Haciendo Inteligente mi movilidad. Ing. Miguel Angel Aranguren Romero CISA, CISM, CGEIT, CRISC Cobit Foundations Certificate
|
|
- Valentine Melton
- 8 years ago
- Views:
Transcription
1 Haciendo Inteligente mi movilidad Ing. Miguel Angel Aranguren Romero CISA, CISM, CGEIT, CRISC Cobit Foundations Certificate CISSP, OSCP ITIL v3 Foundations Certificate
2 Introduccion
3 The planet is getting more Instrumented, Interconnected, and Intelligent 250 million 90% 1 trillion Almost 250 million Smartphones were sold world wide in 2010, surpassing laptop sales. Nearly 90% of innovation in automobiles is related Soon, there will be 1 trillion connected devices in the world, constituting an internet of things. to software and 3 electronics systems.
4 Mobile Threat is Real
5 The use of smartphones, either company liable or employee liable, for business is being quickly adopted by corporate (M) Worldwide Business Use Smartphone Shipments, CAGR = 24.9% Sources: Worldwide Business Use Smartphone Forecast and Analysis, IDC, September Blackberry was the primary mobile device used in the enterprise, but availability of smartphones with consumer appeal (ios and Android) is changing the game. Employees are asking organizations for support for a variety of mobile devices, including those owned by individuals. Improvement in hardware performance, feature set, and network bandwidth are expanding use cases beyond . Benefits to enterprise Increased employee productivity Improved client service Reduced cost on device ownership and communication plan (for employee owned devices)
6 Las bondades de la tecnologia movil
7 Mobility solutions enable organizations to improve information access, enhance productivity and provide better client service Mobile devices bring enterprises Requirements great benefits: Allow employees to access business information anywhere, anytime Improve worker effectiveness and productivity through better connectivity Provide mobile work locations for employees Increase business communication and collaboration Improve responsiveness to clients needs Reduce telecommunication and network ownership costs 7
8 Las dificultades d en la implementacion efectiva y el control
9 Mobile devices used by workforce is a top concern of IT executives due to the challenges with device management and security Select five of the top challenges you will face over the next six months. Sources: Executive Spotlight: Top Priorities for Security and Risk Leaders, 1H 2011 Forrester, April 2011 Support for a variety of mobile device platforms, most of which have immature security functionality. Balance between non ownership of the devices and control on the devices that is needed to protect business data Mobile devices are prone to loss and theft, thus are becoming the weakest link in the path of storing/processing business data. No effective process to certify and provision mobile applications Mix of business and personal information on the same device Mobile devices are always on and connected, so are more vulnerable to network attacks. Malware threats are becoming more prevalent.
10 Mobile Security Threat Landscape Malware Malware existed in various forms (viruses, worms, Trojans, spyware) has been constantly increasing. A study of SANS.org estimated a 12% infection rate. No platform is immune. Symbian and WinMo holds lion s share of malware with Android leading new malware development Malware threats, WW, Lossand Theft A survey of consumer users found that one out of every three users has ever lost a mobile device. Approximately 2 million smartphones were stolen in the U.S. in Over 56,000 mobile devices were left in the back seats of the city of London taxi cabs during the 6 month period between 2008 and The major benefits of mobile devices (size and portability) unfortunately come with the big risk of losing sensitive data that has to be accepted but can be mitigated. Communication Bluetooth is a main exploited vector because a device in a discoverable mode can be easily discovered and lured to accept a malicious connection request. Man in the middle attacks have been demonstrated to u e ab t es. be possible with several platforms using Wi Fi links. Published Reported 3GS encryption weakness techniques to jailbreak or Phishing or pharming attacks can leverage multiple channels: , SMS, MSS, and voice root mobile devices allow 10 OS vulnerability based attacks Mobile OS vulnerabilities increased significantly in Exploits of vulnerabilities are also on the rise. Always on and connected, mobile device is a prime target for hit and run network based attacks and exploiting zero day vulnerabilities. hackers to get administrative access
11 Mobile device malware is a frequently mentioned topic on media RIM Warns Update Has Spyware html Dark Side Arises for Phone Apps html?m od=wsj_hps_middleforthnews SANS study: One in five mobile devices running malware one in five mobile devices runningmalware
12 Smartphones cause the most security concerns among IT executives, as 44% of users purchase their own devices How concerned is your firm about the level of security or IT risk in adopting the following technologies or technology initiatives? Which of the following statements describes the primary smartphone you use for work? Growth in number of known malware modifications ( ) Sources: Understanding Information Worker Smartphone Usage, Forrester, November 2009 and Kapersky Lab
13 Perspectiva de auditoria y seguridad
14 Enterprises must have a clear strategy to securely incorporate mobile devices to the business environment Who will be responsible for mobile security management? Current IT security team responsible for desktop/laptop management and security (advantages: use of the same admin/support structure, applicability of similar concepts) Outsourcing to a managed service provider (advantages: leverage industry level mobile security expertise, cost reduction) What platforms are to be supported? Blackberry, Windows Mobile, Symbian, ios, Andriod, What business data will be allowed to be stored and processed on the devices? / contact / calendar only Business applications (e.g., corporate applications for CRM) Full intranet access Extending best practices for desktop/laptop to mobile devices Registration and inventory of devices Efficient install/configure of security applications on devices Automatic update of security patches, polices, and settings Reporting of enforcement status Employee education
