Mobile First, Security First!

MOBILE FIRST, SECURITY FIRST!

C H I R A G S H A HD I R E C T O R O F I N F O R M AT I O N S E C U R I T YM O B I L E I R O N

At MobileIron, we are focused on bui lding innovative solutions that enable organizations to embrace Mobile and Cloud solutions to dr ive business efficiency and growth.

CHALLENGES

• Addressing growing/changing regulatory requirements across different regions and line of products (FedRamp/SOC2/SOX/ISO 27K)

• Growing quantity of data/information, and where that data is stored will continue to pose unique privacy/security challenges

• Breaking silos and shifting company culture

• Coordinating security across departments and functionsPEOPLE

PROCESS

TECHNOLOGY

ACCOMPLISHMENTS• Tripwire File Integrity Monitoring (FIM) tool to monitor files changes in our

production environment and meet regulatory compliance requirements.

• Tripwire FIM has the unique, built-in capability to reduce noise by providing multiple ways of determining low-risk change from high-risk change.

• Gave us ability to respond and remove potential human error by integrating with change processes and ticketing systems.

• Flexible support and deployment helped us move quickly in production deployment stage.

• Dashboard and reporting helped us get through audit quickly, and provided appropriate set of compliance reports.

WHY FILE INTEGRITY MONITORING?• Know integrity of cr itical files and

infrastructure immediately

• Provide appropriate reports to auditors; meet regulatory compliance requirements

• Keep our environment secure and convey the “Mobile F irst! Security F irst!” message

APPENDIX

SECURITY FRAMEWORK

1 2 3 4 5

TOP 20 CRITICAL SECURITY CONTROLS

Set Security Goals

Identify assets, systems, networks & functions

Assess Risks (Vulnerabilities, Threats

and security gaps)

Prioritize

Implement Protective Programs

Measure EffectivenessPh

ysic

alCy

ber

Hum

an

THE GOLDEN RULESBUILDING AN EFFECTIVE ENTERPRISE INFORMATION SECURITY PROGRAM

1. D e ve l o p a n e nte r p r i se - w i d e i n fo r m ati o n s e c u r i t y st rate g y an d ga me p la n

2. G e t co r p o rate “ b u y i n ” fo r t he e nte r p r i s e i n fo r m ati o n s e c u r i t y p ro g ra m— effe c ti ve p rog ra ms sta r t at t h e top

3. B u i l d i n fo r m ati on s e c u r i t y i nto t he i n f ra st r u c t u r e o f t h e e nte r pr i s e

4. E sta b l i s h l eve l o f “d u e d i l i g e n ce ” 5. Fo c u s i n i ti a l l y o n m i s s i on /b u s i n e ss ca s e i m p a c t s —b r i n g in

t h re at i n for mati o n o n l y w h e n s p e c i fi c a n d c re d i b l e


6. C re ate a b a l a n ce d i n fo r m ati o n s e c u r i t y p ro g ra m w i t h m a n a ge m e nt , o p e rati o n a l a n d te c h n i ca l s e c u r i t y co nt ro l s

7. E m p l o y a s o l i d fo u n d a ti o n o f s e c u r i t y co nt r o l s fi rst , t h e n b u i l d o n t h at fo u n d ati o n g u i d e d by a n a s s e s s m e nt o f r i s k

8. Avo i d co m p l i cate d a n d ex p e n s i ve r i s k a s s e s s m e nt s t h at re l y o n fl awe d a s s u m pti o n s o r u nve r i fi a b l e d ata

9. H a r d e n t h e ta rget ; p l a c e m u l ti p l e b a r r i e rs b et we e n t h e a d ve rs a r y a n d e nte r p r i s e i n fo r m ati o n syste m s

10. B e a go o d co n s u m e r — b e wa re o f ve n d o rs t r y i n g to s e l l “s i n g l e p o i nt s o l u ti o n s ” fo r e nte r p r i s e s e c u r i t y p ro b l e m s


11. Don’t be overwhelmed with the enormity or complexity of the information security problem—take one step at a time and build on small successes

12. Don’t tolerate indifference to enterprise information security problems

AND FINALLY…

13. Manage enterprise risk—don’t try to avoid it!

Mobile First, Security First!

Technology

Transcript of Mobile First, Security First!