using to achieve their goals.
Have you ever felt that the security problems you're faced with would be so simple to solve if only your colleagues had your perspective on them? Are you frustrated that security does not have a more prominent seat at the table?
Often times identifying security problems and developing the appropriate controls is the easiest part of the security job. Getting our peers and superiors to buy-in to those solutions and understand the risk decisions they're making is an under-appreciated but arguably much more important part of our jobs in security.
Chris and Jack will share techniques that help to turn your employees into an army of human security sensors, to get security done regardless of where it sits on the org chart, and to earn major security victories even with a meager budget and a small team. Along the way you’ll learn about the “10 Critical Habits” which we have observed effective security leaders using to achieve their goals.
Improve Information Security Practices in the Small EnterpriseGeorge Goodall
Over 80% of small-medium sized business consider themselves non-targets for cyber-attacks. However, 60% of all targeted attacks are towards small-medium sized organizations. The capabilities of hackers have risen dramatically in the last two years. Organizations of all sizes need a security plan. Security by obscurity is no longer a viable option. Adopt a proven strategy to protect vital corporate assets.
Be More Secure than your Competition: MePush Cyber Security for Small BusinessArt Ocain
These are the slides I used during my cyber security presentation at the Bucknell SBDC. Titled "Be More Secure than your Competition" this is geared toward small businesses.
TITLE: WANTED – People Committed to Solving Our Information Security Language Problem, the presentation given at the inaugural BSides Harrisburg Conference on October 2nd, 2019.
Business-Critical Backup: Preparing for a DisasterNetWize
Here is a brief presentation on the importance of having a backup and recovery plan for your electronic data, especially planning for that recovery in the event of a natural or man-made disaster.
Bill Lisse - Communicating Security Across the C-Suitecentralohioissa
CISO's are increasingly being included in Board and Executive discussions. Skills for developing CISOs need to include soft skills, including the ability to communicate across the executive table. This presentation is about the sell versus the tell.
Given an outcome, we often exaggerate our ability to predict and therefore avoid the same fate. In cybersecurity, this misconception can lead to a false sense of corporate security, or worse, bury the true causes of incidents and lead to repeated data breaches or business-disrupting cyber incidents.
Можно ли научить людей тому, чему они не желают учиться? Можно ли превратить слабое звено в союзника службы ИБ и какими инструментами для этого пользоваться? Опыт «Лаборатории Касперского».
Risk Management is more than just Risk Avoidance.
Go beyond IT Audits, Security Assessments, checklists and checkboxes. Join Michael Scheidell, Certified CISO as you move beyond Risk Assessments and Risk Management into Risk Enablement.
Risk Enablement is the process of developing an Enterprise Risk Management program that facilitates and encourages a strategy of supporting TAKING Risks. The requirement of any growing company.
Find out how to build a culture of informed Enterprise Risk Management.
(related whitepaper at http://blog.securityprivateers.com/2014/03/to-achieve-good-security-you-need-to.html
This presentation will contrast traditional risk assessment with some emerging techniques that use internal and market risk event (incident ) data to drive a more accurate risk model.
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...EC-Council
Present your risk assessments to your board of directors in the language they understand - financial loss. "FAIR" or "Factor Analysis of Information Risk" is the quantitative risk analysis methodology that works with common frameworks while adding context for truly effective risk management.
The Hacking Team Hack: Lessons Learned for Enterprise SecurityStephen Cobb
Recent aggressive hacks on companies underline the need for good risk analysis, situational awareness, and incident response. Just ask AshleyMadison, Hacking Team, and Sony Pictures.
ISACA talk - cybersecurity and security cultureCraig McGill
PwC's talented senior cybersecurity and infosec manager Ross Foley recently gave a great talk on the growing importance of security culture within infosec. Here are the slides to help raise awareness of this issue.
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...centralohioissa
Have you ever felt that the security problems you're faced with would be so simple to solve if only your colleagues had your perspective on them? Are you frustrated that security does not have a more prominent seat at the table?