15 With proliferation of mobile devices, applications, and vulnerabilities, hackers are switching their focus to mobile Malware threats, WW, Total Mobile Operating System Vulnerabilities, The first well known malware, Cabir, appeared in After that, malware existed in various forms (viruses, worms, Trojans, spyware) has been constantly increasing during the past few years. No platform is immune. Symbian and Windows Mobile holds lion s share of malware with Android leading new malware development due to its popularity and open software distribution. Malware spreads through multiple channels used by mobile devices: 3G/4G, Wi Fi, Bluetooth, wired connection to PC. Mobile OS vulnerabilities increased significantly in Exploits of vulnerabilities are also on the rise. Many earlier vulnerabilities shared software components used by both mobile devices and desktops, but there are now exploits designed to function on various mobile platforms. Mobile devices represent opportunities for sophisticated, targeted attacks today. With more financial transactions performed on mobile devices, an associated increase in malware attacks is expected. Source: IBM X Force 2010 Trend and Risk Report, IBM Security Solutions, Source: Mobile Device Security, ABI Research, 1Q March
16 Threats can occur in various places along the paths that mobile devices traverse to get applications or data Wi Fi device App Store Mobile device Telco service provider Interne t Web site Threat targets Credentials to access financial accounts (Bluetooth enabled) Mobile device Mobile device Corporate VPN Gateway Corporate intranet Business information Phone call charges Device itself : The place where threats can happen
17 The Loss and Theft threat Threat Mobile device is lost due to carelessness or is stolen by a theft. Data on the device may also be lost when the device is lost (note the data often has a larger value than the device itself). Minutes from the wireless plan may be used or additional phone call charges may incur. Examples: Approximately 2 million smartphones were stolen in the U.S. in Over 56,000 mobile devices were left in the back seats of the city of London taxi cabs during the 6 month period between 2008 and Vulnerability The two major benefits of mobile devices, small size and high portability, unfortunately are also the major reasons they are easily lost or stolen. The frequent use of mobile devices (comparedto other carry on items such as keys) is another reason of high loss possibility. Access to device is not protected by a password. Phone calls can be placed by anyone possessing the phone. Data on the device is not appropriately protected.
18 Counter the Loss and Theft threat Methodology Protect the device fromunauthorized use. Make the device useless once it is lost or stolen. Remove the data on the device. Techniques Use a strong password to access the device. Use GPS to locate the device. Lock the device remotely. Wipe data on the device remotely (if available, backup data first and restore data later). Keep important data on the device encrypted and protected with password. De activate the phone number or wireless service temporarily.
19 Threat Malwareexist exist in severalforms: The Malware threat Virus / Worms: a self replication software that can spread quickly from device to device through app download, , Bluetooth, MMS, etc. Examples: Cabir, Commonwarrior, Locknut, Frontal. Trojan Horse: an application that appear to a valid program but contains code to make unknown use of the device. Example: Rebbrowser. Spyware: an application hides itself to monitor the activities on the device such as SMS, , phone calls. Example: Flexispy, Acllano, Mopofeli Malware could cause loss of personal or confidential data, additional service charge (e.g. by sending premium SMS), and even worse, making device unusable. Vulnerability Manymobile platforms are not designed to be secure. OSsecurity holes are continuously discovered. The current extremely open mobile software distribution mechanism and the lack of capabilities to perform code review from platform vendors give hackers a heaven to create and spread malware. When downloading an application, most users do not pay attention to what parts of the device the application will have access to. Applications can get more privileges than it needs to. Many users open /mss attachments without caution. 19
20 Counter the Malware threat Methodology Download applications only from trusted sources. Identify malware once it comes into the device and remove it before it causes any damage. Stop spreading malware. Techniques Get all business applications certified and only install and run certified applications. Do not open unknown attachment/files. Run anti malware software to detect malware in real time and scan the entire device periodically. Be knowledgeable about the malware being spread and remove the applications that are suspicious to contain malware. Employee devices are checked against company s anti malware policies before being allowed to access corporate network. 20
21 Threat The Spam threat A unsolicited text message sent to a mobile device from a known or unknown phone number, usually for a commercial advertisement purpose. Spam can take the forms of IM, SMS, MMS, , or phone calls. Some scary facts: There are4 million spamtext messagesgenerated generated every day. In 2010, 30% of text messages in AP are spam. Unlike in the case of , a recipient may be charged for each text message received, so spam is not only annoying but costs money. Wireless service providers also waste a significant ifi amount of bandwidth idthtransmitting spam. Vulnerability Extensive use of text messages on mobile devices helps grows the volume of spam. A wireless plan including unlimited text messages encourages a spammer. Spam can be sent to any random number or numbers from any online yellow book (unlike for , a correct address must be used). There is no centralized entity to filter out spam. It is not always easy to tell spam from a normal text message. 21
