ONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014

Size: px
Start display at page:

Download "ONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014"

Transcription

1 ONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2,

2 AGENDA Mobile Devices / Smart Devices Implementation Models Risks & Threats Audit Program Q&A Resources 3 WHAT ARE MOBILE DEVICES TODAY? Primary features: Wireless network interface for internet access. Local built-in (non-removable) data storage. Operating system that is not a full-fledged desktop/laptop operating system. Apps available through multiple methods. Built-in features for synchronizing local data. Optional features: Wireless personal area network interfaces (e.g., Bluetooth). Cellular network interfaces. GPS (Global Positioning System) Digital camera. Microphone. Storage SP

3 WHAT ARE MOBILE/SMART DEVICES? 5 MICHIGAN S ENVIRONMENT 6 3

4 BENEFITS OF MOBILE DEVICES Increased workforce productivity. Improved customer service. Improved turnaround times for problem resolution. Increased business process efficiency. Employee retention. In 2014 the average number of connected devices per knowledge worker will reach an average of 3.3 devices - Cisco 7 IMPLEMENTATION MODELS Traditional Bring Your Own Device (BYOD) Corporately Owned, Personally Enabled (COPE) 8 4

5 BYOD TRENDING WITH USERS 9 BYOD TRENDING WITH EMPLOYERS BYOD in the Enterprise-A Holistic Approach, ISACA JOURNAL, Volume 1,

6 BYOD ISACA IMPLEMENTATION CONSIDERATIONS The key word for BYOD implementation is LIMIT: LIMIT number of supported device models to the most secure ones. LIMIT number of users which are allowed to BYOD. LIMIT number of applications and data available for BYOD. 11 MOBILE THREATS/RISKS Lack of User Knowledge Malicious Apps Data Leakage 12 6

7 LACK OF USER KNOWLEDGE SECURING THE DEVICE 9 in 10 Americans use their smartphones for work. 40% don t password protect their smartphones. 51% of Americans connect to unsecured wireless networks on their smartphone. 48% don t disable Bluetooth discoverable mode. CISCO 2013 Study 13 LACK OF USER KNOWLEDGE THREAT ANALYSIS 14 7

8 MALICIOUS APPS WHAT S TRENDING? GAO September 2012 Report found that: Mobile malware grew by 155% in out of 10 Android owners are likely to encounter a threat on their device each year as of And it just keeps growing!!! 15 MALICIOUS APPS WHAT CAN THEY DO? Once your device has been infected, attackers can: send location, send contact info, send and read SMS messages, place phone calls, silently download files, open the browser and more

9 MALICIOUS APPS WHAT ARE THEY DOING? SYMANTEC Internet Security Threat Report MALICIOUS APPS WHEN GOOD APPS GO BAD 1) A legitimate developer creates an application. 3) A malicious developer repackages the application with a malware. 5) A user downloads the application containing the malware. 2 The developer uploads the application to a website. 4) The malicious developer uploads the application to a third-party app store where users can download it for free. 6) The malicious developer can control the phone remotely and access the user's sensitive information including address book, s, text messages, location, files, and also place calls. Better Implementation of Controls for Mobile Devices Should Be Encouraged [GAO ] page

10 MALICIOUS APPS CAN YOU TRUST YOUR APP STORE? Aug 28, 2014 Microsoft Removes 1,500 Fake Apps From Windows Store 19 MALICIOUS APPS Android APPS WEBROOT - Mobile Threat Report

11 MALICIOUS APPS ios (Apple) APPS WEBROOT - Mobile Threat Report MICHIGAN S ENVIRONMENT 22 11

12 MICHIGAN S ENVIRONMENT 23 The fundamental issue underlying protecting information on mobile devices is data leakage. DATA LEAKAGE ITS ALL ABOUT THE DATA If users didn t copy sensitive information to their phones, laptops, thumb drives, and other devices, controlling for breaches would be much simpler

13 REGULATORY COMPLIANCE Health Insurance Portability and Accountability Act (HIPAA) Payment Card Industry Data Security Standards (PCI-DSS) Freedom of Information Act (FOIA) Privacy Laws 25 MOBILE SECURITY SOLUTIONS Mobile Device Management Systems (MDM) Enterprise Sandbox Mobile Antivirus Secure Browser Data Loss Prevention (DLP) 26 13

14 MDM SYSTEMS MONITOR AND CONTROL Example of MaaS360 Dashboard 27 MDM SYSTEMS UNDERSTAND YOUR ENVIRONMENT Example of MaaS360 Reports 28 14

15 MICHIGAN S ENVIRONMENT 29 MOBILE DEVICE SECURITY AUDIT WOULD YOU LIKE TO TAKE A SURVEY? Validate MDM Data Device make/model Operating system version Understand the Environment How devices are used Who owns the devices What data is accessed and stored on devices Sent to all Mobile Device users (~10,000 in total) 50% started, 43% finished 30 15

16 MOBILE DEVICE SECURITY AUDIT TELL ME HOW YOU REALLY FEEL 31 MOBILE DEVICE SECURITY AUDIT Audit Objectives: To assess the effectiveness of DTMB's efforts to establish a governance structure and provide guidance regarding mobile device security. To assess the effectiveness of DTMB s efforts to design, implement, and enforce the secure configuration of mobile devices. To assess the effectiveness of DTMB's efforts to ensure that only authorized devices access the State's information technology resources

