Control Issues and Mobile Devices

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Control Issues and Mobile Devices"

Transcription

1 Control Issues and Mobile Devices ACC 626 Term Paper Ramandip Kaur June 27, 2014 Page

2 Table of Contents Executive Summary...ii 1.0 Introduction Current Trends Employee Owned Devices and BYOD Programs Mobile Device Management Solutions Risks and Recommended Controls Security Risks Lost and Stolen Devices Wireless Transmission Interception Application and Software Risk Malware Application and Software Vulnerabilities Controls for Application and Software Risk General Risks and Controls Platform Management Risk Company Mobile Device Policy Control Frameworks COSO COBIT Mobile Computing Security Audit/Assurance Conclusion Appendixes Appendix I Comparison of Mobile Device Platforms Appendix II Managing Mobile Devices and Relevant Framework Processes Works Cited Page i

3 Executive Summary Mobile devices have transformed the corporate environment in just a matter of a few years. They have done this through allowing for flexibility for employees to work anywhere and anytime with access to company data. Bring your own device (BYOD) programs are a growing trend that have increased employee satisfaction and productivity through allowing employees to use their own devices for work related purposes. However, BYOD programs also pose additional security risks since different operating systems contain unique features and require different safeguards. Mobile device management (MDM) solutions can help manage these risks through their ability to secure and control devices. This report will focus on the security, application and software risks and the related controls of using mobile devices in the workplace. Security risks involve the data loss than can occur when an individual gains unauthorized access to the device. Data loss can transpire through a lost or stolen device, but with strong controls in place such as passwords on devices and encryption of data, this risk can be mitigated. Another security risk involves an unauthorized individual intercepting an unsecured wireless connection. However, this risk can also be managed with controls such as firewalls and encryption of the wireless transmission. There are also application and software risks involved in allowing mobile devices to access corporate data. Mobile malware is a growing concern as malicious software continues to be released in record numbers, most of which target Androids. There are also application and software vulnerabilities which can result in data leaks through malicious attacks. These threats increase the importance of implementing controls such as installing anti-malware software on mobile devices as well as creating an enterprise app store. The usage of employee owned mobile devices at work also increases the importance of assessing different mobile platforms and implementing companywide policies on mobile device use. There are governance and compliance frameworks, such as COSO and COBIT 5, which can be used as guidance for management in establishing controls for information security over mobile devices within a corporate environment. Furthermore, since mobile devices can process, transfer and store corporate data, auditors have to take this into consideration when assessing the risks and controls for a particular company. In order to assist auditors and assurance practitioners with Page ii

4 evaluating mobile devices for audit and assurance purposes, ISACA developed a mobile computing audit/assurance program. The program contains 8 audit/assurance objectives, 12 controls and approximately 54 audit/assurance steps. Page iii

5 1.0 Introduction Mobile devices have exploded into the global market at a rapid pace in recent years. These devices include smartphones, tablets, portable digital assistants (PDAs) and more. By the end of 2013, one in every 5 people in the world owned a smartphone and one in every 17 people owned a tablet. 1 The emergence and popularity of mobile devices have penetrated the corporate environment due to their portability, accessibility and ubiquity. The usage of mobile devices in the workplace provides numerous benefits to the organization such as increased productivity, improved customer service and higher employee engagement. However, there also drawbacks of allowing mobile devices to store and have access to corporate data such as security, application and software risks, which can leave companies vulnerable to various external threats. These risks are further magnified due to the growing popularity of bring your own device (BYOD) programs. Considering the potential damage these threats can have on a company, C-Suite executives need to be aware of the risks and how they can be managed. Implementing the appropriate controls and policies can minimize the risks, while taking full advantage of the benefits mobile devices have to offer. 2.0 Current Trends 2.1 Employee Owned Devices and BYOD Programs Bring your own device (BYOD) programs are becoming an increasingly popular trend in today s business environment due to the benefits of cost savings and increasing connectivity. Forrester Research found that 53% of employees bring their own devices to work and 64% of organizations allow and encourage employee-owned mobile devices to be used for work purposes. 2 A study conducted by Gartner Inc. predicts that by 2017, 50% of employers will require their employees to provide their own device for work. 3 The issues with BYOD programs are the security risks they create since companies do not tend to centrally manage these mobile devices. This allows the devices to become susceptible to various security and software risks. 1 Heggestuen, John. "One In Every 5 People In The World Own A Smartphone, One In Every 17 Own A Tablet." Business Insider., 15 Dec Web. 12 June < 2 "The Rise and Risk of Mobile Devices in the Workplace." Rapid7 (Aug. 2013). Web. 13 June < 3 "Gartner Predicts by 2017, Half of Employers Will Require Employees to Supply Their Own Device for Work Purposes." Gartner., 1 May Web. 12 June < Page 1

6 Rapid7 reported that more than 40% of companies do not implement adequate controls for managing risks related to employees using their devices for accessing and storing corporate data Mobile Device Management Solutions The growing adoption of BYOD programs has increased the attractiveness of implementing mobile device management (MDM) solutions. MDM software is used by the IT department within an enterprise to monitor, manage and secure mobile devices used by employees. According to Gartner, an IT research firm, it is expected that 65% of companies will implement a MDM solution within the next 5 years. 5 Most MDM solutions can be used to support both employee-owned and corporate-owned devices. They also accommodate a number of different mobile operating systems and offer varying levels of support, management, integration and usability. Each MDM tool within a solution handles privacy and data security in different ways. Leading vendors offering MDM solutions include AirWatch, Blackberry, SAP, Symantec and more. 6 A recent trend has been the growth in the number of cloud-based versions of MDM solutions. IBM s MaaS360 is an MDM solution that offers software as a service (SaaS) as well as an on-premise model Risks and Recommended Controls 3.1 Security Risks The risk of an unauthorized individual gaining access to a mobile device that contains sensitive information can result in a huge security breach. The two most prominent security risks are discussed below Lost and Stolen Devices Lost and stolen mobile devices pose the risk of an unauthorized individual gaining access to sensitive data stored on the device as well as corporate data access channels where there is potential for more data loss. It is expected that approximately 22% of all mobile devices will be lost or stolen at one point in their life and 50% of these lost or stolen devices will never be 4 Ibid 5 Lorenc, Kasia. "Mobile Device Management: 2014 Vendors and Comparison Guide." Tom's IT Pro. N.p., 10 June Web. 15 June < 6 Ibid 7 "Cloud Ease." MaaS360. Fiberlink, Web. 14 June < Page 2