22 Counter the Spam threat Methodology Restrict the capability of text messaging. Protect your phone number from being used by a spammer. Block a spam text message. Techniques Wireless service provider imposes limits on the number of text messages that can be sent out within a short period of time. Use an alias address rather than using the mobile phone number as a text message address. Only messages sent to the alias are delivered; messages sent to the phone number are discarded. Use anti spam feature on the device to define a blacklist to block spam messages. In an corporate environment, spam can be filtered by the corporate mail server. Report spam to the wireless service provider. 22
23 Threat The Phishing threat Phishing is an or an SMS text message (SMiShing) sent from a fraudster to trick a user to access a faked web site, send a text message, or make a phone call to reveal personal information (e.g., SSN) or financial information (e.g., bank account id/pwd, credit card number). Examples: Dear customer, we are conducting annual account verification. Please logon to your account at Bank of xxx, N.A. to verify your account within 7 days. Otherwise your account will be temporarily locked. Thank you. Text: Congratulations! You have got a big prize. Please call xxx xxxx immediately to claim your award. Phishing can cause serious financial loss. Vulnerability Many users do not verify the source of the or text message, and tend to immediately click on a web link included in an /text. The small screen size of mobile devices make some protection features used on PC (web address bars, green warning light, etc.) not available for mobile devices. URLs may not show full domain names on mobile devices. Most web sites do not use site authentication techniques to prove their authenticity to users. 23
24 Counter the Phishing threat Methodology Block a phishing or text message. Enable a user to recognize a fraudent web site or phone number. Make stolen account information (id/pwd) useless to the fraudster. Techniques Use anti spam feature to block an or text message coming from an unknown source. Do not ever click on an URL contained in an or text message. Instead, start the browser and enter the URL directly to access the web site. Financial institutes should use site authentication techniques to let users know they are communicating with a genuine web site. Usetwo factor authentication to authenticate users. Even if a user ss id/pwd is stolen, a fraudster won t be able to log on without a 2 nd authentication factor (OTP, device characteristics, biometrics, etc.). Once you know you have entered your id/pwd on a phishing site, log on to the genuine site and change your password immediately. Report the phishing site to the company that owns the genuine web site. 24
25 Threat The Bluetooth & Wi Fi threat Bluetoothand Wi FI are not threats themselves but very effective communication channels/mechanisms to increase the connectivity of mobile devices within a certain range. However, Bluetooth and Wi Fi can be easily exploited to infect a mobile device with malware or compromize the data transmitted. A mobile device may be lured to accept a Bluetooth connection request from another infected/malicious device. A hacker can use his laptop/server to pretend to be a valid Wi Fi hot spot to be connected by mobile devices so a Man in the Middle attack can be played to intercept and compromize all the data sent from/to the devices. Examples of Bluebooth based security attacks: BlueJacking, BlueBugging, Bluetooth DoS attacks. Vulnerability Many users leave their mobile devices in a discoverable mode, allowing other Bluetooth enabled devices to find them and make connections. A user often accepts a connection request without any trust relationship established with the other communicating device. A user tries to connect to a Wi Fi network available in a public area without knowledge of its genuineness. 25
26 Counter the Bluetooth & Wi Fi threat Methodology Do not expose your mobile device to other (infected/malicious) devices. Accept a connection request with some degree of trust established first. Block uninvited connections. Techniques Do not auto connect to any Bluetooth device or Wi Fi network. Switch the device s Bluetooth to a non discoverable mode to disable other Bluetooth connections entirely, especially in a public place. Define trusted devices that can exchange data without asking for permissions. Be alert to the Wi Fi hot spot that your mobile device is trying to connect to or turn off the Wi Fi capability in a public space. Run a firewall to filter incoming connection requests from unknown devices. Do not transmit personal information or business critical information over a untrusted Wi Fi network. 26
27 Mejores Practicas
28 Choosing the right mobile security solution that can sustain changes of device technology, use cases, and threat landscape A client server/cloud solutionarchitecture that can effectively support platform and feature expansion A server or cloud service controls and manages policies and settings for various security features. The server is fully independent of the mobile platforms and provides easy to use admin interface. The client installed on the device communicates with the server/cloud to obtain policies and execute functions locally. Some security functions or data may even be offloaded to the server/cloud. The client should be built so it can be easily ported to a new platform. Each platform provides some security features. The client should either ih leverage the platform specific functions (wherever available) or include platform agnostic capabilities. Ideally all the security features can be invoked from one client, so the client needs to be flexible to incorporate new capabilities to counter new threats. Features need to be easy to use and require little user intervention. Report and analysis capabilities should enable policy and regulation compliance. Efficient solution roll out and management is critical to large enterprise deployment.