17 AUDIT PROGRAMS ISACA Mobile Computing Security Audit/Assurance Program (2010) BYOD Audit /Assurance Program (2012) SANS Mobile Device Security Checklist CIS ios & Android Benchmarks 33 AUDIT PROGRAMS ISACA Mobile Security: Policies Risk Management Device Management Training Access Controls Stored Data Malware Avoidance Secure Transmission BYOD: Policies Risk Management Device Management Training Device Layer Security Legal Tech. & User Support Governance 34 17

18 POLICIES Audit Objective: Policies have been defined and implemented to assure protection of enterprise assets. Policy Definition Control: Policies have been defined to support a controlled implementation of mobile devices. 35 RISK MANAGEMENT Audit Objective: Management processes assure that risks associated with mobile computing are thoroughly evaluated and that mobile security risk is minimized. Risk Assessments Control: Risk assessments are performed prior to implementation of new mobile security devices, and a continuous risk monitoring program evaluates changes in or new risks associated with mobile computing devices. Risk Assessment Governance Control: The executive sponsor is actively involved in the risk management of mobile devices

19 DEVICE MANAGEMENT Audit Objective 1: Mobile devices are managed and secured according to the risk of enterprise data loss. Tracking Control: Mobile devices containing sensitive enterprise data are managed and administered centrally Audit Objective 2: Mobile devices are managed and secured according to the risk of enterprise data loss. Provisioning/De-provisioning Control: Mobile devices containing sensitive enterprise data are set up for each user according to their job description and managed as their job function changes or they are terminated. 37 TRAINING Audit Objective: Employees and contractors utilizing enterprise equipment or receiving or transmitting enterprise sensitive information receive initial and ongoing training relevant to the technology assigned to them. Mobile Computing Awareness Training Control: Mobile computing awareness training is ongoing and is based on the sensitive nature of the mobile computing devices assigned to the employee or contractor Audit Objective: Employees and contractors utilizing enterprise equipment or receiving or transmitting enterprise sensitive information receive initial and ongoing training relevant to the technology assigned to them. Mobile Computing Awareness Governance Control: Mobile computing awareness includes processes for management feedback to understand the usage and risks identified by device users

20 ACCESS CONTROLS Audit Objective: Access control is assigned to and managed for mobile security devices according to their risk of enterprise data loss. Access Control: Access control rules are established for each mobile device type, and the control characteristics address the risk of data loss. 39 STORED DATA Audit Objective: Access control is assigned to and managed for mobile security devices according to their risk of enterprise data loss. Encryption Control: Encryption technology protects enterprise data on mobile devices and is administered centrally to prevent the loss of information due to bypassing encryption procedures or loss of data due to misplaced encryption keys

21 STORED DATA Audit Objective: Access control is assigned to and managed for mobile security devices according to their risk of enterprise data loss. Data Transfer Control: Data transfer policies are established that define the types of data that may be transferred to mobile devices and the access controls required to protected sensitive data Audit Objective: Access control is assigned to and managed for mobile security devices according to their risk of enterprise data loss. Data Retention Control: Data retention polices are defined for mobile devices and are monitored and aligned with enterprise data retention policies, and data retention is executed according to policy. 41 MALWARE AVOIDANCE Audit Objective: Mobile computing will not be disrupted by malware nor will mobile devices introduce malware into the enterprise. Malware Technology Control: Malware prevention software has been implemented according to device risk

22 SECURE TRANSMISSION Audit Objective: Sensitive enterprise data are protected from unauthorized access during transmission. Secure Connections Control: Virtual private network (VPN), Internet Protocol Security (IPSec), and other secure transmission technologies are implemented for devices receiving and/or transmitting sensitive enterprise data. 43 BYOD AUDIT PROGRAM WHY OH WHY DIDN T I TAKE THE BLUE PILL? Legal Audit Objective: BYOD procedures comply with legal requirements and minimize the organization s exposure to legal actions. Tech. & User Support Audit Objective: A help desk or similar support function has been established to process technical and user issues. Governance Audit Objective: BYOD is subject to oversight and monitoring by management

23 POTENTIAL AUDIT ISSUES IDENTIFIED Governance Structure Roles & Responsibilities Policies & Procedures Device Configuration Encryption Password requirements Patch Management MDM Enrollment Inventory Decentralized 45 Questions C. Robert Kern II, C.I.S.A. Principal IT Audit Supervisor State of Michigan Office of the Auditor General 201 N Washington Sq Suite 600 Lansing, MI (517) ext

24 RESOURCES BankInfoSecurity, BYOD: Get Ahead of the Risk, Intel CISO: Policy, Accountability Created Positive Results, January 2012 Center for Internet Security (CIS) Apple ios 6 Benchmark v1.0.0 Center for Internet Security (CIS) Apple ios 7 Benchmark v Center for Internet Security (CIS) Google Android 2.3 Benchmark v RESOURCES Center for Internet Security (CIS) Google Android 4 Benchmark v Digital Services Advisory Group and Federal Chief Information Officers Council, Bring Your Own Device, A Toolkit to Support Federal Agencies Implementing Bring Your Own Device (BYOD) Programs, August 2012 Gartner, Gartner Says Consumerization Will Drive At Least Four Mobile Management Styles, November 2011 Gartner, Magic Quadrant for Mobile Device Management, May

