Evan Francen, profile picture
Uploaded byEvan Francen
501 views

Mobile Information Security

Frsecure, founded in 2008 by experts in information security, emphasizes the importance of mobile device management and encryption to prevent data breaches. They discuss the risks associated with personal mobile device usage and provide an example of a significant data breach that resulted from poor security practices. The document advocates for comprehensive policies, employee training, and a risk-based approach to enhance organizational security.

Embed presentation

FRSECURE.COM Mobile Information Security Evan Francen CISSP, CISM FRSecure President & Co-founder
FRSECURE.COM What’s on the Menu? 1. Who are these guys? 2. Should you allow personal mobile devices? 3. An example of why stealing is bad. 4. John hacks a laptop…seriously…here…in real time. 5. Encryption. 6. A helpful security thought process.
FRSECURE.COM Who Are These Guys? • Plain-spoken experts. • Information security consulting is all we do. • Established in 2008 by people who have earned their stripes in the field. • Work with small to medium sized organizations in all industries everywhere. “We get paid to tell people the truth”
FRSECURE.COM Who Is This Guy? Evan Francen: CISSP, CISM • President & co-founder of FRSecure • Information security expert: • 20 years of experience • 700+ published articles • 150+ public & private organizations served
FRSECURE.COM Should Personal Mobile Devices Be Allowed? We think so… 1. Cost efficiency 2. Employee satisfaction 3. Increased productivity 4. It’s happening anyway But, there are risks you need to consider…
FRSECURE.COM Pop Quiz? Lost and/or stolen mobile devices such as phones, laptops, thumb drives and tablets accounted for how many sensitive records compromised in 2012* in the U.S.? *According to Privacy Rights Clearing House
FRSECURE.COM Answer 2,614,908 Social Security Numbers Intellectual Property Access Codes Medical Files Protected Health InformationEmployee Files Credit Card NumbersBank Account Numbers
FRSECURE.COM Breach Example A laptop is stolen from an employee of Accretive Health (Fairview Health Services Collections Vendor). • The laptop was inside a locked car in a Minneapolis restaurant parking lot. • The laptop was NOT encrypted (and therefore not protected by Safe Harbor Rule). • The laptop contained 14,000 private records of Fairview patients. - Social Security Numbers - Diagnoses - Names, Addresses, DOB’s
FRSECURE.COM Breach Fallout 1. Fairview sent a letter to the 14,000 patients telling them their information was stolen. 2. Accretive was sued by the State of Minnesota, settled the case for $2.5 million and were “banned” for 6 years. 3. Fairview CEO retires when company doesn’t renew his contract after the incident. 4. Fairview was in the news for about a year for this and other negative incidents regarding the care of patient information. 5. 14,000 people (that we know of) are victims.
FRSECURE.COM John Hacks a Laptop We Need a Volunteer
FRSECURE.COM Encryption Effective and inexpensive. Sustainable with solid policy backing. Keys must be managed correctly. More involved than downloading and enabling software.
FRSECURE.COM Encryption is Not an Easy Button There’s also…. • Policy & Governance • Mobile Device Management • Training & Awareness • Alignment with the Big Picture
FRSECURE.COM Policy & Governance • Information Security Policy • Encryption Policy • Mobile Device Policy • Bring Your Own Device (“BYOD”) Policy • Standards, Guidelines & Procedures (exceptions)
FRSECURE.COM Mobile Device Management Numerous technological solutions on the market today to assist in enforcing what we say in policy. • If we can’t enforce what we stated in policy, how effective is our policy? • Regulators will require evidence of compliance with our policies. • People are people, sometimes we need to protect them from themselves.
FRSECURE.COM Training & Awareness It’s hard to over-invest in training & awareness. Do your people know what to do if: • They lose their mobile device • Their mobile device is stolen • If their mobile device is infected (or suspected to be infected) All of these things should feed into a process for incident response… How is your incident response?
FRSECURE.COM Consider a Business-like Approach to Security Decisions 1. Find the starting point. 2. Have a way to measure progress. 3. Apply a risk-based thought process. 4. Expect continuous evolution. 5. Consider other business factors. 6. Make informed, aligned decisions.
FRSECURE.COM Thank You!