29 Where there is a threat, there is a way to counter it Threat management Identity threat Analyze threat Counter threat Find out the essence of the threat (what, when, where) Best Practices Strong password Open files from known sources Download certified applications Disable Bluetooth Figure out why the threat can happen and what vulnerabilities are exploited Use technology and best practice to combat the threat t Threats Loss and Theft Malware Spam Phishing Bluetooth & Wi Fi Technology Monitor threat Evaluate the countering effectiveness Authentication Encryption Lock / wipe Malware detection Firewall Anti spam
30 Enterprises must embrace mobility to reap the benefits, but also must have a clear strategy to address mobile security requirements Extendthe the current workplace IT security control to mobile devices Corporations have worked hard over the years to develop a corporate security policy to ensure traditional end point devices (desktop, laptop) are protected from threats and vulnerabilities, and now have to extend the policy to mobile devices (smartphone, tablet). Recognize uniquecharacteristics of mobile phonesinconsidering security measures Proliferation of different Smartphone platforms (not just Windows) High portability leading to a much higher chance of loss/theft (no physical lock) No ownership/control on the devices Choose a security solution that can sustain changes of device technologies and security threats Smartdevice technologyadvances extremely quickly and new mobile security threats are evolving fast, so the chosen mobile security solution must be flexible to be compatible with growing technology and capable of incorporating new techniques to counter new threats. Education issoso important as technology Education for employees to use mobile devices in a smart and secure way is even more important because employees have bigger control on the devices and may access corporate sensitive data using unapproved applications from unsupported devices.
31 Propuesta metodologica de revision
32 Mobile security technology can help counter the threats Run anti malware software to detect malware in real time and scan the device periodically. Run a firewall to filter incoming i connection requests from unknown devices. Use ani spam to block spam messages, voice call, and . Encrypt personal or business data stored and transmitted. Locate and lock a lost/stolen device remotely. Wipe data on a lost/stolen device remotely. Periodically backup device data so restore is possible. Use site authentication and/or two factor user authentication to increase the trustworthiness between a user and a web site to prevent phishing. Manage and certify applications and remove suspicious/malicious applications automatically. Integrate mobile security technology with the corporate VPN gateway so device security posture becomes dependency for corporate resource access. Incorporate mobile security into the end point security management program of the organization
33 But mobile security best practices are equally important Install the latest platform and security patches Use a stronger password to access the device. Set up a timeout to lock the device when it is not used. Do not open or run unsolicited multimedia messages and attachments coming from unknown sources. Do not download unknown third partyapplications applications at will. Do not click on an URL contained in an or text message. Instead, start the browser and enter the URL directly to access the web site. Do not download content from dubious or unknown web sites. Disable Bluetooth when it is not used. Set Bluetooth in a undiscoverable mode. Turn off the automatic Wi FI connection, especially in a public area. Reduce the amount of confidential or business data stored on the mobile device.
34 Propuesta metodologica SSL VPN for Mobile Antivirus Firewall Anti spam Lock/Wipe, Backup/Restore Advanced MDM GPS Locate Parental Controls App Control/Removal Security Event Reporting Device Registration Reporting Cloud based
35 Conclusiones y reflexiones finales
36 Conclusiones y reflexiones finales Embracing mobile devices such as smart phones or tablets in the workplace enables organizations to improve information access, enhanceemployee employee productivity, andprovide better client service, but also present significant challenges in device and security management. The security threats to mobile devices have evolved to all the threats applicable to desktops plus new ones unqiue to mobile devices due to the natures of highportability, divesity of platforms, and mixed device ownership. Organizaiton need to have a clear strategy and a capable solution to addressevolving evolving mobile security requirements..
37 GRACIAS!!! Ing. Miguel Angel Aranguren Romero CISA, CISM, CGEIT, CRISC Cobit Foundations Certificate CISSP, OSCP ITIL v3 Foundations Certificate
Securing mobile devices in the business environment
IBM Global Technology Services Thought Leadership White Paper October 2011 Securing mobile devices in the business environment By I-Lung Kao, Global Strategist, IBM Security Services 2 Securing mobile
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationDeploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite
WHITE PAPER Mobile Device Security in the Enterprise Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite Copyright 2010, Juniper Networks, Inc. Table of Contents
More informationTop tips for improved network security
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
More informationSECURING TODAY S MOBILE WORKFORCE
WHITE PAPER SECURING TODAY S MOBILE WORKFORCE Connect, Secure, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2011, Juniper Networks, Inc. Table
More informationBOYD- Empowering Users, Not Weakening Security
BOYD- Empowering Users, Not Weakening Security Table of Contents Exec summary... 3 Benefits of BYOD... 4 Threats that BYOD Harbours... 5 Malware... 5 Data Leakage... 5 Lost or Stolen Devices... 5 Public
More informationMobile Security BYOD and Consumer Apps
Mobile Security BYOD and Consumer Apps Adam Shnider, Managing Director, Coalfire October 16, 2012 Agenda I. The Mobile World - Trends I. Mobile devices - threats and risks I. BYOD Security Top Five I.
