SlideShare ist ein Scribd-Unternehmen logo

Mobile Device Security Policy

Als DOC, PDF herunterladen
Redspin, Inc.
Redspin, Inc.

An emerging risk is the increased use of portable devices in the enterprise. How are you allowing mobile device secure access your sensitive information resources? Use our template to help get started.

Technologie
1 von 2
Mobile Device Security Policy 1.0 Introduction The goal of this policy is to allow any type of mobile device (whether issued by [organization name] or not) to be securely used to access [organization name] information resources. While the focus of this policy is mitigating the risks to [organization name] associated with the use of smartphones, part or all of this policy can be applied to traditional mobile devices, including laptops, USB drives, CD/DVD, etc. 2.0 Purpose This policy was created to mitigate known risks associated with: • A breach of confidentiality due to the access, transmission, storage, and disposal of sensitive information using a mobile device. • A breach of integrity due to the access, transmission, storage, and disposal of sensitive information using a mobile device. • A loss of availability to critical systems as a result of using a mobile device. 3.0 Scope This policy applies to any mobile device and its user, including those issued by [organization name] as well as personal devices that are used for business purposes and/or store [organization name] information. 4.0 Policy The effectiveness of this policy is dependent on how it is tailored for [organization name] 's environment. Whether by informal process or formal risk assessment, [organization name] should enumerate 1) all mobile devices in use (type, owner, connections enabled, criticality, data accessed/stored, etc.), 2) current threat-sources, and 3) known vulnerabilities. Each of these factors should help formulate an understanding and prioritization of current risks such that the policy is tailored to [organization name]’s specific environment and ensuring resources are focused only on implementation of those necessary policies. 4.1 Access Control 4.1.1 The use of mobile devices for both business and personal use is prohibited unless permissions are enforceable to restrict application access to the minimum necessary resources and connections. 4.1.2 Only approved applications can be installed and used on mobile devices. A list of approved applications will be maintained and require applications to be signed and/or provide sufficient sandboxing capabilities. 4.1.3 Disable Bluetooth capabilities unless necessary. If necessary, consider additional controls including increased authentication, decrease power use, limit services available, stronger encryption, avoid use of security mode 1, etc. 4.1.4 Access to [organization name] information resources using a mobile device must be approved, documented, and logged. 4.2 Authentication 4.2.1 Mobile device access must require a PIN. 4.2.2 SIM access must require a PIN. 4.2.3 Strong passwords are required for applications that access or store sensitive information. Password policies should enforce length, complexity, lockout, forbid weak words, etc. 4.2.4 Mobile device must require PIN to unlock after a period of inactivity. Mobile Device Security Policy Page 1
4.3 Encryption 4.3.1 The use of encryption is required for all mobile devices that must store or access sensitive information. While full disk encryption is preferable, application or file encryption solutions are acceptable at this time. 4.3.2 The use of encryption is required for the transmission of sensitive information to/from mobile devices. 4.4 Incident Detection and Response 4.4.1 Develop, document, and implement procedure to quickly respond to lost or stolen mobile devices. 4.4.2 Every mobile device will have the capability to remotely wipe and/or track its location on demand. 4.5 User Training and Awareness 4.5.1 Users that use personal mobile devices for business use will notify IT and provide system details. 4.5.2 Users will review all links and URLs prior to clicking to prevent a successful phishing attempt. 4.5.3 Users will limit storage of sensitive data on mobile devices. However, critical data that is stored will be backed up to [organization name] 's file server on a regular basis. 4.5.4 Users will only install approved applications and forward suspicious permission requests to IT prior to granting access to the application. 4.5.5 Users will physically secure the mobile device when left unattended. When left in a car, mobile device will be hidden from view. 4.5.6 Users will not allow unattended access to mobile device by another user. 4.5.7 Users will notify IT immediately if mobile device is lost or stolen. 4.5.8 Users will return mobile device at the end of employment. At which time, device will be wiped and reissued. 4.5.9 Users critical to [organization name] will not use mobile device while operating a motor vehicle. 4.6 Vulnerability Management 4.6.1 All mobile device system and application software in use must be identified and documented. 4.6.2 Critical security updates for in-use software must be deployed to all mobile devices. 4.6.3 Anti-virus software should be used on devices with known malicious software when available. 5.0 Definitions Bluetooth A technology used to transmit data wirelessly. Information Resource Includes data, application, system, network, and/or people. Full Disk Encryption A process that encrypts the entire hard drive/partition. Mobile Device A portable electronic device, including smartphones, PDAs, laptops, USB drives, DVD/CD, etc PIN Personal Identification Number Remote Wipe Use of software to destroy data on mobile device remotely. Sandboxing The ability to restrict an application's access to specific device resources. Sensitive Information Types of sensitive information that may be stored on a mobile device include: authentication credentials, downloaded sensitive data (email and attachments), call logs, business contact info, location/positional info. Signing A process to determine authenticity and accountability for an application. SIM Subscriber Identity Module Mobile Device Security Policy Page 2

