|
|
- Russell White
- 8 years ago
- Views:
Transcription
1 The Truth About Information Security in Schools Region V 23 rd Annual Spring Conference -April 4th, 2013 Evan Francen CISSP, CISM, CCSK President of FRSecure, LLC
2 Thank You for Attending! & Many Thanks Region Vfor Inviting Us!
3 Before We Get Started This is not your typical presentation. Your thoughts on this topic are just as important as ours. You are encouraged to participate! I will ask you questions, if you don t ask me some!
4
5 About FRSecure Information security consulting is all we do. Established in 2008 by people who have earned their stripes in the field. We help small to medium sized organizations solve information security challenges. We get paid to tell people the truth
6 Evan Francen: CISSP, CISM Who Is This Guy? President & co-founder of FRSecure 20 years of information security experience Security evangelist with more than 700 published articles Experience with 150+ public & private organizations.
7 How Do Normal People Feel About Information Security?
8 What is Driving Information Security In Schools? The Federal Trade Commission FERPA Family Educational Rights & Privacy Act COPPA Children s Online Privacy Protection Act Common Threats & Vulnerabilities Fear of Non-Compliance What is this?
9 Information Security Ten Commandments Our Information Security Ten Commandments are Principles. rules of the game
10 #1 A Business is in Business to Schools are no different well, kind of. Some risks are worth taking. Make Money Not all risks require remediation. All information security expenses need justification. There is no ROI in information security, right?
11 #2 Information Security is a It is NOTan IT issue! Business Issue Executive management probably doesn t need the detailed specs of your new NGFW. Executive management does need to be aware of strategic direction and most significant risks. Ultimately, it s executive management that s responsible.
12 #3 Information Security is Fun Information security is more effective if people enjoy it. Look for opportunities to make information security fun. Laugh at yourself sometimes (not always others). We can be serious AND fun. They don t have to be exclusive.
13 #4 People are the biggest risk It s easier to go through your secretary than it is to go through your firewall. People don t read your policies. Social engineering success rates are more than 8x better than technology penetration success rates.
14 Excuse me, Sir. I think you dropped your gun.
15 What is the Weakest Link in Information Security? Trevor
16 Don t be Trevor.
17 #5 Compliant and Secure are Different.
18 #6 There is No Common Sense in Information Security What makes perfect sense to you, probably doesn t make perfect sense to everyone else. Users feel justified in their actions. Try to see the world the way they see it.
19 #7 Secure is Relative Have you ever been asked Are we secure? or Are you secure? We can only answer how secure we are. Find metrics that you can measure. Without measurement you don t know.
20 #8 Information Security Should Help Drive Business We have a bad rap for getting in the way of business, and for being a cost-center. What opportunities does information security have for enabling business and adding to the bottom line? Information security objectives must align with business objectives. You won t succeed unless you engage with key business process owners.
21 #9 Information Security is Not One Size Fits All What works for one, may not work for another: - Policies - Technologies - Compliance Information security is a custom solution
22
23 The Ten Commandments Recap 1. A Business is in Business to Make Money. 2. Information Security is a Business Issue. 3. Make Information Security Fun. 4. People are the Most Significant Risk. 5. Compliant and Secure are Different. 6. There s No Common Sense in Information Security. 7. Secure is Relative. 8. Information Security Should Drive Business. 9. Information Security is NOT One Size Fits All. 10. There is no Easy Button.
