Presentation is loading. Please wait.

Presentation is loading. Please wait.

November 14, 2012 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Detroit.

Published byMadison Vallance Modified over 10 years ago

Similar presentations

Presentation on theme: "November 14, 2012 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Detroit."— Presentation transcript:

1 November 14, 2012 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Detroit Chapter of the IIA in Partnership with Securely Yours, LLC Presents Auditing the Security and Management of Smart Devices

2 If You Have Questions… If you have questions during the webcast: –If necessary, exit Full Screen View by pressing the Esc key –Submit questions through theAsk a Question button –Questions will be answered after the presentation portion is concluded

3 Earning CPE Credit In order to receive CPE credit for this webcast, participants must: Attend the webcast on individual computers (one person per computer) Answer polling questions asked throughout the webcast When answering polling questions, select your answer and the click Vote button (next to the Ask a Question button) to submit / save your answer. CPE certificates will be sent to the e-mail address on your BrightTALK account within two weeks of this webinar.

4 4 Poll Questions

5 Evolution of Smart Device usage Audit Approach Q&A 5

6 Most Organizations relied on blackberry iPhone and iPad changed the executive landscape IT under pressure to also support iOS (Apple) Android (Google) Windows Mobile (Microsoft) It is projected that Android and iOS will be the leading operating system for smart devices from 2011 on. 6

7 PIM (Plan, Implement, Manage) methodology provides a comprehensive approach to organizations to manage and secure the smart devices. 7 Step 1 Plan: Usage Policy Step 2 Plan: IT Architecture Step 3 Plan: Security Policy Step 4 Implement: IT Architecture Step 5 Implement: Enable Email, Contact, & Calendar Step 6 Implement: Enable Application Deployment Step 7 Implement: Enable Network Connection Step 8 Manage: Regulatory Compliance Governance Step 9 Manage: Reports & Dashboard Step 10 Manage: Monitor & Audit Implementation Methodology

8 Collect the following documents: Smart Device Use Policy Smart Device security Policy IT Infrastructure architecture documents MDM procedures Reports produced from MDM 8 Without the smart device use policy, it is difficult to communicate the organizations posture on the use of such devices. This is a key first step and usually involves IT and businesses.

9 Understand the smart device environment: Is the device a corporate device or is BYOD (Bring Your Own Device) is allowed? Is the corporate data separated from the personal data? Is personal use of the device allowed (Can you play Angry Bird on your device? Is an agreement in place where the employee abides with the corporate security policy? Has the employee agreed to remote wipe of the device Record of their phone calls may be viewed by corporate? Is confidential data residing on the device? If so, what are the procedures in place to monitor and control the confidential data? What type of smart devices are allowed? Apple only? Android only? Others? Is there a backup strategy and procedure in place for smart devices? Is the smart device connecting to the corporate network? How is it being connected? How are applications pushed to the device? Is the corporation developing its own apps? Do they have their own app store? Marketplace? 9 Without the smart device use policy, it is difficult to communicate the organizations posture on the use of such devices. This is a key first step and usually involves IT and businesses.

10 10 Poll Question

11 Understand the IT architecture supporting the smart device environment: Is the MDM solution cloud based solution or internally deployed? Is the solution hosted by a third party or self supported? Is there a business associate agreement in place with the vendor? Once it is known how the smart devices will be used, designing the supporting IT architecture is the logical next step. This architecture maps to the existing IT architecture. 11

12 Understand the smart device security features: Verify that the password policy is meeting industry standards Review the encryption requirements (specially for confidential data) and how encryption is deployed Is there a requirement for port controls on a device (camera usage, bluetooth usage, WiFi controls)? What procedure is in place for remote wipe/locking and unlocking of device What procedure is in place for reporting of lost devices How the devices are tracked and monitored What device configuration is pushed as profile to the device (VPN? Email? Etc.) How are the delivery of applications controlled to the device? Does the corporation use blacklisting? Whitelisting? How are the features implemented? What audit and monitoring features are turned on? What reports are being generated? Once the use policy is defined and the IT architecture designed, then the security policy needs to be documented to determine how the smart device will be secured to protect organizations crown jewels. 12

13 13 Poll Question

14 Understand how the devices are enrolled into the MDM software Does the organization use self- registry? How do users register their device? How do users re-register when they purchase new device or replace an existing device? What happens to the old device? Is the data wiped off the device? How is it verified that the appropriate security policy has been pushed to the device? Once the use policy and security policy is documented, now is the time to deploy the solution to register the devices and deploy the security policy. 14

15 Review the email, calendar and contact information How is email synced with the corporate servers? Is the email encrypted? Where and how is virus checking performed? 15 The next step is to make email, calendar and contact information available to the device. With BB, it was easy using the BES Server, SM makes it easy for Android and iOS using Middle-server.

