Mitigating Bring Your Own Device (BYOD) Risk for Organisations
|
|
- Dwight Oliver
- 7 years ago
- Views:
Transcription
1 Mitigating Bring Your Own Device (BYOD) Risk for Organisations Harness the benefits and mitigate the risks of BYOD espiongroup.com
2 Executive Summary Mobile devices such as smart phones, tablets, or laptops enable employees to harness consumer technology with greater benefit in the workplace. Employees are increasingly presenting business cases in favour of BYOD that add value to the business. This document aids readers in understanding and mitigating the security challenges, enterprise risks and data concerns associated with employees using personal devices for work related endeavours. Risks addressed include unauthorised access to the corporate network, data loss, data leaks, data breaches, data privacy issues, and data exposure via social media (intentional or unintentional). Organisations permitting BYOD in the workplace face serious challenges from a range of perspectives including; enterprise risk, information security, data privacy, governance, device support and asset management, and from financial concerns such as reduced CAPEX but increased OPEX costs. Risk mitigation can be achieved through the development and implementation of an enterprise-wide mobile device strategy. Such a strategy is essential to achieving business goals while reducing risk to acceptable levels. To be effective a BYOD strategy must be well-defined. In this report, examples are given of how controls and policies can be put in place with respect to data storage, remote wiping of devices, intellectual property ownership, security and legal issues, and data in transit. With proper risk management policies in place, enterprise risk can be reduced in line with the organisation s risk appetite. The key outcomes of implementing strategy and applying the relevant policies, are risk mitigation and improved organisation security posture. What is happening? Changes in the Nature and Volume of Data Usage There are currently an estimated 7.7 billion mobile connections according to GSMA intelligence. 1 Global mobile devices and connections in 2015 grew to 7.9 billion, up from 7.3 billion in Some of the key points of interest: 2 Global mobile data traffic grew 74% in 2015 year on year Mobile data traffic has grown by a multiple of 4,000 over the past 10 years and almost 400 over the past 15 years Fourth-generation (4G) traffic exceeded thirdgeneration (3G) traffic for the first time in Mobile video traffic accounted for 55%of total mobile data traffic in These statistics demonstrate a huge upsurge in mobile technology adoption, an inescapable global change. Perception of Risk The explosion in consumerisation has led to employees using their own mobile devices in the workplace to avail of business services. Mobile computing and bring your own device (BYOD) is creating huge innovation in the workplace. However, with the increase in mobile device usage in organisations comes greater risk, and greater responsibility. More often than not, companies are not aware of these new risks and responsibilities. Where they are aware of them, organisations often see the increased responsibility and risk as a burden, resulting in a lack of proper security policies and governance planning. This paper will provide insights into how to mitigate potential threats (staying safe) introduced by mobile computing in the workplace, security challenges faced by the organisation, and how proper security policies should be implemented and governed provider/visual-networking-index-vni/mobile-white-paper-c html Page 2
3 What will the Risk Impact be? BYOD impacts the risk associated with the following responsibilities of the Chief Security Officer: Data Privacy Cost Infrastructure The question has to be asked Is there value to be gained from BYOD? The answer must be weighed against cost of implementing a risk mitigation policy. If it does not make sense then an outright ban must be imposed. Data leaks or unauthorised access to the corporate network may be gained by attaching or tethering an unauthorised device to a valid corporate authenticated device. This may result in unauthorised access to the corporate network. Data breaches or unauthorised access of the corporate network or data theft can also occur after the loss or theft of a device. There have been several corporate breaches as a result of employees mobile devices being directly targeted for theft; resulting in the loss of sensitive corporate data or intellectual property 34. Risk to Data at Rest or in Transit Organisations permitting BYOD in the workplace are potentially facing issues, caused by physical mobility, resulting in the following risks: Risk In Transit At Rest Example Using wireless networks Storage on devices Risk Example Data Theft Data Leaks Data Breaches Data Exposure and Privacy Issues Accessing unsecure wireless network Tethering unauthorised device to corporate network Loss or theft of device Malicious exposure via open communication channels or intentional or accidental sharing via social media Data loss or theft as a result of being attached to an unsecure wireless network poses a serious threat to an organisation. Many wireless networks are inherently less secure than their wired counterparts; transmitting all data in clear text format, which can allow others on the network to sniff sensitive information. Not only is employee privacy at risk (personal banking details, web account passwords etc.), but so too is corporate data. Also, many portable devices have storage capabilities where corporate data can be put at risk when stored unencrypted. Risks to Privacy of Communication Data issues and their risks may be realised should an organisation s corporate data be exposed as a result of malicious intent, or accidentally via sharing through social media, webmail, cloud storage, instant messaging (e.g. WhatsApp), or other communication channels not being filtered by the employee s organisation. The cause of these risks is the nature of open communication channels. In addition to data theft or loss, mobile devices are a possible vector of a malware infection on the corporate network. All mobile devices can be used by hackers to pivot into the corporate network. Not only can this result in the loss of data, but can also allow attackers to further exploit vulnerabilities in place in the main corporate network, deepening the intrusion into your organisation. 