Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright - 2008 Movidan, Inc. All rights reserved. 1 Dont think, however, that we have lost our taste for risk. We remain prepared to lose $6 billion.

Published byShayla Rooks Modified over 10 years ago

Similar presentations

Presentation on theme: "Copyright - 2008 Movidan, Inc. All rights reserved. 1 Dont think, however, that we have lost our taste for risk. We remain prepared to lose $6 billion."— Presentation transcript:

1 Copyright - 2008 Movidan, Inc. All rights reserved. 1 Dont think, however, that we have lost our taste for risk. We remain prepared to lose $6 billion in a single event, if we have been paid appropriately for assuming that risk. We are not willing, though, to take on even very small exposures at prices that dont reflect our evaluation of loss probabilities…Our behavior here parallels that which we employ in financial markets: Be fearful when others are greedy, and be greedy when others are fearful. Warren Buffett, 2006 Shareholder Letter3

2 Copyright - 2008 Movidan, Inc. All rights reserved. 2 Risk Management in a Mobile World Presented by Bruce Christofferson

3 Copyright - 2008 Movidan, Inc. All rights reserved. 3 Agenda Introduction Definitions Security Program Parts Risk Management Framework Smartphone Risk Evaluation Criteria Smartphone Controls to Implement Now Wrap Up

4 Copyright - 2008 Movidan, Inc. All rights reserved. 4 Introduction Security Program developer for several wireless telecom providers Developed the Risk Management program for Cingular Founded the Mobile Technology Security Center at AT&T Now consulting at another Seattle area wireless telecom provider

5 Copyright - 2008 Movidan, Inc. All rights reserved. 5 Definitions Feature vs. Smartphones Feature phone – simple PIM and browser, limited capability Smartphone – full-featured PIM, browser, and other applications Mobile Worker Regularly works out of office or on the road Company-Owned vs. Personally-Owned Smartphones Defined by who owns the smartphone at the end of the day

6 Copyright - 2008 Movidan, Inc. All rights reserved. 6 Survey Questions A smartphone with company data – either personally or company owned? Support mobile workers with smartphones? Only allow company-owned smartphones to hold sensitive data? Have clear policies and requirements governing the use of those smartphones? Know what to do if your smartphone is lost or stolen?

7 Copyright - 2008 Movidan, Inc. All rights reserved. 7 In the News Good News… By 2010, smartphones will be primary tool of mobile workforce… Ray Kurzweil, 2007 RSA conference Size and Growth of Smartphone Market Will Exceed Laptop Market for Next Five Years Smartphone OS-based phones will grow at more than a 30% compound annual growth rate for the next five years globally… Instat.com, 11/13/2007 Not so good news… Mobile malware very active in first quarter of 2008 Kaspersky, SC Magazine, 5/12/08 McAfee warns of mobile-malware threat ZD Net Asia, 2/13/08

8 Copyright - 2008 Movidan, Inc. All rights reserved. 8 Consider the Smartphone Device size - a vulnerability Pointsec Mobile Technologies, Taxi Study 2005 6 month period 85,619 mobile phones 21,460 PDAs Pointsec Mobile Technologies, London Taxi Study 2006 6 Months 54,874 mobile phones 4,718 handheld PDAs British Crime Survey, 2006 800,000 people were the victim of mobile phone theft 90 percent of these phones are generally barred from active use within 48 hours

9 Copyright - 2008 Movidan, Inc. All rights reserved. 9 Dont think, however, that we have lost our taste for risk. We remain prepared to lose $6 billion in a single event, if we have been paid appropriately for assuming that risk. We are not willing, though, to take on even very small exposures at prices that dont reflect our evaluation of loss probabilities…Our behavior here parallels that which we employ in financial markets: Be fearful when others are greedy, and be greedy when others are fearful. -Warren Buffett, 2006 Shareholder Letter3

