Slide 1

Slide 2

Slide 3

2

Slide 4

3

Slide 5

4

Slide 6

5

Slide 7

6 Incoming Call: Dad

Slide 8

7

Slide 9

8

Slide 10

9

Slide 11

10 Incoming Call: Justin

Slide 12

11

Slide 13

12

Slide 14

13

Slide 15

14 Incoming Mail: The Boss

Slide 16

15

Slide 17

16

Slide 18

17

Slide 19

18

Slide 20

19

Slide 21

20

Slide 22

21

Slide 23

Salford IT Internal Audit Services A..B..C..D..E.......GYOD Presentation to Housing Technology conference 27th Feb 2014

Slide 24

23 Introductions Steve (PADDY) Clare Principal IT Auditor Gary (MAX) Marland Principal IT Auditor WE ARE THE AUDITORS FROM SALFORD

Slide 25

24 IT Audit Skills Network and application security Vulnerability Assessments/ethical hacking Penetration testing Windows Operating Systems/ UNIX SAP/ ORACLE Website application and development Information Security Management ITIL IT Service Management Prince2 - project management IDEA - data analysis

Slide 26

Salford IT Internal Audit Services A..B..C..D..E.......GYOD Presentation to Housing Technology conference 27th Feb 2014

Slide 27

26 BYOD BUY YOUR OWN DRINK? Alphabet acronym What Why How

Slide 28

27 10 key risks area 1.Strategy/Policy/Etc 2.Ownership 3.Security 4.Anti-Virus 5.Standards 6.Data Loss 7.Social Media et al 8.Vulnerabilities 9.Licensing 10.Portable Media Devices

Slide 29

28 1. Bureaucratic claptrap 1.Strategy 2.Policy 3.Procedures 4.Risk appetite 5.Objectives 6.Responsibilities 7.Dos and donts 8.Consequences 9.Techy understanding 10.Know your audience

Slide 30

29 2. Enthusiastic Amateur 1.Ownership 2.Device control 3.System Administrator 4.Root access

Slide 31

30 3. Max and Paddy Inc 1.Data security 2.Responsibilities 3.Access permissions 4.Monitoring 5.Current patch 6.Up to date Anti Virus 7.Network Access 8.Mobile device management software 9.Lost, stolen, remote wipe 10.Back up plan

Slide 32

31 4. MacAfee v Norton...fight, fight, fight 1.Anti Virus software conflicts 2.Lazy staffing updates 3.Costs

Slide 33

32 5. My way or the highway 1.Standards 2.Device differences 3.Processing speeds 4.Private v Business use 5.Breach of standards 6.Costs 7.Legal issues 8.Monitoring, control....Policing

Slide 34

33 6. Piggy in the Middle 1.Man in the middle attacks 2.Data loss 3.Consequences 4.Unsecure connections

Slide 35

34 7. Its sick this innit 1.Facebook - http://www.telegraph.co.uk/technology/facebook/1 0369934/Facebook-hacked-how-criminals-can- exploit-your-data.html 2.Twitter 3.Instagram - https://viaforensics.com/mobile- security/hacked-your-instagram-account.html 4.You Tube 5.Dropbox - http://www.computerweekly.com/news/224020436 6/Dropbox-can-be-hacked-say-security- researchers 6.Hotmail 7.Linked policy

Slide 36

35 8. C3PO goes mental 1.Android vulnerabilities 2.Windows 3.Apple

Slide 37

36 9. FAST and Furious 1.Licensing 2.Ownership 3.Costs 4.Types of license 5.License monitoring and control 6.Breach 7.Consequences illegal downloads

Slide 38

37 10. U Stupid Boy... USB Storage devices Data Loss Prevention SD card CDs

Slide 39

38 Conclusion Get the strategy right Know the take up Manage the security Agree ownership Agree monitoring and control

Slide 40

39 Contact Details Gary Marland, Principal IT Auditor Telephone 0161 607 6974 Gary.marland@salford.gov.uk Steve Clare, Principal IT Auditor Telephone 0161 607 6976 steve.clare@salford.gvo.uk Salford Internal Audit Services Salford City Council Unity House Swinton Manchester M27 5AW www.salford.gov.uk/acs-audit

Slide 41

40 Any Questions Thoughts Observations Or Confessions

Slide 42

41