7 recovered. 8 With the growing usage of cloud storage and cloud-based file sharing applications, the risk of data leakage increases. A study of The Risk of Regulated Data on Mobile Devices found that a significant number of organizations do not take the proper steps to protect corporate data stored in the cloud and on devices. 9 The study also found that 54% of respondents had an average of five cases of data breaches which included the loss or theft of a device that contained regulated data. 10 Recommended Controls: Strong passwords or PINs on all devices as well as multiple logins when accessing company data, and company apps for added protection. An MDM solution can allow the IT department to track mobile devices and receive a notification in the case that the device is lost or stolen. They can then use remote access to the device to wipe out all company related data from the device. 11 All sensitive company information stored on mobile devices should be encrypted to ensure the data is unreadable. Two-factor authentication system which requires users to use at least two different factors based on something they know, something they have, or something they are. Access to the device will not be granted unless both these factors can be authenticated. 12 Cloud-based security solutions can help manage the risks of data storage in the cloud through enforcing logins as well as monitoring and protecting the device from possible hacks Wireless Transmission Interception Mobile devices are able to connect with other devices and the internet thereby providing hackers with the opportunity to access an unsecured device. This risk is particularly concerning for 8 "Bring Your Own Device." Insights on Governance, Risk and Compliance. Ernst & Young Global Limited, Sept Web. 13 June < _Bring_your_own_device:_mobile_security_and_risk/$FILE/Bring_your_own_device.pdf>. 9 "The Risk of Regulated Data on Mobile Devices & in the Cloud." Ponemon Institute. WatchDox, June Web. 15 June < 10 Ibid 11 Semer, Lance. "Auditing the BYOD Program." The Institute of Internal Auditors, Feb Web. 15 June < 12 Rosenblatt, Seth. "Two-factor Authentication: What You Need to Know (FAQ)." CNET. N.p., 23 May Web. 14 June < 13 "Cloud Security." McAfee. Web. 15 June < Page 3

8 mobile device users who transmit corporate data using their devices. Data loss can occur if an unauthorized individual intercepts the wireless connection when the transmission is not encrypted. If this occurs, it is possible for the hacker to retrieve sensitive information such as login information and even eavesdrop on a Voice over Internet Protocol (VoIP) call. Therefore, the ability to connect to unsecured Wi-Fi connections can lead to a security breach and other consequences which can impact the company s information infrastructure. Recommended Controls: Educate employees to strictly use a corporate secured network for online banking and other activities conducted on mobile devices. Secure the wireless transmission through encryption and require employees to access corporate data only through a secure transmission such as Secure Sockets Layers (SSL), Internet Protocol Security (IPSec) or a Virtual Private Network (VPN). 14 Install a firewall such as AnthaFirewall on mobile devices to provide secure communication with the corporate network system, which can help reduce the risk of security threats. Unauthorized users trying to access the corporate system will be blocked Application and Software Risk As organizations are increasingly allowing employees to bring their own devices to work, application and software risks become more prominent Malware Mobile malware are applications that contain malicious code embedded in them. They are created for the purpose of compromising the security of a device or its data. Although downloaded applications are the most prevalent way malware can infect a mobile device, there are also various other points of access. These include spam, malicious websites, SMS messages and ads. As the number of applications on mobile devices increase, the chance of an application containing malicious code increases. According to the McAfee report, a total of 3.73 million 14 "Unsecured WiFi Network Access." Beta Telelink. Web. 15 June < 15 "How a Mobile Firewall Works." Spam Laws. Web. 15 June < Page 4

9 samples of mobile malware were found in 2013, up 197% from These include viruses, spam, Trojans, spyware and more. Malware is a growing issue with Androids as they account for an astonishing 97% of all mobile malware. 17 Another finding revealed that 92% of the top 500 Android applications carry either a security or privacy risk. 18 In 2013, mobile banking Trojans increased rapidly. These malicious attacks included mobile phishing and theft of credit card information Application and Software Vulnerabilities Application vulnerabilities involve issues in the software of a mobile device that may result in data leakage within the application or assistance provided to cybercriminals for attacking the device. These vulnerabilities can result in compromising the device s security as well as any stored corporate data or to a greater extent, cause an impact to the company s infrastructure. According to Cenzic, 96% of all applications that were tested in 2013 revealed to have at least one security vulnerability. 20 Application vulnerabilities are particularly a concern when the mobile device is not owned or centrally managed by the IT department of the company as the devices do not undergo the appropriate administrative procedures and related controls. Applications developed by the company for the purpose of accessing corporate data can also exhibit weaknesses in its security system. Androids, in particular, are the most popular devices for malicious attacks due to their vulnerabilities. These vulnerabilities are used by cybercriminals to bypass the integrity of the code during the installation of an application, expand the capabilities of a malicious application and make it increasingly difficult to remove malware "McAFee Labs Threats Report." McAfee Web. 16 June < 17 Kelly, Gordon. "Report: 97% Of Mobile Malware Is On Android. This Is The Easy Way You Stay Safe." Forbes. Forbes Magazine, 24 Mar Web. 16 June < 18 Francis, Jeff. "11 Reasons Why Your Company Could Be In Danger (Part 1 of 2)."CopperMobile. 21 Feb Web. 16 June < 19 Ibid 20 "Application Vulnerability Trends Report: 2014." Cenzic Web. 16 June < 21 "Mobile Malware Evolution: 2013." Securelist. Web. 17 June < Page 5

10 3.2.3 Controls for Application and Software Risk Encourage up-to-date operating systems and anti-malware software installed on all mobile devices. Mobile security technology such as Kaspersky Internet Security can be installed to routinely scan the system and protect against viruses, malware and theft. 22 Installation of endpoint security protection software such as those offered by McAfee or Symantec. 23 Only install applications from trusted sources. Third party application stores should not be trusted. Create customized corporate applications which are downloaded from a separate enterprise application store. Building an in-house app store would allow separation between company apps and non-company apps. Applications can be managed through a mobile app management product. Install and regularly perform patch management. This includes scanning for missing security patches, installing the patch and performing remediation to update systems with the latest patches. 24 Ensure that jail broken or rooted devices are not being used as they can remove security features on the device and allow potentially malicious applications to be installed. 3.3 General Risks and Controls There are additional risks and controls for mobile devices that need to be addressed on a company-wide basis Platform Management Risk Different mobile platforms providers offer varying levels of controls over their mobile systems. Each mobile operating system design is based on whether its target audience are consumers or corporate users and this will also help determine which security features are included on the platform. Each platform has different vulnerabilities and these must be considered when deciding 22 Hachman, Mark. "Kaspersky, Six Others Top Malware Removal Tests." PCWorld. 3 Dec Web. 16 June < 23 "Endpoint Security Protection." McAfee. Web. 16 June < 24 Mack, Bernard. "Patch Management Overview, Challenges, and Recommendations." Cisco Blogs. 28 Oct Web. 17 June < Page 6

