ONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014
|
|
- Barrie Kelly
- 8 years ago
- Views:
Transcription
1 ONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2,
2 AGENDA Mobile Devices / Smart Devices Implementation Models Risks & Threats Audit Program Q&A Resources 3 WHAT ARE MOBILE DEVICES TODAY? Primary features: Wireless network interface for internet access. Local built-in (non-removable) data storage. Operating system that is not a full-fledged desktop/laptop operating system. Apps available through multiple methods. Built-in features for synchronizing local data. Optional features: Wireless personal area network interfaces (e.g., Bluetooth). Cellular network interfaces. GPS (Global Positioning System) Digital camera. Microphone. Storage SP
3 WHAT ARE MOBILE/SMART DEVICES? 5 MICHIGAN S ENVIRONMENT 6 3
4 BENEFITS OF MOBILE DEVICES Increased workforce productivity. Improved customer service. Improved turnaround times for problem resolution. Increased business process efficiency. Employee retention. In 2014 the average number of connected devices per knowledge worker will reach an average of 3.3 devices - Cisco 7 IMPLEMENTATION MODELS Traditional Bring Your Own Device (BYOD) Corporately Owned, Personally Enabled (COPE) 8 4
5 BYOD TRENDING WITH USERS 9 BYOD TRENDING WITH EMPLOYERS BYOD in the Enterprise-A Holistic Approach, ISACA JOURNAL, Volume 1,
6 BYOD ISACA IMPLEMENTATION CONSIDERATIONS The key word for BYOD implementation is LIMIT: LIMIT number of supported device models to the most secure ones. LIMIT number of users which are allowed to BYOD. LIMIT number of applications and data available for BYOD. 11 MOBILE THREATS/RISKS Lack of User Knowledge Malicious Apps Data Leakage 12 6
7 LACK OF USER KNOWLEDGE SECURING THE DEVICE 9 in 10 Americans use their smartphones for work. 40% don t password protect their smartphones. 51% of Americans connect to unsecured wireless networks on their smartphone. 48% don t disable Bluetooth discoverable mode. CISCO 2013 Study 13 LACK OF USER KNOWLEDGE THREAT ANALYSIS 14 7
8 MALICIOUS APPS WHAT S TRENDING? GAO September 2012 Report found that: Mobile malware grew by 155% in out of 10 Android owners are likely to encounter a threat on their device each year as of And it just keeps growing!!! 15 MALICIOUS APPS WHAT CAN THEY DO? Once your device has been infected, attackers can: send location, send contact info, send and read SMS messages, place phone calls, silently download files, open the browser and more
9 MALICIOUS APPS WHAT ARE THEY DOING? SYMANTEC Internet Security Threat Report MALICIOUS APPS WHEN GOOD APPS GO BAD 1) A legitimate developer creates an application. 3) A malicious developer repackages the application with a malware. 5) A user downloads the application containing the malware. 2 The developer uploads the application to a website. 4) The malicious developer uploads the application to a third-party app store where users can download it for free. 6) The malicious developer can control the phone remotely and access the user's sensitive information including address book, s, text messages, location, files, and also place calls. Better Implementation of Controls for Mobile Devices Should Be Encouraged [GAO ] page
10 MALICIOUS APPS CAN YOU TRUST YOUR APP STORE? Aug 28, 2014 Microsoft Removes 1,500 Fake Apps From Windows Store 19 MALICIOUS APPS Android APPS WEBROOT - Mobile Threat Report
11 MALICIOUS APPS ios (Apple) APPS WEBROOT - Mobile Threat Report MICHIGAN S ENVIRONMENT 22 11
12 MICHIGAN S ENVIRONMENT 23 The fundamental issue underlying protecting information on mobile devices is data leakage. DATA LEAKAGE ITS ALL ABOUT THE DATA If users didn t copy sensitive information to their phones, laptops, thumb drives, and other devices, controlling for breaches would be much simpler
13 REGULATORY COMPLIANCE Health Insurance Portability and Accountability Act (HIPAA) Payment Card Industry Data Security Standards (PCI-DSS) Freedom of Information Act (FOIA) Privacy Laws 25 MOBILE SECURITY SOLUTIONS Mobile Device Management Systems (MDM) Enterprise Sandbox Mobile Antivirus Secure Browser Data Loss Prevention (DLP) 26 13
14 MDM SYSTEMS MONITOR AND CONTROL Example of MaaS360 Dashboard 27 MDM SYSTEMS UNDERSTAND YOUR ENVIRONMENT Example of MaaS360 Reports 28 14