More informationPULSE SECURE FOR GOOGLE ANDROID
DATASHEET PULSE SECURE FOR GOOGLE ANDROID Product Overview In addition to enabling network and resource access for corporate managed mobile devices, many enterprises are implementing a Bring Your Own Device
More informationImplicaciones para. CISA, CISM, CGEIT, CRISC, CISSP, OSCP, Cobit FC, ITIL v3 FC
La computación en nube Implicaciones para Auditoría y Seguridad d Ing. Miguel Angel Aranguren Romero Ing. Miguel Angel Aranguren Romero CISA, CISM, CGEIT, CRISC, CISSP, OSCP, Cobit FC, ITIL v3 FC Introducción
More informationIntroduction (Contd )
Introduction In 2008, mobile devices continue to rapidly replace desktop computers. Mobile devices create easier ways to communicate and work more efficiently while away from the corporate office. In addition,
More informationBYOD: End-to-End Security
BYOD: End-to-End Security Alen Lo MBA(CUHK), BSc(HKU), CISA, CCP, CISSP, CISM, CEH IRCA Certified ISMS Lead Auditor, itsmf ISO 20000 Auditor Principal Consultant i-totalsecurity Consulting Limited alenlo@n2nsecurity.com
More informationHow To Protect Your Mobile Devices From Security Threats
Back to the Future: Securing your Unwired Enterprise By Manoj Kumar Kunta, Global Practice Leader - Security Back to the Future: Securing your Unwired Enterprise The advent of smartphones and tablets has
More informationTom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell
Tom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell Mobile Mobile Mobile Devices in the CU Environ Mobile Banking Risks and Reward Tom Schauer ü Since 1986 ü TrustCC Founded TrustCC in 2001 ü
More informationMobile Workforce. Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite.
White Paper Securing Today s Mobile Workforce Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2012, Juniper Networks, Inc. 1 Table
More information10 Quick Tips to Mobile Security
10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22
More informationKaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking
Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey
More informationRunning Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University
Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1 Awareness of BYOD Security Concerns Benjamin Tillett-Wakeley East Carolina University AWARENESS OF BYOD SECURITY CONCERNS 2 Abstract This paper will
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationBE SAFE ONLINE: Lesson Plan
BE SAFE ONLINE: Lesson Plan Overview Danger lurks online. Web access, social media, computers, tablets and smart phones expose users to the possibility of fraud and identity theft. Learn the steps to take
More informationWHITE PAPER. The CIO s guide. management
WHITE PAPER The CIO s guide to building a mobile device management strategy and how to execute on it Executive Summary The explosive growth of employee mobility is driving the rapid adoption of mobile
More informationChris Boykin VP of Professional Services
5/30/12 Chris Boykin VP of Professional Services Future Com! 20 years! Trusted Advisors! Best of brand partners! Brand name customers! 1000 s of solutions delivered!! 1 5/30/12 insight to the future, bringing
More informationKaspersky Security 10 for Mobile Implementation Guide
Kaspersky Security 10 for Mobile Implementation Guide APPLICATION VERSION: 10.0 MAINTENANCE RELEASE 1 Dear User, Thank you for choosing our product. We hope that you will find this documentation useful
More informationThe dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more
The dramatic growth in mobile device malware continues to escalate at an ever-accelerating pace. These threats continue to become more sophisticated while the barrier to entry remains low. As specific
More informationIf you can't beat them - secure them
If you can't beat them - secure them v1.0 October 2012 Accenture, its logo, and High Performance delivered are trademarks of Accenture. Preface: Mobile adoption New apps deployed in the cloud Allow access
More informationSmartphone Hacks and Attacks: A Demonstration of Current Threats to Mobile Devices
Smartphone Hacks and Attacks: A Demonstration of Current Threats to Mobile Devices Daniel V. Hoffman, CISSP, CEH, CHFI Chief Technology Officer Page 1 Global Threat Center Exploit Research and Development
More informationGuideline on Safe BYOD Management
CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version
More informationMalware & Botnets. Botnets
- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online
More informationJunos Pulse for Google Android
Junos Pulse for Google Android User Guide Release 4.0 October 2012 R1 Copyright 2012, Juniper Networks, Inc. Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks
More informationIT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA
IT TRENDS AND FUTURE CONSIDERATIONS Paul Rainbow CPA, CISA, CIA, CISSP, CTGA AGENDA BYOD Cloud Computing PCI Fraud Internet Banking Questions The Mobile Explosion Mobile traffic data in 2011 was nearly
More informationAVG AntiVirus. How does this benefit you?
