Mobile Risk Management

Similar documents
Embracing BYOD. Without Compromising Security or Compliance. Sheldon Hebert SVP Enterprise Accounts, Fixmo.

The Value of Vulnerability Management*

Bell Mobile Device Management (MDM)

Community Chat. MDM Meets Endpoint Mgmt. Justin Strong Sr. Product Marketing Manager

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.

How To Protect Your Mobile Device From Attack

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS.! Guyton Thorne! Sr. Manager System Engineering!

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

AirWatch Enterprise Mobility Management. AirWatch Enterprise Mobility Management

ForeScout MDM Enterprise

The ForeScout Difference

How To Manage A Corporate Device Ownership (Byod) On A Corporate Network (For Employees) On An Iphone Or Ipad Or Ipa (For Non-Usenet) On Your Personal Device

RFI Template for Enterprise MDM Solutions

BEST PRACTICES IN BYOD

Secure Your Mobile Workplace

Information Technology Solutions

BYOD Strategies: Chapter I

How To Protect The Agency From Hackers On A Cell Phone Or Tablet Device

BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager

Insert Partner logo here. Financial Mobility Balancing Security and Success

SECURITY OF HANDHELD DEVICES TAKE CONTROL OF THE MOBILE DEVICE

Mobile Security BYOD and Consumer Apps

Securing BYOD With Network Access Control, a Case Study

BYOD Enabling Technologies

Concierge SIEM Reporting Overview

The Workplace of the Future and Mobile Device Risk ISACA Pittsburgh. May 20 th, 2013

perspective The battle between MDM and MAM: Where MAM fills the gap? Abstract - Payal Patel, Jagdish Vasishtha (Jags)

How to Execute Your Next Generation of Mobile Initiatives. Ian Evans Vice President and Managing Director- EMEA, AirWatch by VMware

How to Successfully Roll Out an Android BYOD Program

Hands on, field experiences with BYOD. BYOD Seminar

Chris Boykin VP of Professional Services

IBM Endpoint Manager for Mobile Devices

Codeproof Mobile Security & SaaS MDM Platform

10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM)

Connect With My Team. in real time RELIABLEFAST FAST M SPEED TEAMCONNECT SURF. Know How Guide to Mobile Device Management PEACE OF MIND SPEED NEW

My CEO wants an ipad now what? Mobile Security for the Enterprise

BEST PRACTICE GUIDE MOBILE DEVICE MANAGEMENT AND MOBILE SECURITY.

Which is the Right EMM: Enterprise Mobility Management. Craig Cohen - President & CEO Adam Karneboge - CTO

11 Best Practices for Mobile Device Management (MDM)

AirWatch Solution Overview

Network Test Labs (NTL) Software Testing Services for igaming

Intelligence Driven Security

Data Security on the Move. Mark Bloemsma, Sr. Sales Engineer Websense

Feature List for Kaspersky Security for Mobile

Consumerization. Managing the BYOD trend successfully. Harish Krishnan, General Manager, Wipro Mobility Solutions

Security and Compliance challenges in Mobile environment

Compliance Management for Mobile Devices

How to make your business more flexible & cost effective? Remote Management & Monitoring Solutions for IT Providers

Guideline on Safe BYOD Management

Mobile Device Security Is there an app for that?

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

IT Self Service and BYOD Markku A Suistola

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

Mobility, Security Concerns, and Avoidance

How To Manage A System Vulnerability Management Program

Multi-OS Enterprise Mobility Management. Perfectly balancing end-user and corporate needs

Kaspersky Security for Mobile

Managing Remote and Mobile Workers Adam Licata, Enterprise Mobility SE, TSO Brian Sheedy, Sr. Principal TEC, Endpoint Management

Identity and Access Management (IAM)

From Rivals to BFF: WAF & VA Unite OWASP The OWASP Foundation

How To Write A Mobile Device Policy

Agenda. John Veldhuis, Sophos The playing field Threats Mobile Device Management. Pagina 2

Delivering Cost Effective IT Services

Introduction Jim Rowland, Senior System Architect and Project Manager Daly

Symantec Mobile Management 7.2

Compliance Rule Sets in MaaS360

IBM United States Software Announcement , dated February 3, 2015

McAfee Enterprise Mobility Management Versus Microsoft Exchange ActiveSync

Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks

An ICS White Paper. Mobile Device Management for the Agile Enterprise

Mobile Workforce. Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite.

