Similar documents
Why You Need to Test All Your Cloud, Mobile and Web Applications

How to Justify Your Security Assessment Budget

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Think like an MBA not a CISSP

The need for Security Testing An Introduction to the OSSTMM 3.0

SCAC Annual Conference. Cybersecurity Demystified

Security Training Why It Benefits Your Organization and How to Make Your Case to Management

Question: 1 Which of the following should be the FIRST step in developing an information security plan?

Two Approaches to PCI-DSS Compliance

Learn the secrets to becoming a great leader. LEADERSHIP. Questionnaire. Brian Tracy

Misconceptions of PCI DSS in K12. Illustration by Lance Jackson

Property of CampusGuard. Compliance With The PCI DSS

The Great Game of Business By Jack Stack

Agenda. Agenda. Security Testing: The Easiest Part of PCI Certification. Core Security Technologies September 6, 2007

Approaches & Referrals

Private Today, Public Tomorrow

Customer PCI 3.0 Changes = New Opportunity For You. Giles Witherspoon-Boyd SecurityMetrics

RIDICULOUSLY EASY GUIDE TO SOCIAL MEDIA TWITTER

A Return On Investment from Computer Security Technology

BIG SHIFT TO CLOUD-BASED SECURITY

Canadian ISO User Group Conference. Sun Life Financial s Experience with Security Governance & ISO 17799

HOW TO PREPARE FOR A PCI DSS AUDIT

How is the Net Promoter score calculated?

What Is A Security Program? How Do I Build A Successful Program?

Cyber Security Auditing for Credit Unions. ACUIA Fall Meeting October 7-9, 2015

Staying Safe.....on social media and online

Information Security Risk Management

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013

AUTOMATED PENETRATION TESTING PRODUCTS

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Training Employees to Recognise & Avoid Advanced Threats

ESKISP Manage security testing

The Trading Method That Proves Even a Beginning Trader Can Become a Profitable Trader in Just Hours by Trading with the Rhythm of the Market.

Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age

Two factor authentication: Ever thought of this?

Top 3 Reasons Your PEO Might Not Be a Good Fit For You. Helping our clients lower their cost of labor.

Trustkeeper PCI Compliance Guide for Merchants

UNTOLD MAP SECRETS. Are you a MyAdvertisingPays member? Great!

Data Security & PCI Compliance & PCI Compliance Securing Your Contact Center Securing Your Contact Session Name :

CS 458 / 658 Computer Security and Privacy. Course mechanics. Course website. Module 1 Introduction to Computer Security and Privacy.

Why Your SIEM Isn t Adding Value And Why It May Not Be The Tool s Fault. Best Practices Whitepaper June 18, 2014

EADS up. stop think connect

10 things you should look for. Choosing HR software

KLC Consulting, Inc. All Rights Reserved. 1 THIRD PARTY (VENDOR) SECURITY RISK MANAGEMENT

What is Penetration Testing?

Ecommerce Guide to PCI DSS 3.0

Intro. Tod Ferran, CISSP, QSA. SecurityMetrics. 2 years PCI and HIPAA security consulting, performing entity compliance audits

21 Maine Banks Form Maine Anti-Phishing Coalition and Launch Public Education and Awareness Campaign

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

The Business Case for Information Security. White Paper

OKAY BINGO. Use Okay Bingo to begin, continue, or re visit these concepts throughout the year.

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management

PCI Compliance for Healthcare

INFORMATION SECURITY FOR YOUR AGENCY

Metrics that Matter Security Risk Analytics

Course mechanics. CS 458 / 658 Computer Security and Privacy. Course website. Additional communication

CALL US Free Report on How To Choose a Personal Trainer. This is an educational service provided to you by The GYM

Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown

AUTOMATED PENETRATION TESTING PRODUCTS

Lifestyle Financial Planning

The Seven Deadly Myths of Software Security Busting the Myths

Website Promotion for Voice Actors: How to get the Search Engines to give you Top Billing! By Jodi Krangle

Transcription:

The Truth About Information Security in Schools Region V 23 rd Annual Spring Conference -April 4th, 2013 Evan Francen CISSP, CISM, CCSK President of FRSecure, LLC

Thank You for Attending! & Many Thanks Region Vfor Inviting Us!