Often times identifying security problems and developing the appropriate controls is the easiest part of the security job. Getting our peers and superiors to buy-in to those solutions and understand the risk decisions they're making is an under-appreciated but arguably much more important part of our jobs in security.
Chris and Jack will share techniques that help to turn your employees into an army of human security sensors, to get security done regardless of where it sits on the org chart, and to earn major security victories even with a meager budget and a small team. Along the way you’ll learn about the “10 Critical Habits” which we have observed effective security leaders using to achieve their goals.
Have you ever felt that the security problems you're faced with would be so simple to solve if only your colleagues had your perspective on them? Are you frustrated that security does not have a more prominent seat at the table?
Often times identifying security problems and developing the appropriate controls is the easiest part of the security job. Getting our peers and superiors to buy-in to those solutions and understand the risk decisions they're making is an under-appreciated but arguably much more important part of our jobs in security.
Chris and Jack will share techniques that help to turn your employees into an army of human security sensors, to get security done regardless of where it sits on the org chart, and to earn major security victories even with a meager budget and a small team. Along the way you’ll learn about the “10 Critical Habits” which we have observed effective security leaders using to achieve their goals.
Improve Information Security Practices in the Small EnterpriseGeorge Goodall
Over 80% of small-medium sized business consider themselves non-targets for cyber-attacks. However, 60% of all targeted attacks are towards small-medium sized organizations. The capabilities of hackers have risen dramatically in the last two years. Organizations of all sizes need a security plan. Security by obscurity is no longer a viable option. Adopt a proven strategy to protect vital corporate assets.
Be More Secure than your Competition: MePush Cyber Security for Small BusinessArt Ocain
These are the slides I used during my cyber security presentation at the Bucknell SBDC. Titled "Be More Secure than your Competition" this is geared toward small businesses.
TITLE: WANTED – People Committed to Solving Our Information Security Language Problem, the presentation given at the inaugural BSides Harrisburg Conference on October 2nd, 2019.
Business-Critical Backup: Preparing for a DisasterNetWize
Here is a brief presentation on the importance of having a backup and recovery plan for your electronic data, especially planning for that recovery in the event of a natural or man-made disaster.
Bill Lisse - Communicating Security Across the C-Suitecentralohioissa
CISO's are increasingly being included in Board and Executive discussions. Skills for developing CISOs need to include soft skills, including the ability to communicate across the executive table. This presentation is about the sell versus the tell.
Given an outcome, we often exaggerate our ability to predict and therefore avoid the same fate. In cybersecurity, this misconception can lead to a false sense of corporate security, or worse, bury the true causes of incidents and lead to repeated data breaches or business-disrupting cyber incidents.
Можно ли научить людей тому, чему они не желают учиться? Можно ли превратить слабое звено в союзника службы ИБ и какими инструментами для этого пользоваться? Опыт «Лаборатории Касперского».
Risk Management is more than just Risk Avoidance.
Go beyond IT Audits, Security Assessments, checklists and checkboxes. Join Michael Scheidell, Certified CISO as you move beyond Risk Assessments and Risk Management into Risk Enablement.
Risk Enablement is the process of developing an Enterprise Risk Management program that facilitates and encourages a strategy of supporting TAKING Risks. The requirement of any growing company.
Find out how to build a culture of informed Enterprise Risk Management.
(related whitepaper at http://blog.securityprivateers.com/2014/03/to-achieve-good-security-you-need-to.html
This presentation will contrast traditional risk assessment with some emerging techniques that use internal and market risk event (incident ) data to drive a more accurate risk model.
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...EC-Council
Present your risk assessments to your board of directors in the language they understand - financial loss. "FAIR" or "Factor Analysis of Information Risk" is the quantitative risk analysis methodology that works with common frameworks while adding context for truly effective risk management.
The Hacking Team Hack: Lessons Learned for Enterprise SecurityStephen Cobb
Recent aggressive hacks on companies underline the need for good risk analysis, situational awareness, and incident response. Just ask AshleyMadison, Hacking Team, and Sony Pictures.