15 MICHIGAN S ENVIRONMENT 29 MOBILE DEVICE SECURITY AUDIT WOULD YOU LIKE TO TAKE A SURVEY? Validate MDM Data Device make/model Operating system version Understand the Environment How devices are used Who owns the devices What data is accessed and stored on devices Sent to all Mobile Device users (~10,000 in total) 50% started, 43% finished 30 15
16 MOBILE DEVICE SECURITY AUDIT TELL ME HOW YOU REALLY FEEL 31 MOBILE DEVICE SECURITY AUDIT Audit Objectives: To assess the effectiveness of DTMB's efforts to establish a governance structure and provide guidance regarding mobile device security. To assess the effectiveness of DTMB s efforts to design, implement, and enforce the secure configuration of mobile devices. To assess the effectiveness of DTMB's efforts to ensure that only authorized devices access the State's information technology resources
17 AUDIT PROGRAMS ISACA Mobile Computing Security Audit/Assurance Program (2010) BYOD Audit /Assurance Program (2012) SANS Mobile Device Security Checklist CIS ios & Android Benchmarks 33 AUDIT PROGRAMS ISACA Mobile Security: Policies Risk Management Device Management Training Access Controls Stored Data Malware Avoidance Secure Transmission BYOD: Policies Risk Management Device Management Training Device Layer Security Legal Tech. & User Support Governance 34 17
18 POLICIES Audit Objective: Policies have been defined and implemented to assure protection of enterprise assets. Policy Definition Control: Policies have been defined to support a controlled implementation of mobile devices. 35 RISK MANAGEMENT Audit Objective: Management processes assure that risks associated with mobile computing are thoroughly evaluated and that mobile security risk is minimized. Risk Assessments Control: Risk assessments are performed prior to implementation of new mobile security devices, and a continuous risk monitoring program evaluates changes in or new risks associated with mobile computing devices. Risk Assessment Governance Control: The executive sponsor is actively involved in the risk management of mobile devices
19 DEVICE MANAGEMENT Audit Objective 1: Mobile devices are managed and secured according to the risk of enterprise data loss. Tracking Control: Mobile devices containing sensitive enterprise data are managed and administered centrally Audit Objective 2: Mobile devices are managed and secured according to the risk of enterprise data loss. Provisioning/De-provisioning Control: Mobile devices containing sensitive enterprise data are set up for each user according to their job description and managed as their job function changes or they are terminated. 37 TRAINING Audit Objective: Employees and contractors utilizing enterprise equipment or receiving or transmitting enterprise sensitive information receive initial and ongoing training relevant to the technology assigned to them. Mobile Computing Awareness Training Control: Mobile computing awareness training is ongoing and is based on the sensitive nature of the mobile computing devices assigned to the employee or contractor Audit Objective: Employees and contractors utilizing enterprise equipment or receiving or transmitting enterprise sensitive information receive initial and ongoing training relevant to the technology assigned to them. Mobile Computing Awareness Governance Control: Mobile computing awareness includes processes for management feedback to understand the usage and risks identified by device users
20 ACCESS CONTROLS Audit Objective: Access control is assigned to and managed for mobile security devices according to their risk of enterprise data loss. Access Control: Access control rules are established for each mobile device type, and the control characteristics address the risk of data loss. 39 STORED DATA Audit Objective: Access control is assigned to and managed for mobile security devices according to their risk of enterprise data loss. Encryption Control: Encryption technology protects enterprise data on mobile devices and is administered centrally to prevent the loss of information due to bypassing encryption procedures or loss of data due to misplaced encryption keys