3 Power R, Corporate Espionage : Tomorrow Arrived Yesterday (Power, 2010) < 4 Chinese Professors Among Six Defendants Charged with Economic Espionage and Theft of Trade Secrets for Benefit of People s Republic of China OPA Department of Justice < Page 3
4 Operational Risk to Infrastructure Systems and Software Risk Attack Vector Loss of Device Example Malware or Malicious App Device Stolen or Misplaced Operational and support resources are impacted, caused by the growth in, and diversity of infrastructure. The additional devices and variety can lead to a huge increase in demand for support from IT staff. If no uniform standards have been agreed, then technical support staff may lack the required skill and experience to provide adequate support to employees. A lack of asset management for BYOD employee mobile units may result in a lack of knowledge as to what types of hardware and OS are accessing the corporate network. This can lead to unpatched and vulnerable software applications, exposing the enterprise to even more risk. Cost Capital expenditure (CAPEX) costs may decrease with increased BYOD adoption but operation expenditure (OPEX) costs may increase. While at first BYOD may seem beneficial, additional support, integration, governance and employee expense costs may cancel out the envisaged benefit. It all has to be managed effectively to achieve long term benefit. Recommendations reviews, modifications and improvements made. Deming s Plan-Do-Check-Act (PDCA) model is a good method for this 5. The primary goal should be to improve the maturity level of the organisation s security posture. Tools to support the strategy (include but are not limited to): Risk assessments periodic and ongoing Policy To include items covering the challenges, e.g. MDM Governance to support strategy and underlying policies Included in this should be a clear policy on devices connecting to the organisation. All good policies are simple to understand, add value and are easy to maintain long term. To be adopted on a long term basis the policy must be business focused and easy to implement with technical support, otherwise employees will find ways to circumvent unsuitable aspects. Policies should focus on the following aspects: Data at rest and in transit must be encrypted and secured Information security risks are reduced and managed CAPEX and OPEX must be reduced Asset management must permit the easy distribution of software updates Flexibility for managing large amounts of devices Compliance and governance Items such as intellectual property developed on BYOD devices and management of personal data (e.g. images) must be agreed and communicated. It is important while developing the strategy that proper risk management is implemented. A proper risk assessment should be conducted at the beginning of the strategy development and corresponding mitigations put in place to reduce the potential risks while maximising the advantages to the business. The image below illustrates risk analysis from the ISO Risk Management framework. Strategy Governance & compliance Mobile device management (MDM) Develop a Strategy Developing an enterprise-wide mobile device strategy is essential. It should be iterative in nature with periodic 5 The W Edwards Deming Institute, THE PLAN, DO, STUDY, ACT (PDSA) CYCLE The Deming Institute ( 2015) < Page 4
5 Figure 1: ISO31000 Risk Analysis Allocate Resources and Train Staff Proper budgets and resources must be allocated to the corporate BYOD policy. Staff must be trained to support the additional number and variety of devices. Additional support staff may have to be hired in order to meet support requirements. Training - Implementing risk management controls needs to be addressed, for example software licensing and user training (patch the humans). Policy - Policies on security incidents/breaches, compliance, will have to be drawn up with staff assigned for maintaining governance. Page 5
6 Compliance and Governance Devices attaching to the network should be kept up-todate with the latest security patches. Unauthorised access to the corporate network must never be permitted, to prevent the introduction of malware or unauthorised release of sensitive data. All BYOD implementations must adhere to corporate, legal and any regulatory (e.g. PCI DSS) standards. Proper monitoring and auditing of all standards and required compliance must be maintained and enforced. Governance staff may need to be assigned to ensure compliance. Full audit trails relating to data access and movement will need to be recorded. Suggestion: Employees must sign and agree to formal policies such as: Data access Data privacy Internet usage Intellectual property Data ownership Cloud services A financial company may be in breach of client contracts if sensitive data is being backed up via cloud services hosted in multiple countries. The data may be traversing certain countries that place the client in breach of financial regulations. Order: Conduct vendor research and mandate permitted cloud providers prior to committing funds. Summary In this report the various issues facing BYOD