11 which mobile platform(s) will be supported by the organization. Please refer to Appendix I for a comparison of the three most popular devices used in a corporate environment. Recommended Controls: Companies should enforce and disclose a policy on what level of platform security is required and the acceptable mobile platforms. Evaluate new and developing threats to the different mobile platforms on a continuous basis Company Mobile Device Policy Mobile device policies are becoming increasingly important due to the widespread usage of these devices. An effective mobile device management strategy requires well written and well implemented policies. Issues related to encryption, PINs, remote wiping, remote access and jail breaking should be addressed in the mobile device policies. Enforcing these policies can help divert a company from many potential problems. The mobile device policy should also include a general code of conduct related to user responsibilities. The code of conduct should cover the required physical security, software configuration of the operating system and applications, proper security settings, and reporting of lost or stolen devices. 26 The following table outlines the user responsibilities that should be included in the end user policy. 27 Employee-Owned Devices Purchasing required software that is not already provided by the manufacturer of the device Registration of the device with the vendor as well as with the company s IT department Software updates and patch installation Maintenance of warranty information Data, settings and applications backups Corporate-Owned Devices Software updates installation Reporting of lost or stolen mobile devices as soon as possible 25 "Mobile Device Security." Ernst & Young. Jan Web. 17 June < 26 "Sample Corporate Mobile Device Acceptable Use and Security Policy." Wisegate Web. 17 June < 27 Ibid Page 7

12 Policy Recommendations: Create a secure configuration policy which addresses application and security risks such as data leak prevention, patch management, and malware control. 28 Formation and disclosure of an acceptable mobile device usage policy will help prevent security issues related to mobile devices. Implement a revoke access policy which states that when an employee is no longer with the company, their access to the company network is revoked. 29 Create a BYOD policy which outlines the level of support to be provided by the IT department for devices owned by employees. 30 Other Recommendations: Educate employees on the security risks and make them aware of when they should be updating their firmware. Monitor employees who access and use corporate data on their mobile devices. Employ a mobile device management solution. Perform regular backups of data stored on mobile devices. Cloud-based online services offer automatic backups, which add convenience for employees. 31 Limit the amount of sensitive data transferred to mobile devices, or consider giving employees view-only access. Implement a company social network system and wiki blog, which can help resolve issues employees are having with mobile devices. Separate personal and business use of mobile devices as it leads to higher risk of malware and data loss. 28 Ibid 29 Ibid 30 "How Mobile Device Policies Make IT's Job Easier." Search Consumerization. Web. 16 June < 31 "Cloud-based Online Backups for Your Mobile Device." IDrive. Web. 18 June < Page 8

13 4.0 Control Frameworks Implementing the appropriate compliance and governance frameworks is crucial for mobile devices. The following frameworks are useful for management when developing policies and mitigating the risks related to mobile devices. 4.1 COSO The Sarbanes-Oxley Act of 2002 (SOX), Section 404, requires a management assessment of internal controls. The Committee of Sponsoring Organizations (COSO) became a widely used internal control standard framework for SOX compliance. The emergence of mobile devices and related security issues has an impact on the following COSO components: Control Environment - Mobile devices are a crucial aspect of the control environment and therefore need to be recognized as a component of the control framework by management in an organization. 2. Risk Assessment - An assessment of the risks relevant to mobile devices, such as risk of data loss, should be identified and analyzed. 3. Control Activities - Control activities need to be established to manage the risks that the usage of mobile devices brings to the organization. These include encryption of sensitive data and application of security features on all mobile devices. 4. Information and Communication - Security policies that are set regarding the usage of mobile devices need to be communicated by top management. 5. Monitoring - Regular monitoring of the usage and compliance of mobile devices, 4.2 COBIT 5 including employee-owned devices, with the policy and whether controls over information on the devices are effective. After the passage of SOX, COBIT gained popularity in the enterprise. COBIT 4 was used to govern SOX compliance and was used by auditors although it offered limited guidelines. It lacked the comprehensive coverage of information security which is now covered by COBIT 5. Using the COBIT 5 framework, the risks of using mobile devices can be managed with the application of proper risk management procedures along with the implementation of adequate 32 "SOX, GLB, SB 1386 and Mobile Devices - Are You at Risk for Noncompliance?" Credant Web. 17 June < Page 9

14 security controls. COBIT 5 consists of 5 principles allowing for effective governance and management of enterprise IT and 7 enablers for optimizing information and technology investment. 33 ISACA developed a guide called Securing Mobile Devices Using COBIT 5 for Information Security. The publication is aimed at users of mobile devices including IT administrators, information security managers, IT auditors, mobile device service providers and end users. The application of COBIT 5 to mobile device security is for the purpose of establishing a uniform management framework and providing guidance on planning, implementing and maintaining complete security over mobile devices within a corporate environment. A secondary purpose of COBIT 5 is to provide an overarching framework in regards to embedding security on mobile devices within a corporate governance, risk management and compliance (GRC) strategy. 34 Please refer to Appendix II for the challenges, controls and relevant ISACA framework processes relating to mobile devices. 5.0 Mobile Computing Security Audit/Assurance ISACA developed a mobile computing audit/assurance program tool to be used by IT audit and assurance practitioners. The audit/assurance program is a part of the Information Technology Assurance Framework (ITAF) section 4000 IT Assurance Tools and Techniques. The scope covers mobile devices that are connected to the enterprise network or contain enterprise data. The mobile devices that are in scope include smartphones, laptops and netbooks, PDAs, portable USBs, digital cameras, radio frequency identification (RFID) devices, and infrared-enabled (IrDA) devices. The objective of the mobile computing security audit/assurance program is to: 35 Assess the mobile computing security policies and procedures along with their operating effectiveness and provide the results to management, Identify any deficiencies in internal controls that could potentially impact the company, and 33 "COBIT 5: A Business Framework for the Governance and Management of Enterprise IT."ISACA. Web. 19 June < 34 "Securing Mobile Devices Using COBIT 5 for Information Security." ISACA. Web. 19 June < COBIT-5-for-Information-Security.aspx>. 35 "Mobile Computing Security Audit/Assurance Program." ISACA. Web. 19 June < Audit-Assurance-Program.aspx>. Page 10

15 Identify concerns regarding information security controls that could impact the reliability, accuracy and security of company data caused by weaknesses in mobile computing controls. There are 8 audit/assurance objectives in the mobile computing security audit/assurance program. Under these objectives there are 12 controls and approximately 54 audit/assurance steps. The following table outlines these objectives and controls and offers audit/assurance steps that an auditor would take. 36 Audit/Assurance Objective 1. Mobile computing security policy 2. Risk management of mobile devices Control 1. Policies are defined to support a controlled implementation of mobile devices 2. Risk assessments are performed before implementation of new mobile security devices as well as a risk monitoring program for continuous evaluations of emerging risks with mobile devices Audit/Assurance Steps Determine if: A security policy for mobile devices exists The policy defines the data classification permitted, etc. Determine if: If initial risk assessment is performed for each type of device and subsequent assessment How risk assessment results are to be integrated into the current audit 3. Device management 3. Executive sponsor is actively involved in managing risks of mobile devices 4. Mobile devices that contain sensitive company data are managed and administered centrally 5. Mobile devices containing sensitive company data are set up properly for each user based on job function and managed as their job function changes or they are terminated 4. Access controls 6. Access controls established for each type of mobile device and controls address risk of data loss Determine if executive sponsor reviews risk assessment for devices Determine if: There is an asset management process for tracking devices There are procedures that remotely wipe data stored on lost or stolen devices, etc. Determine if there is a process for provisioning and de-provisioning devices upon hiring, transfer or termination of employees Determine: The access controls for each type of mobile device If access authentication and complexity are appropriate, etc. 36 Stamps, Alex. "Mobile Device Security and Audit." Deloitte. Feb Web. 18 June < Page 11

