SlideShare a Scribd company logo

The Difference Between Being Secure And Being Compliant

Download as PPTX, PDF
John Bedrick, profile picture
John Bedrick

The document discusses the difference between security and compliance. It begins with an overview of AccuCode, a company that provides security and compliance services. It then discusses how security is about protecting assets from threats like malware, hackers, and social engineering. Compliance, on the other hand, focuses on following standards and regulations. The document stresses that security is an ongoing process of analyzing risks and implementing appropriate protection measures. While compliance is important, true security requires layers of people, processes and technologies working together. Outsourcing to experts can help organizations achieve both security and compliance.

1 of 14
Downloaded 10 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
The Difference Between Being Secure And Being CompliantJohn Bedrick - AccuCode
AgendaAbout AccuCodeWhich is Worse?Unlocking the Security TaxonomySecurity versus ComplianceHow much security is enough?  What happens if ……. ?Closing ThoughtsAO:ComplianceNext StepsQuestions and Answers
AccuCode the CompanyFounded 1995
VAR, Professional & Managed Services, Commercial Software Products
National leader in: retail systems,security & compliance, wireless networking, mobile computing, bar code & RFID technologies
Fastest Growing Privately Held Company in the U.S.
Trusted Advisor Delivering Guaranteed Outcomes AccuCode Customers & PartnersPartnersManufacturingRetailTransportationAccuCode has hundreds of customers & thousands of end-users!
Which is Worse?Illusion versus Reality
Unlocking the Security TaxonomyPEOPLE
Security Versus Compliance (NOT a complete list)
How Much Security Is Enough?Step 1 – Determine the Assets you need to protect.Step 2 – Determine how much those Assets are worth (to you and someone else)Step 3 – Determine the level of Risk you are willing to live with.Step 4 – Decide how much you are willing to spend to protect those Assets, based on the level of Risk you have determined to accept.Step 5 – Implement Security measures based on above. (Answer: It’s never enough!)Step 6 – Repeat as often as needed or whenever things change.MalwareRootkitsHackersTrojansPhishingVirusesSpywareBot NetsAdwareWormsSocial EngineeringSpam
What Happens If…..?you have a breach and you were compliant; but, not “secure”?Determined on a case-by-case basis and also State-specific privacy laws.someone breaks into your business and steals your servers and/or back-up systems (drives, tapes, paper records, etc…)?Were appropriate protection measures being used at the time? Disaster recovery?your phone or mobile device (e.g., tablet) is lost or stolen?Is there sensitive data stored on the phone/device? Can you remote “wipe” it?a “vendor” is at fault?Did you “check out” the vendor and double-check their work?an employee is “duped” (social engineering) or assists a criminal?Was the employee trained in the proper policies and procedures?Did you “hire right” and the employee “checked out” prior to hiring?there was nothing more that could’ve been done – it just happened?There’s always more that could be done.Did you determine the appropriate level of risk and secure appropriately?
Closing ThoughtsSecurity is a journey; not, a destination. But it’s also a race.Implementing proper levels of security require careful analysis of risk versus implementation.Well thought out security requires layers of protection all working together.There are NO guarantees for being 100% secure.Being PCI compliant is far better then not being compliantit’s a step in the right direction for becoming more secure.Hire reputable security/compliance experts to help you.Don’t get into a position of the “blind leading the blind”.
ANDNext Steps

More Related Content

PDF
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
centralohioissa
 
PDF
Preserving the Privilege during Breach Response
Priyanka Aash
 
PDF
NUS-ISS Learning Day 2019- AI and Cybersecurity – Solution or Threat?
NUS-ISS
 
PPSX
William Diederich - Security Certifications: Are They Worth the Investment? A...
centralohioissa
 
PPT
Cloud Computing Panel - NYCLA
Raj Goel
 
PDF
Industry Insights from Infosecurity Europe 2016
Tripwire
 
PDF
Silicon Valley top 20
802 Secure, Inc
 
PPTX
Mobility Security - A Business-Centric Approach
Omar Khawaja
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
centralohioissa
 
Preserving the Privilege during Breach Response
Priyanka Aash
 
NUS-ISS Learning Day 2019- AI and Cybersecurity – Solution or Threat?
NUS-ISS
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
centralohioissa
 
