How To Protect Your Organization From Liability From A Cell Phone (For Business)
|
|
- Marjorie Horton
- 3 years ago
- Views:
Transcription
1 Bring Your Own Device: A Framework for Audit March 6,
2 Webinar Moderator Phil Hurd ACUA President 2
3 Your Presenters Mike Cullen, Senior Manager CISA, CISSP, CIPP/US > Leads the firm s Technology Risk Services team in Washington, DC, focused on IT risk consulting and internal auditing. > Performs IT risk assessments and audits, developed information privacy and security programs, performed ethical hacking of IT systems, and conducted digital forensic investigations. > Presents to a variety of audiences, including ACUA, various IIA chapters and regional conferences, and at multiple universities. 3
4 Your Presenters Stephanie Marino, Manager CISA, CIA > Performs IT process improvement reviews, risk assessments, and IT audits for higher education and research institutions. > Utilizes industry best standards to assess internal control effectiveness around IT information privacy and security, governance, IT general controls, network and IT infrastructure management, and regulatory compliance. > Actively involved in training, seminars, and thought leadership initiatives with ACUA, IIA, and ISACA. 4
5 Contents/Agenda > Define Mobile & BYOD > Risks and Internal Audit Considerations > A Framework for Mobile Device Auditing > Resources 5
6 Objectives > Overview of the technologies that make mobile possible > Provide an overview of certain mobile risks > Describe a framework that can be adopted to help companies address the risks of mobile technologies and used to perform audits 6
7 Polling Question #1 Who do you blame for our new mobile life (e.g., people answering the phone in public restrooms)? A. Star Trek (or any science fiction) B. Martin Cooper (Motorola engineer invented the cell phone) C. Steve Jobs D. Internet 7
8 Define Mobile & BYOD 8
9 Why do we care? > Mobile is here, no going back to being tethered to a desk > Mobile allows great productivity and flexibility to achieve institutional objectives > Mobile employees are happier (so they say) > Mobile can save money (maybe?) 9
10 Why do we care? > Consumerization of technology is not a fad, the benefits outweigh the costs > emarketer estimates million smartphone users in US by the end of 2012 > Gartner estimates million worldwide tablet sales in 2012 > Gartner estimates that 31 billion apps will be downloaded in
11 What is a mobile device? NIST (SP ) Characteristics: > Small form factor > Wireless network interface for Internet access > Local built-in (non-removable) data storage > Operating system that is not a full-fledged desktop/laptop operating system > Apps available through multiple methods > Built-in features for synchronizing local data 11
12 What is a mobile device? NIST Optional characteristics: > Wireless personal area network interfaces (e.g., Bluetooth, nearfield communications) > Cellular network interfaces > GPS > Digital camera > Microphone > Support for removable media > Support for using the device itself as removable storage 12
13 What is a mobile device? > Any easily portable technology that allows for the storage and transmittal of your organization s sensitive data > Examples: > Phones > Tablets > External Hard Drives (e.g., USB thumb drives) > Laptops > Cameras (e.g., point and shoot) > Logistics devices (e.g., GPS Tracking Devices, RFID) > ereaders > Digital Music Players (e.g., ipods) 13
14 What is BYOD? > Bring Your Own Device > Higher Ed has been doing this for years > Students, of course > Faculty, in spite of policies to the contrary > Supported by organization systems and applications that allow multiple type of devices to access those services > Powered by the Internet 14
15 Polling Question #2 Does your institution have a BYOD program? A. Yes B. No C. Unsure 15
16 Risks and Internal Audit Considerations 16
17 Major Security Concerns (NIST) > Lack of Physical Security Controls > Use of Untrusted Mobile Devices > Use of Untrusted Networks > Use of Apps Created by Unknown Parties > Interaction with Other Systems > Use of Untrusted Content > Use of Location Services 17
18 What are the mobile device risks? NIST Characteristics Small form factor Wireless network interface for Internet access Local built-in (non-removable) data storage Operating system that is not a fullfledged desktop/laptop operating system Apps available through multiple methods Built-in features for synchronizing local data Illustrative Risks Loss or theft of data Exposure to untrusted and unsecured networks Loss or theft of data Reduced technical controls Exposure to untrusted and malicious apps Interactions with other untrusted and unsecured systems 18
19 What are the mobile device risks? NIST Characteristics Wireless personal area network interfaces (e.g., Bluetooth, near-field communications) Cellular network interfaces GPS Digital camera Microphone Support for removable media Support for using the device itself as removable storage Illustrative Risks Exposure to untrusted and unsecured networks Exposure to untrusted and unsecured networks Exposure of private information Exposure of private information Exposure of private information Loss or theft of data Interactions with other untrusted and unsecured systems 19