16 5. Stored data 7. Encryption technology protects company data on devices and is administered centrally 8. Policies on data transfer to mobile devices and access controls to protect sensitive data are established 9. Data retention policies for mobile devices are defined and monitored and aligned with company data retention policies Determine if: Encryption technology is applied to devices Encryption keys are secured and administered centrally, etc. Determine if: Policies and access controls rules are established for data transfer to mobile devices by device type and required access controls to protect data There are monitoring procedures to ensure only authorized data is transferred and access controls are working Determine if: Data retention policy exists for mobile devices Data is destroyed according to policy once retention period expires retention processes are monitored and enforced 6. Malware avoidance 7. Secure transmission 8. Awareness training 10. Malware protection software has been implemented based on device risk 11. Virtual private network (VPN), Internet Protocol Security (IPSec), and other technologies for secure transmission are implemented for devices receiving and/or transmitting sensitive company data 12. Mobile computing awareness training is ongoing and based on sensitive nature of mobile devices and processes for management feedback are in place Determine: That mobile devices are equipped with malware technology That malware technology cannot be disabled, is updated regularly, disc drives are routinely scanned and compliance with malware detection is monitored centrally and managed Determine if: Secure connections are required for specific devices based on data classification and data stored or transmitted to and from devices Controls are present to require use of secure transmission Determine if: Mobile security awareness training programs exist Training programs are revised to reflect current technologies and company policies, etc. Awareness programs address accountability, responsibility and communication with users of devices through management feedback Page 12

17 6.0 Conclusion Mobile devices have provided organizations with numerous benefits such as an increase in productivity, employee commitment and cost savings. However, the usage of mobile devices for work purposes has also introduced many risks, which need to be addressed by a company in order to prevent a potential information security breach from occurring. Companies need to develop and implement IT controls as well as comprehensive policies that can help minimize the threats brought upon by mobile devices. There are also governance and compliance frameworks developed for the purpose of effectively managing controls related to information security in a corporate environment. Audit and assurance practitioners are also impacted by the emergence of mobile devices as they are now expected to be included in the scope of the audit program. It is safe to say that the corporate world will continue to accept and encourage the use of mobile devices in the foreseeable future. Considering the speed at which technology changes, the opportunities for companies to utilize new and emerging devices are endless. Page 13

18 Appendixes Appendix I Comparison of Mobile Device Platforms "Mobile Device Security." Ernst & Young. Jan Web. 17 June < Page 14

19 Appendix II Managing Mobile Devices and Relevant Framework Processes "Managing Mobile Devices and Relevant Framework Processes." ISACA. Web. 18 June < Research.pdf>. Page 15

20 Works Cited "Application Vulnerability Trends Report: 2014." Cenzic Web. 16 June < "Bring Your Own Device." Insights on Governance, Risk and Compliance. Ernst & Young Global Limited, Sept Web. 13 June < _Bring_your_own_device:_mobile_security_and_risk/$FILE/Bring_your_own_device.pdf>. "Cloud Ease." MaaS360. Fiberlink. Web. 14 June < "Cloud-based Online Backups for Your Mobile Device." IDrive. Web. 18 June "Cloud Security." McAfee. Web. 15 June < < "COBIT 5: A Business Framework for the Governance and Management of Enterprise IT." ISACA. Web. 19 June < "Endpoint Security Protection." McAfee. Web. 16 June < Francis, Jeff. "11 Reasons Why Your Company Could Be In Danger (Part 1 of 2)." CopperMobile. 21 Feb Web. 16 June < "Gartner Predicts by 2017, Half of Employers Will Require Employees to Supply Their Own Device for Work Purposes." Gartner. 1 May Web. 12 June < Hachman, Mark. "Kaspersky, Six Others Top Malware Removal Tests." PCWorld. 3 Dec Web. 16 June < Heggestuen, John. "One In Every 5 People In The World Own A Smartphone, One In Every 17 Own A Tablet." Business Insider. 15 Dec Web. 12 June < Page 16

21 "How a Mobile Firewall Works." Spam Laws. Web. 15 June < "How Mobile Device Policies Make IT's Job Easier." Search Consumerization. Web. 16 June < Kelly, Gordon. "Report: 97% Of Mobile Malware Is On Android. This Is The Easy Way You Stay Safe." Forbes. Forbes Magazine, 24 Mar Web. 16 June < Lorenc, Kasia. "Mobile Device Management: 2014 Vendors and Comparison Guide." Tom's IT Pro. 10 June Web. 15 June < Mack, Bernard. "Patch Management Overview, Challenges, and Recommendations." Cisco Blogs. 28 Oct Web. 17 June < "Managing Mobile Devices and Relevant Framework Processes." ISACA. Web. 18 June < Chart-21July2010-Research.pdf>. "McAFee Labs Threats Report." McAfee Web. 16 June < "Mobile Computing Security Audit/Assurance Program." ISACA. Web. 19 June < Center/Research/ResearchDeliverables/Pages/Mobile-Computing-Security-Audit- Assurance-Program.aspx>. "Mobile Device Security." Ernst & Young. Jan Web. 17 June < e-security-devices_au1070.pdf>. "Mobile Malware Evolution: 2013." Securelist. Web. 17 June < 3>. Page 17

22 "The Rise and Risk of Mobile Devices in the Workplace." Rapid7. Aug Web. 13 June < "The Risk of Regulated Data on Mobile Devices & in the Cloud." Ponemon Institute. WatchDox, June Web. 15 June < f>. Rosenblatt, Seth. "Two-factor Authentication: What You Need to Know (FAQ)." CNET. 23 May Web. 14 June < "Sample Corporate Mobile Device Acceptable Use and Security Policy." Wisegate Web. 17 June < "Securing Mobile Devices Using COBIT 5 for Information Security." ISACA. Web. 19 June < Center/Research/ResearchDeliverables/Pages/Securing-Mobile-Devices-Using- COBIT-5-for-Information-Security.aspx>. "Securing Mobile Devices Using COBIT 5 for Information Security." ISACA. Web. 19 June < Center/Research/ResearchDeliverables/Pages/Securing-Mobile-Devices-Using- COBIT-5-for-Information-Security.aspx>. Semer, Lance. "Auditing the BYOD Program." The Institute of Internal Auditors, Feb Web. 15 June < Semer, Lance. "Auditing the BYOD Program." The Institute of Internal Auditors, Feb Web. 15 June < "SOX, GLB, SB 1386 and Mobile Devices - Are You at Risk for Noncompliance?" Credant Web. 17 June < Compliance%20White%20Paper.pdf>. Stamps, Alex. "Mobile Device Security and Audit." Deloitte. Feb Web. 18 June < Page 18