More Related Content

PPT
The Effect Of Lack Of Security On Industry
bylilian91
 
PPT
The effect-of-lack-of-security-on-industry129
byIzwan Hariz
 
PPTX
lack of security
bySarizah Sariffuddin
 
PPTX
7 Important Cybersecurity Trends
byMarco
 
PPTX
How can EMM help with GDPR compliance?
byMiradore
 
PPTX
Developing Secure Mobile Applications
bySymosis Security (Previously C-Level Security)
 
DOCX
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad Técnica
byProyecto Red Eureka
 
PDF
Fistulas genitourinarias y gastrointestinales
byGaspar Alberto Motta Ramírez
 
The Effect Of Lack Of Security On Industry
bylilian91
 
The effect-of-lack-of-security-on-industry129
byIzwan Hariz
 
lack of security
bySarizah Sariffuddin
 
7 Important Cybersecurity Trends
byMarco
 
How can EMM help with GDPR compliance?
byMiradore
 
Developing Secure Mobile Applications
bySymosis Security (Previously C-Level Security)
 
Documentación Proyecto # 71 Premios Eureka 2011 Mención Innovatividad Técnica
byProyecto Red Eureka
 
Fistulas genitourinarias y gastrointestinales
byGaspar Alberto Motta Ramírez
 

Similar to Mobile Information Security

PPT
Information security management v2010
byjoevest
 
PPTX
An Introduction to Information Security
byEvan Francen
 
PPTX
Information Security in a Compliance World
byEvan Francen
 
PPTX
People are the biggest risk
byEvan Francen
 
PPTX
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
byDamir Delija
 
PPTX
Information security challenges in today’s banking environment
byEvan Francen
 
PPTX
ch07-Security.pptx
byLuckySaigon1
 
PPTX
Information Security Basics for Businesses and Individuals
byJosh Moulin, MSISA,CISSP
 
PPTX
Community IT Webinar - IT Security for Nonprofits
byCommunity IT Innovators
 
PDF
2016 legal seminar for credit professionals
byKegler Brown Hill + Ritter
 
PPTX
Information Security
bysteffiann88
 
PPT
FRSecure Sales Deck
byEvan Francen
 
PPTX
CS5300 class presentation on managing information systems
byzenhubris
 
PPTX
FRSecure's Ten Security Principles to Live (or die) By
byEvan Francen
 
PPT
Network security, change control, outsourcing
byNicholas Davis
 
PPTX
APT & What we can do TODAY
byJames Ryan, CSyP, EA, PMP
 
PPTX
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
byDavid Menken
 
PDF
2011 SC Magazine Insider Threat Keynote
byJohn D. Johnson
 
PPT
2.4.1 - Intro to Cyber Security for students.ppt
byrameshselvarajkkp
 
PPTX
Information Security For Leaders, By a Leader
byEvan Francen
 
Information security management v2010
byjoevest
 
An Introduction to Information Security
byEvan Francen
 
Information Security in a Compliance World
byEvan Francen
 
People are the biggest risk
byEvan Francen
 
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
byDamir Delija
 
Information security challenges in today’s banking environment
byEvan Francen
 
ch07-Security.pptx
byLuckySaigon1
 
Information Security Basics for Businesses and Individuals
byJosh Moulin, MSISA,CISSP
 
Community IT Webinar - IT Security for Nonprofits
byCommunity IT Innovators
 
2016 legal seminar for credit professionals
byKegler Brown Hill + Ritter
 
Information Security
bysteffiann88
 
FRSecure Sales Deck
byEvan Francen
 
CS5300 class presentation on managing information systems
byzenhubris
 
FRSecure's Ten Security Principles to Live (or die) By
byEvan Francen
 
Network security, change control, outsourcing
byNicholas Davis
 
APT & What we can do TODAY
byJames Ryan, CSyP, EA, PMP
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
byDavid Menken
 
2011 SC Magazine Insider Threat Keynote
byJohn D. Johnson
 
2.4.1 - Intro to Cyber Security for students.ppt
byrameshselvarajkkp
 
Information Security For Leaders, By a Leader
byEvan Francen
 

More from Evan Francen

PPTX
WANTED - People Committed to Solving Our Information Security Language Problem
byEvan Francen
 
PPTX
Keynote @ ISC2 Cyber Aware Dallas
byEvan Francen
 
PPTX
WANTED – People Committed to Solving our Information Security Language Problem
byEvan Francen
 
