Control Issues and Mobile Devices
|
|
- Audrey Gaines
- 8 years ago
- Views:
Transcription
1 Control Issues and Mobile Devices ACC 626 Term Paper Ramandip Kaur June 27, 2014 Page
2 Table of Contents Executive Summary...ii 1.0 Introduction Current Trends Employee Owned Devices and BYOD Programs Mobile Device Management Solutions Risks and Recommended Controls Security Risks Lost and Stolen Devices Wireless Transmission Interception Application and Software Risk Malware Application and Software Vulnerabilities Controls for Application and Software Risk General Risks and Controls Platform Management Risk Company Mobile Device Policy Control Frameworks COSO COBIT Mobile Computing Security Audit/Assurance Conclusion Appendixes Appendix I Comparison of Mobile Device Platforms Appendix II Managing Mobile Devices and Relevant Framework Processes Works Cited Page i
3 Executive Summary Mobile devices have transformed the corporate environment in just a matter of a few years. They have done this through allowing for flexibility for employees to work anywhere and anytime with access to company data. Bring your own device (BYOD) programs are a growing trend that have increased employee satisfaction and productivity through allowing employees to use their own devices for work related purposes. However, BYOD programs also pose additional security risks since different operating systems contain unique features and require different safeguards. Mobile device management (MDM) solutions can help manage these risks through their ability to secure and control devices. This report will focus on the security, application and software risks and the related controls of using mobile devices in the workplace. Security risks involve the data loss than can occur when an individual gains unauthorized access to the device. Data loss can transpire through a lost or stolen device, but with strong controls in place such as passwords on devices and encryption of data, this risk can be mitigated. Another security risk involves an unauthorized individual intercepting an unsecured wireless connection. However, this risk can also be managed with controls such as firewalls and encryption of the wireless transmission. There are also application and software risks involved in allowing mobile devices to access corporate data. Mobile malware is a growing concern as malicious software continues to be released in record numbers, most of which target Androids. There are also application and software vulnerabilities which can result in data leaks through malicious attacks. These threats increase the importance of implementing controls such as installing anti-malware software on mobile devices as well as creating an enterprise app store. The usage of employee owned mobile devices at work also increases the importance of assessing different mobile platforms and implementing companywide policies on mobile device use. There are governance and compliance frameworks, such as COSO and COBIT 5, which can be used as guidance for management in establishing controls for information security over mobile devices within a corporate environment. Furthermore, since mobile devices can process, transfer and store corporate data, auditors have to take this into consideration when assessing the risks and controls for a particular company. In order to assist auditors and assurance practitioners with Page ii
4 evaluating mobile devices for audit and assurance purposes, ISACA developed a mobile computing audit/assurance program. The program contains 8 audit/assurance objectives, 12 controls and approximately 54 audit/assurance steps. Page iii
5 1.0 Introduction Mobile devices have exploded into the global market at a rapid pace in recent years. These devices include smartphones, tablets, portable digital assistants (PDAs) and more. By the end of 2013, one in every 5 people in the world owned a smartphone and one in every 17 people owned a tablet. 1 The emergence and popularity of mobile devices have penetrated the corporate environment due to their portability, accessibility and ubiquity. The usage of mobile devices in the workplace provides numerous benefits to the organization such as increased productivity, improved customer service and higher employee engagement. However, there also drawbacks of allowing mobile devices to store and have access to corporate data such as security, application and software risks, which can leave companies vulnerable to various external threats. These risks are further magnified due to the growing popularity of bring your own device (BYOD) programs. Considering the potential damage these threats can have on a company, C-Suite executives need to be aware of the risks and how they can be managed. Implementing the appropriate controls and policies can minimize the risks, while taking full advantage of the benefits mobile devices have to offer. 2.0 Current Trends 2.1 Employee Owned Devices and BYOD Programs Bring your own device (BYOD) programs are becoming an increasingly popular trend in today s business environment due to the benefits of cost savings and increasing connectivity. Forrester Research found that 53% of employees bring their own devices to work and 64% of organizations allow and encourage employee-owned mobile devices to be used for work purposes. 2 A study conducted by Gartner Inc. predicts that by 2017, 50% of employers will require their employees to provide their own device for work. 3 The issues with BYOD programs are the security risks they create since companies do not tend to centrally manage these mobile devices. This allows the devices to become susceptible to various security and software risks. 1 Heggestuen, John. "One In Every 5 People In The World Own A Smartphone, One In Every 17 Own A Tablet." Business Insider., 15 Dec Web. 12 June < 2 "The Rise and Risk of Mobile Devices in the Workplace." Rapid7 (Aug. 2013). Web. 13 June < 3 "Gartner Predicts by 2017, Half of Employers Will Require Employees to Supply Their Own Device for Work Purposes." Gartner., 1 May Web. 12 June < Page 1
6 Rapid7 reported that more than 40% of companies do not implement adequate controls for managing risks related to employees using their devices for accessing and storing corporate data Mobile Device Management Solutions The growing adoption of BYOD programs has increased the attractiveness of implementing mobile device management (MDM) solutions. MDM software is used by the IT department within an enterprise to monitor, manage and secure mobile devices used by employees. According to Gartner, an IT research firm, it is expected that 65% of companies will implement a MDM solution within the next 5 years. 5 Most MDM solutions can be used to support both employee-owned and corporate-owned devices. They also accommodate a number of different mobile operating systems and offer varying levels of support, management, integration and usability. Each MDM tool within a solution handles privacy and data security in different ways. Leading vendors offering MDM solutions include AirWatch, Blackberry, SAP, Symantec and more. 6 A recent trend has been the growth in the number of cloud-based versions of MDM solutions. IBM s MaaS360 is an MDM solution that offers software as a service (SaaS) as well as an on-premise model Risks and Recommended Controls 3.1 Security Risks The risk of an unauthorized individual gaining access to a mobile device that contains sensitive information can result in a huge security breach. The two most prominent security risks are discussed below Lost and Stolen Devices Lost and stolen mobile devices pose the risk of an unauthorized individual gaining access to sensitive data stored on the device as well as corporate data access channels where there is potential for more data loss. It is expected that approximately 22% of all mobile devices will be lost or stolen at one point in their life and 50% of these lost or stolen devices will never be 4 Ibid 5 Lorenc, Kasia. "Mobile Device Management: 2014 Vendors and Comparison Guide." Tom's IT Pro. N.p., 10 June Web. 15 June < 6 Ibid 7 "Cloud Ease." MaaS360. Fiberlink, Web. 14 June < Page 2
