Riskfactorysecuringmobiledevices 151125163809-lva1-app6891
-
Upload
risk-factory -
Category
Technology
-
view
7 -
download
0
Transcript of Riskfactorysecuringmobiledevices 151125163809-lva1-app6891
![Page 1: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/1.jpg)
GETTING A GRIP ON MOBILE DEVICES
![Page 2: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/2.jpg)
Last year thousands of travellers left personal items
in London taxi cabs
![Page 3: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/3.jpg)
27 Toilet Seats
![Page 4: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/4.jpg)
4 Sets of False Teeth
![Page 5: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/5.jpg)
3 Dogs
![Page 6: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/6.jpg)
2 Babies
![Page 7: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/7.jpg)
1 Cat
![Page 8: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/8.jpg)
1 Pheasant
![Page 9: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/9.jpg)
1 Funeral Ashes
![Page 10: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/10.jpg)
Over 50,000 Mobile Computing Devices
![Page 11: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/11.jpg)
Devices Can Hold
10k photos 200k docs
100k emails
![Page 12: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/12.jpg)
10% capacity =
+50m photos +1B docs
+500M emails
LOST
![Page 13: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/13.jpg)
That's a lot of information!
![Page 14: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/14.jpg)
“73% of London businesses surveyed allowed employees to bring their own
device to work for processing commercial information in 2013.”
Poneman Survey February 2014
![Page 15: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/15.jpg)
HOW DO YOU GET A GRIP ON THAT?
![Page 16: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/16.jpg)
BUSINESS CHALLENGES
![Page 17: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/17.jpg)
OUR CHALLENGES
![Page 18: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/18.jpg)
OUR RISKS
![Page 19: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/19.jpg)
HISTORY LESSON
![Page 20: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/20.jpg)
HISTORY 101
![Page 21: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/21.jpg)
WHAT’S YOUR DEFINITION
![Page 22: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/22.jpg)
IS IT DEFINITIVE?
• Copiers• Faxes• Scanners• Telephones• Coffee machines
• Any device with memory capability that can be carried out.
![Page 23: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/23.jpg)
TOP 10 MOBILE RISKS
1. Loss2. Theft3. Malware 4. Stealth installs5. Data interception 6. Direct (P2P) attacks 7. Call hi-jacking8. VPN hi-jacking9. Session hi-jacking10. Device hi-jacking
![Page 24: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/24.jpg)
RISK DU JOUR
![Page 25: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/25.jpg)
HOW DO YOU GET A GRIP ON THAT?
![Page 26: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/26.jpg)
STEP 1
Quantify the Problem• Stop.• First measure the problem• Conduct a survey• How many devices? Running what applications? • Processing, storing, transmitting: what data?• Conduct a threat / risk assessment• Draft Asset Register• Draft Risk Register
![Page 27: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/27.jpg)
WHAT’S THE THREAT
![Page 28: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/28.jpg)
QUANTIFY
If the definition of a threat is the "expressed potential" for a "harmful event" to happen to
your business.
"What mobile device events would be harmful to your business?
![Page 29: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/29.jpg)
THEN WHICH APPLY?
![Page 30: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/30.jpg)
STEP 2
Draft policies • Device ownership• Data ownership• Device liability• Data liability• Acceptable devices• Acceptable use• Acceptable applications & connections• Non-acceptable applications & connections• Minimum device security requirements• Where to report lost/stolen devices
![Page 31: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/31.jpg)
CONSIDER…
• Mandating use of PINs to access devices• Mandating use of complex passwords to access
applications• Set max number of password failures • Set max days of non-use lock out• Specify password change interval• Prevent password reuse via password history• Set screen-lock
![Page 32: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/32.jpg)
STEP 3
Configuration• Firewall• Anti-virus (Malware, Trojans, Spyware)• O/S Updates• Hardening• Passwords & PINs• Back end support servers• VPN dual authentication
![Page 33: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/33.jpg)
CONSIDER…
Adding or removing root certs Configuring WiFi including trusted SSIDs, passwords, etc. Configuring VPN settings and usage Blocking installation of additional apps from the AppStore Blocking GeoLocation Blocking use of the iPhone’s camera Blocking screen captures Blocking use of the iTunes Music Store Blocking use of YouTube Blocking explicit content
![Page 34: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/34.jpg)
![Page 35: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/35.jpg)
STEP 4
Encryption Data Disk Document, File & Folder Laptop Port & Device Controls Removable Media & Device Email
![Page 36: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/36.jpg)
LAYERS Data Base Encryption: Application–level encryption of
data “at rest” in data base. • Disk Encryption: Disk-level encryption for all data on the
logic or physical drive (user files, swap files, system files, page file).