20 IA Considerations Scoping > Does your organization have a mobile device strategy, including: > Alignment with institutional strategy/objectives > Risk assessment(s) for mobility > Definition of devices > Policies governing the use of devices (with penalties) > Security standards based on data 20
21 IA Considerations Scoping (cont) > Who owns these devices, org or employee? > Who is responsible for managing and securing the devices? > Incident response procedures > Who is paying for devices and service plans? > Does that change responsibilities? > What are the legal and regulatory requirements for your organization and the jurisdictions you operate in? 21
22 Identifying Owners and Stakeholders > Who is your client? > Who are the stakeholders? > General Counsel > Chief Information Officer > Chief Information Security Officer > Chief Operations Officer > Chief Compliance Officer > Chief Privacy Officer > Chief Risk Officer > Other functions with a stake in privacy and security (e.g., human resources, sales) 22
23 Understanding the Institution > Mission and objectives > Organization and responsibilities > Customers > Types of data > Exchanges of data > Interdepartmental > Third parties > Interstate or international > Data collection, usage, retention, and disclosure > Systems (e.g., websites, apps) 23
24 Assessing Risk > Leveraging management s risk assessments > Consultation with legal counsel > Regulatory risk > Legal/contractual risk > Industry self-regulatory initiatives > Constituency relations and perceptions > Public relations 24
25 Polling Question #3 Has your institution completed any mobile device audits/reviews? A. Yes B. No C. Not yet, but planning to in
26 A Framework for Mobile Device Auditing 26
27 Mobile Device Framework Data Websites & Apps Devices People 27
28 Mobile Device Framework Data > Data (i.e., data generated, accessed, modified, transmitted, stored or used electronically by the organization) is essential to the organization's objectives and requires protection for a variety of reasons, including legal and regulatory requirements. > Examples: > Messages (e.g., s, text messages, instant messages) > Voice > Pictures > Files (e.g., attachments) > Hidden (e.g., GPS) 28
29 Mobile Device Framework Data > Classification Tiers > Data Owners > Data Stewards > Authentication & Security Requirements 29
30 Mobile Device Framework Data IA Considerations > Determine the types of data that can be accessed or stored on mobile devices. Assess restrictions in place to safeguard data. > Review the Data Classification Security Policy to ensure specificity to the various types of data, based on sensitivity. > Create an inventory of data, identify the applications and websites where it can be accessed, and determine who will take ownership of the data moving forward. 30
31 Mobile Device Framework Websites & Apps > Websites and applications (i.e., tools used to process electronic data) require security controls, regardless of the device used for access, to protect the confidentiality, integrity, and availability of data. 31
32 Mobile Device Framework Websites & Apps Examples Types Institution Personal Websites/Portals Apps Cloud Services App Stores Virtual Desktop Environments Intranet/Portal Financial and HR Systems Student Information System Learning Management System Learning Management System Financial and HR Systems Google Services Salesforce.com Microsoft Office 365 Apple App Store Google marketplace Amazon App Store Custom Corporate Stores Citrix VMware Google Yahoo ESPN Angry Birds Instagram Gmail Flickr Facebook Apple App Store Google marketplace Amazon App Store GoToMyPC VNC 32
33 Mobile Device Framework Websites & Apps IA Considerations > Determine the websites and applications that are used on mobile devices to access data, and determine whether they are approved. Assess how websites and applications are secured to protect data. > Review all applications and websites accessible via mobile devices to ensure they comply with security policies (e.g., encryption requirements, storage restrictions, access permissions). 33
34 Mobile Device Framework Devices > Devices (i.e., hardware used to access websites and applications for data processing) require an increasing variety of security controls due to the increased mobility, choice, functionality, and replacement of these products. 34
35 Mobile Device Framework Devices > Managed vs. Unmanaged > Institution vs. Employee Owned 35
36 Mobile Device Framework Devices > Encryption > Data transfers (e.g., sending and syncing) > Logical security (e.g., linkage to HR, passwords, access management) > Physical security > Network Architecture (e.g., configuration, monitoring) > Mobile Device Management 36
37 Mobile Device Framework Devices IA Considerations > Determine the types of mobiles devices that are used to access data, and whether each mobile device is supported. Assess how mobile devices are secured to protect data. > Ensure that both organization managed and personally owned mobile devices that access confidential or highrisk data are secured with appropriate security controls. 37
38 Mobile Device Framework People > People (i.e., employees that process data via websites and applications through a variety of devices) require frequent communications and trainings on the risks, policies, practices, and tools for protecting the confidentiality, integrity, and availability of data. 38
39 Mobile Device Framework People > Organization-wide Mobile Device Policy > Mobile Device Practices > Knowledge, skills, and abilities > Training and Awareness Programs > Acknowledged Roles and Responsibilities > Risk assessments > Policies and procedures > Process maturity > Monitoring > Communication 39
