The FRSecure Blog

Your Security. Our Passion.

Secure360 Conference Presentation

It’s not very often that I get the honor of evangelizing to information security evangelists!

Yesterday (May 9th), I was honored in just such a way. I was afforded the opportunity to speak at the 7th annual Secure360 Conference. The conference attracts 1000+ information security professionals each year, and it’s held at the St. Paul RiverCentre (a great place to speak and attend a conference).

The topic of my presentation was “Ten Information Security Principles to Live (or Die) By” and it’s based on FRSecure’s governing principles that guide our everyday work. The conference was very well attended, and my presentation seemed to be well received.

An online copy of my presentation slides can be found here:

Ten Information Security Principles to Live (or Die) By

View more PowerPoint from FRSecure

Overall, it was a wonderful experience and opportunity. I caught up with some old friends, made some new ones, and hopefully made a small positive change for our industry. I’m looking forward to next year, and hopefully another opportunity to preach!

Share this article

FRSecure’s Information Security Principles

We all have a set of principles, or fundamental truths that guide us in our day-to-day lives. Some base principles on faith; some base principles on what they’ve been taught and for some of it’s a combination of influences and experiences.

For those of you who don’t know FRSecure, we’re an information security consulting company. We strive to be the best at what we do, and we’re passionate about it! Four years ago, soon after we started this company, we defined our principles (or fundamental truths) to guide and govern our approach to information security.

This article is the first in a series of articles where we’ll dissect each of these principles and explain what we mean.

Continue reading

Share this article

On a Positive Note

When was the last time you heard an information security professional or consultant tell you something positive? It’s probably been too long.

I have been blessed with the privilege to work in this industry (information security) with passion for a long time. I am blessed with leading a dynamic information security consulting company alongside a group of great people, and we’re growing by an astounding rate! Life is good, right? For me and our customers, the answer is yes. I can’t help but think how can we make things better?

A dear friend of mine stopped and talked with me this week, and what he said really resonated. He asked me why we tend to point out the negative things about information security so much. Why do we seem to stress what people are doing wrong, and how things don’t work?

Why ARE we so focused on the negative? Things like:

  • Information security is NOT an IT issue,
  • Compliance is NOT information security, and;
  • There is no “easy button” in information security

These are three of our core principles by the way. ;)

Continue reading

Share this article

What Motivates You?

We all have motivations behind what we do, but have you ever given any thought to what motivates you with respect to information security?  Over the years, we’ve identified four primary motivations for information security actions, but only one is the best option.

The four motivations are:

  • Everybody else is doing it
  • We’ve been forced
  • Reaction to an adverse event (breach)
  • We understand the importance

Everybody Else is Doing It

We all have a herd mentality to some extent. We watch what other people are wearing, we pay attention to the cars other people are driving, and we emulate those people we admire. The tendency is to take this same herd mentality into the area of information security. We compare what we’re doing with what other organizations in our industry are doing. There are some real pitfalls in following this logic:

Share this article

It’s that time of year

The year is coming to an end and you know what that means don’t you?

 

It’s time for us to re-visit 2011 and make our predictions for 2012! In the coming weeks, I’m going to write three articles that will help us close out the year and focus on what’s to come. It’s a tradition now, so we have to do it. ;)

 

The three articles:

  • Revisiting FRSecure’s 2011 Predictions. Anyone can make predictions, but how many are actually willing to look back and see if they were right? We made our predictions on January 13th, 2011 and we’re going to see if we were even close to getting it right!
  • Last year we provided you with “The top 10 most impactful information security stories of 2010“. This year we’re going to give you our top 10 most impactful information security stories of 2011. Are you wondering if your top 10 will match with ours? Stay tuned to find out!
  • Lastly, we’ll break out our crystal ball and make some predictions for the coming year. 2012 is lining up to be a crazy year!

Be sure to stay with us during this series, it’s sure to be some fun. Subscribe to the FRSecure Blog by Email, or using our RSS feed.

 

Want to know more about FRSecure, read about us!

 

-Evan

Share this article

But who’s watching IT?

No really, who’s watching who?

 

What if I told you that there is a 48% chance that your network was breached by a hacker?

 

How would you react if I said that there is a 26% chance (1 in 4) that an IT staff member abused their logon privileges and accessed information that they shouldn’t have?

 

These statistics come the “2011 Survey of IT Professionals” recently published by Lieberman Software. The survey of more than 300 IT professionals contains some interesting, if not alarming information.

Continue reading

Share this article

Healthcare Data Protection, a Sad State

This morning, I finally had some time to sit down and read through the Second Annual Benchmark Study on Patient Privacy & Data Security research report from the Ponemon Institute. The study was conducted to help us understand the current state of information security within the healthcare industry. Overall, it’s a sad story. I’m not an alarmist or the boy who cried wolf, but the results of the study are alarming and people should be shouting for change.

Continue reading

Share this article

Thoughts on the Cyber Intelligence Sharing and Protection Act of 2011

On Wednesday, the U.S. House intelligence committee chairman Mike Rogers (R-Mich.), and ranking Democrat, C.A. “Dutch” Ruppersberger (Md.), introduced the “Cyber Intelligence Sharing and Protection Act of 2011“. The bill has already gained strong support from the telecommunications industry.

 

Does this mean you should support it too? It depends. At the very least, you should know what the bill is, and what it could mean to you.

What is the “Cyber Intelligence Sharing and Protection Act of 2011″?

The bill is an amendment to Title XI of the National Security Act of 1947 (50 U.S.C. 442 et seq.). The bill is meant to foster cooperation and information sharing between the private sector and the government.

Continue reading

Share this article

The Five W’s of Information Security

Information security can be confusing to some people; OK, maybe most people.  Why is information security confusing?  Maybe it’s because we miss some of the basics.

The basics of information security could be summed up by explaining the “What, Why, Who, When, and Where” of information security.

 

The Five Ws of Information Security are:

  • What is Information Security?
  • Why do you need Information Security?
  • Who is responsible for Information Security?
  • When is the right time to address Information Security?
  • Where does Information Security apply?

We could also include the sixth W, which is actually and “H” for How.  The How is why FRSecure exists.

Continue reading

Share this article

RK Dixon Tech Summit Conference Re-cap

On Monday, October 7th, Kevin Orth and I took a trip down to the RK Dixon 2011 Tech Summit conference.  RK Dixon is a trusted business partner of FRSecure, so we jumped at the opportunity to support them and talk to their customers.

FRSecure delivered two presentations at the conference; one titled “Information Security isn’t about Information or Security, It’s about People!” delivered by Kevin, and the other titled “Ten security principles to live (or die) by” delivered by myself.  Both presentations were given to a full room of ~40 IT and business leadership professionals, and the interactivity was awesome!

Continue reading

Share this article