ISACA talk - cybersecurity and security cultureCraig McGill
PwC's talented senior cybersecurity and infosec manager Ross Foley recently gave a great talk on the growing importance of security culture within infosec. Here are the slides to help raise awareness of this issue.
This presentation was delivered to Minnesota manufacturing CEOs who attended the April 2019 Enterprise Minnesota event. Manufacturing companies face real information security threats that they need to prepare for.
Under cyber attack: EY's Global information security survey 2013EY
Under cyber-attack, EY's 16th annual Global Information Security Survey 2013 tracks the level of awareness and action by companies in response to cyber threats and canvases the opinion of over 1,900 senior executives globally. This year’s results show that as companies continue to invest heavily to protect themselves against cyber-attacks, the number of security breaches is on the rise and it is no longer of question of if, but when, a company will be the target of an attack.
For further information, visit: http://www.ey.com/GL/en/Services/Advisory/Cyber-security
Stop occupational fraud - Three simple steps to help stop fraudWynyard Group
Internal fraud and threat is on the rise. The leading cause of insider threat is staff members taking advantage of their systems’ access privileges and using their organizations’ corporate LAN systems as attack vectors. The consequences of internal fraud are significant to organizations, brands and Boards of Directors.
The title is "Cybersecure Schools, Parents, and Kids. The talk was delivered to ~250 people attending the summit. Tackling information security at school and at home requires us to agree to and apply the fundamentals. The S2Org is helping schools become more secure, and the S2Me is helping at home.
Intro to a Data-Driven Computer Security DefenseRoger Grimes
Introduces a Data-Driven Computer Security Defense, a computer security defense strategy introduced by the author. Slide deck complements the book and whitepaper and can be used by anyone.
6 Keys to Preventing and Responding to Workplace ViolenceCase IQ
We like to think that the workplace is safe. But in reality, people bring their problems and, sometimes, associated violence, to the workplace. From bullying and simple assaults to unexpected aggression and active shooters, no organization is completely safe. Workplace violence training provides a pragmatic approach to workplace violence and bullying prevention.
ISSA-OC and Webster University Cybersecurity Seminar Series PresentationSecurityStudio
The slide deck used on 11/21/19. There are four parts to this talk; housekeeping (establishing credibility with the audience), the meat (our information security language problem and our solution), the dream (securing America), and the call to action (get your free S2Org and S2Me risk assessments).
People Committed to Solving our Information Security Language ProblemSecurityStudio
The talk given at the ISSA Phoenix Q4 2019 Chapter Meeting on 12/5/19. Four parts to the talk; housekeeping (where we establish some credibility), meat (where we discuss our information security language problem, the dream (where we talk about security America), and the call to action (get involved and get stuff done).
I have been asked several time to refresh the content of my 2013 presentation on this topic. While much of the core principles remain the same, I have provided some additional resources to consider for those that are looking to develop an Insider Threat Program.
Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
2014 NSF Cybersecurity Summit keynote presentation from Matthew Rosenquist, Cybersecurity Strategist for Intel Corp.
Cybersecurity is difficult. It is a serious endeavor which strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk have matured and expanded on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the challenges, organizational opportunities, and explore best practices to align investments in security to the risk appetite of an organization.
Step Up Your Data Security Against Third-Party RisksEvan Francen
This presentation was delivered to the Hacks & Hops event attendees in the Spring of 2019. The event featured a short keynote following by a moderated panel discussion. The panel experts provided excellent guidance for all risk managers, CISOs, vendor managers, etc.
Simple Training for Information Security and Payment FraudEvan Francen
The frequency of financial scams and payment fraud have been increasing substantially. We put these simple training slides together as a way to help our clients and friends.
People. The Social Engineer's Dream - TechPulse 2017Evan Francen
Presentation given by Evan Francen at TechPulse 2017. The presentation was about social engineering, including common tactics and basic protections. Topics such as phishing, vishing, and physical access attacks were discussed. Evan also shared some of the real-life stories that he has experienced during his 20+ career.