were discussed, the main points are re-iterated below: Risks Impact Cost Infrastructure, data and privacy Strategy Organisations permitting BYOD in the workplace face operational challenges such as information security, device support, asset management, and financial concerns such as increased operational costs. Data issues, corporate network breaches, and malware insertion, are all serious risks. Organisations must be aware of enterprise risk and governance concerns associated with mobility technology in the workplace. To achieve business goals whilst reducing risk to acceptable levels, risk management and a mobile device strategy should be implemented. The CISO must enforce accountability for monitoring and auditing of all standards and required compliance. Regular risk assessments and security reviews should be conducted with recommendations implemented from assessments and security audit findings. Organisations with BYOD in the workplace should formally assess the benefits versus the increased risks associated with mobile device adoption. The organisation must ensure that proper security policies, governance and risk management frameworks are implemented to protect security and prevent data loss once the business case is understood. Page 6
Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER
Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER FORTINET Say Yes to BYOD PAGE 2 Introduction Bring Your Own Device (BYOD) and consumerization
More informationDon t Let A Security Breach Put You Out of Business
Don t Let A Security Breach Put You Out of Business Committed to providing you with the most innovative security and privacy solutions. www.boomtechit.com Bring Your Own Device (BYOD) and Mobile Device
More informationData Protection Act 1998. Bring your own device (BYOD)
Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...
More informationDell s Five Best Practices for Maximizing Mobility Benefits while Maintaining Compliance with Data Security and Privacy Regulations
Dell s Five Best Practices for Maximizing Mobility Benefits while Maintaining Compliance with Data Security and Privacy Regulations Inside ü Tips for deploying or expanding BYOD programs while remaining
More informationThe Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard
The Impact of Wireless LAN Technology on to the PCI Data Security Standard 339 N. Bernardo Avenue, Suite 200 Mountain View, CA 94043 www.airtightnetworks.net Wireless LANs and PCI Retailers today use computers
More informationBring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com
Bring Your Own Device (BYOD) and Mobile Device Management tekniqueit.com Bring Your Own Device (BYOD) and Mobile Device Management People are starting to expect the ability to connect to public networks
More informationBring Your Own Device (BYOD) and Mobile Device Management. www.cognoscape.com
Bring Your Own Device (BYOD) and Mobile Device Management www.cognoscape.com Bring Your Own Device (BYOD) and Mobile Device Management People are starting to expect the ability to connect to public networks
More informationMobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to Health Information Risks vary based on the mobile device and its use. Some risks include:
More informationWhy Email Encryption is Essential to the Safety of Your Business
Why Email Encryption is Essential to the Safety of Your Business What We ll Cover Email is Like a Postcard o The Cost of Unsecured Email 5 Steps to Implement Email Encryption o Know Your Compliance Regulations
More informationMobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to to Health Mobile Information Devices: Risks to Health Information Risks vary based on the
More informationWhat Is BYOD? Challenges and Opportunities
Wor k s pac es Mobi l i t ysol ut i ons Bl uewi r esol ut i ons www. bl uewi r e. c o. uk What Is BYOD? Challenges and Opportunities What is BYOD How Secure is Your BYOD Environment? Bring your own device
More informationTable of Contents. Application Vulnerability Trends Report 2013. Introduction. 99% of Tested Applications Have Vulnerabilities
Application Vulnerability Trends Report : 2013 Table of Contents 3 4 5 6 7 8 8 9 10 10 Introduction 99% of Tested Applications Have Vulnerabilities Cross Site Scripting Tops a Long List of Vulnerabilities
More informationWhite Paper. Data Security. The Top Threat Facing Enterprises Today
White Paper Data Security The Top Threat Facing Enterprises Today CONTENTS Introduction Vulnerabilities of Mobile Devices Alarming State of Mobile Insecurity Security Best Practices What if a Device is
More informationSay Yes to BOYD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices
Say Yes to BOYD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices Introduction Bring Your Own Device (BYOD) and consumerization of IT are all phrases that serve to encompass
More informationEndpoint protection for physical and virtual desktops
datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become
More informationGuideline on Safe BYOD Management
CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version
More informationExecutive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:
Executive Summary Texas state law requires that each state agency, including Institutions of Higher Education, have in place an Program (ISP) that is approved by the head of the institution. 1 Governance
More informationEndpoint protection for physical and virtual desktops
datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become
More informationA Guide to MAM and Planning for BYOD Security in the Enterprise
A Guide to MAM and Planning for BYOD Bring your own device (BYOD) can pose a couple different challenges, not only the issue of dealing with security threats, but also how to handle mobile applications.