24 Solutions? Here s a Start 1. Establish roles & responsibilities. 2. Conduct an objective assessment. 3. Cover the basics. 4. Document what your doing and why. 5. Communicate your expectations regularly. *Seek Assistance*
25 Announcement Truth of the Future In the Fall of 2013, FRSecure plans to partner with High Schools open to developing an information security extra-curriculum for aspiring students. Demand for Information Security skills is growing quickly. Awareness to Information Security career paths is stagnant. *If you have interest or ideas on this topic, please contact us.*
26 Weakest Link -Real Stories Physical Access to Fortune 100 Company Headquarters Password Almost Cost Someone Their Retirement Police Help Me Carry Out an Attack I Don t Really Work for the Power Company
27 Thank You! Evan Francen CISSP, CISM President John Harmon Account Manager (direct) (direct) Information Security Assessments Compliance Assessments (i.e. HIPAA, GLBA, PCI, FDA etc.) Customer Required Assessments Internal Network Vulnerability Assessments External Network Security Assessments Penetration Testing and Social Engineering Information Security Program Development Security Policies Training & Awareness BC/DR Plans Outsourced Security Resources
PCI DSS 3.0 Changes & Challenges P R E S I D E N T/ C O - F O U N D E R F R S EC U R E
PCI DSS 3.0 Changes & Challenges EVAN FRANCEN, CISSP CISM P R E S I D E N T/ C O - F O U N D E R F R S EC U R E PCI DSS 3.0 Changes & Challenges Topics FRSecure, the company Introduction to PCI-DSS Recent
More informationWhy You Need to Test All Your Cloud, Mobile and Web Applications
Why You Need to Test All Your Cloud, Introduction In a recent survey of security executives, more than 70 percent of respondents acknowledged that they are performing vulnerability tests on fewer than
More informationTOP 10 Security Questions Introduction Breaches and other privacy and security incidents in healthcare are on the rise due to the vast size of the industry and the oneoffs of protected health information
More informationHow to Justify Your Security Assessment Budget
2BWhite Paper How to Justify Your Security Assessment Budget Building a Business Case For Penetration Testing WHITE PAPER Introduction Penetration testing has been established as a standard security practice
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationThink like an MBA not a CISSP
Think like an MBA not a CISSP Embracing University Culture to Achieve Security Initiatives' Matt Malone Security Services Director 512-650-0179 Matt.Malone@SLAITconsulting.com Goals Security is a business
More informationThe need for Security Testing An Introduction to the OSSTMM 3.0
The need for Security Testing An Introduction to the OSSTMM 3.0 Charles W. Fullerton OPST,CISSP,CSS1,CCNP,CCDA,CNA,A+ Founder, CEO Charles W. Fullerton Institute of Analysis www.cia-sec.com The need for
More informationInsert sponsor logo here. Dell SecureWorks. 2012 ISACA Webinar Program. 2012 ISACA. All rights reserved.
Insert sponsor logo here Bye-Bye Budget: Top spending mistakes that put your budget at risk Matt Anthony Dell SecureWorks Today s webinar: Text in questions using the Ask A Question button All audio is
More informationSCAC Annual Conference. Cybersecurity Demystified
SCAC Annual Conference Cybersecurity Demystified Me Thomas Scott SC Deputy Chief Information Security Officer PMP, CISSP, CISA, GSLC, FEMA COOP Practitioner Tscott@admin.sc.gov 803-896-6395 What is Cyber
More informationPayment Card Industry (PCI) Data Security Standard (DSS) Motorola PCI Security Assessment
Payment Card Industry (PCI) Data Security Standard (DSS) Motorola PCI Security Assessment Retail establishments have always been a favorite target of thieves and shoplifters, but today s worst criminals
More informationSecurityMetrics Business Associate HIPAA compliance program
SecurityMetrics Business Associate HIPAA compliance program IS YOUR PHI SAFE? Business associates help your business succeed, but are they a liability? When your BAs are not HIPAA compliant, your business
More informationHow To Justify A Security Program
Obtaining an ROI with Telecommunication Firewalls 17 th ACSAC New Orleans, LA 12 December 2001 Gregory B. White, Ph.D. Technical Director, Center for Infrastructure Assurance and Security The Center for
More informationSecurity Training Why It Benefits Your Organization and How to Make Your Case to Management
Security Training Why It Benefits Your Organization and How to Make Your Case to Management Author: Nick Murison Senior Security Consultant Foundstone Professional Services Introduction A major challenge
More informationAchieving PCI DSS Compliance Through Outsourcing: Where to begin?
Achieving PCI DSS Compliance Through Outsourcing: Where to begin? August 2014 Can you achieve PCI DSS compliance through outsourcing, and if so, how should you approach it? This whitepaper provides a brief
More informationQuestion: 1 Which of the following should be the FIRST step in developing an information security plan?
1 ISACA - CISM Certified Information Security Manager Exam Set: 1, INFORMATION SECURITY GOVERNANCE Question: 1 Which of the following should be the FIRST step in developing an information security plan?
