Security considerations for mobile devices in GoRTT

Slides:

Advertisements

Similar presentations

Presented By Krypto Security Software, LLC. What is BackStopp is a simple but effective tool to help an organization protect its mobile data in the event.

Advertisements

Security for Mobile Devices

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

© Peter Readings Data Leakage Pete Readings CISSP.

Optimizing the Cloud in Government Hyatt Regency, Miami 25 July, 2012.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Security Controls – What Works

Information Security Policies and Standards

Developing a Records & Information Retention & Disposition Program:

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

SAM for Mobile Device Management Presenter Name. of employees spend at least some portion of their time working outside their office. Mobility is the.

Session 3 – Information Security Policies

Managing BYOD Legal IT’s Next Great Challenge. Agenda  The BYOD Trend – benefits and risks  Best practices for managing mobile device usage  Overview.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

New Data Regulation Law 201 CMR TJX Video.

IT-Partners Limited © 2011 IT Partners Limited Y OUR IT SOLUTION P ARTNERS Managing Director Confidential Data Loss Prevention Sunny Ho 1.

Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.

Information Security Technological Security Implementation and Privacy Protection.

SEC835 Database and Web application security Information Security Architecture.

General Awareness Training

Handling Sensitive Data: Security, Privacy, and Other Considerations Rodney Petersen Government Relations Officer Security Task Force Coordinator EDUCAUSE.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

ISMS for Mobile Devices Page 1 ISO/IEC Information Security Management System (ISMS) for Mobile Devices Why apply ISMS to Mobile Devices? Overview.

BRING YOUR OWN DEVICE. BYOD AND THE IMPACT ON IT SECURITY BYOD and pressure employees put on IT organization to supply or allow consumer mobility devices.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

DISCOVER IT PEACE OF MIND Staying HIPAA-Compliant Revised: April 13, 2015.

Kevin Casady Hanna Short BJ Rollinson.  Centralized and Structured collection of data stored in a computer system  An electronic filing system  Easy.

ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.

1 Secure Telework Connectivity Peggy Ward Chief Information Security Officer July 22,

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

Computer and Internet privacy (2) University of Palestine University of Palestine Eng. Wisam Zaqoot Eng. Wisam Zaqoot Feb 2011 Feb 2011 ITSS 4201 Internet.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

SPH Information Security Update September 10, 2010.

The State of Computer & Data Security in Corporations Independent Survey.

Brought to you by ince, an integrated communications agency Powered by intralinks SECURE ENTERPRISE COLLABORATION IN THE CLOUD.

Note1 (Admi1) Overview of administering security.

Imagine a health system that focuses on health, not just health care. Imagine a sustainable health system with one goal: to improve the lives of the people.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Scott Charney Cybercrime and Risk Management PwC.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.

What’s New Data Loss Prevention 14. Information is Everywhere Brings Productivity, Agility, Convenience ……and Problems Copyright © 2015 Symantec Corporation.

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

Your Cyber Security: The scope of your risk is broad and growing To understand the nature of the risk landscape look at the presentations here today-begin.

RECLAIM CONTROL OF MOBILE AND DISTRIBUTED DATA January 13, 2016.

BYOD: An IT Security Perspective. What is BYOD? Bring your own device - refers to the policy of permitting employees to bring personally owned mobile.

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Securing Your Data in Endpoint and Mobile Environments Frank Suijten Security.

Moving to BYOD Gary Audin 1.

Welcome Esuring Your File Sharing Solution is Secure and Compliant Hosts: Josh Bopp Rebekah Stevens Paisley Coxsey President Account Manager Relationship.

Managed IT Services JND Consulting Group LLC

Barracuda Mobile Device Manager

OWASP Cloud Top 10 A brief history of... Security Risks

EAST AFRICAN DATA HANDLERS DATA SECURITY/MOBILITY

A Shift in the Data Security Paradigm

Cybersecurity - What’s Next? June 2017

Impact of IT Consumerisation on Enterprise Security

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Chapter 3: IRS and FTC Data Security Rules

BOMGAR REMOTE SUPPORT Karl Lankford

OWASP Cloud Top 10 A brief history of... Security Risks

12 STEPS TO A GDPR AWARE NETWORK

Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham

IT Management, Simplified

Presentation transcript:

Security considerations for mobile devices in GoRTT Dearl Bain, Security & Assurance Unit 18 April, 2013

Mobile Devices Definition: Any portable device that can be used to access corporate data and information services. Examples : Smart-Phones,Tablets, Laptops

Security for Mobile Devices There is increased use of portable computing devices such as (smartphones, netbooks, tablets) Work-from-home employees An organizations’ data vulnerability points have increased exponentially.

Industry experts say that by 2013 there will be 1 Industry experts say that by 2013 there will be 1.2 billion mobile workers worldwide. They also report that by 2013,75 percent of all U.S. workers will be mobile, meaning those workers will use a mobile device for at least 20 percent of their work. Another survey reveals that 36 percent of cell phone owners have either lost a phone or had one stolen. These facts suggest that in the near future, nearly 25 percent of all workers will have lost a mobile device that could provide access to confidential information. It’s no wonder that mobile device security is a top concern

Responsibility & Accountability GoRTT is responsible, accountable and legally liable for information it stores, processes and transports. 1000’s of personal devices currently hold GoRTT information, files, conversations and account access information. Security configurations of personal devices do not correspond to enterprise security standards, e.g. password strength

Personal Use vs Risk Exposure

Personal Devices in The Enterprise Current User Control / Access: Unrestricted Access to consumer services Unrestricted access to applications Corporate Email Access Consumer Cloud storage Camera and Video recording access

Corporate Devices in the Enterprise Ideal Corporate Control Scenario: Restrict Access to internal services Restrict Access to External 3rd Party services Detect tampering (rootkits, rooting etc.) Audit logging of asset location & usage Audit trail for records, compliance investigations Securely extend network services beyond perimeter defenses. Remotely monitor and protect data Access network file shares Data Loss Prevention

Managing Risks – Mobile Enterprise Corporate vs BYOD, Which is best? What level of data classification is accessed? What services are required to perform job? What is the risk rating for the individual? Does the user have a device that allows for encrypted secure workspace?

Risks of Inadequate Mobile Security Storage of enterprise data on unsecured personal devices Storage of enterprise data on 3rd party infrastructure and services outside of jurisdiction (Dropbox, Skydrive, etc) Multiple, disparate and uncoordinated file storage silos Malicious mining of enterprise data using stolen devices with saved access credentials Legal liability for information breaches under the Data Privacy Act if citizen data is compromised

Managing Risk in Mobile Computing Policy Data classification Mobile usage policy Mobile assignment policies Corporate services policy Confidentiality policies Identify legal recourse for non-compliance BYOD

Managing Risk in Mobile Computing Centralized Management Mobile Device Management Solutions (BES10, etc) for device policy enforcement Access Management Single Sign On Device recovery Remote Information Recovery / Information Removal

Managing Risk in Mobile Computing User Education & Accountability Policy Awareness Policy Enforcement User agreement forms/Acceptable use Confidentiality Statements

Managing Risk in Mobile Computing Compliance Mobile Access Auditing (Active Sync, BES) Data Retention (Laws / Regulations) Incident Reporting Mobile device incident reporting for Loss & Theft Device itself may be required to provide evidence in legal matter or assist in investigations

Contingency Approach Conclusions Secure mobile devices as you would secure a laptop Provide security controls in line with data classifications, highest class applies. Educate users on their responsibilities and the policies they must abide by Ensure access granted to employee and to device matches organizational responsibilities