23 omaha.webs.com/deloitte%20mobile%20device%20security%20isaca%20pres%2 0(Final).pdf>. "Unsecured WiFi Network Access." Beta Telelink. Web. 15 June < Page 19

Mobile Device Security and Audit

Mobile Device Security and Audit Mobile Device Security and Audit ISACA Chapter Meeting February 2012 Alex Stamps Manager Security & Privacy Services Deloitte & Touche LLP astamps@deloitte.com Session Objectives Define mobile devices

More information

ONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014

ONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014 ONE DEVICE TO RULE THEM ALL! 1993 2013 1 AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014 2 1 AGENDA Mobile Devices / Smart Devices Implementation Models Risks & Threats Audit Program

More information

Guideline on Safe BYOD Management

Guideline on Safe BYOD Management CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version

More information

BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager

BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager 1 AGENDA Mobile Explosion Mobile Trends BYOD Benefits, Challenges and Threats BYOD Security BYOD Strategy

More information

My CEO wants an ipad now what? Mobile Security for the Enterprise

My CEO wants an ipad now what? Mobile Security for the Enterprise My CEO wants an ipad now what? Mobile Security for the Enterprise Agenda Introductions Emerging Mobile Trends Mobile Risk Landscape Response Framework Closing Thoughts 2 Introductions Amandeep Lamba Manager

More information

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to Health Information Risks vary based on the mobile device and its use. Some risks include:

More information

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to to Health Mobile Information Devices: Risks to Health Information Risks vary based on the

More information

How to Secure Your Environment

How to Secure Your Environment End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge

More information

Samsung Mobile Security

Samsung Mobile Security Samsung Mobile Security offering enhanced core capabilities for enterprise mobility Samsung Enterprise Mobility Enterprise-ready Mobility management for your business Samsung Mobile Security offers enterprise

More information

Data Protection Act 1998. Bring your own device (BYOD)

Data Protection Act 1998. Bring your own device (BYOD) Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...

More information

Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.

Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA. Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA. What is Mobile Security? Mobile security is the protection of both personal and business information stored on and transmitted

More information

Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them?

Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them? Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com Smartphones and BYOD: what are the risks and how do you manage them? Tablets on the rise 2 Diverse 3 The Changing Mobile World Powerful devices

More information

Kaspersky Security for Mobile

Kaspersky Security for Mobile Kaspersky Security for Mobile See. Control. Protect. MOVING TARGETS Mobile devices play a key role in connectivity and productivity. But they also introduce new risks to the business: in the past 12 months

More information

Mobile Device Management

Mobile Device Management 1. Introduction Mobile Device Management This document introduces security risks with mobile devices, guidelines for managing the security of mobile devices in the Enterprise, strategies for mitigating

More information

Why Email Encryption is Essential to the Safety of Your Business

Why Email Encryption is Essential to the Safety of Your Business Why Email Encryption is Essential to the Safety of Your Business What We ll Cover Email is Like a Postcard o The Cost of Unsecured Email 5 Steps to Implement Email Encryption o Know Your Compliance Regulations

More information

SECURITY OF HANDHELD DEVICES TAKE CONTROL OF THE MOBILE DEVICE

SECURITY OF HANDHELD DEVICES TAKE CONTROL OF THE MOBILE DEVICE SECURITY OF HANDHELD DEVICES TAKE CONTROL OF THE MOBILE DEVICE Michael CLICK TO Albek EDIT MASTER - SecureDevice SUBTITLE STYLE 2011 Driven by changing trends and increasing globalization, the needs of

More information

Mobility, Security Concerns, and Avoidance

Mobility, Security Concerns, and Avoidance By Jorge García, Technology Evaluation Centers Technology Evaluation Centers Mobile Challenges: An Overview Data drives business today, as IT managers and security executives face enormous pressure to

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

WHAT ARE THE BIGGEST THREATS TO BUSINESS DATA SECURITY?

WHAT ARE THE BIGGEST THREATS TO BUSINESS DATA SECURITY? WHAT ARE THE BIGGEST THREATS TO BUSINESS DATA SECURITY? Contents Introduction... 3 Primary Sources of Security Threats... 3 Instant Messaging... 3 Email... 4 Optical and Flash Media... 4 Social Media...

More information

Mobile Devices in Healthcare: Managing Risk. June 2012

Mobile Devices in Healthcare: Managing Risk. June 2012 Mobile Devices in Healthcare: Managing Risk June 2012 1 Table of Contents Introduction 3 Mobile Device Risks 4 Managing Risks and Complexities 5 Emerging Solutions 7 Conclusion 7 References 8 About the

More information

Securing mobile devices in the business environment

Securing mobile devices in the business environment IBM Global Technology Services Thought Leadership White Paper October 2011 Securing mobile devices in the business environment By I-Lung Kao, Global Strategist, IBM Security Services 2 Securing mobile

More information

SECURING TODAY S MOBILE WORKFORCE

SECURING TODAY S MOBILE WORKFORCE WHITE PAPER SECURING TODAY S MOBILE WORKFORCE Connect, Secure, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2011, Juniper Networks, Inc. Table

More information

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com {ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling

More information

BYOD THE SMALL BUSINESS GUIDE TO BRING YOUR OWN DEVICE

BYOD THE SMALL BUSINESS GUIDE TO BRING YOUR OWN DEVICE BYOD THE SMALL BUSINESS GUIDE TO BRING YOUR OWN DEVICE INTRODUCTION The technological revolution has made us dependent on our mobile devices, whether we re at home, in the office, on the go or anywhere

More information

Secure Your Mobile Workplace

Secure Your Mobile Workplace Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in

More information

Insert Partner logo here. Financial Mobility Balancing Security and Success

Insert Partner logo here. Financial Mobility Balancing Security and Success Financial Mobility Balancing Security and Success Copyright 2012 Fiberlink Communications Corporation. All rights reserved. This document contains proprietary and confidential information of Fiberlink.