AFCOM - Information Security State of the UnionEvan Francen
A presentation delivered by FRSecure's president Evan Francen at the August, 2015 Twin Cities AFCOM Chapter Meeting. There were more than 50 people in attendance to learn about FRSecure, current information security events and threats, what companies are doing, and basic information security principles.
It's not our job to tell business not to use mobile devices, even personally-owned mobile devices. It's our job to enable business to use mobile devices securely for the benefit of the organization, customers, employees, and contractors.
In this presentation, given on April 30 at techpulse 2013, Evan Francen from FRSecure teaches how to secure mobile devices in today's business environments.
Information security challenges in today’s banking environmentEvan Francen
This presentation was delivered to by FRSecure's Evan Francen to the Uniforum User's Group on November 8th, 2012. There were more than 50 bankers in attendance, and the presentation was very well received.
Information Security in a Compliance WorldEvan Francen
Presented by Evan Francen at the 2012 RK Dixon Tech Summit
What drives information security in your organization?
What is information security?
Customer requirements
Compliance
Compliant = Secure?
Solution - Strategic Information Security
Top Five Things You Should Do (Tactically & Strategically)
Need Help? – Contact Us!
Information Security For Leaders, By a LeaderEvan Francen
Evan Francen, President of FRSecure, discusses the challenges of building an efficient and effective security program in today’s world. Learn why most leaders have a false assumption of security, and how you can avoid the security mistakes most organizations make. - Delivered on 4/17/12 at TechPulse 2012.
Meaningful Use and Security Risk AnalysisEvan Francen
Presentation delivered by FRSecure president, Evan Francen to the 100+ Iowa CPSI User Group attendees on October 18th, 2011.
Meaningful Use Core Requirement "Security Risk Analysis"
An Introduction to Information SecurityEvan Francen
A recent presentation given by FRSecure at the Action, Inc. Data Security Event on August 17th, 2011. This presentation was delivered by FRSecure president, Evan Francen CISSP CISM CCSK
Job Vacancies in Norway 🇳🇴
Warehouse Workers for Clothing
2year WORKPERMIT 👍
Salary: €3900-4300 per month (Paid twice a month).
Requirements:
* Duties include quality control of products, order picking, packing goods, and applying stickers and labels.
* Work schedule: 8-10 hours per day, 5 days a week.
Documents 📄
*Adhar
Pan
Photo
Education documents
Basic English**o
Education documents
Basic English**
Photo
Education documents
Basic English**
eBrand Promotion Full Service Digital Agency Company ProfileChimaOrjiOkpi
eBrandpromotion.com is Nigeria’s leading Web Design/development and Digital marketing agency. We’ve helped 600+ clients in 24 countries achieve growth revenue of over $160+ Million USD in 12 Years. Whether you’re a Startup or the Unicorn in your industry, we can help your business/organization grow online. Thinking of taking your business online with a professionally designed world-class website or mobile application? At eBrand, we don’t just design beautiful mobile responsive websites/apps, we can guarantee that you will get tangible results or we refund your money…
Bridging the Language Gap The Power of Simultaneous Interpretation in RwandaKasuku Translation Ltd
Rwanda is a nation on the rise, fostering international partnerships and economic growth. With this progress comes a growing need for seamless communication across languages. Simultaneous interpretation emerges as a vital tool in this ever-evolving landscape. When seeking the best simultaneous interpretation in Rwanda, Kasuku Translation stands out as a premier choice.
All Trophies at Trophy-World Malaysia | Custom Trophies & Plaques Supplier. Come to our Trophy Shop today and check out all our variety of Trophies available. We have the widest range of Trophies in Malaysia. Our team is always ready to greet your needs and discuss with you on your custom Trophy for your event. Rest assured, you will be with the best Trophy Supplier in Malaysia. The official Trophy Malaysia. Thank you for your support.
