Information security is a strategic issue that shouldn’t be
delegated solely to IT
By Lynn Shelton
Enterprise Minnesota's Vice President of Marketing
(Lynn Shelton, vice president of marketing, Enterprise Minnesota)
Many manufacturers think their companies’ vulnerability to computer hacking is well protected. Information security expert Evan Francen will tell them that they’re wrong. Francen, CEO of FRSecure, has more than 25 years’ experience in the information security business.
He will be the keynote speaker at Enterprise Minnesota’s event, “The Value of Peer Councils,” Tuesday, February 19 at the Shoreview Community Center. He spoke to one of Enterprise Minnesota’s peer councils in Owatonna in November of 2018, where we were more than impressed by Evan’s ability to strip away the unnecessary complexities of “IT” issues in a way that enables executives and managers to understand their urgencies.
This event is free of charge and open exclusively to Minnesota manufacturing executives. To register please contact email@example.com.
Francen’s experience is that many manufacturers “are unaware of the risks they face.” They don’t typically think someone would want to steal information about their widgets. They’re out there, he says: If you make money from it, don’t you think that someone else can, too?
“Some manufacturers think they’re flying under the radar,” he says. “That’s false logic, there is no radar and there’s no security in obscurity. Some boards of directors and executives want security to be an IT issue. That's the easy out, right? It's IT's problem, so just put it over there. That’s wrong. IT is good (hopefully) at technical things, like firewalls and antivirus software, but they aren’t the right fit to manage the people part, making sure people are well-trained and aware.”
Francen also appears in a cover-story Q&A for the upcoming issue of Enterprise Minnesota® magazine. He admits that some of the industry-wide communications gaps that separate executives from adequately understanding information security develops from a lack of common definitions.
“If you or I were to ask ten experienced security people for their definition of information security, we'd get ten different answers,” he says. “Heck, we might even get eleven or twelve! Some security people like to argue—egos can get in the way—and could spend all day arguing about it, too.”
His definition of information security, he says, is “managing risk to information confidentiality, integrity and availability using administrative, physical, and technical controls. That's a mouthful, I know, but it's not just keeping data secret. Maintaining confidentiality is about secrecy and privacy, integrity is about making sure that the information is accurate, and availability is making sure information is available when people need it.”
People who attend our event (and you should) will hear him emphasize that “information security is not an IT issue; it’s a business issue. Technical controls are only one of three different types in our definition. Administrative controls are used to address the ‘people part’ of security. You and I both know that people always pose the biggest challenge and most significant risk. Physical controls are the most obvious because you can touch them: locks, doors, alarm systems, etc. We have a saying we use when we try to stress the importance of physical controls, ‘It doesn’t matter how well your firewall works if someone steals your server.’”
Empowering Your Continuous Improvement
**Exclusive to Manufacturers**
Thursday, March 7, 2019
9:30 a.m. - 11:30 a.m.
Country Inn & Suites Hotel & Conference Center
1900 Premier Drive
Mankato, MN 56001
What to Expect
You may have integrated lean practices throughout your business, but are you empowering employees to see waste and eliminate it?
Greg Langfield, Enterprise Minnesota continuous improvement expert, will show you how to engage employees in eliminating waste, producing higher quality/volume products in less time, while maximizing productivity.
You will gain:
- Increased employee skills and behaviors that align with company values;
- Increased focus on value-added activities;
- Improved productivity company-wide; and
- Strengthened continuous improvement efforts.
This event is exclusive to manufacturers and is free of charge. Registration is required.
To register please contact firstname.lastname@example.org.