16 Review the corporate apps running on the device Review the homegrown applications and how the data is stored and encrypted on the device? Review the whitelisting and blacklisting deployment Review the authentication procedure for the applications – passwords? How are they authenticated? Is there an authorization process with corporate data? Is your organization making mobile apps available for everyone? Are your customers will be using your apps? Are these apps browser based? Are these critical apps? 16

17 17 Poll Questions

18 Review the device connection to the corporate network What type of remote connection is used? What authentication is used prior to allowing access to corporate network? What encryption protocols are in place for the remote connection? 18 Do you want to allow the device to access your corporate network to access corporate data/files/folders? What is your remote access policy? What security is required to allow the devices access the network?

19 Review the regulatory and compliance requirements What reports and controls are in place to support the HIPAA, SOX, PCI and other regulatory and compliance requirements 19 Most organizations have to comply with several regulations and governance requirements. SMs management framework provides for compliance and governance activities customized for our clients.

20 Review management reports What reports are reviewed by management? What key statistics are monitored and reviewed? 20 SMs management framework provides for customized reports and dashboards. The dashboard can be deployed at an executive level, or at a detail level.

21 Review other device support services like eDiscovery, litigation hold etc. 21 Making sure that the proper audit support is provided and the appropriate monitoring is performed is an important step of SMs management framework.

22 Document the risks and draft a report 22 Making sure that the proper audit support is provided and the appropriate monitoring is performed is an important step of SMs management framework.

23 23 THANK YOU! Please join us for additional chapter events: Dec 11, 2012 - IIA & ISACA December Joint Chapter Meeting MAR 11-13, 2013 - 2013 IIA and ISACA Spring Conference Visit www.iiadetroit.org for additional information and registration details

24 Please Take a Moment to Rate the Webinar Click on Rate This Rate this webinar with 1 to 5 stars Provide any comments Click Send Rating

Download ppt "November 14, 2012 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Detroit."

Similar presentations

1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.

1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Preparation for the Launch of My AmeriCorps Presentation developed for the Corporation for National and Community Service by the eGrants Coaching Unit.

Preparation for the Launch of My AmeriCorps Presentation developed for the Corporation for National and Community Service by the eGrants Coaching Unit.
Welcome To SPARROW Website URL

Welcome To SPARROW Website URL
Understanding the benefits and the risks. Presented by Corey Nachreiner, CISSP BYOD - Bring Your Own Device or Bring Your Own Danger?

Understanding the benefits and the risks. Presented by Corey Nachreiner, CISSP BYOD - Bring Your Own Device or Bring Your Own Danger?
SysAid IT 8.5.

SysAid IT 8.5.
Embrace Mobility. Without Compromise. The apps they need. On the devices they want. Without sacrificing compliance. Strategic Approach to Mobile Security.

Embrace Mobility. Without Compromise. The apps they need. On the devices they want. Without sacrificing compliance. Strategic Approach to Mobile Security.
P-Card User Guide Standard Profile July 2012 1 RCNJ-BOA Purchasing Card User Guide – Standard Profile Ramapo College and Bank of America VISA Procurement.

P-Card User Guide Standard Profile July RCNJ-BOA Purchasing Card User Guide – Standard Profile Ramapo College and Bank of America VISA Procurement.
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Mobile Device Security and Control 2012 NSAA IT Conference and Workshop Fourth Session: 2:45pm – 4:00pm _____________________________________.

Mobile Device Security and Control NSAA IT Conference and Workshop Fourth Session: 2:45pm – 4:00pm _____________________________________.
©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Best Practices to Secure the Mobile Enterprise Macy Torrey

©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Best Practices to Secure the Mobile Enterprise Macy Torrey
Quality Assurance/Quality Control Plan Evaluation February 16, 2005.

Quality Assurance/Quality Control Plan Evaluation February 16, 2005.
MANAGING AND SECURING BYOD Legal ITs Next Great Challenge.

MANAGING AND SECURING BYOD Legal ITs Next Great Challenge.
Www.numaracloud.com Mobile Device Management: Do You Know Whos Accessing Your Network? Umesh Shah, Dir. Channel Marketing.

Mobile Device Management: Do You Know Whos Accessing Your Network? Umesh Shah, Dir. Channel Marketing.
Security for Mobile Devices

Security for Mobile Devices
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
Smart Phones and Tablets: Security Issues S. Roy 1.

Smart Phones and Tablets: Security Issues S. Roy 1.
1 1 March 20, 2014 A SIMPLE APPROACH TO BYOD. WHAT THEY DONT WANT IS: Company monitoring of their personal activities or restriction of the apps they.

1 1 March 20, 2014 A SIMPLE APPROACH TO BYOD. WHAT THEY DONT WANT IS: Company monitoring of their personal activities or restriction of the apps they.
IBM Endpoint Manager for Mobile Devices Mobile Device Management

IBM Endpoint Manager for Mobile Devices Mobile Device Management
1 Confidential Lessons Learned from the First Generation of Mobile Apps Sean Ginevan, Product Management MobileIron - Confidential1.

1 Confidential Lessons Learned from the First Generation of Mobile Apps Sean Ginevan, Product Management MobileIron - Confidential1.

Similar presentations

Ads by Google