25 RESOURCES ISACA BYOD audit/assurance program ISACA esymposium BYOD Opportunities and Risks Securing Mobile Devices and Remote Access Technology in your Enterprise ISACA Mobile Computing Security Audit/Assurance Program (Oct 2010) ISACA Securing mobile devices using COBIT 5 for information security 49 RESOURCES ISACA Securing Mobile Devices White Paper Marble Security National Institute of Standards and Technology, Special Publication Revision 1 (Draft), Guidelines for Managing and Securing Mobile Devices in the Enterprise, July 2012 National Institute of Standards and Technology, Special Publication , Guidelines on Security and Privacy in Public Cloud Computing, December

26 RESOURCES NIST Special Publication : Guidelines on Cell Phone and PDA Security SANS Mobile Device Security Checklist 51 26

A framework for auditing mobile devices

A framework for auditing mobile devices A framework for auditing mobile devices Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. 2010 Baker Tilly Virchow Krause, LLP

More information

03/06/2014. Bring Your Own Device: A Framework for Audit. Acknowledgement

03/06/2014. Bring Your Own Device: A Framework for Audit. Acknowledgement Bring Your Own Device: A Framework for Audit Emily A Knopp, CPA, CISA Audit Director Angelo State University, Member of Texas Tech University System March 6, 2014 Texas Association of College of University

More information

Mobile Device Security and Audit

Mobile Device Security and Audit Mobile Device Security and Audit ISACA Chapter Meeting February 2012 Alex Stamps Manager Security & Privacy Services Deloitte & Touche LLP astamps@deloitte.com Session Objectives Define mobile devices

More information

Bring Your Own Device: A Framework for Audit

Bring Your Own Device: A Framework for Audit Bring Your Own Device: A Framework for Audit March 6, 2013 1 Webinar Moderator Phil Hurd ACUA President 2 Your Presenters Mike Cullen, Senior Manager CISA, CISSP, CIPP/US > Leads the firm s Technology

More information

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL. Doug A. Ringler, CPA, CIA AUDITOR GENERAL DATA SECURITY USING MOBILE DEVICES PERFORMANCE AUDIT OF

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL. Doug A. Ringler, CPA, CIA AUDITOR GENERAL DATA SECURITY USING MOBILE DEVICES PERFORMANCE AUDIT OF MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT PERFORMANCE AUDIT OF DATA SECURITY USING MOBILE DEVICES DEPARTMENT OF TECHNOLOGY, MANAGEMENT, AND BUDGET January 2015 Doug A. Ringler, CPA, CIA AUDITOR

More information

Mobile Device Security Is there an app for that?

Mobile Device Security Is there an app for that? Mobile Device Security Is there an app for that? Session Objectives. The security risks associated with mobile devices. Current UC policies and guidelines designed to mitigate these risks. An approach

More information

Guideline on Safe BYOD Management

Guideline on Safe BYOD Management CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version

More information

Control Issues and Mobile Devices

Control Issues and Mobile Devices Control Issues and Mobile Devices ACC 626 Term Paper Ramandip Kaur June 27, 2014 Page Table of Contents Executive Summary...ii 1.0 Introduction... 1 2.0 Current Trends... 1 2.1 Employee Owned Devices and

More information

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY STANDARD Name Of Standard: Mobile Device Standard Domain: Security Date Issued: 09/07/2012 Date Revised:

More information

Auditing the Security and Management of Smart Devices. ISACA Dallas Meeting February 13, 2014

Auditing the Security and Management of Smart Devices. ISACA Dallas Meeting February 13, 2014 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Auditing the Security and Management of Smart Devices ISACA Dallas Meeting

More information

Mobile Device Management

Mobile Device Management 1. Introduction Mobile Device Management This document introduces security risks with mobile devices, guidelines for managing the security of mobile devices in the Enterprise, strategies for mitigating

More information

SECURITY OF HANDHELD DEVICES TAKE CONTROL OF THE MOBILE DEVICE

SECURITY OF HANDHELD DEVICES TAKE CONTROL OF THE MOBILE DEVICE SECURITY OF HANDHELD DEVICES TAKE CONTROL OF THE MOBILE DEVICE Michael CLICK TO Albek EDIT MASTER - SecureDevice SUBTITLE STYLE 2011 Driven by changing trends and increasing globalization, the needs of

More information

Chris Boykin VP of Professional Services

Chris Boykin VP of Professional Services 5/30/12 Chris Boykin VP of Professional Services Future Com! 20 years! Trusted Advisors! Best of brand partners! Brand name customers! 1000 s of solutions delivered!! 1 5/30/12 insight to the future, bringing

More information

Mobile Security: Controlling Growing Threats with Mobile Device Management

Mobile Security: Controlling Growing Threats with Mobile Device Management Mobile Security: Controlling Growing Threats with Mobile Device Management As the use of mobile devices continues to grow, so do mobile security threats. Most people use their mobile devices for both work