Before We Get Started This is not your typical presentation. Your thoughts on this topic are just as important as ours. You are encouraged to participate! I will ask you questions, if you don t ask me some!

About FRSecure Information security consulting is all we do. Established in 2008 by people who have earned their stripes in the field. We help small to medium sized organizations solve information security challenges. We get paid to tell people the truth

Evan Francen: CISSP, CISM Who Is This Guy? President & co-founder of FRSecure 20 years of information security experience Security evangelist with more than 700 published articles Experience with 150+ public & private organizations.

How Do Normal People Feel About Information Security?

What is Driving Information Security In Schools? The Federal Trade Commission FERPA Family Educational Rights & Privacy Act COPPA Children s Online Privacy Protection Act Common Threats & Vulnerabilities Fear of Non-Compliance What is this?

Information Security Ten Commandments Our Information Security Ten Commandments are Principles. rules of the game

#1 A Business is in Business to Schools are no different well, kind of. Some risks are worth taking. Make Money Not all risks require remediation. All information security expenses need justification. There is no ROI in information security, right?

#2 Information Security is a It is NOTan IT issue! Business Issue Executive management probably doesn t need the detailed specs of your new NGFW. Executive management does need to be aware of strategic direction and most significant risks. Ultimately, it s executive management that s responsible.

#3 Information Security is Fun Information security is more effective if people enjoy it. Look for opportunities to make information security fun. Laugh at yourself sometimes (not always others). We can be serious AND fun. They don t have to be exclusive.

#4 People are the biggest risk It s easier to go through your secretary than it is to go through your firewall. People don t read your policies. Social engineering success rates are more than 8x better than technology penetration success rates.

Excuse me, Sir. I think you dropped your gun.

What is the Weakest Link in Information Security? Trevor

Don t be Trevor.

#5 Compliant and Secure are Different.

#6 There is No Common Sense in Information Security What makes perfect sense to you, probably doesn t make perfect sense to everyone else. Users feel justified in their actions. Try to see the world the way they see it.

#7 Secure is Relative Have you ever been asked Are we secure? or Are you secure? We can only answer how secure we are. Find metrics that you can measure. Without measurement you don t know.

#8 Information Security Should Help Drive Business We have a bad rap for getting in the way of business, and for being a cost-center. What opportunities does information security have for enabling business and adding to the bottom line? Information security objectives must align with business objectives. You won t succeed unless you engage with key business process owners.

#9 Information Security is Not One Size Fits All What works for one, may not work for another: - Policies - Technologies - Compliance Information security is a custom solution

The Ten Commandments Recap 1. A Business is in Business to Make Money. 2. Information Security is a Business Issue. 3. Make Information Security Fun. 4. People are the Most Significant Risk. 5. Compliant and Secure are Different. 6. There s No Common Sense in Information Security. 7. Secure is Relative. 8. Information Security Should Drive Business. 9. Information Security is NOT One Size Fits All. 10. There is no Easy Button.

Solutions? Here s a Start 1. Establish roles & responsibilities. 2. Conduct an objective assessment. 3. Cover the basics. 4. Document what your doing and why. 5. Communicate your expectations regularly. *Seek Assistance*

Announcement Truth of the Future In the Fall of 2013, FRSecure plans to partner with High Schools open to developing an information security extra-curriculum for aspiring students. Demand for Information Security skills is growing quickly. Awareness to Information Security career paths is stagnant. *If you have interest or ideas on this topic, please contact us.*

Weakest Link -Real Stories Physical Access to Fortune 100 Company Headquarters Password Almost Cost Someone Their Retirement Police Help Me Carry Out an Attack I Don t Really Work for the Power Company

Thank You! Evan Francen CISSP, CISM President Evan@FRSecure.com John Harmon Account Manager JHarmon@FRSecure.com 952-467-6384 (direct) 952-467-6387 (direct) www.frsecure.com Information Security Assessments Compliance Assessments (i.e. HIPAA, GLBA, PCI, FDA etc.) Customer Required Assessments Internal Network Vulnerability Assessments External Network Security Assessments Penetration Testing and Social Engineering Information Security Program Development Security Policies Training & Awareness BC/DR Plans Outsourced Security Resources

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information