AVG AntiVirus Award-winning antivirus protection detects, blocks, and removes viruses and malware from your company s PCs and servers. And like all of our cloud services, there are no license numbers to
More informationGuidelines for E-mail Account Management and Effective E-mail Usage
Guidelines for E-mail Account Management and Effective E-mail Usage October 2014 Version 1.0 Department of Electronics and Information Technology Ministry of Communications and Information Technology Government
More informationSuccessful Mobile Deployments Require Robust Security
By: Maribel D. Lopez FIRMS MUST BUILD SECURITY ENABLED MOBILITY Mobility is no longer considered a luxury within enterprise but a critical part of a networking strategy as 9irms look to increase productivity
More informationInternet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM
Internet Security Protecting Your Business Hayden Johnston & Rik Perry WYSCOM Introduction Protecting Your Network Securing Your Information Standards & Best Practices Tools & Options Into The Future Creating
More informationCourse: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems
Course: Information Security Management in e-governance Day 1 Session 5: Securing Data and Operating systems Agenda Introduction to information, data and database systems Information security risks surrounding
More information{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com
{ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling
More informationCOMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING
COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY STANDARD Name Of Standard: Mobile Device Standard Domain: Security Date Issued: 09/07/2012 Date Revised:
More information10 best practice suggestions for common smartphone threats
10 best practice suggestions for common smartphone threats Jeff R Fawcett Dell SecureWorks Security Practice Executive M Brandon Swain Dell SecureWorks Security Practice Executive When using your Bluetooth
More informationDPS HOSTED SOLUTIONS
DPS HOSTED SOLUTIONS DPS SOFTWARE 288 SOUTHBURY ROAD ENFIELD MIDDLESEX EN1 1TR DATE: OCTOBER 2009 DPS Software 2009 1 INDEX DPS HOSTED SOLUTIONS 1 INTRODUCTION 3 DPS HOSTING OVERVIEW 4 WHAT HAPPENS IF
More informationCyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014
Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Lisa D. Traina, CPA, CITP, CGMA Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and CGMA
More informationSecuring your Mobile Environment. Mark Villinski Kaspersky Lab Jeremy Clough Gorham Savings Bank
Securing your Mobile Environment Mark Villinski Kaspersky Lab Jeremy Clough Gorham Savings Bank These things are everywhere These things are everywhere These things are everywhere These things are everywhere
More informationIntroducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS.! Guyton Thorne! Sr. Manager System Engineering! guyton.thorne@kaspersky.com
Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS! Guyton Thorne! Sr. Manager System Engineering! guyton.thorne@kaspersky.com 1 Business drivers and their impact on IT AGILITY! Move fast, be nimble
More informationJunos Pulse. Uwe Nelkel Business Development Manager Junos Pulse. IBM Golf Cup, Golfclub Holledau, September 14 th 2011
Junos Pulse Uwe Nelkel Business Development Manager Junos Pulse IBM Golf Cup, Golfclub Holledau, September 14 th 2011 Legal Statement This product roadmap sets forth Juniper Networks current intention
More informationSection 12 MUST BE COMPLETED BY: 4/22
Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege
More informationEnsuring the security of your mobile business intelligence
IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive
More informationBYOD and Mobile Device Dependency
BYOD and Mobile Device Dependency Thursday, November 8, 2012 Brian Thomas, CISA, CISSP & Shohn Trojacek, CISSP Brian Thomas, CISA, CISSP Partner, IT Advisory Services at Weaver Provides security, IT audit
More informationDon t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It
WHITE PAPER: DON T LOSE THE DATA: SIX WAYS YOU MAY BE LOSING........ MOBILE....... DATA......................... Don t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It Who should
More informationBusiness Identity Fraud Prevention Checklist
Business Identity Fraud Prevention Checklist 9 Critical Things Every Business Owner Should Do Business identity thieves and fraudsters are clever and determined, and can quickly take advantage of business
More informationOnline Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange
The responsibility of safeguarding your personal information starts with you. Your information is critical and it must be protected from unauthorised disclosure, modification or destruction. Here we are
More informationWHITE PAPER THE CIO S GUIDE TO BUILDING A MOBILE DEVICE MANAGEMENT STRATEGY AND HOW TO EXECUTE ON IT
WHITE PAPER THE CIO S GUIDE TO BUILDING A MOBILE DEVICE MANAGEMENT STRATEGY AND HOW TO EXECUTE ON IT Executive Summary The explosive growth of worker mobility is driving the rapid adoption of mobile devices
More informationBuilding The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord
Building The Human Firewall Andy Sawyer, CISM, C CISO Director of Security Locke Lord Confidentiality, Integrity, Availability Benchmarks of Cybersecurity: Confidentiality Information is protected against
More informationMobility, Security Concerns, and Avoidance
By Jorge García, Technology Evaluation Centers Technology Evaluation Centers Mobile Challenges: An Overview Data drives business today, as IT managers and security executives face enormous pressure to
More informationBYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager
BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager 1 AGENDA Mobile Explosion Mobile Trends BYOD Benefits, Challenges and Threats BYOD Security BYOD Strategy
More informationITSC Training Courses Student IT Competence Programme SIIS1 Information Security