Empfohlen

Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template Demand Metric
 
802.11ac Migration - Airheads Local
802.11ac Migration - Airheads Local802.11ac Migration - Airheads Local
802.11ac Migration - Airheads LocalAruba, a Hewlett Packard Enterprise company
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOSAruba, a Hewlett Packard Enterprise company
 
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...iFour Consultancy
 
3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overview3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overviewMostafa El Lathy
 
Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...
Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...
Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...iFour Consultancy
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba, a Hewlett Packard Enterprise company
 
IBM Security Identity and Access Management - Portfolio
IBM Security Identity and Access Management - PortfolioIBM Security Identity and Access Management - Portfolio
IBM Security Identity and Access Management - PortfolioIBM Sverige
 

Empfohlen

Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template Demand Metric
 
802.11ac Migration - Airheads Local
802.11ac Migration - Airheads Local802.11ac Migration - Airheads Local
802.11ac Migration - Airheads LocalAruba, a Hewlett Packard Enterprise company
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOSAruba, a Hewlett Packard Enterprise company
 
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...iFour Consultancy
 
3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overview3 palo alto ngfw architecture overview
3 palo alto ngfw architecture overviewMostafa El Lathy
 
Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...
Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...
Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...iFour Consultancy
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba, a Hewlett Packard Enterprise company
 
IBM Security Identity and Access Management - Portfolio
IBM Security Identity and Access Management - PortfolioIBM Security Identity and Access Management - Portfolio
IBM Security Identity and Access Management - PortfolioIBM Sverige
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust ModelYash
 
Security and management
Security and managementSecurity and management
Security and managementArtiSolanki5
 
DSS_Enterprise MDM MAM Mobile Security - MobileIron Overview_2013
DSS_Enterprise MDM MAM Mobile Security - MobileIron Overview_2013DSS_Enterprise MDM MAM Mobile Security - MobileIron Overview_2013
DSS_Enterprise MDM MAM Mobile Security - MobileIron Overview_2013Andris Soroka
 
The Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationThe Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationNetskope
 
ClearPass Policy Model - An Introduction
ClearPass Policy Model - An IntroductionClearPass Policy Model - An Introduction
ClearPass Policy Model - An IntroductionAruba, a Hewlett Packard Enterprise company
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?Ahmed Banafa
 
Azure Just in Time Privileged Identity Management
Azure Just in Time Privileged Identity ManagementAzure Just in Time Privileged Identity Management
Azure Just in Time Privileged Identity ManagementMario Worwell
 
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
iParanoid: an IMSI Catcher - Stingray Intrusion Detection SystemLuca Bongiorni
 
Isms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information SecurityIsms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information Securityanilchip
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
Penetration testing using metasploit
Penetration testing using metasploitPenetration testing using metasploit
Penetration testing using metasploitAashish R
 
Advanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAdvanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAruba, a Hewlett Packard Enterprise company
 
Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallAruba, a Hewlett Packard Enterprise company
 
Privileged Access Management
Privileged Access ManagementPrivileged Access Management
Privileged Access ManagementHitachi ID Systems, Inc.
 