21 STORED DATA Audit Objective: Access control is assigned to and managed for mobile security devices according to their risk of enterprise data loss. Data Transfer Control: Data transfer policies are established that define the types of data that may be transferred to mobile devices and the access controls required to protected sensitive data Audit Objective: Access control is assigned to and managed for mobile security devices according to their risk of enterprise data loss. Data Retention Control: Data retention polices are defined for mobile devices and are monitored and aligned with enterprise data retention policies, and data retention is executed according to policy. 41 MALWARE AVOIDANCE Audit Objective: Mobile computing will not be disrupted by malware nor will mobile devices introduce malware into the enterprise. Malware Technology Control: Malware prevention software has been implemented according to device risk
22 SECURE TRANSMISSION Audit Objective: Sensitive enterprise data are protected from unauthorized access during transmission. Secure Connections Control: Virtual private network (VPN), Internet Protocol Security (IPSec), and other secure transmission technologies are implemented for devices receiving and/or transmitting sensitive enterprise data. 43 BYOD AUDIT PROGRAM WHY OH WHY DIDN T I TAKE THE BLUE PILL? Legal Audit Objective: BYOD procedures comply with legal requirements and minimize the organization s exposure to legal actions. Tech. & User Support Audit Objective: A help desk or similar support function has been established to process technical and user issues. Governance Audit Objective: BYOD is subject to oversight and monitoring by management
23 POTENTIAL AUDIT ISSUES IDENTIFIED Governance Structure Roles & Responsibilities Policies & Procedures Device Configuration Encryption Password requirements Patch Management MDM Enrollment Inventory Decentralized 45 Questions C. Robert Kern II, C.I.S.A. Principal IT Audit Supervisor State of Michigan Office of the Auditor General 201 N Washington Sq Suite 600 Lansing, MI (517) ext rkern@audgen.michigan.gov 46 23
24 RESOURCES BankInfoSecurity, BYOD: Get Ahead of the Risk, Intel CISO: Policy, Accountability Created Positive Results, January 2012 Center for Internet Security (CIS) Apple ios 6 Benchmark v1.0.0 Center for Internet Security (CIS) Apple ios 7 Benchmark v Center for Internet Security (CIS) Google Android 2.3 Benchmark v RESOURCES Center for Internet Security (CIS) Google Android 4 Benchmark v Digital Services Advisory Group and Federal Chief Information Officers Council, Bring Your Own Device, A Toolkit to Support Federal Agencies Implementing Bring Your Own Device (BYOD) Programs, August 2012 Gartner, Gartner Says Consumerization Will Drive At Least Four Mobile Management Styles, November 2011 Gartner, Magic Quadrant for Mobile Device Management, May
25 RESOURCES ISACA BYOD audit/assurance program ISACA esymposium BYOD Opportunities and Risks Securing Mobile Devices and Remote Access Technology in your Enterprise ISACA Mobile Computing Security Audit/Assurance Program (Oct 2010) ISACA Securing mobile devices using COBIT 5 for information security 49 RESOURCES ISACA Securing Mobile Devices White Paper Marble Security National Institute of Standards and Technology, Special Publication Revision 1 (Draft), Guidelines for Managing and Securing Mobile Devices in the Enterprise, July 2012 National Institute of Standards and Technology, Special Publication , Guidelines on Security and Privacy in Public Cloud Computing, December
26 RESOURCES NIST Special Publication : Guidelines on Cell Phone and PDA Security SANS Mobile Device Security Checklist 51 26
A framework for auditing mobile devices
A framework for auditing mobile devices Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. 2010 Baker Tilly Virchow Krause, LLP
More informationMobile Device Security and Audit
Mobile Device Security and Audit ISACA Chapter Meeting February 2012 Alex Stamps Manager Security & Privacy Services Deloitte & Touche LLP astamps@deloitte.com Session Objectives Define mobile devices
More information03/06/2014. Bring Your Own Device: A Framework for Audit. Acknowledgement
Bring Your Own Device: A Framework for Audit Emily A Knopp, CPA, CISA Audit Director Angelo State University, Member of Texas Tech University System March 6, 2014 Texas Association of College of University
More informationHow To Protect Your Organization From Liability From A Cell Phone (For Business)
Bring Your Own Device: A Framework for Audit March 6, 2013 1 Webinar Moderator Phil Hurd ACUA President 2 Your Presenters Mike Cullen, Senior Manager CISA, CISSP, CIPP/US > Leads the firm s Technology
More informationMobile Device Security Is there an app for that?