7 recovered. 8 With the growing usage of cloud storage and cloud-based file sharing applications, the risk of data leakage increases. A study of The Risk of Regulated Data on Mobile Devices found that a significant number of organizations do not take the proper steps to protect corporate data stored in the cloud and on devices. 9 The study also found that 54% of respondents had an average of five cases of data breaches which included the loss or theft of a device that contained regulated data. 10 Recommended Controls: Strong passwords or PINs on all devices as well as multiple logins when accessing company data, and company apps for added protection. An MDM solution can allow the IT department to track mobile devices and receive a notification in the case that the device is lost or stolen. They can then use remote access to the device to wipe out all company related data from the device. 11 All sensitive company information stored on mobile devices should be encrypted to ensure the data is unreadable. Two-factor authentication system which requires users to use at least two different factors based on something they know, something they have, or something they are. Access to the device will not be granted unless both these factors can be authenticated. 12 Cloud-based security solutions can help manage the risks of data storage in the cloud through enforcing logins as well as monitoring and protecting the device from possible hacks Wireless Transmission Interception Mobile devices are able to connect with other devices and the internet thereby providing hackers with the opportunity to access an unsecured device. This risk is particularly concerning for 8 "Bring Your Own Device." Insights on Governance, Risk and Compliance. Ernst & Young Global Limited, Sept Web. 13 June < _Bring_your_own_device:_mobile_security_and_risk/$FILE/Bring_your_own_device.pdf>. 9 "The Risk of Regulated Data on Mobile Devices & in the Cloud." Ponemon Institute. WatchDox, June Web. 15 June < 10 Ibid 11 Semer, Lance. "Auditing the BYOD Program." The Institute of Internal Auditors, Feb Web. 15 June < 12 Rosenblatt, Seth. "Two-factor Authentication: What You Need to Know (FAQ)." CNET. N.p., 23 May Web. 14 June < 13 "Cloud Security." McAfee. Web. 15 June < Page 3
8 mobile device users who transmit corporate data using their devices. Data loss can occur if an unauthorized individual intercepts the wireless connection when the transmission is not encrypted. If this occurs, it is possible for the hacker to retrieve sensitive information such as login information and even eavesdrop on a Voice over Internet Protocol (VoIP) call. Therefore, the ability to connect to unsecured Wi-Fi connections can lead to a security breach and other consequences which can impact the company s information infrastructure. Recommended Controls: Educate employees to strictly use a corporate secured network for online banking and other activities conducted on mobile devices. Secure the wireless transmission through encryption and require employees to access corporate data only through a secure transmission such as Secure Sockets Layers (SSL), Internet Protocol Security (IPSec) or a Virtual Private Network (VPN). 14 Install a firewall such as AnthaFirewall on mobile devices to provide secure communication with the corporate network system, which can help reduce the risk of security threats. Unauthorized users trying to access the corporate system will be blocked Application and Software Risk As organizations are increasingly allowing employees to bring their own devices to work, application and software risks become more prominent Malware Mobile malware are applications that contain malicious code embedded in them. They are created for the purpose of compromising the security of a device or its data. Although downloaded applications are the most prevalent way malware can infect a mobile device, there are also various other points of access. These include spam, malicious websites, SMS messages and ads. As the number of applications on mobile devices increase, the chance of an application containing malicious code increases. According to the McAfee report, a total of 3.73 million 14 "Unsecured WiFi Network Access." Beta Telelink. Web. 15 June < 15 "How a Mobile Firewall Works." Spam Laws. Web. 15 June < Page 4
9 samples of mobile malware were found in 2013, up 197% from These include viruses, spam, Trojans, spyware and more. Malware is a growing issue with Androids as they account for an astonishing 97% of all mobile malware. 17 Another finding revealed that 92% of the top 500 Android applications carry either a security or privacy risk. 18 In 2013, mobile banking Trojans increased rapidly. These malicious attacks included mobile phishing and theft of credit card information Application and Software Vulnerabilities Application vulnerabilities involve issues in the software of a mobile device that may result in data leakage within the application or assistance provided to cybercriminals for attacking the device. These vulnerabilities can result in compromising the device s security as well as any stored corporate data or to a greater extent, cause an impact to the company s infrastructure. According to Cenzic, 96% of all applications that were tested in 2013 revealed to have at least one security vulnerability. 20 Application vulnerabilities are particularly a concern when the mobile device is not owned or centrally managed by the IT department of the company as the devices do not undergo the appropriate administrative procedures and related controls. Applications developed by the company for the purpose of accessing corporate data can also exhibit weaknesses in its security system. Androids, in particular, are the most popular devices for malicious attacks due to their vulnerabilities. These vulnerabilities are used by cybercriminals to bypass the integrity of the code during the installation of an application, expand the capabilities of a malicious application and make it increasingly difficult to remove malware "McAFee Labs Threats Report." McAfee Web. 16 June < 17 Kelly, Gordon. "Report: 97% Of Mobile Malware Is On Android. This Is The Easy Way You Stay Safe." Forbes. Forbes Magazine, 24 Mar Web. 16 June < 18 Francis, Jeff. "11 Reasons Why Your Company Could Be In Danger (Part 1 of 2)."CopperMobile. 21 Feb Web. 16 June < 19 Ibid 20 "Application Vulnerability Trends Report: 2014." Cenzic Web. 16 June < 21 "Mobile Malware Evolution: 2013." Securelist. Web. 17 June < Page 5