40 Mobile Device Framework People IA Considerations > Determine who uses mobile devices to access data, and who supports and manages those mobile devices that access data. > Determine if an overarching Mobile Device Security Policy exists. > Assess existing policies and procedures that guide the procurement, use, support, and management of mobile devices. > Advise departments on creating supplementary mobile device security practices as needed. > Asses formalized training and awareness programs that inform mobile device users of the risks involved and their personal responsibilities when accessing information. 40
41 Mobile Device Framework Sample Data Confidential Restricted Internal Use Web & Apps Institution Owned Devices Institution Owned Device Practices & Mobile Device Management People Public Personally Owned Device Practices Personally Owned Devices 41
42 Polling Question #4 What area of the mobile device framework will be the most challenging to audit/review at your institution? A. Data B. Websites & Applications C. Devices D. People (e.g., policies) 42
43 Resources 43
44 ISACA Mobile Computing Security Audit/Assurance Program What is it? Work program to execute a controls review of mobile computing Focused in two areas: planning and scoping, security Also includes a framework for control maturity assessment How to use it? Use as a base work program to conduct a controls review of your mobile device environment Challenges to IA Access to data how to audit personal devices More policy controls over technical controls Publisher ISACA ( Center/Research/ResearchDeliverables/Pages/Mobile-Computing- Security-Audit-Assurance-Program.aspx) 44
45 ISO What is it? Requirements for information security management system PDCA process based model Establish, Implement, Monitor, Improve It aims toward the preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved Management standard, so organizations can be certified How to use it? Understand the process requirements contained within the standard and map to your organization s requirements for incident management Challenges to IA It doesn t guarantee that a company is secure Limited applicability to application changes Not to be confused with ISO Publisher International Organization for Standardization ( 45
46 Resources > BankInfoSecurity, BYOD: Get Ahead of the Risk, Intel CISO: Policy, Accountability Created Positive Results, January 2012 > Digital Services Advisory Group and Federal Chief Information Officers Council, Bring Your Own Device, A Toolkit to Support Federal Agencies Implementing Bring Your Own Device (BYOD) Programs, August 2012 > Gartner, Magic Quadrant for Mobile Device Management, May 2012 > Gartner, Gartner Says Consumerization Will Drive At Least Four Mobile Management Styles, November
47 Resources > National Institute of Standards and Technology, Special Publication Revision 1 (Draft), Guidelines for Managing and Securing Mobile Devices in the Enterprise, July 2012 > National Institute of Standards and Technology, Special Publication , Guidelines on Security and Privacy in Public Cloud Computing, December
48 Upcoming Webinars Joint webinar with URMIA May 2013 Cyber Auditing Data Privacy Legislation / Regulatory Update + Cyber Risk June
49 ACUA MidYear ACUA MidYear Conference April 7-10, 2013 Renaissance Seattle Hotel Seattle, Washington Registration closes March 15 Register TODAY! acua.org 49
50 Resources ACUA > Promoting Internal Audit: > Listserv: > Forums: Baker Tilly > 50
51 Presenter Contact Info Thank you for participating today! Remember CPE certificates will be ed to you by ACUA Headquarters in about three weeks. Mike Cullen Stephanie Marino
52 Required disclosure and Circular 230 Prominent Disclosure The information provided here is of a general nature and is not intended to address the specific circumstances of any individual or entity. In specific circumstances, the services of a professional should be sought. Pursuant to the rules of professional conduct set forth in Circular 230, as promulgated by the United States Department of the Treasury, nothing contained in this communication was intended or written to be used by any taxpayer for the purpose of avoiding penalties that may be imposed on the taxpayer by the Internal Revenue Service, and it cannot be used by any taxpayer for such purpose. No one, without our express prior written permission, may use or refer to any tax advice in this communication in promoting, marketing, or recommending a partnership or other entity, investment plan or arrangement to any other party. Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International Baker Tilly Virchow Krause, LLP. 52
03/06/2014. Bring Your Own Device: A Framework for Audit. Acknowledgement
Bring Your Own Device: A Framework for Audit Emily A Knopp, CPA, CISA Audit Director Angelo State University, Member of Texas Tech University System March 6, 2014 Texas Association of College of University
More informationA framework for auditing mobile devices
A framework for auditing mobile devices Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. 2010 Baker Tilly Virchow Krause, LLP
More informationWebEx guide. > Everyone is muted to avoid background noise. Please use the chat box if you need to communicate with the host.