ITSC Training Courses Student IT Competence Programme SI1 2012 2013 Prof. Chan Yuen Yan, Rosanna Department of Engineering The Chinese University of Hong Kong SI1-1 Course Outline What you should know
More informationINTERNET & COMPUTER SECURITY March 20, 2010. Scoville Library. ccayne@biblio.org
INTERNET & COMPUTER SECURITY March 20, 2010 Scoville Library ccayne@biblio.org Internet: Computer Password strength Phishing Malware Email scams Identity Theft Viruses Windows updates Browser updates Backup
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationConsumerization. Managing the BYOD trend successfully. Harish Krishnan, General Manager, Wipro Mobility Solutions WWW.WIPRO.COM
Consumerization Managing the BYOD trend successfully WWW.WIPRO.COM Harish Krishnan, General Manager, Wipro Mobility Solutions Employees dictate IT Enterprises across the world are giving in to the Consumerization
More informationPROTECT YOUR COMPUTER AND YOUR PRIVACY!
PROTECT YOUR COMPUTER AND YOUR PRIVACY! Fraud comes in many shapes simple: the loss of both money protecting your computer and Take action and get peace of and sizes, but the outcome is and time. That
More informationSecurity Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
More informationInfocomm Sec rity is incomplete without U Be aware,
Infocomm Sec rity is incomplete without U Be aware, responsible secure! HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD [ 2 ] FASTEN
More informationTechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security
Enterprise Mobility - Mobile Device Security Story Context: TechnoLabs has been focusing and offers Enterprise Mobility as one of its solution offering. No can deny the fact that mobile computing can bring
More informationTutorial on Smartphone Security
Tutorial on Smartphone Security Wenliang (Kevin) Du Professor wedu@syr.edu Smartphone Usage Smartphone Applications Overview» Built-in Protections (ios and Android)» Jailbreaking and Rooting» Security
More informationTahoe Tech Group serves as your technology partner with a focus on providing cost effective and long term solutions.
Tahoe Tech Group LLC Cyber Security Briefing Truckee Donner Chamber of Commerce March 6, 2015 Tahoe Tech Group serves as your technology partner with a focus on providing cost effective and long term solutions.
More informationNetwork Security and the Small Business
Network Security and the Small Business Why network security is important for a small business Many small businesses think that they are less likely targets for security attacks as compared to large enterprises,
More informationSecuring Endpoints without a Security Expert
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Securing Endpoints without a Security Expert sponsored by Introduction to Realtime Publishers by Don Jones, Series
More informationDon t Fall Victim to Cybercrime:
Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security
More informationPC Security and Maintenance
PC Security and Maintenance by IMRAN GHANI PC Maintenance and Security-Forecast. Major sources of danger. Important steps to protect your PC. PC Security Tools. PC Maintenance Tools. Tips. PC Security-
More informationAvoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data
Avoiding Malware in Your Dental Practice 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice Like most small business owners, you must protect your dental practice s computer
More informationA Guide to MAM and Planning for BYOD Security in the Enterprise
A Guide to MAM and Planning for BYOD Bring your own device (BYOD) can pose a couple different challenges, not only the issue of dealing with security threats, but also how to handle mobile applications.
More informationOCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875
OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,
More informationWhite Paper Preventing Man in the Middle Phishing Attacks with Multi-Factor Authentication
White Paper Preventing Man in the Middle Phishing Attacks with Multi-Factor Authentication Page 1 of 8 Introduction As businesses and consumers grow increasingly reliant on the Internet for conducting
More informationMobile Device Management
1. Introduction Mobile Device Management This document introduces security risks with mobile devices, guidelines for managing the security of mobile devices in the Enterprise, strategies for mitigating
More informationCNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background:
1. Do you implement virus controls and filtering on all systems? Anti-Virus anti-virus software packages look for patterns in files or memory that indicate the possible presence of a known virus. Anti-virus
More informationSecuring end-user mobile devices in the enterprise
IBM Global Technology Services Thought Leadership White Paper January 2012 Securing end-user mobile devices in the enterprise Develop an enforceable mobile security policy and practices for safer corporate
More informationCorporate Account Takeover & Information Security Awareness. Customer Training
Corporate Account Takeover & Information Security Awareness Customer Training No computer system can provide absolute security under all conditions. NO SECURITY MEASURE OR LIST OF SECURITY MEASURES CAN
More informationCorporate Account Takeover & Information Security Awareness
Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is for information purposes
More informationWhitepaper on AuthShield Two Factor Authentication with ERP Applications
Whitepaper on AuthShield Two Factor Authentication with ERP Applications By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to account passwords... 4 2.1 Social Engineering or Password
More informationBring Your Own Device Mobile Security
Abstract Energized by the capability of consumer mobile devices employees demanded them in the workplace. Information technology organizations had neither the time nor budget to satisfy employee demands.