10 3.2.3 Controls for Application and Software Risk Encourage up-to-date operating systems and anti-malware software installed on all mobile devices. Mobile security technology such as Kaspersky Internet Security can be installed to routinely scan the system and protect against viruses, malware and theft. 22 Installation of endpoint security protection software such as those offered by McAfee or Symantec. 23 Only install applications from trusted sources. Third party application stores should not be trusted. Create customized corporate applications which are downloaded from a separate enterprise application store. Building an in-house app store would allow separation between company apps and non-company apps. Applications can be managed through a mobile app management product. Install and regularly perform patch management. This includes scanning for missing security patches, installing the patch and performing remediation to update systems with the latest patches. 24 Ensure that jail broken or rooted devices are not being used as they can remove security features on the device and allow potentially malicious applications to be installed. 3.3 General Risks and Controls There are additional risks and controls for mobile devices that need to be addressed on a company-wide basis Platform Management Risk Different mobile platforms providers offer varying levels of controls over their mobile systems. Each mobile operating system design is based on whether its target audience are consumers or corporate users and this will also help determine which security features are included on the platform. Each platform has different vulnerabilities and these must be considered when deciding 22 Hachman, Mark. "Kaspersky, Six Others Top Malware Removal Tests." PCWorld. 3 Dec Web. 16 June < 23 "Endpoint Security Protection." McAfee. Web. 16 June < 24 Mack, Bernard. "Patch Management Overview, Challenges, and Recommendations." Cisco Blogs. 28 Oct Web. 17 June < Page 6
11 which mobile platform(s) will be supported by the organization. Please refer to Appendix I for a comparison of the three most popular devices used in a corporate environment. Recommended Controls: Companies should enforce and disclose a policy on what level of platform security is required and the acceptable mobile platforms. Evaluate new and developing threats to the different mobile platforms on a continuous basis Company Mobile Device Policy Mobile device policies are becoming increasingly important due to the widespread usage of these devices. An effective mobile device management strategy requires well written and well implemented policies. Issues related to encryption, PINs, remote wiping, remote access and jail breaking should be addressed in the mobile device policies. Enforcing these policies can help divert a company from many potential problems. The mobile device policy should also include a general code of conduct related to user responsibilities. The code of conduct should cover the required physical security, software configuration of the operating system and applications, proper security settings, and reporting of lost or stolen devices. 26 The following table outlines the user responsibilities that should be included in the end user policy. 27 Employee-Owned Devices Purchasing required software that is not already provided by the manufacturer of the device Registration of the device with the vendor as well as with the company s IT department Software updates and patch installation Maintenance of warranty information Data, settings and applications backups Corporate-Owned Devices Software updates installation Reporting of lost or stolen mobile devices as soon as possible 25 "Mobile Device Security." Ernst & Young. Jan Web. 17 June < 26 "Sample Corporate Mobile Device Acceptable Use and Security Policy." Wisegate Web. 17 June < 27 Ibid Page 7
12 Policy Recommendations: Create a secure configuration policy which addresses application and security risks such as data leak prevention, patch management, and malware control. 28 Formation and disclosure of an acceptable mobile device usage policy will help prevent security issues related to mobile devices. Implement a revoke access policy which states that when an employee is no longer with the company, their access to the company network is revoked. 29 Create a BYOD policy which outlines the level of support to be provided by the IT department for devices owned by employees. 30 Other Recommendations: Educate employees on the security risks and make them aware of when they should be updating their firmware. Monitor employees who access and use corporate data on their mobile devices. Employ a mobile device management solution. Perform regular backups of data stored on mobile devices. Cloud-based online services offer automatic backups, which add convenience for employees. 31 Limit the amount of sensitive data transferred to mobile devices, or consider giving employees view-only access. Implement a company social network system and wiki blog, which can help resolve issues employees are having with mobile devices. Separate personal and business use of mobile devices as it leads to higher risk of malware and data loss. 28 Ibid 29 Ibid 30 "How Mobile Device Policies Make IT's Job Easier." Search Consumerization. Web. 16 June < 31 "Cloud-based Online Backups for Your Mobile Device." IDrive. Web. 18 June < Page 8
13 4.0 Control Frameworks Implementing the appropriate compliance and governance frameworks is crucial for mobile devices. The following frameworks are useful for management when developing policies and mitigating the risks related to mobile devices. 4.1 COSO The Sarbanes-Oxley Act of 2002 (SOX), Section 404, requires a management assessment of internal controls. The Committee of Sponsoring Organizations (COSO) became a widely used internal control standard framework for SOX compliance. The emergence of mobile devices and related security issues has an impact on the following COSO components: Control Environment - Mobile devices are a crucial aspect of the control environment and therefore need to be recognized as a component of the control framework by management in an organization. 2. Risk Assessment - An assessment of the risks relevant to mobile devices, such as risk of data loss, should be identified and analyzed. 3. Control Activities - Control activities need to be established to manage the risks that the usage of mobile devices brings to the organization. These include encryption of sensitive data and application of security features on all mobile devices. 4. Information and Communication - Security policies that are set regarding the usage of mobile devices need to be communicated by top management. 5. Monitoring - Regular monitoring of the usage and compliance of mobile devices, 4.2 COBIT 5 including employee-owned devices, with the policy and whether controls over information on the devices are effective. After the passage of SOX, COBIT gained popularity in the enterprise. COBIT 4 was used to govern SOX compliance and was used by auditors although it offered limited guidelines. It lacked the comprehensive coverage of information security which is now covered by COBIT 5. Using the COBIT 5 framework, the risks of using mobile devices can be managed with the application of proper risk management procedures along with the implementation of adequate 32 "SOX, GLB, SB 1386 and Mobile Devices - Are You at Risk for Noncompliance?" Credant Web. 17 June < Page 9