WebEx guide > Everyone is muted to avoid background noise. Please use the chat box if you need to communicate with the host. > Asking questions: In the chat screen, ask questions by choosing All Panelists
More informationONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014
ONE DEVICE TO RULE THEM ALL! 1993 2013 1 AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014 2 1 AGENDA Mobile Devices / Smart Devices Implementation Models Risks & Threats Audit Program
More informationConducting a System Implementation Risk Review at Higher Education Institutions
Conducting a System Implementation Risk Review at Higher Education Institutions October 23, 2013 1 Webinar moderator Justin T. Noble ACUA Distance Learning Chairman 2 Your presenters Mike Cullen, Senior
More informationHow can all higher education auditors use IT, both as general knowledge and with an IT. Baker Tilly Virchow Krause, LLP Use IT to Your Advantage
Use IT to Your Advantage How can all higher education auditors use IT, both as general knowledge and with an IT specialist, to perform better audits? 1 Webinar Moderator Phil Hurd ACUA President 2 Your
More informationHot Topics in IT. CUAV Conference May 2012
Hot Topics in IT CUAV Conference May 2012 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.
More informationWELCOME TO SECURE360 2013
WELCOME TO SECURE360 2013 Don t forget to pick up your Certificate of Attendance at the end of each day. Please complete the Session Survey front and back, and leave it on your seat. Are you tweeting?
More informationMobile Device Security Is there an app for that?
Mobile Device Security Is there an app for that? Session Objectives. The security risks associated with mobile devices. Current UC policies and guidelines designed to mitigate these risks. An approach
More informationAuditing your institution's cybersecurity incident/breach response plan. Baker Tilly Virchow Krause, LLP
Auditing your institution's cybersecurity incident/breach response plan Objectives > Provide an overview of incident/breach response plans and their intended benefits > Describe regulatory/legal requirements
More informationUnderstanding changes to the Trust Services Principles for SOC 2 reporting
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding changes to the Trust Services Principles for SOC 2 reporting
More informationJim Donaldson, M.S., MPA, CHC, CIPP/US, CISSP. Director of Compliance, Chief Privacy and Information Security Officer. Pensacola, Florida
2015 SCCE Compliance & Ethics Institute Wednesday, October 7, 2015 (10:00 11:45) Session W14 Bring Your Own Device(BYOD) They are here and they are not going away. Understanding the benefits, risks, and
More informationGuideline on Safe BYOD Management
CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version
More informationLaptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice
Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice Agenda Learning objectives for this session Fundamentals of Mobile device use and correlation to HIPAA compliance HIPAA
More informationProtect Your Privates
Protect Your Privates Session 502 June 10, 2014 1:45 PM IASA 86 TH ANNUAL EDUCATIONAL CONFERENCE & BUSINESS SHOW Agenda Introductions Objectives Overview of Privacy Laws and Regulations Recent Breaches
More informationBaker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding SOC 3
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding SOC 3 Agenda 1) A brief perspective on where SOC 3 originated
More informationDeveloping a Policy for Bring Your Own Device. Report to the Joint Legislative Oversight Committee on Information Technology
Developing a Policy for Bring Your Own Device Report to the Joint Legislative Oversight Committee on Information Technology Chris Estes State Chief Information Officer Office of Information Technology
More informationMobile Device Security and Audit
Mobile Device Security and Audit ISACA Chapter Meeting February 2012 Alex Stamps Manager Security & Privacy Services Deloitte & Touche LLP astamps@deloitte.com Session Objectives Define mobile devices
More informationBest practices and insight to protect your firm today against tomorrow s cybersecurity breach
Best practices and insight to protect your firm today against tomorrow s cybersecurity breach July 8, 2015 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently
More informationBring Your Own Device Policy
Bring Your Own Device Policy Purpose of this Document This document describes acceptable use pertaining to using your own device whilst accessing University systems and services. This document will be
More informationInformation Security Awareness Training
Information Security Awareness Training Presenter: William F. Slater, III M.S., MBA, PMP, CISSP, CISA, ISO 27002 1 Agenda Why are we doing this? Objectives What is Information Security? What is Information
More informationEncyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.
Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted. Administrative Awareness Case Study: Government Offices Certification and Accreditation:
More informationConstruction auditing: Continuous monitoring of active construction projects
Construction auditing: Continuous monitoring of active construction projects Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.
More informationHIPAA Compliance: Are you prepared for the new regulatory changes?
HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed
More informationMobile Medical Devices and BYOD: Latest Legal Threat for Providers
Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and
More informationAuditing the Security and Management of Smart Devices. ISACA Dallas Meeting February 13, 2014
Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Auditing the Security and Management of Smart Devices ISACA Dallas Meeting
More informationIT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014
IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security
More informationSetting BYOD Policy: A New Partnership for IT and HR
Introduction As the line between office and home life continues to blur, employees increasingly rely on their own smartphones, tablets, and laptop computers for work-related tasks. Today, more than 70
More informationBYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012
BYOD and Mobile Device Security Shirley Erp, CISSP CISA November 28, 2012 Session is currently being recorded, and will be available on our website at http://www.utsystem.edu/compliance/swcacademy.html.
More informationVision on Mobile Security and BYOD BYOD Seminar
Vision on Mobile Security and BYOD BYOD Seminar Brussel, 25 september 2012 Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl +31 610 999 199 1
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance IT Governance Policy Mergers and Acquisitions Policy Terms and Definitions Policy 164.308 12.4 12.5 EDM01 EDM02 EDM03 Information Security Privacy Policy Securing Information Systems Policy
More informationSetting BYOD Policy: A New Partnership for IT and HR
Introduction As the line between office and home life continues to blur, employees increasingly rely on their own smartphones, tablets, and laptop computers for work-related tasks. Today, more than 70
More informationInformation Security Program Management Standard
State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES
More informationtrends and audit considerations
Bring your own device (BYOD) trends and audit considerations SIFMA IT audit session 4 October 2012 Disclaimer Ernst & Young refers to the global organization of member firms of Ernst & Young Global Limited,
More informationUniversity of Oregon Information Technology Risk Assessment. December 2, 2015
December 2, 2015 Table of Contents EXECUTIVE SUMMARY... 3 BACKGROUND... 3 APPROACH... 4 IT UNITS... 5 NOTED STRENGTHS... 5 THEMES... 6 IT RISKS... 11 IT RISKS DESCRIPTIONS... 12 APPENDIX A: BAKER TILLY
More informationThe BYOD Challenge. Noel A. Nazario Senior Manager, Ernst & Young. ISACA NCAC Emerging Technology Conference 20 November 2012
The BYOD Challenge Noel A. Nazario Senior Manager, Ernst & Young ISACA NCAC Emerging Technology Conference 20 November 2012 Disclaimer The methods and approaches discussed are intellectual property of
More informationINFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc.
INFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc. Copyright 2016 Table of Contents INSTRUCTIONS TO VENDORS 3 VENDOR COMPLIANCE PROGRAM OVERVIEW 4 VENDOR COMPLIANCE
More informationManaging Mobile Device Security
Managing Mobile Device Security Kathy Downing, MA, RHIA, CHPS, PMP AHIMA Director Practice Excellence Objectives Understand how HIPAA and HITECH apply to mobile devices. Understand the oversight needed
More informationCloud Computing TODAY S TOPICS WHAT IS CLOUD COMPUTING? ICAC Webinar Cloud Computing September 4, 2012. What Cloud Computing is and How it Works
Cloud Computing TODAY S TOPICS What Cloud Computing is and How it Works Security & Privacy Issues Investigative Challenges WHAT IS CLOUD COMPUTING? Cloud computing refers to software or processes offered
More informationFeature. Leveraging and Securing the Bring Your Own Device and Technology Approach
Feature Gaurav Priyadarshi, CISA, BS 25999 LI, ISO 27001 LA, ITIL V3, is a senior security consultant at TATA Consultancy Services, a leading IT service company with worldwide experience in the information
More informationInformation Security It s Everyone s Responsibility
Information Security It s Everyone s Responsibility The University of Texas at Dallas Information Security Office (ISO) Purpose of Training Information generated, used, and/or owned by UTD has value. Because
More informationConsumerization. Managing the BYOD trend successfully. Harish Krishnan, General Manager, Wipro Mobility Solutions WWW.WIPRO.COM
Consumerization Managing the BYOD trend successfully WWW.WIPRO.COM Harish Krishnan, General Manager, Wipro Mobility Solutions Employees dictate IT Enterprises across the world are giving in to the Consumerization
More informationplantemoran.com What School Personnel Administrators Need to know
plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of
More informationInformation Security Program CHARTER
State of Louisiana Information Security Program CHARTER Date Published: 12, 09, 2015 Contents Executive Sponsors... 3 Program Owner... 3 Introduction... 4 Statewide Information Security Strategy... 4 Information
More informationIntel Enhanced Data Security Assessment Form
Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationThe Hunt for Fraud. September 25, 2014. Seminar / Training. September 26, 2014
BYOD and Securing Mobile Devices September 25, 2014 The Hunt for Fraud September 26, 2014 Seminar / Training Central Arkansas Chapter Information Systems Audit and Control Association, Arkansas Division
More informationEmerging threats for the healthcare industry: The BYOD. By Luca Sambucci www.deepsecurity.us
Emerging threats for the healthcare industry: The BYOD Revolution By Luca Sambucci www.deepsecurity.us Copyright 2013 Emerging threats for the healthcare industry: The BYOD REVOLUTION Copyright 2013 Luca
More informationUTH~ihltli. December 11, 2014. Report on Institutional Use of Cloud Computing #14-204
-- UTH~ihltli The University of Texas Health Science Center at Houston Office of Auditing & Advisory Services December 11, 2014 Report on Institutional Use of Cloud Computing #14-204 We have completed
More informationHIPAA Security Rule Changes and Impacts
HIPAA Security Rule Changes and Impacts Susan A. Miller, JD Tony Brooks, CISA, CRISC HIPAA in a HITECH WORLD American Health Lawyers Association March 22, 2013 Baltimore, MD Agenda I. Introduction II.
More informationMaaSter Microsoft Ecosystem Management with MaaS360. Chuck Brown Jimmy Tsang www.maas360.com
MaaSter Microsoft Ecosystem Management with MaaS360 Chuck Brown Jimmy Tsang www.maas360.com Introductions Chuck Brown Product Management IBM MaaS360 Jimmy Tsang Director of Product Marketing IBM MaaS360
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More informationChapter 7: Trends in technology impacting SDLC... 2 7.1 Learning objective... 2 7.1 Introduction... 2 7.2 Technology Trends... 2 7.2.
Chapter 7: Trends in technology impacting SDLC... 2 7.1 Learning objective... 2 7.1 Introduction... 2 7.2 Technology Trends... 2 7.2.1 Virtualization... 2 Characteristics of virtualizations affecting SDLC...
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationTom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell
Tom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell Mobile Mobile Mobile Devices in the CU Environ Mobile Banking Risks and Reward Tom Schauer ü Since 1986 ü TrustCC Founded TrustCC in 2001 ü
More information08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview
Data protection and compliance In the cloud and in your data center 1 November 2013 Agenda 1 Introduction 2 Data protection overview 3 Understanding the cloud 4 Where do I start? 5 Wrap-up Page 2 Data
More informationMobile Security BYOD and Consumer Apps
Mobile Security BYOD and Consumer Apps Adam Shnider, Managing Director, Coalfire October 16, 2012 Agenda I. The Mobile World - Trends I. Mobile devices - threats and risks I. BYOD Security Top Five I.