PPTX
Harrisburg BSides Presentation - 100219
byEvan Francen
 
PPTX
Managing Third-Party Risk Effectively
byEvan Francen
 
PPTX
Step Up Your Data Security Against Third-Party Risks
byEvan Francen
 
PPTX
Information Security & Manufacturing
byEvan Francen
 
PPTX
Simple Training for Information Security and Payment Fraud
byEvan Francen
 
PPTX
MHTA Social Engineering Presentation - 050917
byEvan Francen
 
PPTX
People. The Social Engineer's Dream - TechPulse 2017
byEvan Francen
 
PPTX
AFCOM - Information Security State of the Union
byEvan Francen
 
PPTX
Managing Risk or Reacting to Compliance
byEvan Francen
 
PPTX
TIES 2013 Education Technology Conference
byEvan Francen
 
PPTX
Information Security is NOT an IT Issue
byEvan Francen
 
PPTX
Meaningful Use and Security Risk Analysis
byEvan Francen
 
WANTED - People Committed to Solving Our Information Security Language Problem
byEvan Francen
 
Keynote @ ISC2 Cyber Aware Dallas
byEvan Francen
 
WANTED – People Committed to Solving our Information Security Language Problem
byEvan Francen
 
Harrisburg BSides Presentation - 100219
byEvan Francen
 
Managing Third-Party Risk Effectively
byEvan Francen
 
Step Up Your Data Security Against Third-Party Risks
byEvan Francen
 
Information Security & Manufacturing
byEvan Francen
 
Simple Training for Information Security and Payment Fraud
byEvan Francen
 
MHTA Social Engineering Presentation - 050917
byEvan Francen
 
People. The Social Engineer's Dream - TechPulse 2017
byEvan Francen
 
AFCOM - Information Security State of the Union
byEvan Francen
 
Managing Risk or Reacting to Compliance
byEvan Francen
 
TIES 2013 Education Technology Conference
byEvan Francen
 
Information Security is NOT an IT Issue
byEvan Francen
 
Meaningful Use and Security Risk Analysis
byEvan Francen
 

Recently uploaded

PDF
Agentic AI with Google ADK GDG On Campus Netaji Subhash Engineering College
bydscnsecorg
 
PDF
What Is the Azure AI Foundry and Why Does It Matter for Enterprises?
byjohncarterjn
 
PDF
"When every team does things "right", but together it turns into chaos", Yozh...
byFwdays
 
PDF
Computer-Based Training (CBT) The Backbone of Modern Technical & Defence Trai...
bycomputerbasedtrainin1
 
PDF
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
PDF
Chapter 4 Network Security in computer security
byGetnet Tigabie Askale -(GM)
 
PDF
"Painless Major Upgrade: A Strategy for Updating Large Codebases", Andrii Yat...
byFwdays
 
PPTX
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 
PDF
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
PDF
Why Many Smart Device Platforms Fail to Scale?
byPromeraki Developments
 
PDF
January 2026 OpenMetadata Community Spotlight - OpenMetadata @ Wix.pdf
byOpenMetadata
 
PDF
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 
PPTX
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
PDF
Track Phone Location via Number (2026)_ What Actually Works, What’s a Scam, a...
byEmily Woods
 
PPTX
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
PDF
AI and Zero Trust: What it takes to do it right
byMark Simos
 
PDF
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
PDF
2026_01_28 - OpenMetadata Community Meeting.pdf
byOpenMetadata
 
PPTX
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
PPTX
NTG - Data Center Management System Software
byMustafa Kuğu
 
Agentic AI with Google ADK GDG On Campus Netaji Subhash Engineering College
bydscnsecorg
 
What Is the Azure AI Foundry and Why Does It Matter for Enterprises?
byjohncarterjn
 
"When every team does things "right", but together it turns into chaos", Yozh...
byFwdays
 
Computer-Based Training (CBT) The Backbone of Modern Technical & Defence Trai...
bycomputerbasedtrainin1
 
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
Chapter 4 Network Security in computer security
byGetnet Tigabie Askale -(GM)
 
"Painless Major Upgrade: A Strategy for Updating Large Codebases", Andrii Yat...
byFwdays
 
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
Why Many Smart Device Platforms Fail to Scale?
byPromeraki Developments
 
January 2026 OpenMetadata Community Spotlight - OpenMetadata @ Wix.pdf
byOpenMetadata
 
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
Track Phone Location via Number (2026)_ What Actually Works, What’s a Scam, a...
byEmily Woods
 