More informationMy CEO wants an ipad now what? Mobile Security for the Enterprise
My CEO wants an ipad now what? Mobile Security for the Enterprise Agenda Introductions Emerging Mobile Trends Mobile Risk Landscape Response Framework Closing Thoughts 2 Introductions Amandeep Lamba Manager
More informationTHE HOME LOAN SAVINGS BANK. Corporate Account Takeover & Information Security Awareness
THE HOME LOAN SAVINGS BANK Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationBasic Computer Security Part 2
Basic Computer Security Part 2 Presenter David Schaefer, MBA OCC Manager of Desktop Support Adjunct Security Instructor: Walsh College, Oakland Community College, Lawrence Technology University Welcome
More informationInformation Security Awareness
Corporate Account Takeover & Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation
More informationSecuring Corporate Email on Personal Mobile Devices
Securing Corporate Email on Personal Mobile Devices Table of Contents The Impact of Personal Mobile Devices on Corporate Security... 3 Introducing LetMobile Secure Mobile Email... 3 Solution Architecture...
More informationAVeS Cloud Security powered by SYMANTEC TM
Protecting your business from online threats should be simple, yet powerful and effective. A solution that secures your laptops, desktops, and servers without slowing down your systems and distracting
More informationINSTANT MESSAGING SECURITY
INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part
More informationWHITE PAPER. Understanding How File Size Affects Malware Detection
WHITE PAPER Understanding How File Size Affects Malware Detection FORTINET Understanding How File Size Affects Malware Detection PAGE 2 Summary Malware normally propagates to users and computers through
More informationStreamlining Web and Email Security
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor
More informationMifflinburg Bank & Trust. Corporate Account Takeover & Information Security Awareness
Mifflinburg Bank & Trust Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is
More informationTrust Digital Best Practices
> ARMING IT AGAINST SMARTPHONE THREATS Trust Digital Best Practices April 2009 The information contained herein is subject to change at any time, and Trust Digital makes no warranties, either express or
More informationSecure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines
Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,
More informationElevation of Mobile Security Risks in the Enterprise Threat Landscape
March 2014, HAPPIEST MINDS TECHNOLOGIES Elevation of Mobile Security Risks in the Enterprise Threat Landscape Author Khaleel Syed 1 Copyright Information This document is an exclusive property of Happiest
More informationCyber Essentials Questionnaire
Cyber Essentials Questionnaire Introduction The Cyber Essentials scheme is recommended for organisations looking for a base level Cyber security test where IT is a business enabler rather than a core deliverable.
More informationCISA, CISM, CGEIT, CRISC COBIT Foundations Certificate CISSP, OSCP ITIL v3 Foundations Certificate
La nueva generación de vulnerabilidades d Casos Prácticos Ing Miguel Angel Aranguren Romero Ing. Miguel Angel Aranguren Romero CISA, CISM, CGEIT, CRISC COBIT Foundations Certificate CISSP, OSCP ITIL v3
More informationNeoscope www.neoscopeit.com 888.810.9077
Your law firm depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine your practice without IT. Today,
More informationBlackBerry 10.3 Work and Personal Corporate
GOV.UK Guidance BlackBerry 10.3 Work and Personal Corporate Published Contents 1. Usage scenario 2. Summary of platform security 3. How the platform can best satisfy the security recommendations 4. Network
More informationA guide to enterprise mobile device management.
WHITEPAPER A guide to enterprise Beyond expectation. www.azzurricommunications.co.uk Introduction. As smartphones and tablets proliferate in the enterprise, IT leaders are under pressure to implement an
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationBest Practices Guide to Electronic Banking
Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have
More informationE-MAIL & INTERNET FRAUD
FRAUD ALERT! FRAUD ALERT! Guarding Against E-MAIL & INTERNET FRAUD What credit union members should know to counter Phishing Pharming Spyware Online fraud On-Line Fraud Is Growing E-Mail and Internet Fraud
More informationAvoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data
Avoiding Malware in Your Dental Practice 10 Best Practices to Defend Your Data Avoiding Malware in Your Dental Practice Like most small business owners, you must protect your dental practice s computer
More information