Mobile Device Security Is there an app for that? Session Objectives. The security risks associated with mobile devices. Current UC policies and guidelines designed to mitigate these risks. An approach
More informationControl Issues and Mobile Devices
Control Issues and Mobile Devices ACC 626 Term Paper Ramandip Kaur June 27, 2014 Page Table of Contents Executive Summary...ii 1.0 Introduction... 1 2.0 Current Trends... 1 2.1 Employee Owned Devices and
More informationAuditing the Security and Management of Smart Devices. ISACA Dallas Meeting February 13, 2014
Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Auditing the Security and Management of Smart Devices ISACA Dallas Meeting
More informationMICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL. Doug A. Ringler, CPA, CIA AUDITOR GENERAL DATA SECURITY USING MOBILE DEVICES PERFORMANCE AUDIT OF
MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT PERFORMANCE AUDIT OF DATA SECURITY USING MOBILE DEVICES DEPARTMENT OF TECHNOLOGY, MANAGEMENT, AND BUDGET January 2015 Doug A. Ringler, CPA, CIA AUDITOR
More informationGuideline on Safe BYOD Management
CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version
More informationCOMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING
COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY STANDARD Name Of Standard: Mobile Device Standard Domain: Security Date Issued: 09/07/2012 Date Revised:
More informationMobile Device Management
1. Introduction Mobile Device Management This document introduces security risks with mobile devices, guidelines for managing the security of mobile devices in the Enterprise, strategies for mitigating
More information{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com
{ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling
More informationChris Boykin VP of Professional Services
5/30/12 Chris Boykin VP of Professional Services Future Com! 20 years! Trusted Advisors! Best of brand partners! Brand name customers! 1000 s of solutions delivered!! 1 5/30/12 insight to the future, bringing
More informationBYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager
BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager 1 AGENDA Mobile Explosion Mobile Trends BYOD Benefits, Challenges and Threats BYOD Security BYOD Strategy
More informationSECURITY OF HANDHELD DEVICES TAKE CONTROL OF THE MOBILE DEVICE
SECURITY OF HANDHELD DEVICES TAKE CONTROL OF THE MOBILE DEVICE Michael CLICK TO Albek EDIT MASTER - SecureDevice SUBTITLE STYLE 2011 Driven by changing trends and increasing globalization, the needs of
More informationAddressing NIST and DOD Requirements for Mobile Device Management (MDM) Essential Capabilities for Secure Mobility. www.maas360.
MaaS360.com > White Paper Addressing NIST and DOD Requirements for Mobile Device Management (MDM) Essential Capabilities for Secure Mobility www.maas360.com 1 Copyright 2014 Fiberlink Communications Corporation.
More informationMobile Security: Controlling Growing Threats with Mobile Device Management
Mobile Security: Controlling Growing Threats with Mobile Device Management As the use of mobile devices continues to grow, so do mobile security threats. Most people use their mobile devices for both work
More informationAddressing NIST and DOD Requirements for Mobile Device Management
Addressing NIST and DOD Requirements for Mobile Device Management Whitepaper 2013 ForeScout Technologies, Inc. All rights reserved. Call Toll-Free: 1.866.377.8771 www.forescout.com Contents 1. OVERVIEW
More informationIf you can't beat them - secure them
If you can't beat them - secure them v1.0 October 2012 Accenture, its logo, and High Performance delivered are trademarks of Accenture. Preface: Mobile adoption New apps deployed in the cloud Allow access
More informationBYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012
BYOD and Mobile Device Security Shirley Erp, CISSP CISA November 28, 2012 Session is currently being recorded, and will be available on our website at http://www.utsystem.edu/compliance/swcacademy.html.