More information

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com {ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling

More information

THE TOP 8 MOBILE SECURITY RISKS

THE TOP 8 MOBILE SECURITY RISKS 1 THE TOP 8 MOBILE SECURITY RISKS How to Protect Your Organization Whitepaper 2 The Top 8 Mobile Security Risks: How to Protect Your Organization As enterprises mobilize business processes, more and more

More information

BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager

BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager 1 AGENDA Mobile Explosion Mobile Trends BYOD Benefits, Challenges and Threats BYOD Security BYOD Strategy

More information

CHOOSING AN MDM PLATFORM

CHOOSING AN MDM PLATFORM CHOOSING AN MDM PLATFORM Where to Start the Conversation Whitepaper 2 Choosing an MDM Platform: Where to Start the Conversation There are dozens of MDM options on the market, each claiming to do more than

More information

Hands on, field experiences with BYOD. BYOD Seminar

Hands on, field experiences with BYOD. BYOD Seminar Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl

More information

Mobile Security: The good, the bad, the way forward

Mobile Security: The good, the bad, the way forward Mobile Security: The good, the bad, the way forward Get the most out of HP s Mobility Protection Services Jan De Clercq, Felix Martin, HP TC, December, 2013 Today s Presenter Name Jan De Clercq Title &

More information

Choosing an MDM Platform

Choosing an MDM Platform Whitepaper Choosing an MDM Platform Where to Start the Conversation 2 Choosing an MDM Platform: Where to Start the Conversation There are dozens of MDM options on the market, each claiming to do more than

More information

5 Considerations for a Successful BYOD Strategy Vincent Vanbiervliet

5 Considerations for a Successful BYOD Strategy Vincent Vanbiervliet 5 Considerations for a Successful BYOD Strategy Vincent Vanbiervliet Sr. Sales Engineer 1 What we ll talk about What is BYOD? Mobile Revolution, the Post PC era? BYOD: What to consider 1. Users 2. Devices

More information

Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice

Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice Agenda Learning objectives for this session Fundamentals of Mobile device use and correlation to HIPAA compliance HIPAA

More information

BYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012

BYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012 BYOD and Mobile Device Security Shirley Erp, CISSP CISA November 28, 2012 Session is currently being recorded, and will be available on our website at http://www.utsystem.edu/compliance/swcacademy.html.

More information

Samsung Mobile Security

Samsung Mobile Security Samsung Mobile Security offering enhanced core capabilities for enterprise mobility Samsung Enterprise Mobility Enterprise-ready Mobility management for your business Samsung Mobile Security offers enterprise

More information

Kaspersky Security 10 for Mobile Implementation Guide

Kaspersky Security 10 for Mobile Implementation Guide Kaspersky Security 10 for Mobile Implementation Guide APPLICATION VERSION: 10.0 MAINTENANCE RELEASE 1 Dear User, Thank you for choosing our product. We hope that you will find this documentation useful

More information

EndUser Protection. Peter Skondro. Sophos

EndUser Protection. Peter Skondro. Sophos EndUser Protection Peter Skondro Sophos Agenda Sophos EndUser Solutions Endpoint Usecases Sophos Mobile Solutions Mobile Usecases Endpoint Sophos EndUser Solutions EndUser Protection AV Firewall Application

More information

Why Email Encryption is Essential to the Safety of Your Business

Why Email Encryption is Essential to the Safety of Your Business Why Email Encryption is Essential to the Safety of Your Business What We ll Cover Email is Like a Postcard o The Cost of Unsecured Email 5 Steps to Implement Email Encryption o Know Your Compliance Regulations

More information

OFFICE OF AUDITS & ADVISORY SERVICES MOBILE DEVICE MANAGEMENT COUNTYWIDE AUDIT FINAL REPORT. County of San Diego Auditor and Controller

OFFICE OF AUDITS & ADVISORY SERVICES MOBILE DEVICE MANAGEMENT COUNTYWIDE AUDIT FINAL REPORT. County of San Diego Auditor and Controller County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES MOBILE DEVICE MANAGEMENT COUNTYWIDE AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Audit Manager: Lynne Prizzia, CISA,

More information

Addressing NIST and DOD Requirements for Mobile Device Management (MDM) Essential Capabilities for Secure Mobility. www.maas360.

Addressing NIST and DOD Requirements for Mobile Device Management (MDM) Essential Capabilities for Secure Mobility. www.maas360. MaaS360.com > White Paper Addressing NIST and DOD Requirements for Mobile Device Management (MDM) Essential Capabilities for Secure Mobility www.maas360.com 1 Copyright 2014 Fiberlink Communications Corporation.