More informationTwo Approaches to PCI-DSS Compliance
Disclaimer Copyright Michael Chapple and Jane Drews, 2006. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes,
More informationLearn the secrets to becoming a great leader. LEADERSHIP. Questionnaire. Brian Tracy WWW.BRIANTRACY.COM
Learn the secrets to becoming a great leader. LEADERSHIP Questionnaire Brian Tracy WWW.BRIANTRACY.COM LEADERSHIP QUESTIONNAIRE BRIAN TRACY 1 LEADERSHIP QUESTIONNAIRE The only limit to our realization of
More informationInformation Security solutions that protect your business
Information Security solutions that protect your business We deliver Information Security solutions that stabilize your organization helping you build a strong foundation to prevent potential security
More informationMisconceptions of PCI DSS in K12. Illustration by Lance Jackson
Misconceptions of PCI DSS in K12 Illustration by Lance Jackson Presented by: Barry Campbell Business Development Mgr. bcampbellfars@gmail.com Kaitlyn Hetzel Account Services Manager khetzel@schoolpay.com
More informationProperty of CampusGuard. Compliance With The PCI DSS
Compliance With The PCI DSS Today s Agenda PCI DSS Introduction How are Colleges and Universities Affected? How Do You Validate Compliance? Best Practices Q&A CampusGuard Full-Service QSA/ASV Firm We Know
More informationLunch & Learn Series Subscribe!
Lunch & Learn Series Noon on the 3 rd Tuesday of each month Security.uconn.edu for detailed information L&L RFC Subscribe! Presentation schedule is still being worked out Contact Jason Pufahl (jason.pufahl@uconn.edu)
More informationThe Great Game of Business By Jack Stack
The Great Game of Business By Jack Stack The Great Game is defined: The best, most efficient, most profitable way to operate a business is to give everybody in the company a voice in saying how the company
More informationData Security Best Practices & Reasonable Methods
Data Security Best Practices & Reasonable Methods September 2013 Mike Tassey Technical Security Advisor Privacy Technical Assistance Center (PTAC) http://ptac.ed.gov/ E-mail: PrivacyTA@ed.gov Phone: 855-249-3072
More informationBusiness Opportunity Enablement through Information Security Compliance
Level 3, 66 King Street Sydney NSW 2000 Australia Telephone +61 2 9290 4444 or 1300 922 923 Business Opportunity Enablement through Information Security Compliance Page No.1 Business Opportunity Enablement
More informationCSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks - 5 month later Date: 19 th October 2007
CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks - 5 month later Date: 19 th October 2007 Written by Dennis Rand rand@csis.dk http://www.csis.dk Table of
More informationAgenda. Agenda. Security Testing: The Easiest Part of PCI Certification. Core Security Technologies September 6, 2007
Security Testing: The Easiest Part of PCI Certification Core Security Technologies September 6, 2007 Agenda Agenda The PCI Standard: Security Basics and Compliance Challenges Compliance + Validation =
More informationApproaches & Referrals
Approaches & Referrals 1. Cold Call Requires the broker to wander around looking for people to attack. Can result in a thickening of the skin, which is helpful. It also offers a change of pace, which is
More informationPrivate Today, Public Tomorrow
Estimated time: 40 minutes Essential Question: How can you respect the privacy of others online? Learning Overview and Objectives Overview: Students reflect on their responsibility to protect the privacy
More informationCustomer PCI 3.0 Changes = New Opportunity For You. Giles Witherspoon-Boyd SecurityMetrics
Customer PCI 3.0 Changes = New Opportunity For You Giles Witherspoon-Boyd SecurityMetrics Who is this guy? Giles Witherspoon-Boyd, PCIP 15 years in technology, 4 years at SecurityMetrics SecurityMetrics
More informationRIDICULOUSLY EASY GUIDE TO SOCIAL MEDIA TWITTER
RIDICULOUSLY EASY GUIDE TO SOCIAL MEDIA Alberta s a big place and while you could run round the province telling everyone you see about Change Day AB, it s probably not the best use of your time and could
More informationA Return On Investment from Computer Security Technology
A Return On Investment from Computer Security Technology 16th Annual Computer Security Applications Conference December 11-15, 2000 Gregory B. White, Ph.D. VP Professional Services SecureLogix Corporation
More informationBIG SHIFT TO CLOUD-BASED SECURITY
GUIDE THE BIG SHIFT TO CLOUD-BASED SECURITY How mid-sized and smaller organizations can manage their IT risks and meet regulatory compliance with minimal staff and budget. CONTINUOUS SECURITY TABLE OF
More informationCanadian ISO 17799 User Group Conference. Sun Life Financial s Experience with Security Governance & ISO 17799
Canadian ISO 17799 User Group Conference Sun Life Financial s Experience with Security Governance & ISO 17799 Deloitte & Touche, 79 Wellington West, 20th Floor Toronto, ON 30 January 2004 D.A. Stolovitch,
More informationHOW TO PREPARE FOR A PCI DSS AUDIT
Ebook HOW TO PREPARE FOR A PCI DSS AUDIT 8 TOP COMPLIANCE TIPS FROM QSAS 2015 SecurityMetrics HOW TO PREPARE FOR A PCI DSS AUDIT 8 TOP COMPLIANCE TIPS FROM QSAS INTRODUCTION Payment Card Industry Data
More informationHow is the Net Promoter score calculated?