14 security controls. COBIT 5 consists of 5 principles allowing for effective governance and management of enterprise IT and 7 enablers for optimizing information and technology investment. 33 ISACA developed a guide called Securing Mobile Devices Using COBIT 5 for Information Security. The publication is aimed at users of mobile devices including IT administrators, information security managers, IT auditors, mobile device service providers and end users. The application of COBIT 5 to mobile device security is for the purpose of establishing a uniform management framework and providing guidance on planning, implementing and maintaining complete security over mobile devices within a corporate environment. A secondary purpose of COBIT 5 is to provide an overarching framework in regards to embedding security on mobile devices within a corporate governance, risk management and compliance (GRC) strategy. 34 Please refer to Appendix II for the challenges, controls and relevant ISACA framework processes relating to mobile devices. 5.0 Mobile Computing Security Audit/Assurance ISACA developed a mobile computing audit/assurance program tool to be used by IT audit and assurance practitioners. The audit/assurance program is a part of the Information Technology Assurance Framework (ITAF) section 4000 IT Assurance Tools and Techniques. The scope covers mobile devices that are connected to the enterprise network or contain enterprise data. The mobile devices that are in scope include smartphones, laptops and netbooks, PDAs, portable USBs, digital cameras, radio frequency identification (RFID) devices, and infrared-enabled (IrDA) devices. The objective of the mobile computing security audit/assurance program is to: 35 Assess the mobile computing security policies and procedures along with their operating effectiveness and provide the results to management, Identify any deficiencies in internal controls that could potentially impact the company, and 33 "COBIT 5: A Business Framework for the Governance and Management of Enterprise IT."ISACA. Web. 19 June < 34 "Securing Mobile Devices Using COBIT 5 for Information Security." ISACA. Web. 19 June < COBIT-5-for-Information-Security.aspx>. 35 "Mobile Computing Security Audit/Assurance Program." ISACA. Web. 19 June < Audit-Assurance-Program.aspx>. Page 10
15 Identify concerns regarding information security controls that could impact the reliability, accuracy and security of company data caused by weaknesses in mobile computing controls. There are 8 audit/assurance objectives in the mobile computing security audit/assurance program. Under these objectives there are 12 controls and approximately 54 audit/assurance steps. The following table outlines these objectives and controls and offers audit/assurance steps that an auditor would take. 36 Audit/Assurance Objective 1. Mobile computing security policy 2. Risk management of mobile devices Control 1. Policies are defined to support a controlled implementation of mobile devices 2. Risk assessments are performed before implementation of new mobile security devices as well as a risk monitoring program for continuous evaluations of emerging risks with mobile devices Audit/Assurance Steps Determine if: A security policy for mobile devices exists The policy defines the data classification permitted, etc. Determine if: If initial risk assessment is performed for each type of device and subsequent assessment How risk assessment results are to be integrated into the current audit 3. Device management 3. Executive sponsor is actively involved in managing risks of mobile devices 4. Mobile devices that contain sensitive company data are managed and administered centrally 5. Mobile devices containing sensitive company data are set up properly for each user based on job function and managed as their job function changes or they are terminated 4. Access controls 6. Access controls established for each type of mobile device and controls address risk of data loss Determine if executive sponsor reviews risk assessment for devices Determine if: There is an asset management process for tracking devices There are procedures that remotely wipe data stored on lost or stolen devices, etc. Determine if there is a process for provisioning and de-provisioning devices upon hiring, transfer or termination of employees Determine: The access controls for each type of mobile device If access authentication and complexity are appropriate, etc. 36 Stamps, Alex. "Mobile Device Security and Audit." Deloitte. Feb Web. 18 June < Page 11
16 5. Stored data 7. Encryption technology protects company data on devices and is administered centrally 8. Policies on data transfer to mobile devices and access controls to protect sensitive data are established 9. Data retention policies for mobile devices are defined and monitored and aligned with company data retention policies Determine if: Encryption technology is applied to devices Encryption keys are secured and administered centrally, etc. Determine if: Policies and access controls rules are established for data transfer to mobile devices by device type and required access controls to protect data There are monitoring procedures to ensure only authorized data is transferred and access controls are working Determine if: Data retention policy exists for mobile devices Data is destroyed according to policy once retention period expires retention processes are monitored and enforced 6. Malware avoidance 7. Secure transmission 8. Awareness training 10. Malware protection software has been implemented based on device risk 11. Virtual private network (VPN), Internet Protocol Security (IPSec), and other technologies for secure transmission are implemented for devices receiving and/or transmitting sensitive company data 12. Mobile computing awareness training is ongoing and based on sensitive nature of mobile devices and processes for management feedback are in place Determine: That mobile devices are equipped with malware technology That malware technology cannot be disabled, is updated regularly, disc drives are routinely scanned and compliance with malware detection is monitored centrally and managed Determine if: Secure connections are required for specific devices based on data classification and data stored or transmitted to and from devices Controls are present to require use of secure transmission Determine if: Mobile security awareness training programs exist Training programs are revised to reflect current technologies and company policies, etc. Awareness programs address accountability, responsibility and communication with users of devices through management feedback Page 12
17 6.0 Conclusion Mobile devices have provided organizations with numerous benefits such as an increase in productivity, employee commitment and cost savings. However, the usage of mobile devices for work purposes has also introduced many risks, which need to be addressed by a company in order to prevent a potential information security breach from occurring. Companies need to develop and implement IT controls as well as comprehensive policies that can help minimize the threats brought upon by mobile devices. There are also governance and compliance frameworks developed for the purpose of effectively managing controls related to information security in a corporate environment. Audit and assurance practitioners are also impacted by the emergence of mobile devices as they are now expected to be included in the scope of the audit program. It is safe to say that the corporate world will continue to accept and encourage the use of mobile devices in the foreseeable future. Considering the speed at which technology changes, the opportunities for companies to utilize new and emerging devices are endless. Page 13