Cloud Computing Panel - NYCLA
Raj Goel
 
Industry Insights from Infosecurity Europe 2016
Tripwire
 
Silicon Valley top 20
802 Secure, Inc
 
Mobility Security - A Business-Centric Approach
Omar Khawaja
 

What's hot (10)

PDF
Less tech more talk the future of the ciso role
Priyanka Aash
 
PDF
Security Awareness: The Best Defence
Shawn Brown
 
PDF
Securing Medical Devices Using Adaptive Testing Methodologies
Daniel Miessler
 
PDF
Epsilon_Five_Key_Errors_Booklet_A5_16pp-LR
Andrea Baratta
 
PPTX
Cyber security
Vaibhav Jain
 
PPTX
Info sec for startups
Kesava Reddy
 
PDF
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS
 
PDF
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
Phil Agcaoili
 
PDF
Netflix SIRT - Culture and Tech -Trainman
Alex Maestretti
 
PDF
Reality of cybersecurity 11.4.2017
japijapi
 
Less tech more talk the future of the ciso role
Priyanka Aash
 
Security Awareness: The Best Defence
Shawn Brown
 
Securing Medical Devices Using Adaptive Testing Methodologies
Daniel Miessler
 
Epsilon_Five_Key_Errors_Booklet_A5_16pp-LR
Andrea Baratta
 
Cyber security
Vaibhav Jain
 
Info sec for startups
Kesava Reddy
 
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS
 
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
Phil Agcaoili
 
Netflix SIRT - Culture and Tech -Trainman
Alex Maestretti
 
Reality of cybersecurity 11.4.2017
japijapi
 
Ad

Similar to The Difference Between Being Secure And Being Compliant (20)

PPTX
Solutions For PCI Compliance
John Bedrick
 
PPTX
SANS WhatWorks - Compliance & DLP
Nick Selby
 
PPT
Rothke Patchlink
Ben Rothke
 
PPTX
Information Security for Business Leaders - Eric Vanderburg - JurInnov
Eric Vanderburg
 
PDF
BEA Presentation
Glenn E. Davis
 
PDF
2015 09-22 Is it time for a Security and Compliance Assessment?
Raffa Learning Community
 
PPTX
Insecurity Through Technology
dfroud
 
PPTX
Selling security to the C-level
Donald Tabone
 
PPTX
Managing Risk or Reacting to Compliance
Evan Francen
 
PPTX
How to-become-secure-and-stay-secure
IIMBNSRCEL
 
PDF
Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014
John Bambenek
 
PPTX
Building a Security culture at Skyscanner 2016
Stu Hirst
 
PPTX
Chapter-Seven.pptxhmhjmhjkhjkhjkljlhjkhjkhj
Shemse Shukre
 
PDF
PCI Compliance NOT for Dummies epb 30MAR2016
Erika Powell-Burson, MSIA, CISSP, CISA
 
PPTX
Keynote @ ECMECC School Security Summit
SecurityStudio
 
PPTX
Top Cybersecurity Challenges Facing Your Business
Nicholas Davis
 
PPTX
Draft_ppt_dmss[1][2] (1) FINAL123455667.pptx
mazumderdevangshu
 
PPTX
BREACHED: Data Centric Security for SAP
UL Transaction Security
 
PPTX
Cyber Security Landscape: Changes, Threats and Challenges
Bloxx
 
PDF
Credit Union Cyber Security
Stacy Willis
 
Solutions For PCI Compliance
John Bedrick
 
SANS WhatWorks - Compliance & DLP
Nick Selby
 
Rothke Patchlink
Ben Rothke
 
Information Security for Business Leaders - Eric Vanderburg - JurInnov
Eric Vanderburg
 
BEA Presentation
Glenn E. Davis
 
2015 09-22 Is it time for a Security and Compliance Assessment?
Raffa Learning Community
 
Insecurity Through Technology
dfroud
 
Selling security to the C-level
Donald Tabone
 
Managing Risk or Reacting to Compliance
Evan Francen
 
How to-become-secure-and-stay-secure
IIMBNSRCEL
 
Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014
John Bambenek
 
Building a Security culture at Skyscanner 2016
Stu Hirst
 
Chapter-Seven.pptxhmhjmhjkhjkhjkljlhjkhjkhj
Shemse Shukre
 
PCI Compliance NOT for Dummies epb 30MAR2016
Erika Powell-Burson, MSIA, CISSP, CISA
 