How is the Net Promoter score calculated? Net Promoter is based on the question How likely would you be to recommend THIS hotel to someone else, if they were to require a hotel in this area in the future?.
More informationOne View Of Customer Data & Marketing Data
One View Of Customer Data & Marketing Data Ian Kenealy, Head of Customer Data & Analytics, RSA spoke to the CX Network and shared his thoughts on all things customer, data and analytics! Can you briefly
More informationISACA Pittsburgh Chapter Invites you to attend the Information Technology Audit & Control Conference. December 7, 2009
December 2009 Information ISACA Pittsburgh Chapter invites you to attend a one day event on December 7, 2009 Location Four Points Sheraton Pittsburgh North 910 Sheraton Drive Mars, PA 16046 (724) 776-6900
More informationWhat Is A Security Program? How Do I Build A Successful Program?
What Is A Security Program? How Do I Build A Successful Program? White Paper A Security Program is like building a house, the standards provide you with a list of parts needed to build the house and a
More informationERP Software Starting Point
White Paper ERP Software Starting Point A Guide to Overcoming the Common Pitfalls and Fears Facing Decision Makers in the ERP Selection Process White Paper by: JOBSCOPE Software www.jobscope.com 2014 Jobscope
More informationCyber Security Auditing for Credit Unions. ACUIA Fall Meeting October 7-9, 2015
Cyber Security Auditing for Credit Unions ACUIA Fall Meeting October 7-9, 2015 Topics Introduction Cyber Security Auditing Program Discuss an effective and compliant Cyber Security Auditing Program from
More informationStaying Safe.....on social media and online
Staying Safe.....on social media and online What is this guide about This booklet is about how to keep safe when you are using social media and the internet. Some people get called names, are bullied or
More informationInformation Security Risk Management
Information Security Risk Management June 11, 2013 Patrick Perreault Daniel Gaudreau Agenda Current State of Affairs Why Information Security? The Role of Risk Management Information Security Threats,
More informationA New Approach to Managing PCI Compliance Leveraging the Power of Assessments and other Efficiencies to Reduce Costs
A New Approach to Managing PCI Compliance Leveraging the Power of Assessments and other Efficiencies to Reduce Costs By: Rick Belisle, COO Clear Skies Security, LLC Howard Glavin, VP Professional Services,
More information6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013
Updates on HIPAA, Data, IT and Security Technology June 25, 2013 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind, including,
More informationAUTOMATED PENETRATION TESTING PRODUCTS
AUTOMATED PENETRATION TESTING PRODUCTS Justification and Return on Investment (ROI) EXECUTIVE SUMMARY This paper will help you justify the need for automated penetration testing software and demonstrate
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationCYBERSECURITY: Is Your Business Ready?
CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring
More informationCollege/Division Business Administrators Meeting April 10, 2014
College/Division Business Administrators Meeting April 10, 2014 Mary Dickerson, MBA, CISSP, CISM, PMP Executive Director, UIT Security Chief Information Security Officer mdickerson@uh.edu No more updates
More informationHIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR. Chris Apgar, CISSP
HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR Chris Apgar, CISSP 2015 OVERVIEW Missed Regulatory Requirements Common HIPAA Privacy Myths Common HIPAA Security Myths Other Related Myths Finding the Right
More informationTraining Employees to Recognise & Avoid Advanced Threats
Training Employees to Recognise & Avoid Advanced Threats Joe Ferrara, President & CEO, Wombat Security Technologies Rashmi Knowles, Chief Security Architect EMEA, RSA The Security Division of EMC Session
More informationEMPLOYMENT SUPPORT PLANNING TOOLS JOBS FIRST
What do I want to change? Reflect and review EMPLOYMENT SUPPORT PLANNING TOOLS JOBS FIRST About me Ideas My decisions What do I have? Making it happen 2 Introduction Support Planning and Employment Here
More informationESKISP6055.01 Manage security testing
Overview This standard covers the competencies concerning with managing security testing activities. Including managing resources activities and deliverables. This includes planning, conducting and reporting
More informationKeeping your data yours.