User expert forum user-id
User expert forum user-idUser expert forum user-id
User expert forum user-idAlberto Rivai
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMANAND MURALI
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architectureHybrid IT Europe
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 ChecklistCraig Willetts ISO Expert
 
Chris D'Aguanno
Chris D'AguannoChris D'Aguanno
Chris D'Aguannoscoopnewsgroup
 
Secure Android Mobile Device: SOTI MobiControl and Android Plus technology
Secure Android Mobile Device: SOTI MobiControl and Android Plus technology Secure Android Mobile Device: SOTI MobiControl and Android Plus technology
Secure Android Mobile Device: SOTI MobiControl and Android Plus technology MobileWorxs
 

Weitere ähnliche Inhalte

Was ist angesagt?

Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust ModelYash
 
Security and management
Security and managementSecurity and management
Security and managementArtiSolanki5
 
DSS_Enterprise MDM MAM Mobile Security - MobileIron Overview_2013
DSS_Enterprise MDM MAM Mobile Security - MobileIron Overview_2013DSS_Enterprise MDM MAM Mobile Security - MobileIron Overview_2013
DSS_Enterprise MDM MAM Mobile Security - MobileIron Overview_2013Andris Soroka
 
The Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationThe Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationNetskope
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?Ahmed Banafa
 
Azure Just in Time Privileged Identity Management
Azure Just in Time Privileged Identity ManagementAzure Just in Time Privileged Identity Management
Azure Just in Time Privileged Identity ManagementMario Worwell
 
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
iParanoid: an IMSI Catcher - Stingray Intrusion Detection SystemLuca Bongiorni
 
Isms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information SecurityIsms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information Securityanilchip
 
Penetration testing using metasploit
Penetration testing using metasploitPenetration testing using metasploit
Penetration testing using metasploitAashish R
 
User expert forum user-id
User expert forum user-idUser expert forum user-id
User expert forum user-idAlberto Rivai
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMANAND MURALI
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architectureHybrid IT Europe
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 

Was ist angesagt? (20)

Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
 
Security and management
Security and managementSecurity and management
Security and management
 
DSS_Enterprise MDM MAM Mobile Security - MobileIron Overview_2013
DSS_Enterprise MDM MAM Mobile Security - MobileIron Overview_2013DSS_Enterprise MDM MAM Mobile Security - MobileIron Overview_2013
DSS_Enterprise MDM MAM Mobile Security - MobileIron Overview_2013
 
The Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - PresentationThe Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - Presentation
 
ClearPass Policy Model - An Introduction
ClearPass Policy Model - An IntroductionClearPass Policy Model - An Introduction
ClearPass Policy Model - An Introduction
 
What is zero trust model of information security?
What is zero trust model of information security?What is zero trust model of information security?
What is zero trust model of information security?
 
Azure Just in Time Privileged Identity Management
Azure Just in Time Privileged Identity ManagementAzure Just in Time Privileged Identity Management
Azure Just in Time Privileged Identity Management
 
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
iParanoid: an IMSI Catcher - Stingray Intrusion Detection System
 
Isms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information SecurityIsms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information Security
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPass
 
Penetration testing using metasploit
Penetration testing using metasploitPenetration testing using metasploit
Penetration testing using metasploit
 
Advanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAdvanced Aruba ClearPass Workshop
Advanced Aruba ClearPass Workshop
 
Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewall
 
Privileged Access Management
Privileged Access ManagementPrivileged Access Management
Privileged Access Management
 
User expert forum user-id
User expert forum user-idUser expert forum user-id
User expert forum user-id
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEM
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint Protection
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 Checklist
 

Ähnlich wie Mobile Device Security Policy

Secure Android Mobile Device: SOTI MobiControl and Android Plus technology
Secure Android Mobile Device: SOTI MobiControl and Android Plus technology Secure Android Mobile Device: SOTI MobiControl and Android Plus technology
Secure Android Mobile Device: SOTI MobiControl and Android Plus technology MobileWorxs
 
Mobile Phone & Tablet Support
Mobile Phone & Tablet SupportMobile Phone & Tablet Support
Mobile Phone & Tablet SupportFelix Yanko
 
Exemplo de política BYOD
Exemplo de política BYODExemplo de política BYOD
Exemplo de política BYODFernando Palma
 