More information

Readiness Assessments: Vital to Secure Mobility

Readiness Assessments: Vital to Secure Mobility White Paper Readiness Assessments: Vital to Secure Mobility What You Will Learn Mobile devices have been proven to increase employee productivity and job satisfaction, but can also pose significant threats

More information

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and

More information

PULSE SECURE FOR GOOGLE ANDROID

PULSE SECURE FOR GOOGLE ANDROID DATASHEET PULSE SECURE FOR GOOGLE ANDROID Product Overview In addition to enabling network and resource access for corporate managed mobile devices, many enterprises are implementing a Bring Your Own Device

More information

Use Bring-Your-Own-Device Programs Securely

Use Bring-Your-Own-Device Programs Securely Use Bring-Your-Own-Device Programs Securely By Dale Gonzalez December 2012 Bring-your-own-device (BYOD) programs, which allow employees to use their personal smartphones, tablets and laptops in and out

More information

Mobile Device Security Information for IT Managers

Mobile Device Security Information for IT Managers Mobile Device Security Information for IT Managers July 2012 Disclaimer: This paper is intended as a general guide only. To the extent permitted by law, the Australian Government makes no representations

More information

A number of factors contribute to the diminished regard for security:

A number of factors contribute to the diminished regard for security: TrendLabs Enterprises cite security as their number one concern with regard to consumerization. During the actual execution of a consumerization strategy, however, IT groups find that the increasing demand

More information

Chris Boykin VP of Professional Services

Chris Boykin VP of Professional Services 5/30/12 Chris Boykin VP of Professional Services Future Com! 20 years! Trusted Advisors! Best of brand partners! Brand name customers! 1000 s of solutions delivered!! 1 5/30/12 insight to the future, bringing

More information

White Paper. Data Security. The Top Threat Facing Enterprises Today

White Paper. Data Security. The Top Threat Facing Enterprises Today White Paper Data Security The Top Threat Facing Enterprises Today CONTENTS Introduction Vulnerabilities of Mobile Devices Alarming State of Mobile Insecurity Security Best Practices What if a Device is

More information

5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES

5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES White paper 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES PROTECTING PHI ON PORTABLE DEVICES 2016 SecurityMetrics 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES 1 5 TIPS FOR HIPAA COMPLIANT MOBILE DEVICES PROTECTING

More information

10 best practice suggestions for common smartphone threats

10 best practice suggestions for common smartphone threats 10 best practice suggestions for common smartphone threats Jeff R Fawcett Dell SecureWorks Security Practice Executive M Brandon Swain Dell SecureWorks Security Practice Executive When using your Bluetooth

More information

The Workplace of the Future and Mobile Device Risk ISACA Pittsburgh. May 20 th, 2013

The Workplace of the Future and Mobile Device Risk ISACA Pittsburgh. May 20 th, 2013 The Workplace of the Future and Mobile Device Risk ISACA Pittsburgh May 20 th, 2013 Companies are leveraging mobile computing today Three major consumption models: 1. Improving productivity Improving employee

More information

Mobile Computing: A Study of Internal Auditors Awareness. 2013 Research Committee

Mobile Computing: A Study of Internal Auditors Awareness. 2013 Research Committee Mobile Computing: A Study of Internal Auditors Awareness 2013 Research Committee Table of Contents INTRODUCTION... 3 MOBILE COMPUTING... 4 LITERATURE REVIEW... 4 DEFINITION... 4 MOBILE DEVICE TYPES AND

More information

Cyber Self Assessment

Cyber Self Assessment Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have

More information

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite WHITE PAPER Mobile Device Security in the Enterprise Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite Copyright 2010, Juniper Networks, Inc. Table of Contents

More information

SECURING ENTERPRISE NETWORK 3 LAYER APPROACH FOR BYOD

SECURING ENTERPRISE NETWORK 3 LAYER APPROACH FOR BYOD SECURING ENTERPRISE NETWORK 3 LAYER APPROACH FOR BYOD www.wipro.com Table of Contents Executive Summary 03 Introduction 03 Challanges 04 Solution 05 Three Layered Approach to secure BYOD 06 Conclusion

More information

10 Quick Tips to Mobile Security

10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22

More information

Module 1: Facilitated e-learning

Module 1: Facilitated e-learning Module 1: Facilitated e-learning CHAPTER 3: OVERVIEW OF CLOUD COMPUTING AND MOBILE CLOUDING: CHALLENGES AND OPPORTUNITIES FOR CAs... 3 PART 1: CLOUD AND MOBILE COMPUTING... 3 Learning Objectives... 3 1.1

More information

Codeproof Mobile Security & SaaS MDM Platform

Codeproof Mobile Security & SaaS MDM Platform Codeproof Mobile Security & SaaS MDM Platform info@codeproof.com https://codeproof.com Mobile devices have been transformed into multi-faceted, multi-tasking, multimedia tools for personal expression,

More information

Healthcare IT Compliance Service. Services > Overview MaaS360 Healthcare IT Compliance Service

Healthcare IT Compliance Service. Services > Overview MaaS360 Healthcare IT Compliance Service Services > Overview MaaS360 Ensure Technical Safeguards for EPHI are Working Monitor firewalls, anti-virus packages, data encryption solutions, VPN clients and other security applications to ensure that

More information

Hands on, field experiences with BYOD. BYOD Seminar

Hands on, field experiences with BYOD. BYOD Seminar Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl

More information

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS.! Guyton Thorne! Sr. Manager System Engineering! guyton.thorne@kaspersky.com

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS.! Guyton Thorne! Sr. Manager System Engineering! guyton.thorne@kaspersky.com Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS! Guyton Thorne! Sr. Manager System Engineering! guyton.thorne@kaspersky.com 1 Business drivers and their impact on IT AGILITY! Move fast, be nimble

More information

trends and audit considerations

trends and audit considerations Bring your own device (BYOD) trends and audit considerations SIFMA IT audit session 4 October 2012 Disclaimer Ernst & Young refers to the global organization of member firms of Ernst & Young Global Limited,

More information

BYOD and Mobile Device Dependency

BYOD and Mobile Device Dependency BYOD and Mobile Device Dependency Thursday, November 8, 2012 Brian Thomas, CISA, CISSP & Shohn Trojacek, CISSP Brian Thomas, CISA, CISSP Partner, IT Advisory Services at Weaver Provides security, IT audit

More information

A number of factors contribute to the diminished regard for security:

A number of factors contribute to the diminished regard for security: TrendLabs Enterprises cite security as their number one concern with regard to consumerization. During the actual execution of a consumerization strategy, however, IT groups find that the increasing demand

More information

BLACKJACKING: SECURITY THREATS TO BLACKBERRY DEVICES, PDAS, AND CELL PHONES IN THE ENTERPRISE

BLACKJACKING: SECURITY THREATS TO BLACKBERRY DEVICES, PDAS, AND CELL PHONES IN THE ENTERPRISE BLACKJACKING: SECURITY THREATS TO BLACKBERRY DEVICES, PDAS, AND CELL PHONES IN THE ENTERPRISE About the Author. Acknowledgments. Introduction. Chapter 1 Understanding the Threats. Quantifying the Threat.