More information

10 best practice suggestions for common smartphone threats

10 best practice suggestions for common smartphone threats 10 best practice suggestions for common smartphone threats Jeff R Fawcett Dell SecureWorks Security Practice Executive M Brandon Swain Dell SecureWorks Security Practice Executive When using your Bluetooth

More information

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing Driving Productivity Without Compromising Protection Brian Duckering Mobile Trend Marketing Mobile Device Explosion Paves Way for BYOD 39% 69% 340% 2,170% 2010 177M corp PCs 2015 246M corp PCs 2010 173

More information

Addressing NIST and DOD Requirements for Mobile Device Management

Addressing NIST and DOD Requirements for Mobile Device Management Addressing NIST and DOD Requirements for Mobile Device Management Whitepaper 2013 ForeScout Technologies, Inc. All rights reserved. Call Toll-Free: 1.866.377.8771 www.forescout.com Contents 1. OVERVIEW

More information

Mobile Device Usage Standards (Phones, Smart Phones, Tablets, Laptops)

Mobile Device Usage Standards (Phones, Smart Phones, Tablets, Laptops) Mobile Device Usage Standards (Phones, Smart Phones, Tablets, Laptops) 1. Purpose Banner encourages the business use of Mobile Devices by employees as productivity enhancement tools. The purpose of this

More information

Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University

Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1 Awareness of BYOD Security Concerns Benjamin Tillett-Wakeley East Carolina University AWARENESS OF BYOD SECURITY CONCERNS 2 Abstract This paper will

More information

Kaspersky Security for Mobile Administrator's Guide

Kaspersky Security for Mobile Administrator's Guide Kaspersky Security for Mobile Administrator's Guide APPLICATION VERSION: 10.0 SERVICE PACK 1 Dear User, Thank you for choosing our product. We hope that you will find this documentation useful and that

More information

5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES

5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES White paper 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES PROTECTING PHI ON PORTABLE DEVICES 2016 SecurityMetrics 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES 1 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES PROTECTING

More information

Mobile Security Checklist. An Easy, Achievable Plan for Security and Compliance

Mobile Security Checklist. An Easy, Achievable Plan for Security and Compliance Mobile Security Checklist An Easy, Achievable Plan for Security and Compliance Introduction Are mobile devices the weak link in your security defenses? Today, organizations are pouring millions of dollars

More information

If you can't beat them - secure them

If you can't beat them - secure them If you can't beat them - secure them v1.0 October 2012 Accenture, its logo, and High Performance delivered are trademarks of Accenture. Preface: Mobile adoption New apps deployed in the cloud Allow access

More information

Dell s Five Best Practices for Maximizing Mobility Benefits while Maintaining Compliance with Data Security and Privacy Regulations

Dell s Five Best Practices for Maximizing Mobility Benefits while Maintaining Compliance with Data Security and Privacy Regulations Dell s Five Best Practices for Maximizing Mobility Benefits while Maintaining Compliance with Data Security and Privacy Regulations Inside ü Tips for deploying or expanding BYOD programs while remaining

More information

Jim Donaldson, M.S., MPA, CHC, CIPP/US, CISSP. Director of Compliance, Chief Privacy and Information Security Officer. Pensacola, Florida

Jim Donaldson, M.S., MPA, CHC, CIPP/US, CISSP. Director of Compliance, Chief Privacy and Information Security Officer. Pensacola, Florida 2015 SCCE Compliance & Ethics Institute Wednesday, October 7, 2015 (10:00 11:45) Session W14 Bring Your Own Device(BYOD) They are here and they are not going away. Understanding the benefits, risks, and

More information

Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD

Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD STRATEGY ANALYTICS INSIGHT October 2012 Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD By Mark Levitt, Analyst/Director at Strategy Analytics BYOD

More information

Secure Your Mobile Workplace

Secure Your Mobile Workplace Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in

More information

Device Independence - BYOD -

Device Independence - BYOD - Charting Our Future Device Independence - BYOD - BYOD: Bring your own device to work day What is BYOD? BYOD (Bring Your Own Device) As distinguished from BYOC (Bring Your Own Computer); or BYOT (Bring

More information

MOBILE DEVICE MANAGEMENT (MDM)

MOBILE DEVICE MANAGEMENT (MDM) PRODUCT DESCRIPTION Product Number: 0.0.0 MOBILE DEVICE MANAGEMENT (MDM) Effective Date: Month 00, 0000 Revision Date: Month 00, 0000 Version: 0.0.0 Product Owner: Product Owner s Name Product Manager:

More information

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and

More information

Mobile First Government

Mobile First Government Mobile First Government An analysis of NIST and DISA requirements for the adoption of commercially available mobility platforms by government agencies August 2013 415 East Middlefield Road Mountain View,

More information

The BYOD Challenge. Noel A. Nazario Senior Manager, Ernst & Young. ISACA NCAC Emerging Technology Conference 20 November 2012

The BYOD Challenge. Noel A. Nazario Senior Manager, Ernst & Young. ISACA NCAC Emerging Technology Conference 20 November 2012 The BYOD Challenge Noel A. Nazario Senior Manager, Ernst & Young ISACA NCAC Emerging Technology Conference 20 November 2012 Disclaimer The methods and approaches discussed are intellectual property of

More information

My CEO wants an ipad now what? Mobile Security for the Enterprise

My CEO wants an ipad now what? Mobile Security for the Enterprise My CEO wants an ipad now what? Mobile Security for the Enterprise Agenda Introductions Emerging Mobile Trends Mobile Risk Landscape Response Framework Closing Thoughts 2 Introductions Amandeep Lamba Manager