More informationHands on, field experiences with BYOD. BYOD Seminar
Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl
More informationMobile Medical Devices and BYOD: Latest Legal Threat for Providers
Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and
More informationMobile Security: The good, the bad, the way forward
Mobile Security: The good, the bad, the way forward Get the most out of HP s Mobility Protection Services Jan De Clercq, Felix Martin, HP TC, December, 2013 Today s Presenter Name Jan De Clercq Title &
More informationChoosing an MDM Platform
Whitepaper Choosing an MDM Platform Where to Start the Conversation 2 Choosing an MDM Platform: Where to Start the Conversation There are dozens of MDM options on the market, each claiming to do more than
More informationOFFICE OF AUDITS & ADVISORY SERVICES MOBILE DEVICE MANAGEMENT COUNTYWIDE AUDIT FINAL REPORT. County of San Diego Auditor and Controller
County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES MOBILE DEVICE MANAGEMENT COUNTYWIDE AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Audit Manager: Lynne Prizzia, CISA,
More informationBring Your Own Device Policy
Bring Your Own Device Policy Purpose of this Document This document describes acceptable use pertaining to using your own device whilst accessing University systems and services. This document will be
More informationKaspersky Security 10 for Mobile Implementation Guide
Kaspersky Security 10 for Mobile Implementation Guide APPLICATION VERSION: 10.0 MAINTENANCE RELEASE 1 Dear User, Thank you for choosing our product. We hope that you will find this documentation useful
More informationCHOOSING AN MDM PLATFORM
CHOOSING AN MDM PLATFORM Where to Start the Conversation Whitepaper 2 Choosing an MDM Platform: Where to Start the Conversation There are dozens of MDM options on the market, each claiming to do more than
More informationMobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing
Driving Productivity Without Compromising Protection Brian Duckering Mobile Trend Marketing Mobile Device Explosion Paves Way for BYOD 39% 69% 340% 2,170% 2010 177M corp PCs 2015 246M corp PCs 2010 173
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationWhy Email Encryption is Essential to the Safety of Your Business
Why Email Encryption is Essential to the Safety of Your Business What We ll Cover Email is Like a Postcard o The Cost of Unsecured Email 5 Steps to Implement Email Encryption o Know Your Compliance Regulations
More informationRunning Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University
Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1 Awareness of BYOD Security Concerns Benjamin Tillett-Wakeley East Carolina University AWARENESS OF BYOD SECURITY CONCERNS 2 Abstract This paper will
More informationKaspersky Security for Mobile Administrator's Guide
Kaspersky Security for Mobile Administrator's Guide APPLICATION VERSION: 10.0 SERVICE PACK 1 Dear User, Thank you for choosing our product. We hope that you will find this documentation useful and that
More informationMobile First Government
Mobile First Government An analysis of NIST and DISA requirements for the adoption of commercially available mobility platforms by government agencies August 2013 415 East Middlefield Road Mountain View,
More informationSamsung Mobile Security
Samsung Mobile Security offering enhanced core capabilities for enterprise mobility Samsung Enterprise Mobility Enterprise-ready Mobility management for your business Samsung Mobile Security offers enterprise
More informationMobile Device Security and Privacy. Discussion - Planning Considerations for a Successful Mobile Device Program
Mobile Device Security and Privacy Discussion - Planning Considerations for a Successful Mobile Device Program August 2012 Discussion Topics Mobile Device Definition and Characteristics Mobile Device Access
More informationYes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD
STRATEGY ANALYTICS INSIGHT October 2012 Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD By Mark Levitt, Analyst/Director at Strategy Analytics BYOD
More informationLaptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice
Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice Agenda Learning objectives for this session Fundamentals of Mobile device use and correlation to HIPAA compliance HIPAA
More informationMobile Security & BYOD Policy
Mobile Security & BYOD Policy Sarkis Daglian Assistant Manager, Desktop Support Office of Information Technology Isaac Straley UCI Information Security Officer Office of Information Technology Speakers
More informationEndUser Protection. Peter Skondro. Sophos
EndUser Protection Peter Skondro Sophos Agenda Sophos EndUser Solutions Endpoint Usecases Sophos Mobile Solutions Mobile Usecases Endpoint Sophos EndUser Solutions EndUser Protection AV Firewall Application
More information5 Considerations for a Successful BYOD Strategy Vincent Vanbiervliet
5 Considerations for a Successful BYOD Strategy Vincent Vanbiervliet Sr. Sales Engineer 1 What we ll talk about What is BYOD? Mobile Revolution, the Post PC era? BYOD: What to consider 1. Users 2. Devices
More informationEmbracing BYOD. Without Compromising Security or Compliance. Sheldon Hebert SVP Enterprise Accounts, Fixmo. Sheldon.Hebert@fixmo.