More information

Back to the Future: Securing your Unwired Enterprise

Back to the Future: Securing your Unwired Enterprise Back to the Future: Securing your Unwired Enterprise By Manoj Kumar Kunta, Global Practice Leader - Security Back to the Future: Securing your Unwired Enterprise The advent of smartphones and tablets has

More information

What Is BYOD? Challenges and Opportunities

What Is BYOD? Challenges and Opportunities Wor k s pac es Mobi l i t ysol ut i ons Bl uewi r esol ut i ons www. bl uewi r e. c o. uk What Is BYOD? Challenges and Opportunities What is BYOD How Secure is Your BYOD Environment? Bring your own device

More information

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY STANDARD Name Of Standard: Mobile Device Standard Domain: Security Date Issued: 09/07/2012 Date Revised:

More information

Feature List for Kaspersky Security for Mobile

Feature List for Kaspersky Security for Mobile Feature List for Kaspersky Security for Mobile Contents Overview... 2 Simplified Centralized Deployment... 2 Mobile Anti-Malware... 3 Anti-Theft / Content Security... Error! Bookmark not defined. Compliance

More information

Cyber Security. John Leek Chief Strategist

Cyber Security. John Leek Chief Strategist Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity

More information

Don t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It

Don t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It WHITE PAPER: DON T LOSE THE DATA: SIX WAYS YOU MAY BE LOSING........ MOBILE....... DATA......................... Don t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It Who should

More information

Agenda. John Veldhuis, Sophos The playing field Threats Mobile Device Management. Pagina 2

Agenda. John Veldhuis, Sophos The playing field Threats Mobile Device Management. Pagina 2 Mobile Security Agenda John Veldhuis, Sophos The playing field Threats Mobile Device Management Pagina 2 The Changing Mobile World Powerful devices Access everywhere Mixed ownership User in charge Powerful

More information

North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP

North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP Mobile Device Management Risky Business in Healthcare North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP Agenda HIPAA/HITECH & Mobile Devices Breaches Federal

More information

YOUR DATA UNDER SIEGE. PROTECTION IN THE AGE OF BYODS. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next

YOUR DATA UNDER SIEGE. PROTECTION IN THE AGE OF BYODS. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next YOUR DATA UNDER SIEGE. PROTECTION IN THE AGE OF BYODS. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next Your Data Under Siege. Protection in the Age of BYODs 1.0 As the workplace

More information

Protect Your Enterprise by Securing All Entry and Exit Points

Protect Your Enterprise by Securing All Entry and Exit Points SAP White Paper Enterprise Mobility Protect Your Enterprise by Securing All Entry and Exit Points How Enterprise Mobility Management Addresses Modern-Day Security Challenges Table of Contents 4 Points

More information

Introduction. Purpose. Reference. Applicability. HIPAA Policy 7.1. Safeguards to Protect the Privacy of PHI

Introduction. Purpose. Reference. Applicability. HIPAA Policy 7.1. Safeguards to Protect the Privacy of PHI Office of Regulatory Compliance 13001 E. 17 th Place, Suite W1124 Mail Stop F497 Aurora, CO 80045 Main Office: 303-724-1010 Main Fax: 303-724-1019 HIPAA Policy 7.1 Title: Source: Prepared by: Approved

More information

Mobile Workforce. Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite.

Mobile Workforce. Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite. White Paper Securing Today s Mobile Workforce Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2012, Juniper Networks, Inc. 1 Table

More information

BYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012

BYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012 BYOD and Mobile Device Security Shirley Erp, CISSP CISA November 28, 2012 Session is currently being recorded, and will be available on our website at http://www.utsystem.edu/compliance/swcacademy.html.

More information

Bring Your Own Device Mobile Security

Bring Your Own Device Mobile Security Abstract Energized by the capability of consumer mobile devices employees demanded them in the workplace. Information technology organizations had neither the time nor budget to satisfy employee demands.

More information

Extending Compliance to the Mobile Workforce. www.maas360.com

Extending Compliance to the Mobile Workforce. www.maas360.com Extending Compliance to the Mobile Workforce www.maas360.com 1 Copyright 2014 Fiberlink Communications Corporation. All rights reserved. This document contains proprietary and confidential information

More information

IT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA

IT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA IT TRENDS AND FUTURE CONSIDERATIONS Paul Rainbow CPA, CISA, CIA, CISSP, CTGA AGENDA BYOD Cloud Computing PCI Fraud Internet Banking Questions The Mobile Explosion Mobile traffic data in 2011 was nearly

More information

EMBRACING THE AGE OF MOBILITY

EMBRACING THE AGE OF MOBILITY Embracing The Age Of Mobility & The Byod Workplace buzz-worthy acronym or a workplace trend that will eventually fade; it s part of the complete restructuring of the conventional way we ve worked up to

More information

Mobile computing. Does your organisation have any safe options? The better the question. The better the answer. The better the world works.

Mobile computing. Does your organisation have any safe options? The better the question. The better the answer. The better the world works. Mobile computing Does your organisation have any safe options? The better the question. The better the answer. The better the world works. The big picture The mobile security risk surface Devices Jailbreak

More information

THE SECURITY OF HOSTED EXCHANGE FOR SMBs

THE SECURITY OF HOSTED EXCHANGE FOR SMBs THE SECURITY OF HOSTED EXCHANGE FOR SMBs In the interest of security and cost-efficiency, many businesses are turning to hosted Microsoft Exchange for the scalability, ease of use and accessibility available

More information

MOBILE SECURITY: DON T FENCE ME IN

MOBILE SECURITY: DON T FENCE ME IN MOBILE SECURITY: DON T FENCE ME IN Apart from the known and the unknown, what else is there? 18 Harold Pinter, Nobel Prize-winning playwright, screenwriter, director, actor 32 INTRODUCTION AND METHODOLOGY

More information

Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University

Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1 Awareness of BYOD Security Concerns Benjamin Tillett-Wakeley East Carolina University AWARENESS OF BYOD SECURITY CONCERNS 2 Abstract This paper will

More information

Securing Corporate Email on Personal Mobile Devices

Securing Corporate Email on Personal Mobile Devices Securing Corporate Email on Personal Mobile Devices Table of Contents The Impact of Personal Mobile Devices on Corporate Security... 3 Introducing LetMobile Secure Mobile Email... 3 Solution Architecture...

More information

Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments

Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments Efficiently and Cost- Effectively Managing Mobility Risks in the Age of IT Consumerization Table of Contents EXECUTIVE

More information

Embracing BYOD. Without Compromising Security or Compliance. Sheldon Hebert SVP Enterprise Accounts, Fixmo. Sheldon.Hebert@fixmo.

Embracing BYOD. Without Compromising Security or Compliance. Sheldon Hebert SVP Enterprise Accounts, Fixmo. Sheldon.Hebert@fixmo. Embracing BYOD Without Compromising Security or Compliance The Mobile Risk Management Company Sheldon Hebert SVP Enterprise Accounts, Fixmo Sheldon.Hebert@fixmo.com New Realities of Enterprise Mobility

More information

Global IT Security Risks: 2012

Global IT Security Risks: 2012 Global IT Security Risks: 2012 Kaspersky Lab is a leading developer of secure content and threat management solutions and was recently named a Leader in the Gartner Magic Quadrant for Endpoint Protection

More information

The Cloud App Visibility Blindspot

The Cloud App Visibility Blindspot The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before

More information

Securing end-user mobile devices in the enterprise

Securing end-user mobile devices in the enterprise IBM Global Technology Services Thought Leadership White Paper January 2012 Securing end-user mobile devices in the enterprise Develop an enforceable mobile security policy and practices for safer corporate

More information

Mobile Security: Controlling Growing Threats with Mobile Device Management

Mobile Security: Controlling Growing Threats with Mobile Device Management Mobile Security: Controlling Growing Threats with Mobile Device Management As the use of mobile devices continues to grow, so do mobile security threats. Most people use their mobile devices for both work

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

Mobile Device Management Buyers Guide

Mobile Device Management Buyers Guide Mobile Device Management Buyers Guide IT departments should be perceived as the lubricant in the machine that powers an organization. BYOD is a great opportunity to make life easier for your users. But

More information

EndUser Protection. Peter Skondro. Sophos

EndUser Protection. Peter Skondro. Sophos EndUser Protection Peter Skondro Sophos Agenda Sophos EndUser Solutions Endpoint Usecases Sophos Mobile Solutions Mobile Usecases Endpoint Sophos EndUser Solutions EndUser Protection AV Firewall Application

More information

Mobile Device Security Is there an app for that?