Generic threats to mobile application
Generic threats to mobile applicationGeneric threats to mobile application
Generic threats to mobile applicationVikrant Kansal
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureCalgary Scientific Inc.
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecuritySina Manavi
 
Steps For Protecting Your Mobile Life for Enterprises and Consumers
Steps For Protecting Your Mobile Life for Enterprises and ConsumersSteps For Protecting Your Mobile Life for Enterprises and Consumers
Steps For Protecting Your Mobile Life for Enterprises and ConsumersJuniper Networks
 
MUC -Summary - Lessons.docx
MUC -Summary - Lessons.docxMUC -Summary - Lessons.docx
MUC -Summary - Lessons.docxssuser4c58f5
 
Two Peas in a Pod: Cloud Security and Mobile Security
Two Peas in a Pod: Cloud Security and Mobile Security Two Peas in a Pod: Cloud Security and Mobile Security
Two Peas in a Pod: Cloud Security and Mobile Security Omar Khawaja
 
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYODRoadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYODSierraware
 
A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015Jeffery Brown
 
Securing Mobile Healthcare Application
Securing Mobile Healthcare ApplicationSecuring Mobile Healthcare Application
Securing Mobile Healthcare ApplicationCitiusTech
 
LANDesk Mobility Manager
LANDesk Mobility ManagerLANDesk Mobility Manager
LANDesk Mobility ManagerInfraVision
 
Mobility manager 90
Mobility manager 90Mobility manager 90
Mobility manager 90Axle-IT
 
Afaria Technical White Paper
Afaria Technical White PaperAfaria Technical White Paper
Afaria Technical White PaperSybase Türkiye
 
Websense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityWebsense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityarms8586
 
Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20...
Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20...Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20...
Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20...ashoksankar
 

Ähnlich wie Mobile Device Security Policy (20)

Chris D'Aguanno
Chris D'AguannoChris D'Aguanno
Chris D'Aguanno
 
Secure Android Mobile Device: SOTI MobiControl and Android Plus technology
Secure Android Mobile Device: SOTI MobiControl and Android Plus technology Secure Android Mobile Device: SOTI MobiControl and Android Plus technology
Secure Android Mobile Device: SOTI MobiControl and Android Plus technology
 
Mobile Phone & Tablet Support
Mobile Phone & Tablet SupportMobile Phone & Tablet Support
Mobile Phone & Tablet Support
 
Exemplo de política BYOD
Exemplo de política BYODExemplo de política BYOD
Exemplo de política BYOD
 
Generic threats to mobile application
Generic threats to mobile applicationGeneric threats to mobile application
Generic threats to mobile application
 
Adaptive Trust for Strong Network Security
Adaptive Trust for Strong Network SecurityAdaptive Trust for Strong Network Security
Adaptive Trust for Strong Network Security
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secure
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile Security
 
Steps For Protecting Your Mobile Life for Enterprises and Consumers
Steps For Protecting Your Mobile Life for Enterprises and ConsumersSteps For Protecting Your Mobile Life for Enterprises and Consumers
Steps For Protecting Your Mobile Life for Enterprises and Consumers
 
MUC -Summary - Lessons.docx
MUC -Summary - Lessons.docxMUC -Summary - Lessons.docx
MUC -Summary - Lessons.docx
 
880 st011
880 st011880 st011
880 st011
 
Two Peas in a Pod: Cloud Security and Mobile Security
Two Peas in a Pod: Cloud Security and Mobile Security Two Peas in a Pod: Cloud Security and Mobile Security
Two Peas in a Pod: Cloud Security and Mobile Security
 
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYODRoadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD
 
A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015
 
Securing Mobile Healthcare Application
Securing Mobile Healthcare ApplicationSecuring Mobile Healthcare Application
Securing Mobile Healthcare Application
 
LANDesk Mobility Manager
LANDesk Mobility ManagerLANDesk Mobility Manager
LANDesk Mobility Manager
 
Mobility manager 90
Mobility manager 90Mobility manager 90
Mobility manager 90
 
Afaria Technical White Paper
Afaria Technical White PaperAfaria Technical White Paper
Afaria Technical White Paper
 
Websense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityWebsense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile security
 
Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20...
Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20...Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20...
Secure access to sensitive data on mobile devices - AFCEA Mobile Symposium 20...
 