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
AI and Zero Trust: What it takes to do it right
byMark Simos
 
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
2026_01_28 - OpenMetadata Community Meeting.pdf
byOpenMetadata
 
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
NTG - Data Center Management System Software
byMustafa Kuğu
 

Mobile Information Security

  • 1.
    FRSECURE.COM Mobile Information Security Evan FrancenCISSP, CISM FRSecure President & Co-founder
  • 2.
    FRSECURE.COM What’s on theMenu? 1. Who are these guys? 2. Should you allow personal mobile devices? 3. An example of why stealing is bad. 4. John hacks a laptop…seriously…here…in real time. 5. Encryption. 6. A helpful security thought process.
  • 3.
    FRSECURE.COM Who Are TheseGuys? • Plain-spoken experts. • Information security consulting is all we do. • Established in 2008 by people who have earned their stripes in the field. • Work with small to medium sized organizations in all industries everywhere. “We get paid to tell people the truth”
  • 4.
    FRSECURE.COM Who Is ThisGuy? Evan Francen: CISSP, CISM • President & co-founder of FRSecure • Information security expert: • 20 years of experience • 700+ published articles • 150+ public & private organizations served
  • 5.
    FRSECURE.COM Should Personal MobileDevices Be Allowed? We think so… 1. Cost efficiency 2. Employee satisfaction 3. Increased productivity 4. It’s happening anyway But, there are risks you need to consider…
  • 6.
    FRSECURE.COM Pop Quiz? Lost and/orstolen mobile devices such as phones, laptops, thumb drives and tablets accounted for how many sensitive records compromised in 2012* in the U.S.? *According to Privacy Rights Clearing House
  • 7.
    FRSECURE.COM Answer 2,614,908 Social Security NumbersIntellectual Property Access Codes Medical Files Protected Health InformationEmployee Files Credit Card NumbersBank Account Numbers
  • 8.
    FRSECURE.COM Breach Example A laptopis stolen from an employee of Accretive Health (Fairview Health Services Collections Vendor). • The laptop was inside a locked car in a Minneapolis restaurant parking lot. • The laptop was NOT encrypted (and therefore not protected by Safe Harbor Rule). • The laptop contained 14,000 private records of Fairview patients. - Social Security Numbers - Diagnoses - Names, Addresses, DOB’s
  • 9.
    FRSECURE.COM Breach Fallout 1. Fairviewsent a letter to the 14,000 patients telling them their information was stolen. 2. Accretive was sued by the State of Minnesota, settled the case for $2.5 million and were “banned” for 6 years. 3. Fairview CEO retires when company doesn’t renew his contract after the incident. 4. Fairview was in the news for about a year for this and other negative incidents regarding the care of patient information. 5. 14,000 people (that we know of) are victims.
  • 10.
    FRSECURE.COM John Hacks aLaptop We Need a Volunteer
  • 11.
    FRSECURE.COM Encryption Effective and inexpensive. Sustainablewith solid policy backing. Keys must be managed correctly. More involved than downloading and enabling software.
  • 12.
    FRSECURE.COM Encryption is Notan Easy Button There’s also…. • Policy & Governance • Mobile Device Management • Training & Awareness • Alignment with the Big Picture
  • 13.
    FRSECURE.COM Policy & Governance •Information Security Policy • Encryption Policy • Mobile Device Policy • Bring Your Own Device (“BYOD”) Policy • Standards, Guidelines & Procedures (exceptions)
  • 14.
    FRSECURE.COM Mobile Device Management Numeroustechnological solutions on the market today to assist in enforcing what we say in policy. • If we can’t enforce what we stated in policy, how effective is our policy? • Regulators will require evidence of compliance with our policies. • People are people, sometimes we need to protect them from themselves.
  • 15.
    FRSECURE.COM Training & Awareness It’shard to over-invest in training & awareness. Do your people know what to do if: • They lose their mobile device • Their mobile device is stolen • If their mobile device is infected (or suspected to be infected) All of these things should feed into a process for incident response… How is your incident response?
  • 16.
    FRSECURE.COM Consider a Business-likeApproach to Security Decisions 1. Find the starting point. 2. Have a way to measure progress. 3. Apply a risk-based thought process. 4. Expect continuous evolution. 5. Consider other business factors. 6. Make informed, aligned decisions.
  • 17.