CORPORATE BROCHURE Keeping your data yours. Since 2001, Outpost24 has been a leader in vulnerability management solutions, developing state of the art vulnerability management technology from the core
More informationOur Background. Consulting Services. Founded in 2003. Synergistic. Securing the Mission of Care
Corporate Overview 1 Our Background Founded in 2003 CynergisTek has been providing services to our clients since mid-2003, but many of our clients have been with one or both of the founders since well
More informationThe Trading Method That Proves Even a Beginning Trader Can Become a Profitable Trader in Just Hours by Trading with the Rhythm of the Market.
The DecisionBar Trading Manual The Trading Method That Proves Even a Beginning Trader Can Become a Profitable Trader in Just Hours by Trading with the Rhythm of the Market. Part 1 By Les Schwartz Welcome
More informationState of Information Security
State of Information Security Second Annual Assessment Study 2013 Table of Contents: Synopsis and Methodology _ page 2 A Snapshot of Participants _ page 2 Survey Findings _ page 5 Final Thoughts _ page
More informationCyber Exploits: Improving Defenses Against Penetration Attempts
Cyber Exploits: Improving Defenses Against Penetration Attempts Mark Burnette, CPA, CISA, CISSP, CISM, CGEIT, CRISC, QSA LBMC Security & Risk Services Today s Agenda Planning a Cyber Defense Strategy How
More informationCASRO Digital Research Conference Data Security: Don t Risk Being the Weak Link
CASRO Digital Research Conference Data Security: Don t Risk Being the Weak Link Peter Milla CASRO Technical Consultant/CIRQ Technical Advisor peter@petermilla.com Background CASRO and Standards CASRO takes
More informationFinancial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age
Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age Southern California Association for Financial Professionals February 14, 2014 Stan Stahl, Ph.D.
More informationTwo factor authentication: Ever thought of this?
Two factor authentication: Ever thought of this? Abhibandu Kafle Entrust Solutions Nepal Abstract: Two Factor Authentication commonly known as 2FA in technical field is a measure to identify the user by
More informationTop 3 Reasons Your PEO Might Not Be a Good Fit For You. Helping our clients lower their cost of labor.
Top 3 Reasons Your PEO Might Not Be a Good Fit For You Helping our clients lower their cost of labor. Table of Contents Introduction 3 You Don t Understand Who They Are 4 (What is a PEO s Real Role?) They
More informationTrustkeeper PCI Compliance Guide for Merchants
Trustkeeper PCI Compliance Guide for Merchants For questions about Trustkeeper and the enrollment process please contact Trustwave at 866-659-9067. 1. Register yourself with Trustkeeper The first step
More informationI D C E X E C U T I V E B R I E F
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com I D C E X E C U T I V E B R I E F P e netration Testing: Taking the Guesswork Out of Vulnerability
More informationUNTOLD MAP SECRETS. Are you a MyAdvertisingPays member? Great!
UNTOLD MAP SECRETS The Guide for online marketing newbies Are you a MyAdvertisingPays member? Great! Do you know that you can earn money by using the advertising system of MyAdvertisingPays but you have
More informationData Security & PCI Compliance & PCI Compliance Securing Your Contact Center Securing Your Contact Session Name :
Data Security & PCI Compliance Securing Your Contact Center Session Name : Title Introducing Trevor Horwitz Pi Principal, i TrustNet t trevor.horwitz@trustnetinc.com John Simpson CIO, Noble Systems Corporation
More informationCS 458 / 658 Computer Security and Privacy. Course mechanics. Course website. Module 1 Introduction to Computer Security and Privacy.