More informationIf you can't beat them - secure them
If you can't beat them - secure them v1.0 October 2012 Accenture, its logo, and High Performance delivered are trademarks of Accenture. Preface: Mobile adoption New apps deployed in the cloud Allow access
More informationMy CEO wants an ipad now what? Mobile Security for the Enterprise
My CEO wants an ipad now what? Mobile Security for the Enterprise Agenda Introductions Emerging Mobile Trends Mobile Risk Landscape Response Framework Closing Thoughts 2 Introductions Amandeep Lamba Manager
More informationBYOD and Mobile Device Dependency
BYOD and Mobile Device Dependency Thursday, November 8, 2012 Brian Thomas, CISA, CISSP & Shohn Trojacek, CISSP Brian Thomas, CISA, CISSP Partner, IT Advisory Services at Weaver Provides security, IT audit
More informationBuilding a Comprehensive Mobile Security Strategy
WHITE PAPER Building a Comprehensive Mobile Security Strategy A key to safeguarding data and apps is finding the right partner. protecting mobile environments has become more complex. Fortunately, solutions
More informationBring Your Own Device (BYOD) and Mobile Device Management
Bring Your Own Device (BYOD) and Mobile Device Management Intivix.com (415) 543 1033 PROFESSIONAL IT SERVICES FOR BUSINESSES OF ALL SHAPES AND SIZES People are starting to expect the ability to connect
More informationHow to Secure Your Environment
End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge
More informationBRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT
BRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT www.intivix.com (415) 543 1033 HELP TEAM MEMBERS TO COLLABORATE MORE EASILY FROM ANYWHERE. People are starting to expect the ability to connect
More informationHow to Practice Safely in an era of Cybercrime and Privacy Fears
How to Practice Safely in an era of Cybercrime and Privacy Fears Christina Harbridge INFORMATION PROTECTION SPECIALIST Information Security The practice of defending information from unauthorised access,
More informationNorth Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP
Mobile Device Management Risky Business in Healthcare North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP Agenda HIPAA/HITECH & Mobile Devices Breaches Federal
More informationHow To Secure Your Store Data With Fortinet
Securing Wireless Networks for PCI Compliance Using Fortinet s Secure WLAN Solution to Meet Regulatory Requirements Introduction In the wake of many well-documented data breaches, standards such as the
More informationInformation Security It s Everyone s Responsibility
Information Security It s Everyone s Responsibility The University of Texas at Dallas Information Security Office (ISO) Purpose of Training Information generated, used, and/or owned by UTD has value. Because
More informationBootstrapping Secure Channels of Communication Over Public Networks
Bootstrapping Secure Channels of Communication Over Public Networks Human Interaction Security Protocols (HISPs) offer an entirely new way of authenticating teams to create robust security where none exists.