Keynote @ ECMECC School Security Summit
SecurityStudio
 
Top Cybersecurity Challenges Facing Your Business
Nicholas Davis
 
Draft_ppt_dmss[1][2] (1) FINAL123455667.pptx
mazumderdevangshu
 
BREACHED: Data Centric Security for SAP
UL Transaction Security
 
Cyber Security Landscape: Changes, Threats and Challenges
Bloxx
 
Credit Union Cyber Security
Stacy Willis
 
Ad

The Difference Between Being Secure And Being Compliant

  • 1. The Difference Between Being Secure And Being CompliantJohn Bedrick - AccuCode
  • 2. AgendaAbout AccuCodeWhich is Worse?Unlocking the Security TaxonomySecurity versus ComplianceHow much security is enough?  What happens if ……. ?Closing ThoughtsAO:ComplianceNext StepsQuestions and Answers
  • 3. AccuCode the CompanyFounded 1995
  • 4. VAR, Professional & Managed Services, Commercial Software Products
  • 5. National leader in: retail systems,security & compliance, wireless networking, mobile computing, bar code & RFID technologies
  • 6. Fastest Growing Privately Held Company in the U.S.
  • 7. Trusted Advisor Delivering Guaranteed Outcomes AccuCode Customers & PartnersPartnersManufacturingRetailTransportationAccuCode has hundreds of customers & thousands of end-users!
  • 8. Which is Worse?Illusion versus Reality
  • 9. Unlocking the Security TaxonomyPEOPLE
  • 10. Security Versus Compliance (NOT a complete list)
  • 11. How Much Security Is Enough?Step 1 – Determine the Assets you need to protect.Step 2 – Determine how much those Assets are worth (to you and someone else)Step 3 – Determine the level of Risk you are willing to live with.Step 4 – Decide how much you are willing to spend to protect those Assets, based on the level of Risk you have determined to accept.Step 5 – Implement Security measures based on above. (Answer: It’s never enough!)Step 6 – Repeat as often as needed or whenever things change.MalwareRootkitsHackersTrojansPhishingVirusesSpywareBot NetsAdwareWormsSocial EngineeringSpam
  • 12. What Happens If…..?you have a breach and you were compliant; but, not “secure”?Determined on a case-by-case basis and also State-specific privacy laws.someone breaks into your business and steals your servers and/or back-up systems (drives, tapes, paper records, etc…)?Were appropriate protection measures being used at the time? Disaster recovery?your phone or mobile device (e.g., tablet) is lost or stolen?Is there sensitive data stored on the phone/device? Can you remote “wipe” it?a “vendor” is at fault?Did you “check out” the vendor and double-check their work?an employee is “duped” (social engineering) or assists a criminal?Was the employee trained in the proper policies and procedures?Did you “hire right” and the employee “checked out” prior to hiring?there was nothing more that could’ve been done – it just happened?There’s always more that could be done.Did you determine the appropriate level of risk and secure appropriately?
  • 13. Closing ThoughtsSecurity is a journey; not, a destination. But it’s also a race.Implementing proper levels of security require careful analysis of risk versus implementation.Well thought out security requires layers of protection all working together.There are NO guarantees for being 100% secure.Being PCI compliant is far better then not being compliantit’s a step in the right direction for becoming more secure.Hire reputable security/compliance experts to help you.Don’t get into a position of the “blind leading the blind”.
  • 15. AO:Compliance Makes PCI Compliance as Easy as:
  • 16. Next Steps, If You Need HelpAccuCode and our partners are ready to assist you with getting and staying PCI Compliant
  • 17. Go to the AO:Compliance website to find out more information about our compliance and security offerings www.aocompliance.com
  • 19. If you need help with other technology issues, AccuCode can also assist you with that as well
  • 20. Visit the AccuCode website for more information about our other products and services www.accucode.com

Editor's Notes

  • #13: Assess and Analyze (This critical step will help you understand how much becoming PCI compliant will cost you!)Assess the current environmentAnalyze any gaps that may existClose the GapsRemediate gaps & problem areasGet the environment compliantStay CompliantPerform regular testing & scanningRemediate to stay compliant