Mobile Device Security Is there an app for that? Mobile Device Security Is there an app for that? Session Objectives. The security risks associated with mobile devices. Current UC policies and guidelines designed to mitigate these risks. An approach

More information

Email Compliance in 5 Steps

Email Compliance in 5 Steps Email Compliance in 5 Steps Introduction For most businesses, email is a vital communication resource. Used to perform essential business functions, many organizations rely on email to send sensitive confidential

More information

Consumerization. Managing the BYOD trend successfully. Harish Krishnan, General Manager, Wipro Mobility Solutions WWW.WIPRO.COM

Consumerization. Managing the BYOD trend successfully. Harish Krishnan, General Manager, Wipro Mobility Solutions WWW.WIPRO.COM Consumerization Managing the BYOD trend successfully WWW.WIPRO.COM Harish Krishnan, General Manager, Wipro Mobility Solutions Employees dictate IT Enterprises across the world are giving in to the Consumerization

More information

IT Resource Management & Mobile Data Protection vs. User Empowerment

IT Resource Management & Mobile Data Protection vs. User Empowerment Enterprise Mobility Management Buyers Guide IT Resource Management & Mobile Data Protection vs. User Empowerment Business leaders and users are embracing mobility and enjoying the flexibility and productivity

More information

BOYD- Empowering Users, Not Weakening Security

BOYD- Empowering Users, Not Weakening Security BOYD- Empowering Users, Not Weakening Security Table of Contents Exec summary... 3 Benefits of BYOD... 4 Threats that BYOD Harbours... 5 Malware... 5 Data Leakage... 5 Lost or Stolen Devices... 5 Public

More information

Securing Virtual Desktop Infrastructures with Strong Authentication

Securing Virtual Desktop Infrastructures with Strong Authentication Securing Virtual Desktop Infrastructures with Strong Authentication whitepaper Contents VDI Access Security Loopholes... 2 Secure Access to Virtual Desktop Infrastructures... 3 Assessing Strong Authentication

More information

BYOD: BRING YOUR OWN DEVICE.

BYOD: BRING YOUR OWN DEVICE. white paper BYOD: BRING YOUR OWN DEVICE. On-boarding and Securing Devices in Your Corporate Network Preparing Your Network to Meet Device Demand The proliferation of smartphones and tablets brings increased

More information

Three Best Practices to Help Enterprises Overcome BYOD Challenges

Three Best Practices to Help Enterprises Overcome BYOD Challenges WHITE PAPER Three Best Practices to Help Enterprises Overcome BYOD Challenges Nearly 80% of white-collar workers in the United States use a mobile device for work and approximately 95% of IT organizations

More information

STRONGER AUTHENTICATION for CA SiteMinder

STRONGER AUTHENTICATION for CA SiteMinder STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive

More information

A Guide to MAM and Planning for BYOD Security in the Enterprise

A Guide to MAM and Planning for BYOD Security in the Enterprise A Guide to MAM and Planning for BYOD Bring your own device (BYOD) can pose a couple different challenges, not only the issue of dealing with security threats, but also how to handle mobile applications.

More information

WHITE PAPER. The CIO s guide. management

WHITE PAPER. The CIO s guide. management WHITE PAPER The CIO s guide to building a mobile device management strategy and how to execute on it Executive Summary The explosive growth of employee mobility is driving the rapid adoption of mobile

More information

The BYOD of Tomorrow: BYOD 2.0. What is BYOD 1.0? What is BYOD 2.0? 3/27/2014. Cesar Picasso, MBA SOTI Inc. April 02, 2014

The BYOD of Tomorrow: BYOD 2.0. What is BYOD 1.0? What is BYOD 2.0? 3/27/2014. Cesar Picasso, MBA SOTI Inc. April 02, 2014 The BYOD of Tomorrow: BYOD 2.0 Cesar Picasso, MBA SOTI Inc. April 02, 2014 What is BYOD 1.0? BYOD 1.0 was the first wave of mobile device management that controlled the entire device BYOD 1.0 was inadequate

More information

ENTERPRISE MOBILITY USE CASES AND SOLUTIONS

ENTERPRISE MOBILITY USE CASES AND SOLUTIONS ENTERPRISE MOBILITY USE CASES AND SOLUTIONS ENTERPRISE MOBILITY USE CASES AND SOLUTIONS Mobility is no longer a trend it s how business gets done. With employees using multiple mobile devices and the availability

More information

A Guide to Consumerization & Building a BYOD Policy June 2012

A Guide to Consumerization & Building a BYOD Policy June 2012 INTRODUCTION iphones, ipads, Android-powered devices, and Windows phones have grown into powerful computing platforms, and their use allows enterprise employees to connect to work as never before. These

More information

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst. 2010. Page 1 of 7 www.ecfirst.com

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst. 2010. Page 1 of 7 www.ecfirst.com Policy/Procedure Description PCI DSS Policies Install and Maintain a Firewall Configuration to Protect Cardholder Data Establish Firewall and Router Configuration Standards Build a Firewall Configuration

More information

Mobile Security Checklist. An Easy, Achievable Plan for Security and Compliance

Mobile Security Checklist. An Easy, Achievable Plan for Security and Compliance Mobile Security Checklist An Easy, Achievable Plan for Security and Compliance Introduction Are mobile devices the weak link in your security defenses? Today, organizations are pouring millions of dollars

More information

03/06/2014. Bring Your Own Device: A Framework for Audit. Acknowledgement

03/06/2014. Bring Your Own Device: A Framework for Audit. Acknowledgement Bring Your Own Device: A Framework for Audit Emily A Knopp, CPA, CISA Audit Director Angelo State University, Member of Texas Tech University System March 6, 2014 Texas Association of College of University

More information

Seven Tips for Securing Mobile Workers

Seven Tips for Securing Mobile Workers Seven Tips for Securing Mobile Workers Sponsored by Sophos Published by Ponemon Institute LLC Ponemon Institute Research Report Seven Tips for Securing Mobile Workers Ponemon Institute, May 2011 Part 1.

More information