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationNetwork Security Report:
Network Security Report: The State of Network Security in Schools Managing tight budgets. Complying with regulatory requirements. Supporting Internet-based learning technologies. There are many challenges
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationSophistication of attacks will keep improving, especially APT and zero-day exploits
FAQ Isla Q&A General What is Isla? Isla is an innovative, enterprise-class web malware isolation system that prevents all browser-borne malware from penetrating corporate networks and infecting endpoint
More informationInformation Security Policy
Information Security Policy Touro College/University ( Touro ) is committed to information security. Information security is defined as protection of data, applications, networks, and computer systems
More information10 best practice suggestions for common smartphone threats
10 best practice suggestions for common smartphone threats Jeff R Fawcett Dell SecureWorks Security Practice Executive M Brandon Swain Dell SecureWorks Security Practice Executive When using your Bluetooth
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationAdopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.
Security solutions To support your IT objectives Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services. Highlights Balance effective security with
More informationInsert Partner logo here. Financial Mobility Balancing Security and Success
Financial Mobility Balancing Security and Success Copyright 2012 Fiberlink Communications Corporation. All rights reserved. This document contains proprietary and confidential information of Fiberlink.
More informationBring Your Own Device (BYOD) for Staff and Visitors
Bring Your Own Device (BYOD) for Staff and Visitors Version 1.01 01.16 Created April 2015 Reviewed by Education and staffing Committee 21.01.16 Review Cycle Triennial Next review September 2019 Source
More informationINSTANT MESSAGING SECURITY
INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part
More informationHow To Deal With A Converged Threat From A Cloud And Mobile Device To A Business Or A Customer'S Computer Or Network To A Cloud Device
Ten Tips for Managing Risks on Convergent Networks The Risk Management Group April 2012 Sponsored by: Lavastorm Analytics is a global business performance analytics company that enables companies to analyze,
More informationEmbracing BYOD. Without Compromising Security or Compliance. Sheldon Hebert SVP Enterprise Accounts, Fixmo. Sheldon.Hebert@fixmo.
Embracing BYOD Without Compromising Security or Compliance The Mobile Risk Management Company Sheldon Hebert SVP Enterprise Accounts, Fixmo Sheldon.Hebert@fixmo.com New Realities of Enterprise Mobility
More informationBYOD BEST PRACTICES GUIDE
BYOD BEST PRACTICES GUIDE 866.926.8746 1 www.xantrion.com TABLE OF CONTENTS 1 Changing Expectations about BYOD... 3 2 Mitigating the Risks... 4 2.1 Establish Clear Policies and Expectations... 4 2.2 Create
More informationCyber Exploits: Improving Defenses Against Penetration Attempts
Cyber Exploits: Improving Defenses Against Penetration Attempts Mark Burnette, CPA, CISA, CISSP, CISM, CGEIT, CRISC, QSA LBMC Security & Risk Services Today s Agenda Planning a Cyber Defense Strategy How
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More informationIbrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them?
Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com Smartphones and BYOD: what are the risks and how do you manage them? Tablets on the rise 2 Diverse 3 The Changing Mobile World Powerful devices
More informationBYOD in the Enterprise
BYOD in the Enterprise MDM. The solution to BYOD? Context Information Security whitepapers@contextis.co.uk October 2013 Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) 207 537 7515
More informationEmerging threats for the healthcare industry: The BYOD. By Luca Sambucci www.deepsecurity.us
Emerging threats for the healthcare industry: The BYOD Revolution By Luca Sambucci www.deepsecurity.us Copyright 2013 Emerging threats for the healthcare industry: The BYOD REVOLUTION Copyright 2013 Luca
More informationUse Bring-Your-Own-Device Programs Securely
Use Bring-Your-Own-Device Programs Securely By Dale Gonzalez December 2012 Bring-your-own-device (BYOD) programs, which allow employees to use their personal smartphones, tablets and laptops in and out
More informationBYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager
BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager 1 AGENDA Mobile Explosion Mobile Trends BYOD Benefits, Challenges and Threats BYOD Security BYOD Strategy
More informationChoose Your Own Device (CYOD) and Mobile Device Management. gsolutionz.com
Choose Your Own Device (CYOD) and Mobile Device Management gsolutionz.com Choose Your Own Device (CYOD) and Mobile Device Management 2 gsolutionz.com People are starting to expect the ability to connect
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationInformation Security: Business Assurance Guidelines
Information Security: Business Assurance Guidelines The DTI drives our ambition of prosperity for all by working to create the best environment for business success in the UK. We help people and companies
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationMobile Devices Policy
Mobile Devices Policy Item Policy description Division Director Contact Description Guidelines to ensure that mobile devices are deployed and used in a secure and appropriate manner. IT Services and Records
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationDISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com
DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention symantec.com One of the interesting things we ve found is that a lot of the activity you d expect to be malicious
More informationHands on, field experiences with BYOD. BYOD Seminar
Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl
More informationBYOD Guidelines A practical guide for implementing a successful BYOD Management program in an organization of any size.