More information

Bring Your Own Device Policy

Bring Your Own Device Policy Bring Your Own Device Policy Purpose of this Document This document describes acceptable use pertaining to using your own device whilst accessing University systems and services. This document will be

More information

Embracing Complete BYOD Security with MDM and NAC

Embracing Complete BYOD Security with MDM and NAC Embracing Complete BYOD Security with MDM and NAC Clint Adams, CISSP, Director, Mobility Solutions Keith Glynn, CISSP, Sr. Technical Solutions Engineer August 22, 2013 Today s Speakers Clint Adams, CISSP

More information

Mobile Security & BYOD Policy

Mobile Security & BYOD Policy Mobile Security & BYOD Policy Sarkis Daglian Assistant Manager, Desktop Support Office of Information Technology Isaac Straley UCI Information Security Officer Office of Information Technology Speakers

More information

BYOD and Mobile Device Dependency

BYOD and Mobile Device Dependency BYOD and Mobile Device Dependency Thursday, November 8, 2012 Brian Thomas, CISA, CISSP & Shohn Trojacek, CISSP Brian Thomas, CISA, CISSP Partner, IT Advisory Services at Weaver Provides security, IT audit

More information

BYOD THE SMALL BUSINESS GUIDE TO BRING YOUR OWN DEVICE

BYOD THE SMALL BUSINESS GUIDE TO BRING YOUR OWN DEVICE BYOD THE SMALL BUSINESS GUIDE TO BRING YOUR OWN DEVICE INTRODUCTION The technological revolution has made us dependent on our mobile devices, whether we re at home, in the office, on the go or anywhere

More information

Symantec Mobile Management Suite

Symantec Mobile Management Suite Symantec Mobile Management Suite One Solution For All Enterprise Mobility Needs Data Sheet: Mobile Security and Management Introduction Most enterprises have multiple mobile initiatives spread across the

More information

Top Ten Technology Risks Facing Colleges and Universities

Top Ten Technology Risks Facing Colleges and Universities Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology

More information

Mobility Challenges & Trends The Financial Services Point Of View

Mobility Challenges & Trends The Financial Services Point Of View Mobility Challenges & Trends The Financial Services Point Of View Nikos Theodosiou Cloud Computing Solutions Presales/Marketing Engineer The New World Agenda The Mobile World The Challenges The Solutions

More information

Mobile Device as a Platform for Assured Identity for the Federal Workforce

Mobile Device as a Platform for Assured Identity for the Federal Workforce Mobile Device as a Platform for Assured Identity for the Federal Workforce Dr. Sarbari Gupta President and CEO, Electrosoft U.S. Army Information Technology Agency (ITA) Security Forum Fort Belvoir Electrosoft

More information

Mobile Device Security and Privacy. Discussion - Planning Considerations for a Successful Mobile Device Program

Mobile Device Security and Privacy. Discussion - Planning Considerations for a Successful Mobile Device Program Mobile Device Security and Privacy Discussion - Planning Considerations for a Successful Mobile Device Program August 2012 Discussion Topics Mobile Device Definition and Characteristics Mobile Device Access

More information

Cyber Self Assessment

Cyber Self Assessment Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have

More information

North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP

North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP Mobile Device Management Risky Business in Healthcare North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP Agenda HIPAA/HITECH & Mobile Devices Breaches Federal

More information

Data Security on the Move. Mark Bloemsma, Sr. Sales Engineer Websense

Data Security on the Move. Mark Bloemsma, Sr. Sales Engineer Websense Data Security on the Move Mark Bloemsma, Sr. Sales Engineer Websense Consumerization of IT Fast & disruptive Enables business Increases productivity It s Mine! THE MOBILE ENTERPRISE. TYPES OF DEVICES METHODS

More information

Mobile Device Management. Andrius Šaveiko andrius.saveiko@atea.lt

Mobile Device Management. Andrius Šaveiko andrius.saveiko@atea.lt Mobile Device Management Andrius Šaveiko andrius.saveiko@atea.lt Content Mobile Device Management (MDM) where to start? Situation on MDM market MDM solutions very similar, but very different ios, Android,

More information

Kaspersky Security for Mobile

Kaspersky Security for Mobile Kaspersky Security for Mobile See. Control. Protect. MOVING TARGETS Mobile devices play a key role in connectivity and productivity. But they also introduce new risks to the business: in the past 12 months

More information

Readiness Assessments: Vital to Secure Mobility

Readiness Assessments: Vital to Secure Mobility White Paper Readiness Assessments: Vital to Secure Mobility What You Will Learn Mobile devices have been proven to increase employee productivity and job satisfaction, but can also pose significant threats

More information

Overview of the HIPAA Security Rule

Overview of the HIPAA Security Rule Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this

More information

Secure Mobile Solutions

Secure Mobile Solutions Secure Mobile Solutions Manage workloads securely on the move sevices@softbox.co.uk 01347 812100 www.softbox.co.uk Contents Secure Mobile Solutions Key Features and Benefits Integration and Management

More information

Symantec Mobile Management 7.1

Symantec Mobile Management 7.1 Scalable, secure, and integrated device management for healthcare Data Sheet: Industry Perspectives Healthcare Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any