• Document Encryption: Application-level encryption of data in document format (WORD/ Excel, Notebook).
• File & Folder Encryption: Application-level encryption method.
• Client Side Encryption: Application-level encryption method used by servers to encrypt data on a computer that has connected to them.
![Page 37: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/37.jpg)
OPTIONS
Laptop Encryption: Operating system-level encryption method started at boot-up authorisation.
Port & Device Control: Monitor device usage and file transfer activity. Controls access to laptop ports, devices and wireless networks
Removable Media & Device Encryption (USB memory, CD, DVD): Read and write encrypted data on media
Email Encryption: Dual key method securing data in transit from client.
Email Gateway Encryption: Automatic encryption and decryption of sensitive emails between email gateway and receiver.
![Page 38: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/38.jpg)
STEP 5
Incident response Step-by-step Communicated to end users Included in BC/DR Plan Back ups Alternatives:
Find it Track it Kill it
![Page 39: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/39.jpg)
HOW TO GET A GRIP
Quantify the problem policies Configuration Encryption Incident Response
![Page 40: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/40.jpg)
![Page 41: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/41.jpg)
PCI
DPAISO
![Page 42: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/42.jpg)
DPA MOBILE SECURITY
Device security policy Firewall Anti-virus protection O/S routinely updated Latest patches or security updates installed Access restricted on "need to know" principle No password sharing Encryption of personal information held on devices Regular back-ups Wipe data before disposal of device Anti-spyware protection
![Page 43: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/43.jpg)
PCI MOBILE SECURITY
Device user security policy Device labelled and listed on asset register Firewall Dual authentication Encrypted VPN connection Anti-virus protection Anti-spyware protection O/S routinely updated Latest patches or security updates installed Connection subject to testing Access restricted on "need to know" principle No password sharing
![Page 44: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/44.jpg)
ISO MOBILE SECURITY Device user security policy Device labelled and listed on asset register Firewall Dual authentication Encrypted VPN connection Anti-virus protection Anti-spyware protection O/S routinely updated Latest patches or security updates installed Connection subject to testing Access restricted on "need to know" principle Device must be password controlled
![Page 45: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/45.jpg)
MINIMUM CONTROLS
Risk assessments Device user security policy Security awareness training Information asset register Device labelled and listed on asset register Firewall Dual authentication Encrypted VPN connection Anti-virus protection Anti-spyware protection O/S routinely updated & randomly audited Latest patches or security updates installed Device must be password controlled
![Page 46: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/46.jpg)
Sound Familiar?
![Page 47: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/47.jpg)
HISTORY LESSON
Same Issues !
Just need to Take the problem in hand
![Page 48: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/48.jpg)
10 RULES MOBILE SECURITY
1. If Dr. Evil can run his programs on your mobile device its not your mobile device anymore.
2. If Dr. Evil can make changes to your mobile device its not your mobile device any more.
3. If Dr. Evil can upload programs to your network from a mobile device its not your network anymore.
4. If Dr. Evil can access data entering or exiting your mobile device its not your data any more.
5. If Dr. Evil uses your mobile device to launch an attack on another network its your problem.
![Page 49: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/49.jpg)
10 RULES
6. If Dr. Evil can use your mobile device to access your partners network its your problem.
7. If Dr. Evil can physically access your mobile device its not your mobile device anymore.
8. More often than not, Mini-Me works for you.9. Dr. Evil knows where you hide your spare keys. 10. Dr. Evil is always faster and smarter.
![Page 50: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/50.jpg)
ISACA PLUG
![Page 51: Riskfactorysecuringmobiledevices 151125163809-lva1-app6891](https://reader036.fdocuments.us/reader036/viewer/2022070513/5886fb411a28ab4e3a8b58ff/html5/thumbnails/51.jpg)
A DIFFERENT PERSPECTIVE FROM:
www.riskfactory.com0800 978 8139