Embracing BYOD Without Compromising Security or Compliance The Mobile Risk Management Company Sheldon Hebert SVP Enterprise Accounts, Fixmo Sheldon.Hebert@fixmo.com New Realities of Enterprise Mobility
More informationDell s Five Best Practices for Maximizing Mobility Benefits while Maintaining Compliance with Data Security and Privacy Regulations
Dell s Five Best Practices for Maximizing Mobility Benefits while Maintaining Compliance with Data Security and Privacy Regulations Inside ü Tips for deploying or expanding BYOD programs while remaining
More informationJim Donaldson, M.S., MPA, CHC, CIPP/US, CISSP. Director of Compliance, Chief Privacy and Information Security Officer. Pensacola, Florida
2015 SCCE Compliance & Ethics Institute Wednesday, October 7, 2015 (10:00 11:45) Session W14 Bring Your Own Device(BYOD) They are here and they are not going away. Understanding the benefits, risks, and
More information10 best practice suggestions for common smartphone threats
10 best practice suggestions for common smartphone threats Jeff R Fawcett Dell SecureWorks Security Practice Executive M Brandon Swain Dell SecureWorks Security Practice Executive When using your Bluetooth
More informationMobile Device as a Platform for Assured Identity for the Federal Workforce
Mobile Device as a Platform for Assured Identity for the Federal Workforce Dr. Sarbari Gupta President and CEO, Electrosoft U.S. Army Information Technology Agency (ITA) Security Forum Fort Belvoir Electrosoft
More informationThe Challenges of Implementing a Bring Your Own Device Policy
BYOD The Challenges of Implementing a Bring Your Own Device Policy MARK HARRIS, Ph.D. KAREN PATTEN, Ph.D. UNIVERSITY OF SOUTH CAROLINA SC-GMIS NETWORK & TELECOM WORKSHOP SALUDA SHOALS RIVER CENTER OCTOBER
More informationThe Workplace of the Future and Mobile Device Risk ISACA Pittsburgh. May 20 th, 2013
The Workplace of the Future and Mobile Device Risk ISACA Pittsburgh May 20 th, 2013 Companies are leveraging mobile computing today Three major consumption models: 1. Improving productivity Improving employee
More informationOverview of the HIPAA Security Rule
Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this
More informationBYOD: End-to-End Security
BYOD: End-to-End Security Alen Lo MBA(CUHK), BSc(HKU), CISA, CCP, CISSP, CISM, CEH IRCA Certified ISMS Lead Auditor, itsmf ISO 20000 Auditor Principal Consultant i-totalsecurity Consulting Limited alenlo@n2nsecurity.com
More informationState of South Carolina Policy Guidance and Training
State of South Carolina Policy Guidance and Training Policy Workshop All Agency Mobile Security July 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy Overview: Mobile Security
More informationSymantec Mobile Management 7.2
Scalable, secure, and integrated device management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any previous technology
More informationNorth Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP
Mobile Device Management Risky Business in Healthcare North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP Agenda HIPAA/HITECH & Mobile Devices Breaches Federal
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More informationConducting a Risk Assessment for Mobile Devices
Conducting a Assessment for Mobile Devices May 9, 2012 David Frei Director, Digital/Information Security Specialist The Changing Environment Today s Discussion Available Industry Assessment Models Unique
More informationHIPAA Security Rule Changes and Impacts
HIPAA Security Rule Changes and Impacts Susan A. Miller, JD Tony Brooks, CISA, CRISC HIPAA in a HITECH WORLD American Health Lawyers Association March 22, 2013 Baltimore, MD Agenda I. Introduction II.
More informationHow To Protect The Agency From Hackers On A Cell Phone Or Tablet Device
PRODUCT DESCRIPTION Product Number: 0.0.0 MOBILE DEVICE MANAGEMENT (MDM) Effective Date: Month 00, 0000 Revision Date: Month 00, 0000 Version: 0.0.0 Product Owner: Product Owner s Name Product Manager:
More informationCyber Self Assessment
Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have
More informationSymantec Mobile Management Suite
Symantec Mobile Management Suite One Solution For All Enterprise Mobility Needs Data Sheet: Mobile Security and Management Introduction Most enterprises have multiple mobile initiatives spread across the
More informationEmbracing Complete BYOD Security with MDM and NAC
Embracing Complete BYOD Security with MDM and NAC Clint Adams, CISSP, Director, Mobility Solutions Keith Glynn, CISSP, Sr. Technical Solutions Engineer August 22, 2013 Today s Speakers Clint Adams, CISSP
More informationSymantec Mobile Management 7.1
Scalable, secure, and integrated device management for healthcare Data Sheet: Industry Perspectives Healthcare Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any
More informationInformation Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis
Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University
More informationSupplier Information Security Addendum for GE Restricted Data
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
More informationWhat Is BYOD? Challenges and Opportunities
Wor k s pac es Mobi l i t ysol ut i ons Bl uewi r esol ut i ons www. bl uewi r e. c o. uk What Is BYOD? Challenges and Opportunities What is BYOD How Secure is Your BYOD Environment? Bring your own device
More informationData Security on the Move. Mark Bloemsma, Sr. Sales Engineer Websense
Data Security on the Move Mark Bloemsma, Sr. Sales Engineer Websense Consumerization of IT Fast & disruptive Enables business Increases productivity It s Mine! THE MOBILE ENTERPRISE. TYPES OF DEVICES METHODS
More informationBYOD in the Enterprise
BYOD in the Enterprise MDM. The solution to BYOD? Context Information Security whitepapers@contextis.co.uk October 2013 Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) 207 537 7515
More informationTom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell
Tom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell Mobile Mobile Mobile Devices in the CU Environ Mobile Banking Risks and Reward Tom Schauer ü Since 1986 ü TrustCC Founded TrustCC in 2001 ü
More informationMobile Security and Management Opportunities for Telcos and Service Providers
Mobile Security and Management Opportunities for Telcos and Service Providers Lionel Gonzalez Symantec EMEA Solution architect Mike Gibson Protirus Brice Renaud Orange Business Services ST B03 - Mobile
More informationMobile Devices in Healthcare: Managing Risk. June 2012
Mobile Devices in Healthcare: Managing Risk June 2012 1 Table of Contents Introduction 3 Mobile Device Risks 4 Managing Risks and Complexities 5 Emerging Solutions 7 Conclusion 7 References 8 About the
More informationDevice Independence - BYOD -
Charting Our Future Device Independence - BYOD - BYOD: Bring your own device to work day What is BYOD? BYOD (Bring Your Own Device) As distinguished from BYOC (Bring Your Own Computer); or BYOT (Bring
More informationExactly the Same, but Different
Exactly the Same, but Different 1 Shayne Champion, CISSP, CISA, GSEC, ABCP Program Manager GO Cyber Security TVA v1.0 Agenda Define Mobile Device Security o o Similarities Differences Things you Should
More informationTHEODORA TITONIS VERACODE Vice President Mobile
THEODORA TITONIS VERACODE Vice President Mobile MOBILE SECURITY Increasing Threat MOBILE RISK 64% 34% 47% Companies with no BYOD policy. 3 Companies with no app security program. 4 614% Nearly half of
More informationMaintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com
Maintaining PCI-DSS compliance Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Sessione di Studio Milano, 21 Febbraio 2013 Agenda 1 Maintaining PCI-DSS compliance
More informationProtect Your Mobile World
Protect Your Mobile World Doward Wilkinson Mobile Strategic Trend s May, 2012 1 It is a Fact We Live in a Mobile World People Devices Apps Access Payments Commerc Market e Opportuni At Risk ty 2 In the
More informationIbrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them?
Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com Smartphones and BYOD: what are the risks and how do you manage them? Tablets on the rise 2 Diverse 3 The Changing Mobile World Powerful devices
More informationThe BYOD Challenge. Noel A. Nazario Senior Manager, Ernst & Young. ISACA NCAC Emerging Technology Conference 20 November 2012
The BYOD Challenge Noel A. Nazario Senior Manager, Ernst & Young ISACA NCAC Emerging Technology Conference 20 November 2012 Disclaimer The methods and approaches discussed are intellectual property of
More informationMy CEO wants an ipad now what? Mobile Security for the Enterprise
My CEO wants an ipad now what? Mobile Security for the Enterprise Agenda Introductions Emerging Mobile Trends Mobile Risk Landscape Response Framework Closing Thoughts 2 Introductions Amandeep Lamba Manager
More informationSecurely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com
Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]
More informationHIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY
GOLD EMM SUBSCRIPTIONS Experience the most secure mobility management solution with BES12 and Gold Enterprise Mobility Management (EMM) subscriptions. HIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY
More informationBring Your Own Device: Calling for a Strategy. CHIME College Live 23 April 2014
Bring Your Own Device: Calling for a Strategy CHIME College Live 23 April 2014 Bring Your Own Device (BYOD) Topics» Introductions» Learning Objectives» Business Drivers» Key Strategies» Policy Issues»
More informationBring Your Own Device (BYOD) and Mobile Device Management
Bring Your Own Device (BYOD) and Mobile Device Management Intivix.com (415) 543 1033 PROFESSIONAL IT SERVICES FOR BUSINESSES OF ALL SHAPES AND SIZES People are starting to expect the ability to connect