More information

Security and Compliance challenges in Mobile environment

Security and Compliance challenges in Mobile environment Security and Compliance challenges in Mobile environment Emerging Technologies November 19, 2013 Bob Bastani Introductions Bob Bastani, Security & Compliance Program Manager, IBM, 301-803-6078, bbastani@us.ibm.com

More information

State of Mobility Survey. France Results

State of Mobility Survey. France Results State of Mobility Survey France Results Methodology Survey performed by Applied Research 6,275 global organizations 43 countries NAM 2 LAM 14 EMEA 13 APJ 14 SMBs: Individuals in charge of computers Enterprises:

More information

The Workplace of the Future and Mobile Device Risk ISACA Pittsburgh. May 20 th, 2013

The Workplace of the Future and Mobile Device Risk ISACA Pittsburgh. May 20 th, 2013 The Workplace of the Future and Mobile Device Risk ISACA Pittsburgh May 20 th, 2013 Companies are leveraging mobile computing today Three major consumption models: 1. Improving productivity Improving employee

More information

Symantec Mobile Management 7.2

Symantec Mobile Management 7.2 Scalable, secure, and integrated device management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any previous technology

More information

ADDING STRONGER AUTHENTICATION for VPN Access Control

ADDING STRONGER AUTHENTICATION for VPN Access Control ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1 ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows

More information

The Challenges of Implementing a Bring Your Own Device Policy

The Challenges of Implementing a Bring Your Own Device Policy BYOD The Challenges of Implementing a Bring Your Own Device Policy MARK HARRIS, Ph.D. KAREN PATTEN, Ph.D. UNIVERSITY OF SOUTH CAROLINA SC-GMIS NETWORK & TELECOM WORKSHOP SALUDA SHOALS RIVER CENTER OCTOBER

More information

Setting BYOD Policy: A New Partnership for IT and HR

Setting BYOD Policy: A New Partnership for IT and HR Introduction As the line between office and home life continues to blur, employees increasingly rely on their own smartphones, tablets, and laptop computers for work-related tasks. Today, more than 70

More information

Enterprise mobility trends 2015 and beyond

Enterprise mobility trends 2015 and beyond Sponsored by >> Whitepaper Enterprise mobility trends 2015 and beyond How to best manage mobile in the workplace and deal with challenges from current and emerging technologies FEBRUARY 2015 resources

More information

Protect Your Enterprise by Securing All Entry and Exit Points

Protect Your Enterprise by Securing All Entry and Exit Points SAP White Paper Enterprise Mobility Protect Your Enterprise by Securing All Entry and Exit Points How Enterprise Mobility Management Addresses Modern-Day Security Challenges Table of Contents 4 Points

More information

THEODORA TITONIS VERACODE Vice President Mobile

THEODORA TITONIS VERACODE Vice President Mobile THEODORA TITONIS VERACODE Vice President Mobile MOBILE SECURITY Increasing Threat MOBILE RISK 64% 34% 47% Companies with no BYOD policy. 3 Companies with no app security program. 4 614% Nearly half of

More information

Embracing BYOD. Without Compromising Security or Compliance. Sheldon Hebert SVP Enterprise Accounts, Fixmo. Sheldon.Hebert@fixmo.

Embracing BYOD. Without Compromising Security or Compliance. Sheldon Hebert SVP Enterprise Accounts, Fixmo. Sheldon.Hebert@fixmo. Embracing BYOD Without Compromising Security or Compliance The Mobile Risk Management Company Sheldon Hebert SVP Enterprise Accounts, Fixmo Sheldon.Hebert@fixmo.com New Realities of Enterprise Mobility

More information

Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them?

Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them? Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com Smartphones and BYOD: what are the risks and how do you manage them? Tablets on the rise 2 Diverse 3 The Changing Mobile World Powerful devices

More information

trends and audit considerations

trends and audit considerations Bring your own device (BYOD) trends and audit considerations SIFMA IT audit session 4 October 2012 Disclaimer Ernst & Young refers to the global organization of member firms of Ernst & Young Global Limited,

More information

Conducting a Risk Assessment for Mobile Devices

Conducting a Risk Assessment for Mobile Devices Conducting a Assessment for Mobile Devices May 9, 2012 David Frei Director, Digital/Information Security Specialist The Changing Environment Today s Discussion Available Industry Assessment Models Unique

More information

Simplifying the Challenges of Mobile Device Security Three Steps to Reduce Mobile Device Security Risks

Simplifying the Challenges of Mobile Device Security Three Steps to Reduce Mobile Device Security Risks Smartphones and tablets are invading the workplace along with the security risks they bring with them. Every day these devices go unchecked by standard vulnerability management processes, even as malware

More information

Mobile Security BYOD and Consumer Apps

Mobile Security BYOD and Consumer Apps Mobile Security BYOD and Consumer Apps Adam Shnider, Managing Director, Coalfire October 16, 2012 Agenda I. The Mobile World - Trends I. Mobile devices - threats and risks I. BYOD Security Top Five I.