CS 458 / 658 Computer Security and Privacy Module 1 Introduction to Computer Security and Privacy Spring 2013 Course mechanics Instructor: Ian Goldberg https://cs.uwaterloo.ca/ iang/ Office hours: Thursdays
More informationWhy Your SIEM Isn t Adding Value And Why It May Not Be The Tool s Fault. Best Practices Whitepaper June 18, 2014
Why Your SIEM Isn t Adding Value And Why It May Not Be The Tool s Fault Best Practices Whitepaper June 18, 2014 2 Table of Contents LIVING UP TO THE SALES PITCH... 3 THE INITIAL PURCHASE AND SELECTION
More informationRoger s Cyber Security and Compliance Mini-Guide
Roger s Cyber Security and Compliance Mini-Guide A Mini Guide for Small and Medium Business and not for profit organisations. By Roger Smith Managed Service Provider and Cyber Security Coach R & I ICT
More informationEADS up. stop think connect
EADS up stop think connect table of contents 2 4 8 12 Share with Care Interact with Tact The Protection Connection Word Search You text, you play games, you share photos and video. You update your status,
More information10 things you should look for. Choosing HR software
10 things you should look for Choosing HR software Introduction Selecting a new piece of HR software can be a daunting task. There s a lot to think about. At the end of the day, the chosen software won
More informationKLC Consulting, Inc. All Rights Reserved. 1 THIRD PARTY (VENDOR) SECURITY RISK MANAGEMENT
1 THIRD PARTY (VENDOR) SECURITY RISK MANAGEMENT About Kyle Lai 2 Kyle Lai, CIPP/G/US, CISSP, CISA, CSSLP, BSI Cert. ISO 27001 LA President of KLC Consulting, Inc. Over 20 years in IT and Security Security
More informationWhat is Penetration Testing?
White Paper What is Penetration Testing? An Introduction for IT Managers What Is Penetration Testing? Penetration testing is the process of identifying security gaps in your IT infrastructure by mimicking
More informationEcommerce Guide to PCI DSS 3.0
Ecommerce Guide to PCI DSS 3.0 The technology, the risk, and the potential change in compliance validation Traditionally, many merchants have been told that ecommerce technology will reduce risk and streamline
More informationIntro. Tod Ferran, CISSP, QSA. SecurityMetrics. 2 years PCI and HIPAA security consulting, performing entity compliance audits
HIPAA Security Rule & Live Hack Tod Ferran, CISSP, QSA Intro Tod Ferran, CISSP, QSA 25 years working with IT and physical security 2 years PCI and HIPAA security consulting, performing entity compliance
More information21 Maine Banks Form Maine Anti-Phishing Coalition and Launch Public Education and Awareness Campaign
For Immediate Release June 2, 2006 Contact: Sari Greene, Director Mark Girr 207-761-5957 mgirr@perrybanks.com 21 Maine Banks Form Maine Anti-Phishing Coalition and Launch Public Education and Awareness
More informationMaintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com
Maintaining PCI-DSS compliance Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Sessione di Studio Milano, 21 Febbraio 2013 Agenda 1 Maintaining PCI-DSS compliance
More informationBIO Safety - Tips For Maintaining Good Compliance
Using SIEM for Compliance Adrian Lane Security Strategist Securosis.com Overview SIM/SEM Introduction Compliance Initiatives Implementation Examples Tips Other Considerations Evolution of Terminology SIM
More informationCyber Security Threats
Cyber Security Threats What keeps us up at night? Doug Jacobson Information Assurance Center www.iac.iastate.edu Information Assurance Center Iowa State University 1 Outline Who are the players The good,
More informationThe Business Case for Information Security. White Paper
The Business Case for Information Security White Paper Version 1.0 Background Creating a compelling business case for information security can be a challenge. It s sometimes difficult to identify or articulate
More informationOKAY BINGO. Use Okay Bingo to begin, continue, or re visit these concepts throughout the year.
OKAY BINGO The Okay Bingo Game is part of a larger discussion about bullying, anti bullying, prosocial behaviors, and selfadvocacy for students with intellectual impairments. These are all integral parts
More informationInto the Breach Transitioning info an infosec career. Ray Pompon, CISSP
Into the Breach Transitioning info an infosec career Ray Pompon, CISSP My journey High school -> Trash-80 s, Apple2 and cracking Computer Science - Info Tech degree PDP-11/44 and this Novell thing LAN
More informationSymptoms of a Data Breach in Your Business
Cyber Security: What you need to know to protect your business February 2014 Presented by: Jon Zayicek Vice President Sera-Brynn Topics: The landscape is changing What are the threats? How to protect your
More informationFIVE STRATEGIES FOR EMAIL DATA LOSS PREVENTION.