More informationMobile Computing: A Study of Internal Auditors Awareness. 2013 Research Committee
Mobile Computing: A Study of Internal Auditors Awareness 2013 Research Committee Table of Contents INTRODUCTION... 3 MOBILE COMPUTING... 4 LITERATURE REVIEW... 4 DEFINITION... 4 MOBILE DEVICE TYPES AND
More informationMobile Device Security Risks and RemediaAon Approaches
Mobile Device Security Risks and RemediaAon Approaches Raj Chaudhary, Principal, Crowe Horwath LLP In- Depth Seminars D11 CRISC CGEIT CISM CISA Informal Poll What is your Atle/role? Internal Audit IT Audit
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationThe Importance of Organizing Your SJSU Information Assets
Standard: Asset Control Page 1 Executive Summary The Asset Control Standard defines the requirements for controlling and ensuring all SJSU computing hardware, software, and confidential assets are identified,
More informationCOMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING
COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY STANDARD Name Of Standard: Mobile Device Standard Domain: Security Date Issued: 09/07/2012 Date Revised:
More informationRisks and Rewards of the Internet of Things. Findings From ISACA s 2013 IT Risk/Reward Barometer
Risks and Rewards of the Internet of Things Findings From ISACA s 2013 IT Risk/Reward Barometer The world is increasingly being populated by connected devices that collect and share information over the
More informationBYOD Strategies: Chapter I
Building Bring-Your-Own-Device (BYOD) Strategies This is the first part in a series designed to help organizations develop their BYOD (bring-your-own-device) strategies for personally-owned smartphones
More informationMitigating Bring Your Own Device (BYOD) Risk for Organisations
Mitigating Bring Your Own Device (BYOD) Risk for Organisations Harness the benefits and mitigate the risks of BYOD espiongroup.com Executive Summary Mobile devices such as smart phones, tablets, or laptops
More informationConstruction Fraud: Stories from the Field
Construction Fraud: Stories from the Field Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. 2010 Baker Tilly Virchow Krause,
More informationBYOD: End-to-End Security
BYOD: End-to-End Security Alen Lo MBA(CUHK), BSc(HKU), CISA, CCP, CISSP, CISM, CEH IRCA Certified ISMS Lead Auditor, itsmf ISO 20000 Auditor Principal Consultant i-totalsecurity Consulting Limited alenlo@n2nsecurity.com
More informationJoint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security- Perspective for Management Information Security Management Program Concept
More informationBRING YOUR OWN DEVICE
BRING YOUR OWN DEVICE Legal Analysis & Practical TIPs for an effective BYOD corporate Policy CONTENTS 1. What is BYOD? 2. Benefits and risks of BYOD in Europe 3. BYOD and existing Policies 4. Legal issues
More informationCloud Storage Policy (Draft for consultation)
(Draft for consultation) Please note that this draft is under consultation with stakeholders in colleges and university services, before refinement and approval by the appropriate University Committee.
More informationMobile Device Deployments-The Security Dangers of Technology on the Go
Mobile Device Deployments-The Security Dangers of Technology on the Go Presented by Mark Bell, PMP, CISSP, CISA, CHSS OM03 Friday, 10/25/2013 3:45 PM - 5:00 PM Mobile Device Deployments Is Your Organization
More informationMobile Device Security
Mobile Device Security Presented by Kelly Wilson Manager of Information Security, LCF Research New Mexico Health Information Collaborative (NMHIC) and the New Mexico Health Information Technology Regional
More informationIT TECHNOLOGY ACCESS POLICY
IT TECHNOLOGY ACCESS POLICY Effective Date May 19, 2016 Cross- Reference 1. IT Access Control and User Access Management Policy Responsibility Director, Information 2. IT Acceptable Use Policy Technology
More informationMobile Security & BYOD Policy
Mobile Security & BYOD Policy Sarkis Daglian Assistant Manager, Desktop Support Office of Information Technology Isaac Straley UCI Information Security Officer Office of Information Technology Speakers
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationOverview of the HIPAA Security Rule
Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this
More informationIndustry Trends An Introduction to Security Breach Prevention, BYOD, & ERP System Implementation
Industry Trends An Introduction to Security Breach Prevention, BYOD, & ERP System Implementation The Central Florida Chapter of The Florida Government Finance Officers Association 2/7/2014 K. Adam Glover,
More informationINFORMATION SECURITY FOR YOUR AGENCY
INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationBring Your Own Device Mobile Security
Abstract Energized by the capability of consumer mobile devices employees demanded them in the workplace. Information technology organizations had neither the time nor budget to satisfy employee demands.