More information

BYOD: End-to-End Security

BYOD: End-to-End Security BYOD: End-to-End Security Alen Lo MBA(CUHK), BSc(HKU), CISA, CCP, CISSP, CISM, CEH IRCA Certified ISMS Lead Auditor, itsmf ISO 20000 Auditor Principal Consultant i-totalsecurity Consulting Limited alenlo@n2nsecurity.com

More information

Mobile security and your EMR. Presented by: Shawn Tester & Allen Cornwall

Mobile security and your EMR. Presented by: Shawn Tester & Allen Cornwall Mobile security and your EMR Presented by: Shawn Tester & Allen Cornwall Date: October 14, 2011 Overview General Security Challenges & best practices Mobile EMR interfaces - EMR Access - Today & Future

More information

Rx for mthreats in Today s Healthcare Institutions. Daniel W. Berger, President and CEO, Redspin, Inc. P: 805.576.7158 E: dberger@redspin.

Rx for mthreats in Today s Healthcare Institutions. Daniel W. Berger, President and CEO, Redspin, Inc. P: 805.576.7158 E: dberger@redspin. Rx for mthreats in Today s Healthcare Institutions Daniel W. Berger, President and CEO, Redspin, Inc. P: 805.576.7158 E: dberger@redspin.com Meaningful Healthcare IT Security Technical Expertise Penetration

More information

Enterprise Content Sharing: A Data Security Checklist. Whitepaper Enterprise Content Sharing: A Data Security Checklist

Enterprise Content Sharing: A Data Security Checklist. Whitepaper Enterprise Content Sharing: A Data Security Checklist Enterprise Content Sharing: A Data Security Checklist Executive Summary Secure file sharing, syncing, and productivity solutions enable mobile workers secure whenever, wherever access to files from any

More information

Top. Enterprise Reasons to Select kiteworks by Accellion

Top. Enterprise Reasons to Select kiteworks by Accellion Top 10 Enterprise Reasons to Select kiteworks by Accellion Top 10 Enterprise Reasons to Select kiteworks Accellion enables enterprise organizations to enhance business productivity, while ensuring data

More information

Achieving Multi-Platform Support in the BYOD Era. Presented by: Kaushik Srinivas and Josh Lambert

Achieving Multi-Platform Support in the BYOD Era. Presented by: Kaushik Srinivas and Josh Lambert Achieving Multi-Platform Support in the BYOD Era Presented by: Kaushik Srinivas and Josh Lambert Agenda Impact of mobile within the workplace Key bring your own device (BYOD) platforms Future trends in

More information

Mobile Devices in Healthcare: Managing Risk. June 2012

Mobile Devices in Healthcare: Managing Risk. June 2012 Mobile Devices in Healthcare: Managing Risk June 2012 1 Table of Contents Introduction 3 Mobile Device Risks 4 Managing Risks and Complexities 5 Emerging Solutions 7 Conclusion 7 References 8 About the

More information

BYOD in the Enterprise

BYOD in the Enterprise BYOD in the Enterprise MDM. The solution to BYOD? Context Information Security whitepapers@contextis.co.uk October 2013 Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) 207 537 7515

More information

Multi-OS Enterprise Mobility Management. Perfectly balancing end-user and corporate needs

Multi-OS Enterprise Mobility Management. Perfectly balancing end-user and corporate needs B U I L T T 0 K E E P Y O U R B U S I N E S S M O V I N G Multi-OS Enterprise Mobility Management Perfectly balancing end-user and corporate needs Enterprise mobility enables organizations to transform

More information

Agenda. BYOD, Texting & Social Media How to Keep BYODFrom Becoming OMG! Introduction: Summit Security Group 2/3/2014

Agenda. BYOD, Texting & Social Media How to Keep BYODFrom Becoming OMG! Introduction: Summit Security Group 2/3/2014 BYOD, Texting & Social Media How to Keep BYODFrom Becoming OMG! Daniel M. Briley, CISSP, CIPP Managing Director Summit Security Group Agenda Introduction BYOD Defined Trends By the Numbers Common Risks

More information

HIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY

HIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY GOLD EMM SUBSCRIPTIONS Experience the most secure mobility management solution with BES12 and Gold Enterprise Mobility Management (EMM) subscriptions. HIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY

More information

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]

More information

Mobile Banking and Bring Your Own Device

Mobile Banking and Bring Your Own Device 2013 CliftonLarsonAllen LLP Mobile Banking and Bring Your Own Device Cyber Security Strategies for Information Technology Risk Management cliftonlarsonallen.com Our perspective CliftonLarsonAllen Started

More information

Empowering BYOD and Mobile Security in the Enterprise. Jeff Baum, APAC Managing Director

Empowering BYOD and Mobile Security in the Enterprise. Jeff Baum, APAC Managing Director Empowering BYOD and Mobile Security in the Enterprise Jeff Baum, APAC Managing Director Growth of Mobile Mobile worker population will reach 1.3 Billion in 2015 Source: IDC Worldwide Mobile Worker Population

More information

Setting BYOD Policy: A New Partnership for IT and HR

Setting BYOD Policy: A New Partnership for IT and HR Introduction As the line between office and home life continues to blur, employees increasingly rely on their own smartphones, tablets, and laptop computers for work-related tasks. Today, more than 70

More information