Looking for a genuine company for your Spanish Marriage Certificate Attestation? It is an important step to prove the authenticity of a certificate for any purpose in Dubai. Attestation On Time in Dubai is the perfect choice for your Spanish Marriage Certificate Attestation.
Purpose of attesting your Spanish marriage Certificate:
- To apply for family visa
- To enroll your child at school
- Other legal purpose
Why Attestation On Time is your best choice?
- Expert guidance will be provided with complete attestation procedures
- Safety and authenticity are always our top priority and concern
- Fastest service provider in Dubai
- We offer live status updates of your certificates
- We accept certificate from anywhere in the world
Attest your certificates with the help of our attestation experts. Contact us now +971 555514789 /+971 42955338 or share your queries to info@attestationontime.com or visit our website www.attestationontime.com
Comprehensive Water Damage Restoration Serviceskleenupdisaster
Find out how Disaster Kleenup's professional water damage restoration services can quickly and efficiently restore your property. Find more about our advanced techniques and quick action plans. Visit here: https://iddk.com/disaster-cleanup-services/flood-damage/
Gujar Industries India Pvt. Ltd is a leading manufacturer of X-ray baggage scanners in India. With a strong focus on innovation and quality, the company has established itself as a trusted provider of security solutions for various industries. Their X-ray baggage scanners are designed to meet the highest standards of safety and efficiency, making them ideal for use in airports, government buildings, and other high-security environments. Gujar Industries India Pvt. Ltd is committed to providing cutting-edge technology and reliable products to ensure the safety and security of their customers.
Sustainable Solutions for Chemical Waste Disposal by Summerland Environmental...Summerland Environmental
Welcome to the presentation on Sustainable Solutions for Chemical Waste Disposal by Summerland Environmental. We will explore innovative methods and technologies for eco-friendly waste management.
Best steel industrial company LLC in UAEalafnanmetals
AL Afnan Steel Industrial Company LLC is a distinguished steel manufacturer and supplier, celebrated for its high-quality products and outstanding customer service. With a diverse portfolio that includes structural steel, and custom fabrications, AL Afnan meets a wide array of industrial demands. We are dedicated to using advanced technologies and sustainable methods to ensure excellence and reliability in every product, serving both local and international markets with efficiency.
Discover How Long Do Aluminum Gutters Last?SteveRiddle8
Many people wonder how long aluminum gutters last. In this ppt, we will cover the lifetime of aluminum gutters, appropriate maintenance procedures, and the advantages of using this material for gutter installation.
Merchants from high-risk industries face significant challenges due to their industry reputation, chargeback, and refund rates. These industries include sectors like gambling, adult entertainment, and CBD products, which often struggle to secure merchant accounts due to increased risks of chargebacks and fraud.
To overcome these difficulties, it is necessary to improve credit scores, reduce chargeback rates, and provide detailed business information to high-risk merchant account providers to enhance credibility.
Regarding security, implementing robust security measures such as secure payment gateways, two-factor authentication, and fraud detection software that utilizes machine learning systems is crucial.
Optimize your online presence as an interior designer in Delhi with tailored SEO strategies. Elevate visibility on search engines, ensuring your design prowess reaches the right audience. Craft engaging content that resonates with local clientele, incorporating relevant keywords and metadata. Harness the power of local SEO techniques to dominate search results, driving organic traffic and inquiries. Stay ahead in Delhi's competitive market by fine-tuning your digital footprint with effective SEO practices.
Solar power panels, also known as photovoltaic (PV) panels, convert sunlight into electricity, offering a renewable and sustainable energy solution. Composed of semiconductor materials, typically silicon, these panels absorb photons from sunlight, generating an electric current through the photovoltaic effect. This clean energy source reduces dependence on fossil fuels, mitigates greenhouse gas emissions, and contributes to environmental sustainability.