18 Appendixes Appendix I Comparison of Mobile Device Platforms "Mobile Device Security." Ernst & Young. Jan Web. 17 June < Page 14
19 Appendix II Managing Mobile Devices and Relevant Framework Processes "Managing Mobile Devices and Relevant Framework Processes." ISACA. Web. 18 June < Research.pdf>. Page 15
20 Works Cited "Application Vulnerability Trends Report: 2014." Cenzic Web. 16 June < "Bring Your Own Device." Insights on Governance, Risk and Compliance. Ernst & Young Global Limited, Sept Web. 13 June < _Bring_your_own_device:_mobile_security_and_risk/$FILE/Bring_your_own_device.pdf>. "Cloud Ease." MaaS360. Fiberlink. Web. 14 June < "Cloud-based Online Backups for Your Mobile Device." IDrive. Web. 18 June "Cloud Security." McAfee. Web. 15 June < < "COBIT 5: A Business Framework for the Governance and Management of Enterprise IT." ISACA. Web. 19 June < "Endpoint Security Protection." McAfee. Web. 16 June < Francis, Jeff. "11 Reasons Why Your Company Could Be In Danger (Part 1 of 2)." CopperMobile. 21 Feb Web. 16 June < "Gartner Predicts by 2017, Half of Employers Will Require Employees to Supply Their Own Device for Work Purposes." Gartner. 1 May Web. 12 June < Hachman, Mark. "Kaspersky, Six Others Top Malware Removal Tests." PCWorld. 3 Dec Web. 16 June < Heggestuen, John. "One In Every 5 People In The World Own A Smartphone, One In Every 17 Own A Tablet." Business Insider. 15 Dec Web. 12 June < Page 16
21 "How a Mobile Firewall Works." Spam Laws. Web. 15 June < "How Mobile Device Policies Make IT's Job Easier." Search Consumerization. Web. 16 June < Kelly, Gordon. "Report: 97% Of Mobile Malware Is On Android. This Is The Easy Way You Stay Safe." Forbes. Forbes Magazine, 24 Mar Web. 16 June < Lorenc, Kasia. "Mobile Device Management: 2014 Vendors and Comparison Guide." Tom's IT Pro. 10 June Web. 15 June < Mack, Bernard. "Patch Management Overview, Challenges, and Recommendations." Cisco Blogs. 28 Oct Web. 17 June < "Managing Mobile Devices and Relevant Framework Processes." ISACA. Web. 18 June < Chart-21July2010-Research.pdf>. "McAFee Labs Threats Report." McAfee Web. 16 June < "Mobile Computing Security Audit/Assurance Program." ISACA. Web. 19 June < Center/Research/ResearchDeliverables/Pages/Mobile-Computing-Security-Audit- Assurance-Program.aspx>. "Mobile Device Security." Ernst & Young. Jan Web. 17 June < e-security-devices_au1070.pdf>. "Mobile Malware Evolution: 2013." Securelist. Web. 17 June < 3>. Page 17
22 "The Rise and Risk of Mobile Devices in the Workplace." Rapid7. Aug Web. 13 June < "The Risk of Regulated Data on Mobile Devices & in the Cloud." Ponemon Institute. WatchDox, June Web. 15 June < f>. Rosenblatt, Seth. "Two-factor Authentication: What You Need to Know (FAQ)." CNET. 23 May Web. 14 June < "Sample Corporate Mobile Device Acceptable Use and Security Policy." Wisegate Web. 17 June < "Securing Mobile Devices Using COBIT 5 for Information Security." ISACA. Web. 19 June < Center/Research/ResearchDeliverables/Pages/Securing-Mobile-Devices-Using- COBIT-5-for-Information-Security.aspx>. "Securing Mobile Devices Using COBIT 5 for Information Security." ISACA. Web. 19 June < Center/Research/ResearchDeliverables/Pages/Securing-Mobile-Devices-Using- COBIT-5-for-Information-Security.aspx>. Semer, Lance. "Auditing the BYOD Program." The Institute of Internal Auditors, Feb Web. 15 June < Semer, Lance. "Auditing the BYOD Program." The Institute of Internal Auditors, Feb Web. 15 June < "SOX, GLB, SB 1386 and Mobile Devices - Are You at Risk for Noncompliance?" Credant Web. 17 June < Compliance%20White%20Paper.pdf>. Stamps, Alex. "Mobile Device Security and Audit." Deloitte. Feb Web. 18 June < Page 18
23 omaha.webs.com/deloitte%20mobile%20device%20security%20isaca%20pres%2 0(Final).pdf>. "Unsecured WiFi Network Access." Beta Telelink. Web. 15 June < Page 19
Mobile Device Security and Audit
Mobile Device Security and Audit ISACA Chapter Meeting February 2012 Alex Stamps Manager Security & Privacy Services Deloitte & Touche LLP astamps@deloitte.com Session Objectives Define mobile devices
More informationONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014
ONE DEVICE TO RULE THEM ALL! 1993 2013 1 AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014 2 1 AGENDA Mobile Devices / Smart Devices Implementation Models Risks & Threats Audit Program
More informationBYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager
BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager 1 AGENDA Mobile Explosion Mobile Trends BYOD Benefits, Challenges and Threats BYOD Security BYOD Strategy
More informationGuideline on Safe BYOD Management
CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version
More informationMobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to Health Information Risks vary based on the mobile device and its use. Some risks include:
More informationMobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to to Health Mobile Information Devices: Risks to Health Information Risks vary based on the
More informationMy CEO wants an ipad now what? Mobile Security for the Enterprise
My CEO wants an ipad now what? Mobile Security for the Enterprise Agenda Introductions Emerging Mobile Trends Mobile Risk Landscape Response Framework Closing Thoughts 2 Introductions Amandeep Lamba Manager
More informationHow to Secure Your Environment
End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge
More informationSamsung Mobile Security
Samsung Mobile Security offering enhanced core capabilities for enterprise mobility Samsung Enterprise Mobility Enterprise-ready Mobility management for your business Samsung Mobile Security offers enterprise
More informationData Protection Act 1998. Bring your own device (BYOD)
Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...
More informationMobile Device Management
1. Introduction Mobile Device Management This document introduces security risks with mobile devices, guidelines for managing the security of mobile devices in the Enterprise, strategies for mitigating
More informationKaspersky Security for Mobile
Kaspersky Security for Mobile See. Control. Protect. MOVING TARGETS Mobile devices play a key role in connectivity and productivity. But they also introduce new risks to the business: in the past 12 months
More informationMobile Computing: A Study of Internal Auditors Awareness. 2013 Research Committee
Mobile Computing: A Study of Internal Auditors Awareness 2013 Research Committee Table of Contents INTRODUCTION... 3 MOBILE COMPUTING... 4 LITERATURE REVIEW... 4 DEFINITION... 4 MOBILE DEVICE TYPES AND
More informationSECURING TODAY S MOBILE WORKFORCE
WHITE PAPER SECURING TODAY S MOBILE WORKFORCE Connect, Secure, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2011, Juniper Networks, Inc. Table
More informationWhy Email Encryption is Essential to the Safety of Your Business
Why Email Encryption is Essential to the Safety of Your Business What We ll Cover Email is Like a Postcard o The Cost of Unsecured Email 5 Steps to Implement Email Encryption o Know Your Compliance Regulations
More informationMobile Device Security Information for IT Managers
Mobile Device Security Information for IT Managers July 2012 Disclaimer: This paper is intended as a general guide only. To the extent permitted by law, the Australian Government makes no representations
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationIbrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them?
Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com Smartphones and BYOD: what are the risks and how do you manage them? Tablets on the rise 2 Diverse 3 The Changing Mobile World Powerful devices
More informationSecuring mobile devices in the business environment
IBM Global Technology Services Thought Leadership White Paper October 2011 Securing mobile devices in the business environment By I-Lung Kao, Global Strategist, IBM Security Services 2 Securing mobile
More informationMobile Devices in Healthcare: Managing Risk. June 2012
Mobile Devices in Healthcare: Managing Risk June 2012 1 Table of Contents Introduction 3 Mobile Device Risks 4 Managing Risks and Complexities 5 Emerging Solutions 7 Conclusion 7 References 8 About the
More informationSECURITY OF HANDHELD DEVICES TAKE CONTROL OF THE MOBILE DEVICE
SECURITY OF HANDHELD DEVICES TAKE CONTROL OF THE MOBILE DEVICE Michael CLICK TO Albek EDIT MASTER - SecureDevice SUBTITLE STYLE 2011 Driven by changing trends and increasing globalization, the needs of
More information{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com
{ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationMobile Medical Devices and BYOD: Latest Legal Threat for Providers
Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and
More informationUse Bring-Your-Own-Device Programs Securely
Use Bring-Your-Own-Device Programs Securely By Dale Gonzalez December 2012 Bring-your-own-device (BYOD) programs, which allow employees to use their personal smartphones, tablets and laptops in and out
More informationMobility, Security Concerns, and Avoidance
By Jorge García, Technology Evaluation Centers Technology Evaluation Centers Mobile Challenges: An Overview Data drives business today, as IT managers and security executives face enormous pressure to
More informationChris Boykin VP of Professional Services
5/30/12 Chris Boykin VP of Professional Services Future Com! 20 years! Trusted Advisors! Best of brand partners! Brand name customers! 1000 s of solutions delivered!! 1 5/30/12 insight to the future, bringing
More informationHealthcare IT Compliance Service. Services > Overview MaaS360 Healthcare IT Compliance Service
Services > Overview MaaS360 Ensure Technical Safeguards for EPHI are Working Monitor firewalls, anti-virus packages, data encryption solutions, VPN clients and other security applications to ensure that
More information10 Quick Tips to Mobile Security
10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22
More informationA number of factors contribute to the diminished regard for security:
TrendLabs Enterprises cite security as their number one concern with regard to consumerization. During the actual execution of a consumerization strategy, however, IT groups find that the increasing demand
More informationInsert Partner logo here. Financial Mobility Balancing Security and Success
Financial Mobility Balancing Security and Success Copyright 2012 Fiberlink Communications Corporation. All rights reserved. This document contains proprietary and confidential information of Fiberlink.
More informationBYOD THE SMALL BUSINESS GUIDE TO BRING YOUR OWN DEVICE
BYOD THE SMALL BUSINESS GUIDE TO BRING YOUR OWN DEVICE INTRODUCTION The technological revolution has made us dependent on our mobile devices, whether we re at home, in the office, on the go or anywhere
More informationSECURING ENTERPRISE NETWORK 3 LAYER APPROACH FOR BYOD
SECURING ENTERPRISE NETWORK 3 LAYER APPROACH FOR BYOD www.wipro.com Table of Contents Executive Summary 03 Introduction 03 Challanges 04 Solution 05 Three Layered Approach to secure BYOD 06 Conclusion
More informationIntroduction. Purpose. Reference. Applicability. HIPAA Policy 7.1. Safeguards to Protect the Privacy of PHI
Office of Regulatory Compliance 13001 E. 17 th Place, Suite W1124 Mail Stop F497 Aurora, CO 80045 Main Office: 303-724-1010 Main Fax: 303-724-1019 HIPAA Policy 7.1 Title: Source: Prepared by: Approved
More informationCyber Self Assessment
Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have
More informationNorth Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP
Mobile Device Management Risky Business in Healthcare North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP Agenda HIPAA/HITECH & Mobile Devices Breaches Federal
More informationPULSE SECURE FOR GOOGLE ANDROID
DATASHEET PULSE SECURE FOR GOOGLE ANDROID Product Overview In addition to enabling network and resource access for corporate managed mobile devices, many enterprises are implementing a Bring Your Own Device
More information10 best practice suggestions for common smartphone threats
10 best practice suggestions for common smartphone threats Jeff R Fawcett Dell SecureWorks Security Practice Executive M Brandon Swain Dell SecureWorks Security Practice Executive When using your Bluetooth
More informationCOMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING
COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY STANDARD Name Of Standard: Mobile Device Standard Domain: Security Date Issued: 09/07/2012 Date Revised:
More informationFeature List for Kaspersky Security for Mobile
Feature List for Kaspersky Security for Mobile Contents Overview... 2 Simplified Centralized Deployment... 2 Mobile Anti-Malware... 3 Anti-Theft / Content Security... Error! Bookmark not defined. Compliance
More informationThe Workplace of the Future and Mobile Device Risk ISACA Pittsburgh. May 20 th, 2013
The Workplace of the Future and Mobile Device Risk ISACA Pittsburgh May 20 th, 2013 Companies are leveraging mobile computing today Three major consumption models: 1. Improving productivity Improving employee
More informationSeven Tips for Securing Mobile Workers
Seven Tips for Securing Mobile Workers Sponsored by Sophos Published by Ponemon Institute LLC Ponemon Institute Research Report Seven Tips for Securing Mobile Workers Ponemon Institute, May 2011 Part 1.
