Presentation is loading. Please wait.

Presentation is loading. Please wait.

WHAT SHOULD AN EXECUTIVE EXPECT FROM INFORMATION SECURITY

Published byHomer Henderson Modified over 6 years ago

Similar presentations

Presentation on theme: "WHAT SHOULD AN EXECUTIVE EXPECT FROM INFORMATION SECURITY"— Presentation transcript:

1 WHAT SHOULD AN EXECUTIVE EXPECT FROM INFORMATION SECURITY
The Blind Spot WHAT SHOULD AN EXECUTIVE EXPECT FROM INFORMATION SECURITY June 4, 2018

2 Agenda Introductions FRSecure Overview What is the Blind Spot?
Three Questions & Homework Q&A and Story Time

3 The Blind Spot Information Security Management Company Founded 2008
FRSecure Overview The Blind Spot FRSecure 101 Information Security Management Company Founded 2008 Based in Minneapolis/St. Paul MN 50 People Product Agnostic Known for: Security Risk Assessment (FISASCORE) Virtual CISO & Penetration Testing Attracting, training and retaining security experts Fixing the Broken Industry

4 The Blind Spot Mission: Fix a Broken Industry What is Broken?
FRSecure Overview The Blind Spot Mission: Fix a Broken Industry What is Broken? Nobody is speaking the same language Remediation efforts inconsistent How are we fixing it? Attracting and deploying the best of the best Unwavering belief in our core values Deliberate investment in innovation Commitment to our culture What do we do? Information security consulting What do we NOT do? IT

5 The Blind Spot Core Values We tell the truth We collaborate
FRSecure Overview The Blind Spot Core Values We tell the truth We collaborate We are driven to serve our customers We do whatever it takes We are committed to constant improvement We have balance We buy in

6 The Blind Spot The Teams Security Operations Team – 8 Analysts
FRSecure Overview The Blind Spot The Teams Security Operations Team – 8 Analysts Penetration Testing Incident Response Social Engineering Deep Technical Testing PCI - 2 QSAs Credit Card Security Compliance Consulting Team – 8 Analysts Risk Assessment (FISASCORE®) Policy Development Compliance (HITRUST, SOC2, HIPAA, etc) Ongoing Planning & Consulting Virtual CISO

7 What is the Blind Spot? The Blind Spot

8 The Blind Spot Reputational Risk
What Is The Blind Spot? The Blind Spot Reputational Risk “It takes 20 years to build a reputation and 5 minutes to ruin it.” - Warren Buffet

9 The Blind Spot Security is NOT just an IT function
What Is The Blind Spot? The Blind Spot Security is NOT just an IT function People are the biggest risk People can’t be “fixed” with technology Security is NOT one person’s responsibility Everyone must be involved Leaders set the tone, much like every other business function Security is NOT compliance Compliance is doing what you have to do Managing risk is what you should do (and it actually works)

10 The Blind Spot Question 1: What is our current state? Adequate Answers
Three Questions & Homework The Blind Spot Question 1: What is our current state? Adequate Answers “We measure our security by (insert method here) and we are somewhere definitively on that scale.” “We have an assessment in progress that will tell us for sure.” “I don’t know.” Inadequate Answers “We passed our audit / we are compliant with (insert regulation here).” A long, excruciating, technical jargon-ridden definition that nobody understands. “We’re good.” “Our IT provider has us covered.” In short – expect concise answers that speak to your level and position. This should feel as natural as looking at financial results, sales numbers, etc.

11 The Blind Spot Question 2: What is our future state? Adequate Answers
Three Questions & Homework The Blind Spot Question 2: What is our future state? Adequate Answers “We agreed as a committee/leadership team that we need to reach a score of X in the (insert method here) way of measuring security risk.” “By (specific date), we will be done implementing/refining abc initiatives and moving on to xyz initiatives, as we’ve all agreed.” “I don’t know.” Inadequate Answers “We’ll be ready for our audit/compliance.” “We’re spending more on xyz technology or support.” More jargon you don’t understand.