April 2014 BYOD Guidelines A practical guide for implementing a successful BYOD Management program in an organization of any size. Bring your own device (BYOD) refers to the policy of permitting employees
More informationDOBUS And SBL Cloud Services Brochure
01347 812100 www.softbox.co.uk DOBUS And SBL Cloud Services Brochure enquiries@softbox.co.uk DOBUS Overview The traditional DOBUS service is a non-internet reliant, resilient, high availability trusted
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationMobile Device Security and Audit
Mobile Device Security and Audit ISACA Chapter Meeting February 2012 Alex Stamps Manager Security & Privacy Services Deloitte & Touche LLP astamps@deloitte.com Session Objectives Define mobile devices
More informationImplementing Practical Information Security Programs
Implementing Practical Information Security Programs CISO Summit March 17-19, 2013 Presented by: David Cass, SVP & Chief Information Security Officer, Elsevier Information Security & Data Protection Office
More informationReducing Cyber Risk in Your Organization
Reducing Cyber Risk in Your Organization White Paper 2016 The First Step to Reducing Cyber Risk Understanding Your Cyber Assets With nearly 80,000 cyber security incidents worldwide in 2014 and more than
More informationWhat is Management Responsible For?
What is Management Responsible For? Matthew J. Putvinski, CPA, CISA, CISSP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2011 Wolf & Company, P.C. About Wolf & Company, P.C Regional
More informationPassword Management Evaluation Guide for Businesses
Password Management Evaluation Guide for Businesses White Paper 2016 Executive Summary Passwords and the need for effective password management are at the heart of the rise in costly data breaches. Various
More informationAdopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.
Security solutions To support your IT objectives Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services. Highlights Balance effective security with
More information{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com
{ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationIs the PCI Data Security Standard Enough?
Is the PCI Data Security Standard Enough? By: Christina M. Freeman ICTN 6870 Advanced Network Security Abstract: This paper will present the researched facts on Payment Card Industry Data Security Standard
More informationMobile & Security? Brice Mees Security Services Operations Manager
Mobile & Security? Brice Mees Security Services Operations Manager Telenet for Business Agenda Mobile Trends Where to start? Risks and Threats Risk mitigation Conclusion Agenda Mobile Trends Where to start?
More informationCisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media
January 2012 Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 All contents are Copyright 1992 2012 Cisco Systems, Inc. All rights reserved. This document
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationThe Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T
The Cost of Insecure Mobile Devices in the Workplace! Sponsored by AT&T Independently conducted by Ponemon Institute LLC Publication Date: March 2014 Part 1. Introduction The Cost of Insecure Mobile Devices
More informationMobile Device Management for Personally Controlled Electronic Health Records: Effective Selection of Evaluation Criteria
Edith Cowan University Research Online Australian ehealth Informatics and Security Conference Security Research Institute Conferences 2012 Mobile Device Management for Personally Controlled Electronic
More informationCyber Security. John Leek Chief Strategist
Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity
More informationA Channel Company White Paper. Online Security. Beyond Malware and Antivirus. Brought to You By:
A Channel Company White Paper Online Security Beyond Malware and Antivirus Brought to You By: Abstract Security has always encompassed physical and logical components. But in the face of Bring Your Own
More informationA number of factors contribute to the diminished regard for security:
TrendLabs Enterprises cite security as their number one concern with regard to consumerization. During the actual execution of a consumerization strategy, however, IT groups find that the increasing demand
More informationMobility, Security Concerns, and Avoidance
By Jorge García, Technology Evaluation Centers Technology Evaluation Centers Mobile Challenges: An Overview Data drives business today, as IT managers and security executives face enormous pressure to
More informationLaptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice
Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice Agenda Learning objectives for this session Fundamentals of Mobile device use and correlation to HIPAA compliance HIPAA
More informationExecutive Overview...4. Importance to Citizens, Businesses and Government...5. Emergency Management and Preparedness...6
Securing the State Of Michigan Information Technology Resources Table of Contents Executive Overview...4 Importance to Citizens, Businesses and Government...5 Emergency Management and Preparedness...6
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationRUNNING HEAD: BRING YOUR OWN DEVICE 1
RUNNING HEAD: BRING YOUR OWN DEVICE 1 Bring Your Own Device: The Advantages and Disadvantages of BYOD Network Policies Benjamin Fuller BRING YOUR OWN DEVICE 2 Introduction The world of mobile devices continues
More informationSecuring mobile devices in the business environment
IBM Global Technology Services Thought Leadership White Paper October 2011 Securing mobile devices in the business environment By I-Lung Kao, Global Strategist, IBM Security Services 2 Securing mobile
More informationUse of tablet devices in NHS environments: Good Practice Guideline
Use of Tablet Devices in NHS environments: Good Practice Guidelines Programme NPFIT Document Record ID Key Sub-Prog / Project Technology Office Prog. Director Chris Wilber Status APPROVED Owner James Wood
More information4 Steps to Effective Mobile Application Security
Mobile Application Security Whitepaper 4 Steps to Effective Mobile Application Security Table of Contents Executive Summary 3 Mobile Security Risks in Enterprise Environments 4 The Shortcomings of Traditional
More informationONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014
ONE DEVICE TO RULE THEM ALL! 1993 2013 1 AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014 2 1 AGENDA Mobile Devices / Smart Devices Implementation Models Risks & Threats Audit Program
More informationHow To Support Bring Your Own Device (Byod)
WHITE PAPER: EXPLOITING THE BUSINESS POTENTIAL OF BYOD........................................ Exploiting the business potential of BYOD (bring your own device) Who should read this paper This paper addresses
More informationFeature BYOD - MOBILITY GOES VIRAL
Feature BYOD - MOBILITY GOES VIRAL 68 Quarter One 2012 A year ago it was the development no employer wanted to know about; now, it s the movement every employer has to deal with. Bringyour-own-device (BYOD)
More informationPORTABLE DATA STORAGE SECURITY INFORMATION FOR CIOs/CSOs Best Before November 2011 1
Executive Summary PORTABLE DATA STORAGE SECURITY INFORMATION FOR CIOs/CSOs Best Before November 2011 1 In today s business environment, managing and controlling access to data is critical to business viability
More informationSecuring the Cloud Infrastructure
EXECUTIVE STRATEGY BRIEF Microsoft recognizes that security and privacy protections are essential to building the necessary customer trust for cloud computing to reach its full potential. This strategy
More informationUse of Mobile Apps in the Workplace:
Use of Mobile Apps in the Workplace: PRIVACY & SECURITY ADAM D.H. GRANT AGRANT@ALPERTBARR.COM Cell Phone & Tablet Ownership 91% of American adults own a cell phone 56% have smartphones Of Americans aged
More informationCompliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:
Security.01 Penetration Testing.02 Compliance Review.03 Application Security Audit.04 Social Engineering.05 Security Outsourcing.06 Security Consulting.07 Security Policy and Program.08 Training Services
More informationSecurity Practices for Online Collaboration and Social Media
Cisco IT Best Practice Collaboration Security Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 2013 Cisco and/or its affiliates. All rights reserved.
More informationPCI DSS Requirements - Security Controls and Processes
1. Build and maintain a secure network 1.1 Establish firewall and router configuration standards that formalize testing whenever configurations change; that identify all connections to cardholder data
More informationSecureAge SecureDs Data Breach Prevention Solution
SecureAge SecureDs Data Breach Prevention Solution In recent years, major cases of data loss and data leaks are reported almost every week. These include high profile cases like US government losing personal
More informationYOUR TRUSTED PARTNER IN A DIGITAL AGE. A guide to Hiscox Cyber and Data Insurance
YOUR TRUSTED PARTNER IN A DIGITAL AGE A guide to Hiscox Cyber and Data Insurance 2 THE CYBER AND DATA RISK TO YOUR BUSINESS This digital guide will help you find out more about the potential cyber and
More information