Stay updated on Siddhivinayak Temple events and timings in Houston, TX. Join our spiritual and community gatherings. Visit us now! gaurisiddhivinayak.org
This PDF offers clear and concise instructions on wearing and placing medals and ribbons on U.S. Coast Guard uniforms. It provides detailed guidelines to ensure adherence to official standards, helping service members maintain a professional and regulation-compliant appearance. Perfect for quick reference, this guide is an essential resource for all Coast Guard personnel.
DOJO Training Center - Empowering Workforce ExcellenceHimanshu
The document delves into DOJO training, an immersive offline training concept designed to educate both new hires and existing staff. This method follows an organized eight-step process within a simulated work setting. The steps encompass safety protocols, behavioral coaching, product familiarity, production guidelines, and procedural understanding. Trainees acquire skills through hands-on simulations and rehearsal prior to transitioning to actual shop floor duties under supervision. The primary aim is to minimize accidents and defects by ensuring employees undergo comprehensive training, preparing them effectively for their job roles.
2. Managing Risk or Reacting to Compliance
Topics
Introduction
Evan Francen
FRSecure
Compliance – Reactive
Risk – Proactive
Real World Examples & Guidance
Social Engineering
3. Managing Risk or Reacting to Compliance
Introduction
Evan Francen
Aka “The Truth”
4. Managing Risk or Reacting to Compliance
Introduction
Evan Francen
Security Guy
5. Managing Risk or Reacting to Compliance
Introduction
Evan Francen
Weird - Different
6. Managing Risk or Reacting to Compliance
Introduction
Evan Francen
For real…
• 20+ years of information security experience
• Co-founded FRSecure in 2008
• Worked with organizations of all sizes, including Wells Fargo, US Bank,
UnitedHealth, ADP, St. Jude, etc.
• Risk Management, Security Program Development, Social Engineering,
Mentoring, and the projects nobody else wants to do.
7. Managing Risk or Reacting to Compliance
Introduction
FRSecure
• Information Security Management company. It’s all we do.
• Methodology - Develop, use, and share methodologies for a variety of
information security projects.
• Project Leaders – All of our project leaders have more than 15 years
of information security experience, from Fortune 100 to SMBs
• Fully Transparent – Empowers our clients to do what we do.
• Product Agnostic – Recommendations stand on their own, with no
ulterior motive.
8. Managing Risk or Reacting to Compliance
Compliance
What is compliance?
9. Managing Risk or Reacting to Compliance
Compliance
What is compliance?
• Is there any such thing as “GLBA Compliant” or “HIPAA
Compliant”?
If so, who certifies such things?
• Is not “compliance” just doing what the last auditor told you
to do?
Is what the last auditor told you to do the
right thing for you to do?
10. Managing Risk or Reacting to Compliance
Compliance
Are compliance and security the same thing?
• Many people believe so.
• The right answer is NO.
Information security is the use of Administrative, Physical and
Technical controls to protect the Confidentiality, Integrity, and
Availability of data.
11. Managing Risk or Reacting to Compliance
Risk
Are we ever “secure”?
• It depends. Right?
No matter what we do with protection, there will always be a
risk associated with unauthorized disclosure, alteration, or
destruction of data.
• “Secure” is a relative term.
• Effectively managing security comes down to managing risk.
12. Managing Risk or Reacting to Compliance
Risk
Some risks are acceptable and others are not.
• What is risk?
• Risk is not intuitive. (more on this later)
• Risk = the likelihood of something bad happening + the
impact if the bad thing happened.
• Risk decisions are management decisions.
14. Managing Risk or Reacting to Compliance
Risk
Risk is Not (always) Intuitive
• Who is at higher risk of an earthquake, San Francisco or
Boston?
Turns out that the risk is essentially the same.
In general:
• People exaggerate spectacular but rare risks and downplay common risks.
• People have trouble estimating risks for anything not exactly like their normal situation.
• Personified risks are perceived to be greater than anonymous risks.
• People underestimate risks they willingly take and overestimate risks in situations they can't
control.
• People overestimate risks that are being talked about and remain an object of public scrutiny.