More informationWhat Is BYOD? Challenges and Opportunities
Wor k s pac es Mobi l i t ysol ut i ons Bl uewi r esol ut i ons www. bl uewi r e. c o. uk What Is BYOD? Challenges and Opportunities What is BYOD How Secure is Your BYOD Environment? Bring your own device
More informationCyber Security. John Leek Chief Strategist
Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity
More informationHands on, field experiences with BYOD. BYOD Seminar
Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl
More informationHow To Protect Your Mobile Devices From Security Threats
Back to the Future: Securing your Unwired Enterprise By Manoj Kumar Kunta, Global Practice Leader - Security Back to the Future: Securing your Unwired Enterprise The advent of smartphones and tablets has
More informationIT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA
IT TRENDS AND FUTURE CONSIDERATIONS Paul Rainbow CPA, CISA, CIA, CISSP, CTGA AGENDA BYOD Cloud Computing PCI Fraud Internet Banking Questions The Mobile Explosion Mobile traffic data in 2011 was nearly
More informationExtending Compliance to the Mobile Workforce. www.maas360.com
Extending Compliance to the Mobile Workforce www.maas360.com 1 Copyright 2014 Fiberlink Communications Corporation. All rights reserved. This document contains proprietary and confidential information
More informationReadiness Assessments: Vital to Secure Mobility
White Paper Readiness Assessments: Vital to Secure Mobility What You Will Learn Mobile devices have been proven to increase employee productivity and job satisfaction, but can also pose significant threats
More informationBLACKJACKING: SECURITY THREATS TO BLACKBERRY DEVICES, PDAS, AND CELL PHONES IN THE ENTERPRISE
BLACKJACKING: SECURITY THREATS TO BLACKBERRY DEVICES, PDAS, AND CELL PHONES IN THE ENTERPRISE About the Author. Acknowledgments. Introduction. Chapter 1 Understanding the Threats. Quantifying the Threat.
More informationPCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst. 2010. Page 1 of 7 www.ecfirst.com
Policy/Procedure Description PCI DSS Policies Install and Maintain a Firewall Configuration to Protect Cardholder Data Establish Firewall and Router Configuration Standards Build a Firewall Configuration
More informationCodeproof Mobile Security & SaaS MDM Platform
Codeproof Mobile Security & SaaS MDM Platform info@codeproof.com https://codeproof.com Mobile devices have been transformed into multi-faceted, multi-tasking, multimedia tools for personal expression,
More informationA number of factors contribute to the diminished regard for security:
TrendLabs Enterprises cite security as their number one concern with regard to consumerization. During the actual execution of a consumerization strategy, however, IT groups find that the increasing demand
More informationBYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012
BYOD and Mobile Device Security Shirley Erp, CISSP CISA November 28, 2012 Session is currently being recorded, and will be available on our website at http://www.utsystem.edu/compliance/swcacademy.html.
More informationtrends and audit considerations
Bring your own device (BYOD) trends and audit considerations SIFMA IT audit session 4 October 2012 Disclaimer Ernst & Young refers to the global organization of member firms of Ernst & Young Global Limited,
More informationIntroducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS.! Guyton Thorne! Sr. Manager System Engineering! guyton.thorne@kaspersky.com
Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS! Guyton Thorne! Sr. Manager System Engineering! guyton.thorne@kaspersky.com 1 Business drivers and their impact on IT AGILITY! Move fast, be nimble
More informationWhite Paper. Data Security. The Top Threat Facing Enterprises Today
White Paper Data Security The Top Threat Facing Enterprises Today CONTENTS Introduction Vulnerabilities of Mobile Devices Alarming State of Mobile Insecurity Security Best Practices What if a Device is
More informationAgenda. John Veldhuis, Sophos The playing field Threats Mobile Device Management. Pagina 2
Mobile Security Agenda John Veldhuis, Sophos The playing field Threats Mobile Device Management Pagina 2 The Changing Mobile World Powerful devices Access everywhere Mixed ownership User in charge Powerful
More informationRunning Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University
Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1 Awareness of BYOD Security Concerns Benjamin Tillett-Wakeley East Carolina University AWARENESS OF BYOD SECURITY CONCERNS 2 Abstract This paper will
More informationThe Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T
The Cost of Insecure Mobile Devices in the Workplace! Sponsored by AT&T Independently conducted by Ponemon Institute LLC Publication Date: March 2014 Part 1. Introduction The Cost of Insecure Mobile Devices
More informationDon t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It
WHITE PAPER: DON T LOSE THE DATA: SIX WAYS YOU MAY BE LOSING........ MOBILE....... DATA......................... Don t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It Who should
More informationEnabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments
Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments Efficiently and Cost- Effectively Managing Mobility Risks in the Age of IT Consumerization Table of Contents EXECUTIVE
More informationMobile Device Security Is there an app for that?
Mobile Device Security Is there an app for that? Session Objectives. The security risks associated with mobile devices. Current UC policies and guidelines designed to mitigate these risks. An approach
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationINFORMATION SECURITY FOR YOUR AGENCY
INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection
More informationMobile Workforce. Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite.
White Paper Securing Today s Mobile Workforce Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite Copyright 2012, Juniper Networks, Inc. 1 Table
More informationWHITE PAPER. The CIO s guide. management
WHITE PAPER The CIO s guide to building a mobile device management strategy and how to execute on it Executive Summary The explosive growth of employee mobility is driving the rapid adoption of mobile
More informationPCI DSS Requirements - Security Controls and Processes
1. Build and maintain a secure network 1.1 Establish firewall and router configuration standards that formalize testing whenever configurations change; that identify all connections to cardholder data
More informationEmbracing BYOD. Without Compromising Security or Compliance. Sheldon Hebert SVP Enterprise Accounts, Fixmo. Sheldon.Hebert@fixmo.
Embracing BYOD Without Compromising Security or Compliance The Mobile Risk Management Company Sheldon Hebert SVP Enterprise Accounts, Fixmo Sheldon.Hebert@fixmo.com New Realities of Enterprise Mobility
More informationModule 1: Facilitated e-learning
Module 1: Facilitated e-learning CHAPTER 3: OVERVIEW OF CLOUD COMPUTING AND MOBILE CLOUDING: CHALLENGES AND OPPORTUNITIES FOR CAs... 3 PART 1: CLOUD AND MOBILE COMPUTING... 3 Learning Objectives... 3 1.1
More informationBring Your Own Device Mobile Security
Abstract Energized by the capability of consumer mobile devices employees demanded them in the workplace. Information technology organizations had neither the time nor budget to satisfy employee demands.
More informationDeploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite
WHITE PAPER Mobile Device Security in the Enterprise Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite Copyright 2010, Juniper Networks, Inc. Table of Contents
More information2012 NCSA / Symantec. National Small Business Study
2012 NCSA / Symantec National Small Business Study National Cyber Security Alliance Symantec JZ Analytics October 2012 Methodology and Sample Characteristics JZ Analytics was commissioned by the National
More informationGlobal IT Security Risks: 2012
Global IT Security Risks: 2012 Kaspersky Lab is a leading developer of secure content and threat management solutions and was recently named a Leader in the Gartner Magic Quadrant for Endpoint Protection
More informationEndUser Protection. Peter Skondro. Sophos
EndUser Protection Peter Skondro Sophos Agenda Sophos EndUser Solutions Endpoint Usecases Sophos Mobile Solutions Mobile Usecases Endpoint Sophos EndUser Solutions EndUser Protection AV Firewall Application
More informationMobile Security: Controlling Growing Threats with Mobile Device Management
Mobile Security: Controlling Growing Threats with Mobile Device Management As the use of mobile devices continues to grow, so do mobile security threats. Most people use their mobile devices for both work
More informationBecoming PCI Compliant
Becoming PCI Compliant Jason Brown - brownj52@michigan.gov Enterprise Security Architect Enterprise Architecture Department of Technology, Management and Budget State of Michigan @jasonbrown17 History
More informationBYOD and Mobile Device Dependency
BYOD and Mobile Device Dependency Thursday, November 8, 2012 Brian Thomas, CISA, CISSP & Shohn Trojacek, CISSP Brian Thomas, CISA, CISSP Partner, IT Advisory Services at Weaver Provides security, IT audit
More informationA Guide to Consumerization & Building a BYOD Policy June 2012
INTRODUCTION iphones, ipads, Android-powered devices, and Windows phones have grown into powerful computing platforms, and their use allows enterprise employees to connect to work as never before. These
More informationEMBRACING THE AGE OF MOBILITY
Embracing The Age Of Mobility & The Byod Workplace buzz-worthy acronym or a workplace trend that will eventually fade; it s part of the complete restructuring of the conventional way we ve worked up to
More informationGlobal Corporate IT Security Risks: 2013
Global Corporate IT Security Risks: 2013 May 2013 For Kaspersky Lab, the world s largest private developer of advanced security solutions for home users and corporate IT infrastructures, meeting the needs
More informationMOBILE SECURITY: DON T FENCE ME IN
MOBILE SECURITY: DON T FENCE ME IN Apart from the known and the unknown, what else is there? 18 Harold Pinter, Nobel Prize-winning playwright, screenwriter, director, actor 32 INTRODUCTION AND METHODOLOGY
More informationUse of tablet devices in NHS environments: Good Practice Guideline
Use of Tablet Devices in NHS environments: Good Practice Guidelines Programme NPFIT Document Record ID Key Sub-Prog / Project Technology Office Prog. Director Chris Wilber Status APPROVED Owner James Wood
More informationEmail Compliance in 5 Steps
Email Compliance in 5 Steps Introduction For most businesses, email is a vital communication resource. Used to perform essential business functions, many organizations rely on email to send sensitive confidential
More informationA framework for auditing mobile devices
A framework for auditing mobile devices Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. 2010 Baker Tilly Virchow Krause, LLP
More informationAdams County, Colorado
Colorado Independent Consultants Network, LLC Adams County, Colorado Bring-Your-Own-Device Policy Prepared by: Colorado Independent Consultants Network, LLC Denver, Colorado March 20, 2014 Table of Contents
More informationThe dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more
The dramatic growth in mobile device malware continues to escalate at an ever-accelerating pace. These threats continue to become more sophisticated while the barrier to entry remains low. As specific
More informationIT Resource Management & Mobile Data Protection vs. User Empowerment
Enterprise Mobility Management Buyers Guide IT Resource Management & Mobile Data Protection vs. User Empowerment Business leaders and users are embracing mobility and enjoying the flexibility and productivity
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationUF IT Risk Assessment Standard
UF IT Risk Assessment Standard Authority This standard was enacted by the UF Senior Vice President for Administration and the UF Interim Chief Information Officer on July 10, 2008 [7]. It was approved
More informationHow To Manage A Mobile Device Management (Mdm) Solution
Mobile Device Management Buyers Guide IT departments should be perceived as the lubricant in the machine that powers an organization. BYOD is a great opportunity to make life easier for your users. But
More informationThree Best Practices to Help Enterprises Overcome BYOD Challenges
WHITE PAPER Three Best Practices to Help Enterprises Overcome BYOD Challenges Nearly 80% of white-collar workers in the United States use a mobile device for work and approximately 95% of IT organizations
More informationEasiShare Whitepaper - Empowering Your Mobile Workforce
Accessing files on mobile devices and sharing them with external parties presents serious security risks for companies. However, most current solutions are either too cumbersome or not secure enough for
More informationBOYD- Empowering Users, Not Weakening Security
BOYD- Empowering Users, Not Weakening Security Table of Contents Exec summary... 3 Benefits of BYOD... 4 Threats that BYOD Harbours... 5 Malware... 5 Data Leakage... 5 Lost or Stolen Devices... 5 Public
More informationWHITE PAPER THE CIO S GUIDE TO BUILDING A MOBILE DEVICE MANAGEMENT STRATEGY AND HOW TO EXECUTE ON IT
WHITE PAPER THE CIO S GUIDE TO BUILDING A MOBILE DEVICE MANAGEMENT STRATEGY AND HOW TO EXECUTE ON IT Executive Summary The explosive growth of worker mobility is driving the rapid adoption of mobile devices
More informationENTERPRISE MOBILITY USE CASES AND SOLUTIONS
ENTERPRISE MOBILITY USE CASES AND SOLUTIONS ENTERPRISE MOBILITY USE CASES AND SOLUTIONS Mobility is no longer a trend it s how business gets done. With employees using multiple mobile devices and the availability
More informationWhy you need. McAfee. Multi Acess PARTNER SERVICES
Why you need McAfee Multi Acess PARTNER SERVICES McAfee Multi Access is an online security app that protects all types of devices. All at once. The simple monthly subscription covers up to five devices
More informationIntroduction. PCI DSS Overview
Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure with products such as Network monitoring, Helpdesk management, Application management,
More informationTOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY
TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY An Inside Job Cyberthreats to your business are usually blamed on outsiders nefarious programmers writing malicious code designed to pilfer your
More informationMobile computing. Does your organisation have any safe options? The better the question. The better the answer. The better the world works.
Mobile computing Does your organisation have any safe options? The better the question. The better the answer. The better the world works. The big picture The mobile security risk surface Devices Jailbreak
More information