Mobile Application Management

MAKING BUSINESS MOBILITY BETTER Best practices for business mobility management

BSM Transformation through CMDB Deployment. Streamlining the Integration of Change and Release Management

Good for Enterprise Good Dynamics

3 Steps to Implementing an Effective BYOD Mobile Security Strategy

The Incident Response Playbook for Android and ios

Separation of Corporate and Personal: Best Practices for Securing Data on Employee-owned Devices

CHECK POINT 3 STEPS TO IMPLEMENTING AN EFFECTIVE BYOD MOBILE SECURITY STRATEGY

Mobile Device Management for CFAES

MDM Mobile Device Management

Keep Calm and Bring Your Own DEVICE. White paper

Oracle Database Security Myths

Special Report. Choosing the right mobile device platform for your business

Endpoint protection for physical and virtual desktops

Symantec Mobile Management 7.1

Cyber Security. John Leek Chief Strategist

Management of Multi-OS Smart Devices Made Simple.

Five Steps to Android Readiness

Business Protection. Personal Privacy. One Device. Enhanced Security for Your Network and Business Intelligence.

Symantec Mobile Management for Configuration Manager 7.2

Mastering the Mobile Challenge

The Challenges Posed by BYOD.

Mobility Challenges & Trends The Financial Services Point Of View

Choosing an MDM Platform

BYOD(evice) without BYOI(nsecurity)

BUSINESS PROTECTION. PERSONAL PRIVACY. ONE DEVICE.

If you can't beat them - secure them

Security and Privacy

The monsters under the bed are real World Tour

Transcription:

Mobile Risk Management Addressing mobile security and compliance through a mobile risk management strategy Dan Ford CSO, Fixmo daniel.ford@fixmo.com @netsecrex

Introduction Hello, my name is Dan Ford And I m the Chief Security Officer at Fixmo Expertise in information security and risk management across public and private sectors, commercial and regulated industries M.S. Information Assurance and Computer Forensics from Capitol College / GWU D.Sc. in IA with a dissertation on Enterprise Smartphone Security

Introduction Agenda at a Glance 1. Information Security Maturity Model and how it relates to mobile device security 2. Mobile Risk Factors and Considerations 3. Fixmo s approach to Mobile Risk Management, best practices and lessons learned Objective: Provide a better understanding of the mobile security landscape and the key considerations for an effective risk management strategy

Information Security Maturity Model Stage-0 Stage-1 Stage-2 Stage-3 Stage-4 Chaos Reactive Compliance Proactive Predictive Ad Hoc Undocumented Unpredictable Minimal IT Operations Firefighter Inventory Alert and event management Software Patching Security Policies defined: PCI, SOX, HIPPA, Gov t Some Standardization Analyze Trends Set thresholds Automate Patching Mature Change Management Risk Awareness Management Policies are living documents Threat Intelligent Tool Leverage Operational Process Engineering Policy Driven Mature Processes and Policies Risk Based Decisions

Mobile Security Maturity Model Stage-0 Stage-1 Stage-2 Stage-3 Stage-4 Chaos Reactive Compliance Proactive Predictive Ad Hoc Undocumented Unpredictable Minimal IT Operations Firefighter Inventory Alert and event management Software Patching Security Policies defined: PCI, SOX, HIPPA, Gov t Some Standardization Analyze Trends Set thresholds Automate Patching Mature Change Management Risk Awareness Management Policies are living documents Threat Intelligent BYOD / ActiveSync Mobile Device Management Proactive DLP & Prevention Data Protection Risk Management