15. Managing Risk or Reacting to Compliance
Compliance & Risk
Compliance is based on doing what you’re told.
Risk is based on likelihood and impact.
Compliance is reactive.
Managing risk is proactive.
Compliance is more costly.
Managing risk allows cost/benefit analysis.
Compliance is the letter of the law.
Managing risk is the intent of the law.
16. Managing Risk or Reacting to Compliance
Real Life Examples
Large Healthcare Organization
Audit conducted in 2012
Told they needed SIEM and DLP
Spent $600,000 on new technology
Compliant!
Greatest (technical) risk was use of
unencrypted mobile devices
Cost to mitigate $600,000
Products are not configured or fully utilized
Breach occurs in 2013 – Stolen laptop
Over $3,000,000 in costs
Over $3,600,000 spent. Greatest risk still exists
17. Managing Risk or Reacting to Compliance
Real Life Examples
Target
Audited regularly & constantly
Spend millions on compliance
Spend millions on technology
Compliant!
Were any of these a significant risk?
• Vendor risk management
• Information security reporting structure
• Alerting & monitoring processes
• SOC processes and training
• Incident response processes
Millions of dollars spent. Greatest risk? Last quarter profit down 46%.
Estimated costs to exceed $1,000,000,000.
18. Managing Risk or Reacting to Compliance
Social Engineering
Social Engineering is exploitation of the human factor in security; tricking a
person into giving you information that could benefit you, but bring them
harm.
Social Engineering is by far the most effective method of gaining
unauthorized access to information. We know this, and so do the bad guys.
19. Managing Risk or Reacting to Compliance
Social Engineering
Did You Know:
There were more than 74,000 unique
phishing campaigns discovered during the
Q2/2013, leveraging over 110,000
hijacked domains and targeting more than
1,100 brands.
Email Attacks (Phishing)
• Tricking you into going to a website that looks legitimate, and convincing
you to log in (or disclose other information).
• Has a 60 – 70% success rate.
• How to Avoid Phishing Scams -
http://apwg.org/resources/overview/avoid-phishing-scams
20. Managing Risk or Reacting to Compliance
Social Engineering
Did You Know:
A recent study shows that 30 percent of
Americans will open emails, even when
they know the message is malicious.
Email Attacks (Malicious Attachments)
• Tricking you into opening (or downloading/opening) a file that appears to
be legitimate, but is in fact malicious.
• Has a 30 – 40% success rate.
• Don’t have blind trust in your anti-virus software. If you aren’t
expecting an attachment, don’t open it. If you’re not sure, call
the person who sent it to you and ask.
21. Managing Risk or Reacting to Compliance
Social Engineering
Did You Know:
Most social engineering attacks go un-
reported by the victim.
Telephone Attacks
• Tricking you into divulging sensitive information over the phone.
• People like helping other people, something that an attacker can exploit
to receive sensitive information.
• Success rate varies greatly.
• If you receive a social engineering phone call, ask them for
their name, company and phone number. In almost every case,
the caller will disconnect when asked questions or placed on
hold.
22. Managing Risk or Reacting to Compliance
Social Engineering
Did You Know:
Physical social engineering attacks can
result in physical damage to the facility
and safety dangers.
Physical Attacks
• Tricking you into giving physical access to a restricted area.
• Physical social engineering attacks require a bold attacker with a very
focused agenda.
• Success rate varies greatly.
• If you can help it, don’t hold the door for others; especially
those who you don’t recognize. It’s OK to ask someone you
don’t know if you can help them or ask for identification.
23. Managing Risk or Reacting to Compliance
Social Engineering
Want a story? Pick One:
• Physical access to Fortune 100 company headquarters.
• Password disclosure almost cost someone their retirement.
• Police help me carry out an attack.
• I don’t really work for NSP.
• 60% of bank’s employees give us their domain usernames and
passwords.
24. Managing Risk or Reacting to Compliance
Thank you!
Questions?
Evan Francen, CISSP CISM
President – FRSecure
evan@frsecure.com
952-467-6384