Does Your Information Security Plan Do its Job?

The need for strategic Information Security

Effective information security encompasses much more than firewalls, intrusion detection, file permissions and other IT technical devices. It also must monitor, establish and maintain security policies, training and personnel procedures, printed documents and physical controls. Considering information security to be solely an IT issue neglects the broader business and risk management variables that determine whether a security plan works. Effective information security demands comprehensive, specialized skills and a holistic business perspective before in information assets can be adequately protected.

Every business needs Strategic Information Security Management.

Unless your business employs full-time information security staff, your business and supply partners are exposed to countless risks and hidden costs. This does not you mean have inadequate IT youve appropriately focused your IT on operations and performance. However, IT cannot be solely entrusted with securing information. Businesses invariably relegate security to the back burner because it can wait while the day-to-day, never-ending backlog of IT upgrades, equipment and software problems cannot.

Information Security Management: Why, How and How Much?

By Evan Francen, President, FRSecure

How does your Information Security program measure up? Is it acceptable?

Overall Risk Comparison

4 4 3.5 3.5 3 3 2.5 2.5 2 2 1.5 1.5 1 1 0.5 0.5 0 0Your Company Industry Your Company Industry Average Average

C
2.05 / 4.0
Acceptable Acceptable

Information Security is not a Technology issue, it is a Business issue.

Realities for IT Managers and Staff Handling Information Security
The time IT staff spends managing information security is time away from optimizing IT operations, and ultimately undermines revenue. Outsourcing security responsibilities enables IT to continue focusing on IT operations. The same logic explains why banks dont purchase and operate their own security trucks. IT operations staff cannot stay current with all thats required to be an information security expert. Consequently, attempting to be an IT and an information security expert inadvertently puts their organization at risk. Organizations tend to operate with a false sense of security because they havent yet suffered a security breach. The real problem is: you dont know what you dont know. Ultimately, failing to specifically and strategically maintain an information security management plan increases the likelihood of breaches or violations happening and worsens the impact when they do.

What happens when your levy is breached?

Its not good. Failing to develop, implement and maintain an appropriate information security plan subjects your organization to expensive and demeaning costs such as: Lawsuits and legal fees Regulatory investigations and fines Tarnished reputation and credibility Loss of customers business and personal data and telling them you lost it Loss of your own business information and intellectual property Personal liabilities

Currently, the average breach Costs $214/record lost.* Incurs 34,000 records lost.* $214 x 34,000 = $7,276,000

*Ponemon Institute Cost of a data breach climbs higher by Dr. Larry Ponemon, March 8, 2011 http://www.ponemon.org/blog/post/cost-of-a-data-breach-climbs-higher

How to Accomplish a Successful Information Security program

The goal of an information security plan is to minimize the likelihood and impact of breaches against your information assets. This goal cannot be attained without an established information security plan. Its like the saying goes: you cant win the lottery if you dont buy a ticket. Even if every employee recognizes the essential importance and dangers at hand, companies tend to set information security aside simply because: No one person is tasked, or has the time to be Information Security Manager Staff lacks the knowledge and expertise required to handle information security concerns They cannot afford to hire an Information Security Manager Overall accountability is lacking Uncertainties about where to start and what to do compromise confidence and progress.

FRSecure Information Security Services

Engaging FRSecure for your Information Security needs ensures that your organizations information security program is second to none.

Assessment Services
Information security assessments Small business information security assessments Compliance assessments Network security assessments Wireless networking assessments SAS70/SSAE16 readiness assessments

Advisory support
Included with any of our plans Access to security team Executive level updates Interface with regulators or customers regarding information security Information security guidance Guidance on compliance with PCI, HIPAA, GLBA and Customer requirements

FRSecure eliminates the obstacles and limitations that impede designing, implementing and maintaining a solid, seamless information security strategy for your ongoing security success.

Program Development & Management Services

Identification and creation of core governance policies and strategies including: Information Security Policy Vendor Risk Management Acceptable Use Social Networking Password Personally Owned Equipment Training and Awareness Backup Data Classification Removable Media SIEM And more

Special Offers Exclusive to FRSecure Design Your Own Information Security Program FRSecure Security Health Checkup
Visit www.FRSecure.com for more information

Outsourced CISO Penetration testing Establish a vendor risk management program Intrusion Detection Systems (IDS) IS steering committees Development and delivery of IS training and awareness programs Security Information and Event Management (SIEM) Development of incident management programs Standardize technology builds and configuration Implement and manage change control Create/Review/Test BC and DR plans Formalize user rights management Formalize employee on/off boarding processes Compliance management Annual audits of: User accounts Permissions Passwords Firewall configuration System configuration

Why FRSecure Is Right for You

Many attributes and credentials separate FRSecure as an Information Security resource and as the partner who will maximize the success and cost effectiveness of your information security plan. Our team: Has over 15 years of information security experience with proven results Takes the time to get to know your business, so that the information security program we develop fits with your business goals. We don't simply try to shove your business into an information security one-size-fits-all box Understands our customers budget, personnel and timeline constraints, and we know what is required to succeed Takes an educational approach. We transfer as much knowledge to our clients as we can, so that ultimately they can own and manage their own program Is committed exclusively to information security management it is the only business we do Focuses strategically on the markets we can serve best Requires minimal to no start-up time you will see results from day one Takes a security leadership position in advising and managing all aspects of the security program including organization, planning, implementation and monitoring Is at your service; we want to be your information security resource Measures our success and reward by accomplishing and maintaining your companys ongoing information security goals Offers far more service at far less cost than even a part-time information security employee can provide

Please contact us with your questions about how Information Security can complement your IT. Every business organization is different, and we can help you tailor the tasks and responsibilities to meet your specific information security management needs. We look forward to serving you.

www.frsecure.com info@frsecure.com Chaska, MN 952-442-1709