More informationData Protection: From PKI to Virtualization & Cloud
Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security
More informationwww.pwchk.com Bring Your Own Device (BYOD) & Customer Data Protection Are You Ready?
www.pwchk.com Bring Your Own Device (BYOD) & Customer Data Protection Are You Ready? Why is this important to you? Background Enterprise mobility through Bring-Your-Own-Device (BYOD) has been around for
More informationDevice Independence - BYOD -
Charting Our Future Device Independence - BYOD - BYOD: Bring your own device to work day What is BYOD? BYOD (Bring Your Own Device) As distinguished from BYOC (Bring Your Own Computer); or BYOT (Bring
More informationAcceptable Use Guidelines
Attachment to the Computer and Information Security and Information Management Policies Acceptable Use Guidelines NZQA Quality Management System Supporting Document Purpose These Acceptable Use Guidelines
More informationSecurity Transcends Technology
INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. Career Enhancement and Support Strategies for Information Security Professionals Paul Wang, MSc, CISA, CISSP Paul.Wang@ch.pwc.com
More informationCorporate Mobile Policy Template
Updated July 2011 Three major changes have occurred over the past 18 months that require updates to your organization s mobile policy. These changes include widespread adoption of tablet devices, changes
More informationTop. Reasons Federal Government Agencies Select kiteworks by Accellion
Top 10 Reasons Federal Government Agencies Select kiteworks by Accellion Accellion Government Customers Include: Top 10 Reasons Federal Government Agencies Select kiteworks Accellion provides government
More informationUtility consulting. > > Operate as a quasi-standalone business with its own profit center > > Focus solely on internal customers
Shared services utility accounting How using a service company approach can help with cost allocations for multiple utility departments Cost allocations can strain a relationship Cost allocations are a
More informationAsset Management In A Consumerized World
Asset Management In A Consumerized World Generously sponsored by: August 28, 2012 Start Time: 9 AM US Pacific, Noon US Eastern, 5 pm London Welcome Conference Moderator Allan Wall ISSA Web Conference Committee
More informationPNC is a registered mark of The PNC Financial Services Group, Inc.( PNC ) 2013 The PNC Financial Services Group, Inc. All rights reserved.
The seminar and/or webinar and materials that you will view were prepared for general information purposes only by Baker Tilly and are not intended as legal, tax or accounting advice or as recommendations
More informationCompilation of Results of a Pilot Survey of Cybersecurity Practices of Small and Mid Sized Investment Adviser Firms
Compilation of Results of a Pilot Survey of Cybersecurity Practices of Small and Mid Sized Investment Adviser Firms September 2014 rth American Securities Administrators Association www.nasaa.org About
More informationHybrid Cloud Identity and Access Management Challenges
Hybrid Cloud Identity and Access Management Challenges Intro: Timothy P. McAliley timothy.mcaliley@microsoft.com Microsoft Premier Field Engineer, SQL Server, Washington, DC CISA, CISM, CISSP, ITIL V3,
More informationBYOD File Sharing - Go Private Cloud to Mitigate Data Risks. Whitepaper BYOD File Sharing Go Private Cloud to Mitigate Data Risks
BYOD File Sharing - Go Private Cloud to Mitigate Data Risks An Accellion Whitepaper BYOD File Sharing Go Private Cloud to Mitigate Data Risks Executive Summary The consumerization of IT and the popularity
More informationSmall Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.
Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Topics: Explain why it is important for firms of all sizes to address cybersecurity risk. Demonstrate awareness
More informationmicros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.
micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) Revision 8.0 August, 2013 1 Table of Contents Overview /Standards: I. Information Security Policy/Standards Preface...5 I.1 Purpose....5
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationSYNCSHIELD FEATURES. Preset a certain task to be executed. specific time.
SYNCSHIELD FEATURES This document describes the diversity of SyncShield features. Please note that many of the features require a certain platform version, often earlier software versions do not support
More informationHands on, field experiences with BYOD. BYOD Seminar
Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl
More information2014. All Rights Reserved. Information and Communications Technology
Defense-in-Depth has Become Extinct or Information Security in the Post-Enterprise World BSides Ottawa 2014 Dr. Lawrence G Dobranski P.Eng. Director ICT Security University of Saskatchewan 1 The University
More information10 best practice suggestions for common smartphone threats
10 best practice suggestions for common smartphone threats Jeff R Fawcett Dell SecureWorks Security Practice Executive M Brandon Swain Dell SecureWorks Security Practice Executive When using your Bluetooth
More information