More informationMobile Device Security in Healthcare
Mobile Device Security in Healthcare June 2015 Ricky Bloomfield, MD Director, Mobile Technology Strategy Assistant Professor, Internal Medicine Pediatrics Duke Medicine Page 1 Page 2 http://www.mhealthnews.com/news/mhealth-apps-arent-passing-test-ims-report-says
More informationBRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT
BRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT www.intivix.com (415) 543 1033 HELP TEAM MEMBERS TO COLLABORATE MORE EASILY FROM ANYWHERE. People are starting to expect the ability to connect
More informationIT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA
IT TRENDS AND FUTURE CONSIDERATIONS Paul Rainbow CPA, CISA, CIA, CISSP, CTGA AGENDA BYOD Cloud Computing PCI Fraud Internet Banking Questions The Mobile Explosion Mobile traffic data in 2011 was nearly
More informationBring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com
Bring Your Own Device (BYOD) and Mobile Device Management tekniqueit.com Bring Your Own Device (BYOD) and Mobile Device Management People are starting to expect the ability to connect to public networks
More informationBYOD and Mobile Device Dependency
BYOD and Mobile Device Dependency Thursday, November 8, 2012 Brian Thomas, CISA, CISSP & Shohn Trojacek, CISSP Brian Thomas, CISA, CISSP Partner, IT Advisory Services at Weaver Provides security, IT audit
More informationKaspersky Security for Mobile
Kaspersky Security for Mobile See. Control. Protect. MOVING TARGETS Mobile devices play a key role in connectivity and productivity. But they also introduce new risks to the business: in the past 12 months
More informationAdams County, Colorado
Colorado Independent Consultants Network, LLC Adams County, Colorado Bring-Your-Own-Device Policy Prepared by: Colorado Independent Consultants Network, LLC Denver, Colorado March 20, 2014 Table of Contents
More informationBring Your Own Device (BYOD) and Mobile Device Management. www.cognoscape.com
Bring Your Own Device (BYOD) and Mobile Device Management www.cognoscape.com Bring Your Own Device (BYOD) and Mobile Device Management People are starting to expect the ability to connect to public networks
More informationThe Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T
The Cost of Insecure Mobile Devices in the Workplace! Sponsored by AT&T Independently conducted by Ponemon Institute LLC Publication Date: March 2014 Part 1. Introduction The Cost of Insecure Mobile Devices
More informationwww.pwchk.com Bring Your Own Device (BYOD) & Customer Data Protection Are You Ready?
www.pwchk.com Bring Your Own Device (BYOD) & Customer Data Protection Are You Ready? Why is this important to you? Background Enterprise mobility through Bring-Your-Own-Device (BYOD) has been around for
More informationMobility Challenges & Trends The Financial Services Point Of View
Mobility Challenges & Trends The Financial Services Point Of View Nikos Theodosiou Cloud Computing Solutions Presales/Marketing Engineer The New World Agenda The Mobile World The Challenges The Solutions
More informationDon t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It
WHITE PAPER: DON T LOSE THE DATA: SIX WAYS YOU MAY BE LOSING........ MOBILE....... DATA......................... Don t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It Who should
More informationIBM United States Software Announcement 215-078, dated February 3, 2015
IBM United States Software Announcement 215-078, dated February 3, 2015 solutions provide a comprehensive, secure, and cloud-based enterprise mobility management platform to protect your devices, apps,
More informationAgenda. BYOD, Texting & Social Media How to Keep BYODFrom Becoming OMG! Introduction: Summit Security Group 2/3/2014
BYOD, Texting & Social Media How to Keep BYODFrom Becoming OMG! Daniel M. Briley, CISSP, CIPP Managing Director Summit Security Group Agenda Introduction BYOD Defined Trends By the Numbers Common Risks
More informationEnabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments
Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments Efficiently and Cost- Effectively Managing Mobility Risks in the Age of IT Consumerization Table of Contents EXECUTIVE
More informationCyber Security. John Leek Chief Strategist
Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity
More informationMulti-OS Enterprise Mobility Management. Perfectly balancing end-user and corporate needs
B U I L T T 0 K E E P Y O U R B U S I N E S S M O V I N G Multi-OS Enterprise Mobility Management Perfectly balancing end-user and corporate needs Enterprise mobility enables organizations to transform
More informationMobile Banking and Bring Your Own Device
2013 CliftonLarsonAllen LLP Mobile Banking and Bring Your Own Device Cyber Security Strategies for Information Technology Risk Management cliftonlarsonallen.com Our perspective CliftonLarsonAllen Started
More information