12 The Blind Spot Question 3: How do we get there? Adequate Answers
Three Questions & Homework The Blind Spot Question 3: How do we get there? Adequate Answers “We have these 2-3 things that are no cost, these 2-3 things that are some cost and these 2-3 things that are costly, but worth it (and why).” “We agreed as a committee/leadership team to focus in xyz areas and expect X% improvement by a specific date. We will measure success in a certain way.” “I don’t know.” Inadequate Answers “By complying with (insert regulation here).” “By focusing on our technology only” Yet more technical jargon

13 Three Questions & Homework
The Blind Spot Homework Go ask these questions, record the answers, and share them. Keep an open mind Support your team Raise expectations It’s unlikely you have a security expert in charge of security. Learn together!

14 The Blind Spot Do you have any questions or a story to share?
Questions? Story Time? The Blind Spot Do you have any questions or a story to share? John Harmon (952) For a copy of this presentation, text MCOCE18 to 44222 Thank you!

Download ppt "WHAT SHOULD AN EXECUTIVE EXPECT FROM INFORMATION SECURITY"

Similar presentations

Company Name Sample Template Presenter Name

Company Name Sample Template Presenter Name
The Organization eCore is a one stop solution for all your IT Security problems. We are a team of passionate like-minded Security Professionals who not.

The Organization eCore is a one stop solution for all your IT Security problems. We are a team of passionate like-minded Security Professionals who not.
1 1 Risk Management: How to Comply with Everything July 11, 2013.

1 1 Risk Management: How to Comply with Everything July 11, 2013.
MusalaSoft Quality Process Overview Damyan Kasapov, QA Engineer Tsvetelina Kovacheva, QA Engineer March 15, 2005.

MusalaSoft Quality Process Overview Damyan Kasapov, QA Engineer Tsvetelina Kovacheva, QA Engineer March 15, 2005.
Talking to non-technical people about data (Especially if they’re your boss) OSCON July 22, 2015 Linda Powell, CDO CFPB.

Talking to non-technical people about data (Especially if they’re your boss) OSCON July 22, 2015 Linda Powell, CDO CFPB.
Teamwork Presentation

Teamwork Presentation
Business Retention and Expansion What it is Why it is important How it works What makes it successful Business Retention and Expansion.

Business Retention and Expansion What it is Why it is important How it works What makes it successful Business Retention and Expansion.
© Copyright 2013 Signify Enterprise.com. All rights reserved Executive Summary March 2015.

© Copyright 2013 Signify Enterprise.com. All rights reserved Executive Summary March 2015.
Edit the text with your own short phrase. The animation is already done for you; just copy and paste the slide into your existing presentation. Assessing.

Edit the text with your own short phrase. The animation is already done for you; just copy and paste the slide into your existing presentation. Assessing.
Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.

Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.
How we work together: Behaviors and Skills You Need to be Successful.

How we work together: Behaviors and Skills You Need to be Successful.
Safety Management Across Large Organizations The Meeks Lumber Way.

Safety Management Across Large Organizations The Meeks Lumber Way.
Insert name of presentation on Master Slide The Quality Improvement Guide Insert Date here Presenter:

Insert name of presentation on Master Slide The Quality Improvement Guide Insert Date here Presenter:
Vulnerability Management Programs & The Lessons Learned

Vulnerability Management Programs & The Lessons Learned
AUDITING Elysa Hartati.

AUDITING Elysa Hartati.
Kick starting your due diligence programme

Kick starting your due diligence programme
Michael Wright • Chief Security Officer • Tech Lock

Michael Wright • Chief Security Officer • Tech Lock
Office 365 Security Assessment Workshop

Office 365 Security Assessment Workshop
Gauging Your Safety Culture

Gauging Your Safety Culture
Conflicts of Interest in the Financial Industry

Conflicts of Interest in the Financial Industry

Similar presentations

Ads by Google