10 Copyright - 2008 Movidan, Inc. All rights reserved. 10 A Security Programs Parts

11 Copyright - 2008 Movidan, Inc. All rights reserved. 11 A Security Programs Parts

12 Copyright - 2008 Movidan, Inc. All rights reserved. 12 Risk Management Framework

13 Copyright - 2008 Movidan, Inc. All rights reserved. 13 Risk Management Framework

14 Copyright - 2008 Movidan, Inc. All rights reserved. 14 Definitions Risk Management Risk Vulnerability Exploit Threat Likelihood Impact Security Control

15 Copyright - 2008 Movidan, Inc. All rights reserved. 15 Smartphone Risk Evaluation OS/platform security Bypassing security features Remote lock-down Security Management Malware attacks Apps certified, signed, and/or verified Policy setting granularity Easily wiped or killed OS extensibility Peripheral protection Device security implementation Over-The-Air (OTA) or hardwired management

16 Copyright - 2008 Movidan, Inc. All rights reserved. 16 Risk Calculations

17 Copyright - 2008 Movidan, Inc. All rights reserved. 17 Risk Management Framework

18 Copyright - 2008 Movidan, Inc. All rights reserved. 18 Risk/Reward Equation

19 Copyright - 2008 Movidan, Inc. All rights reserved. 19 Basic Smartphone Security Controls Strong passwords Device lock after period of inactivity Device wipe after X number invalid login attempt Data store encryption that supports eDiscovery regulations Assess, control, and audit the download of third-party applications Implement and enforce written smartphone security policies Develop a lost/stolen device process Create awareness program to help users understand their responsibilities in protecting sensitive company information

20 Copyright - 2008 Movidan, Inc. All rights reserved. 20 Other Security Control Considerations Anti-Malware Software Everyone should play by the same rules A Mobile VPN and your perimeter Regulatory and contractual requirements Location based services (LBS) Personally owned vs. company owned phones

21 Copyright - 2008 Movidan, Inc. All rights reserved. 21 Wrap Up Bruce Christofferson, CISSP, CISA, CISM bruce@movidan.com 425-239-9184

Download ppt "Copyright - 2008 Movidan, Inc. All rights reserved. 1 Dont think, however, that we have lost our taste for risk. We remain prepared to lose $6 billion."

Similar presentations

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
Chapter 16: Managing Risk in an Organization

Chapter 16: Managing Risk in an Organization
Cost Behavior, Operating Leverage, and Profitability Analysis

Cost Behavior, Operating Leverage, and Profitability Analysis
Chapter 1 The Study of Body Function Image PowerPoint

Chapter 1 The Study of Body Function Image PowerPoint
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 5 Author: Julia Richards and R. Scott Hawley.

Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 5 Author: Julia Richards and R. Scott Hawley.
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.

1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 38.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 38.
1 Chapter 40 - Physiology and Pathophysiology of Diuretic Action Copyright © 2013 Elsevier Inc. All rights reserved.

1 Chapter 40 - Physiology and Pathophysiology of Diuretic Action Copyright © 2013 Elsevier Inc. All rights reserved.
By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.

By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.
DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012.

DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Business Transaction Management Software for Application Coordination 1 www.choreology.com Business Processes and Coordination.

Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
Financial Conglomerates Koos Timmermans

Financial Conglomerates Koos Timmermans
1 Assessing Health Needs Gilbert Burnham, MD, PhD Johns Hopkins University.

1 Assessing Health Needs Gilbert Burnham, MD, PhD Johns Hopkins University.
Copyright © 2012 California Department of Education, Child Development Division with WestEd Center for Child & Family Studies, Desired Results T&TA Project.

Copyright © 2012 California Department of Education, Child Development Division with WestEd Center for Child & Family Studies, Desired Results T&TA Project.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
0 - 0.

0 - 0.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
ADDING INTEGERS 1. POS. + POS. = POS. 2. NEG. + NEG. = NEG. 3. POS. + NEG. OR NEG. + POS. SUBTRACT TAKE SIGN OF BIGGER ABSOLUTE VALUE.

ADDING INTEGERS 1. POS. + POS. = POS. 2. NEG. + NEG. = NEG. 3. POS. + NEG. OR NEG. + POS. SUBTRACT TAKE SIGN OF BIGGER ABSOLUTE VALUE.
SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION

SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION

Similar presentations

Ads by Google