Mobile Risk: Policy

Mobile Risk: Policy Ms Cheah said there are numerous elements that needs to be carefully The BYOD phenomenon has also a myriad of and technical Each organization should seek itscreated own legal advice onlegal how to frame and It would be impossible for any organization to anticipate all of the assessed before deploying an official BYOD policy such as; devicesecurity challenges for enterprises, Hay said. Howand does an enterprise ensure assess liability variances between BYOD traditional mobile programs. liabilities associated with BYOD, but there are steps that health procurement; operational cost in device management and support; back end standard security best practices areliability. enforced without putting severe http://www.banktech.com/channels/232601171?pgno=2 organizations can take to limit their A major step is to createlifecycle a wellinfrastructure capability; software licensing and upgrades; product restrictions on an employee s personally owned device? thought out, documented BYOD policy. management; network bandwidth and connectivity; application accessibility; http://searchsecurity.techtarget.com/news/2240118190/mobile-security-byod-policy-issues-to-trend-at-rsa-2012-analystshttp://www.information-management.com/news/byod-mobile-policy-risk-governance-health-care-10021951-1.html? say funding support; legal ownership and accountability of the device; application zkprintable=true and data etc.http://www.governmentnews.com.au/2012/03/13/article/established-byod-policies-needed/jfpuqjzuul.html

Mobile Risk: Policy Devices

Mobile Risk: Devices & OS s 60% 45% 30% 3Q09 3Q10 3Q11 JAN12 15% 0% Symbian Android ios Blackberry Windows Mobile Linux Other OS 89% of Smartphones purchased in Q411 were Android or ios; 6% were Blackberry.

Mobile Risk: Vulnerabilities Patch Early Patch Often TOTAL CVE 167 TOTAL CVE 65 Patch Always TOTAL CVE 53

Mobile Risk: Policy Devices The Apps

Mobile Risk: The Apps itunes App Store: 500,000 + Apps 25+ billion downloads Android Market: 400,000 + Apps 8+ billion downloads Amazon Store: 31,000+ Apps 1+ million downloads CyFi So easy a 5 th Grader has already done it!

Mobile Risk: Policy Devices The Apps Bad Actors

Mobile Risk: Adversaries Intelligent Bots Packet Forging/Spoofing Expertise Required Sophistication Vulnerability Scanning Password Cracking Sniffers Session Hijacking Self Installing Root Kits Self Replicating Code (WORM) Password Guessing Skill

Mobile Risk: Policy Devices The Apps Bad Actors Passwords

Mobile Risk: Passwords 30.0 22.5 15.0 Average User Netsecrex 7.5 0.0 2003 2007 2011 Apr-16 Number of accounts requiring passwords

About Fixmo Mobile Risk Management (MRM) Mobile security, management, monitoring and reporting to help organizations mitigate their risks and effectively maintain and prove compliance in an auditable fashion Government Heritage Technology Transfer Program (TTP) and CRADA with NSA for tamper detection and mobile risk management Recommended by DoD for BlackBerry and Android deployments required software for STIG compliance Risk and Compliance Focus on risk assessment, compromise detection, data loss prevention, compliance and auditability Next Generation Mobility Designed for emerging risks of mobile computing and the realities of BYOD and the Consumerization of IT

Mobile Risk Management Approach Device-Level Policy Enforcement (MDM) Personal Email, Apps and Data Personal Apps Container-Level Policy Enforcement Corporate Email, Apps and Data Secure Container Compliance Monitoring Risk Assessment Auditable Reporting Device and OS Integrity Monitoring, Compromise Detection, Remediation

SafeZone: Secure Workspace Contained and encrypted corporate workspace with ITmanaged access controls, usage policies and remote commands

Future Direction Predictive, transparent and adaptive risk management and data protection Risk Assessment & Vulnerability Detection Automated risk assessment for quantifying and tracking risk Advanced on-device integrity engine to: Detect and prevent known threats and vulnerabilities Detect state changes that may put the device at risk Centralized risk intelligence and data correlation Advanced Corporate Data Protection Enhanced Auditable Compliance Comprehensive solutions for protecting corporate data: Device-level, container-level and app-level policy controls Integrity-based access controls and policies Corporate data tracking and reporting Adaptive policies with advanced situational awareness Auditable compliance reporting for corporate-owned and BYOD: Continuous monitoring/reporting against compliance rules Detailed forensic data tracking on state of devices, apps, data

Mobile Risk Management Addressing mobile security and compliance through a mobile risk management strategy Thank You! Dan Ford CSO, Fixmo daniel.ford@fixmo.com @netsecrex

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information