FIVE STRATEGIES FOR EMAIL DATA LOSS PREVENTION. SUMMARY Email is the primary source of communication for most organizations and their employees. Everyone has email, everyone uses email and it not only
More informationWhite Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management
White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK By James Christiansen, VP, Information Management Executive Summary The Common Story of a Third-Party Data Breach It begins with a story in the newspaper.
More informationPCI Compliance for Healthcare
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
More information2/3/2016 HIPAA PRIVACY AND SECURITY RISK ASSESSMENTS: WHY ARE THEY IMPORTANT? 2015 THE WORST YEAR FOR BREACHES
HIPAA PRIVACY AND SECURITY RISK ASSESSMENTS: WHY ARE THEY IMPORTANT? Alexis Riley, MA, CHPS, RHIT, CPC A Riley Consulting ariley@arileyconsulting.com 2015 THE WORST YEAR FOR BREACHES 98% of compromised
More informationINFORMATION SECURITY FOR YOUR AGENCY
INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection
More informationThe State of Cyber Security Today. Jeffrey Man
The State of Cyber Security Today Jeffrey Man Tenable provides Continuous Network Monitoring to identify vulnerabilities, reduce risk and ensure compliance. Tenable Product Portfolio Agenda My Background
More informationMetrics that Matter Security Risk Analytics
Metrics that Matter Security Risk Analytics Rich Skinner, CISSP Director Security Risk Analytics & Big Data Brinqa rskinner@brinqa.com April 1 st, 2014. Agenda Challenges in Enterprise Security, Risk
More informationThe Data Discovery Revolution: Changing the Economics of Data Governance
The Data Discovery Revolution: Changing the Economics of Data Governance Data In the News: Data Consistency Problems Poor master data is causing problems for organizations trying to analyse data across
More informationCourse mechanics. CS 458 / 658 Computer Security and Privacy. Course website. Additional communication
CS 458 / 658 Computer Security and Privacy Module 1 Introduction to Computer Security and Privacy Fall 2008 Course mechanics Instructor: Ian Goldberg Contact info: http://www.cs.uwaterloo.ca/ iang/ Office
More informationA Provider of Business Process Outsourcing Simplifies the Vulnerability Management of Hundreds of Client Networks.
A Provider of Business Process Outsourcing Simplifies the Vulnerability Management of Hundreds of Client Networks. Does your company have many business units and many people involved in network security?
More informationCALL US 801-656-2092. Free Report on How To Choose a Personal Trainer. This is an educational service provided to you by The GYM
Free Report on How To Choose a Personal Trainer This is an educational service provided to you by The GYM 1 6 Mistakes to avoid when choosing a personal trainer 1. Choosing a personal trainer strictly
More informationAnthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown
Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown 1 Protected networks are continuously being successfully attacked
More informationAUTOMATED PENETRATION TESTING PRODUCTS
AUTOMATED PENETRATION TESTING PRODUCTS Justification and Return on Investment (ROI) EXECUTIVE SUMMARY This paper will help you justify the need for an automated penetration testing product and demonstrate
More informationLifestyle Financial Planning
Lifestyle Financial Planning And How It Can Help You To Provide Better Advice! Paul Armson Founder Thank you for inviting me! Brief Bio... Fell into Financial Services in 82 Lucky guy! Great mentor! Financial
More informationThe Seven Deadly Myths of Software Security Busting the Myths
The Seven Deadly Myths of Software Security Busting the Myths With the reality of software security vulnerabilities coming into sharp focus over the past few years, businesses are wrestling with the additional
More informationWebsite Promotion for Voice Actors: How to get the Search Engines to give you Top Billing! By Jodi Krangle http://www.voiceoversandvocals.
Website Promotion for Voice Actors: How to get the Search Engines to give you Top Billing! By Jodi Krangle http://www.voiceoversandvocals.com Why have a website? If you re busier than you d like to be
More informationTop Signs You re Prime for a Data Breach in 2014
Hacking Into Your Healthcare Systems Series Top Signs You re Prime for a Data Breach in 2014 PRESENTED BY: IronBox Data Protection Website: www.goironbox.com Email: contactus@goironbox.com About IronBox
More information