Mehr von Redspin, Inc.

HIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesHIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesRedspin, Inc.
 
Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin, Inc.
 
HIPAA Enforcement Heats Up in the Coldest State
HIPAA Enforcement Heats Up in the Coldest StateHIPAA Enforcement Heats Up in the Coldest State
HIPAA Enforcement Heats Up in the Coldest StateRedspin, Inc.
 
Official HIPAA Compliance Audit Protocol Published
Official HIPAA Compliance Audit Protocol PublishedOfficial HIPAA Compliance Audit Protocol Published
Official HIPAA Compliance Audit Protocol PublishedRedspin, Inc.
 
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)Redspin, Inc.
 
HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?Redspin, Inc.
 
Healthcare IT Security Who's Responsible, Really?
Healthcare IT Security Who's Responsible, Really?Healthcare IT Security Who's Responsible, Really?
Healthcare IT Security Who's Responsible, Really?Redspin, Inc.
 
Healthcare IT Security - Who's responsible, really?
Healthcare IT Security - Who's responsible, really?Healthcare IT Security - Who's responsible, really?
Healthcare IT Security - Who's responsible, really?Redspin, Inc.
 
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk AnalysisRedspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk AnalysisRedspin, Inc.
 
Redspin Webinar Business Associate Risk
Redspin Webinar Business Associate RiskRedspin Webinar Business Associate Risk
Redspin Webinar Business Associate RiskRedspin, Inc.
 
Redspin HIPAA Security Risk Analysis RFP Template
Redspin HIPAA Security Risk Analysis RFP TemplateRedspin HIPAA Security Risk Analysis RFP Template
Redspin HIPAA Security Risk Analysis RFP TemplateRedspin, Inc.
 
Financial institution security top it security risk
Financial institution security top it security riskFinancial institution security top it security risk
Financial institution security top it security riskRedspin, Inc.
 
Managing Windows User Accounts via the Commandline
Managing Windows User Accounts via the CommandlineManaging Windows User Accounts via the Commandline
Managing Windows User Accounts via the CommandlineRedspin, Inc.
 
Redspin February 17 2011 Webinar - Meaningful Use
Redspin February 17 2011 Webinar - Meaningful UseRedspin February 17 2011 Webinar - Meaningful Use
Redspin February 17 2011 Webinar - Meaningful UseRedspin, Inc.
 
Redspin Report - Protected Health Information 2010 Breach Report
Redspin Report - Protected Health Information 2010 Breach ReportRedspin Report - Protected Health Information 2010 Breach Report
Redspin Report - Protected Health Information 2010 Breach ReportRedspin, Inc.
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin, Inc.
 
Email hacking husband faces felony
Email hacking husband faces felonyEmail hacking husband faces felony
Email hacking husband faces felonyRedspin, Inc.
 
Meaningful use, risk analysis and protecting electronic health information
Meaningful use, risk analysis and protecting electronic health informationMeaningful use, risk analysis and protecting electronic health information
Meaningful use, risk analysis and protecting electronic health informationRedspin, Inc.
 
Understanding the Experian independent third party assessment (EI3PA ) requir...
Understanding the Experian independent third party assessment (EI3PA ) requir...Understanding the Experian independent third party assessment (EI3PA ) requir...
Understanding the Experian independent third party assessment (EI3PA ) requir...Redspin, Inc.
 
Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Redspin, Inc.
 

Mehr von Redspin, Inc. (20)

HIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesHIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business Associates
 
Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012
 
HIPAA Enforcement Heats Up in the Coldest State
HIPAA Enforcement Heats Up in the Coldest StateHIPAA Enforcement Heats Up in the Coldest State
HIPAA Enforcement Heats Up in the Coldest State
 
Official HIPAA Compliance Audit Protocol Published
Official HIPAA Compliance Audit Protocol PublishedOfficial HIPAA Compliance Audit Protocol Published
Official HIPAA Compliance Audit Protocol Published
 
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)
Stage 2 Meaningful Use Debuts in Las Vegas (Finally!)
 
HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?
 
Healthcare IT Security Who's Responsible, Really?
Healthcare IT Security Who's Responsible, Really?Healthcare IT Security Who's Responsible, Really?
Healthcare IT Security Who's Responsible, Really?
 
Healthcare IT Security - Who's responsible, really?
Healthcare IT Security - Who's responsible, really?Healthcare IT Security - Who's responsible, really?
Healthcare IT Security - Who's responsible, really?
 
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk AnalysisRedspin Webinar - Prepare for a HIPAA Security Risk Analysis
Redspin Webinar - Prepare for a HIPAA Security Risk Analysis
 
Redspin Webinar Business Associate Risk
Redspin Webinar Business Associate RiskRedspin Webinar Business Associate Risk
Redspin Webinar Business Associate Risk
 
Redspin HIPAA Security Risk Analysis RFP Template
Redspin HIPAA Security Risk Analysis RFP TemplateRedspin HIPAA Security Risk Analysis RFP Template
Redspin HIPAA Security Risk Analysis RFP Template
 
Financial institution security top it security risk
Financial institution security top it security riskFinancial institution security top it security risk
Financial institution security top it security risk
 
Managing Windows User Accounts via the Commandline
Managing Windows User Accounts via the CommandlineManaging Windows User Accounts via the Commandline
Managing Windows User Accounts via the Commandline
 
Redspin February 17 2011 Webinar - Meaningful Use
Redspin February 17 2011 Webinar - Meaningful UseRedspin February 17 2011 Webinar - Meaningful Use
Redspin February 17 2011 Webinar - Meaningful Use
 
Redspin Report - Protected Health Information 2010 Breach Report
Redspin Report - Protected Health Information 2010 Breach ReportRedspin Report - Protected Health Information 2010 Breach Report
Redspin Report - Protected Health Information 2010 Breach Report
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
 
Email hacking husband faces felony
Email hacking husband faces felonyEmail hacking husband faces felony
Email hacking husband faces felony
 
Meaningful use, risk analysis and protecting electronic health information
Meaningful use, risk analysis and protecting electronic health informationMeaningful use, risk analysis and protecting electronic health information
Meaningful use, risk analysis and protecting electronic health information
 
Understanding the Experian independent third party assessment (EI3PA ) requir...
Understanding the Experian independent third party assessment (EI3PA ) requir...Understanding the Experian independent third party assessment (EI3PA ) requir...
Understanding the Experian independent third party assessment (EI3PA ) requir...
 
Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011
 

Kürzlich hochgeladen

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Kürzlich hochgeladen (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Mobile Device Security Policy

  • 1. Mobile Device Security Policy 1.0 Introduction The goal of this policy is to allow any type of mobile device (whether issued by [organization name] or not) to be securely used to access [organization name] information resources. While the focus of this policy is mitigating the risks to [organization name] associated with the use of smartphones, part or all of this policy can be applied to traditional mobile devices, including laptops, USB drives, CD/DVD, etc. 2.0 Purpose This policy was created to mitigate known risks associated with: • A breach of confidentiality due to the access, transmission, storage, and disposal of sensitive information using a mobile device. • A breach of integrity due to the access, transmission, storage, and disposal of sensitive information using a mobile device. • A loss of availability to critical systems as a result of using a mobile device. 3.0 Scope This policy applies to any mobile device and its user, including those issued by [organization name] as well as personal devices that are used for business purposes and/or store [organization name] information. 4.0 Policy The effectiveness of this policy is dependent on how it is tailored for [organization name] 's environment. Whether by informal process or formal risk assessment, [organization name] should enumerate 1) all mobile devices in use (type, owner, connections enabled, criticality, data accessed/stored, etc.), 2) current threat-sources, and 3) known vulnerabilities. Each of these factors should help formulate an understanding and prioritization of current risks such that the policy is tailored to [organization name]’s specific environment and ensuring resources are focused only on implementation of those necessary policies. 4.1 Access Control 4.1.1 The use of mobile devices for both business and personal use is prohibited unless permissions are enforceable to restrict application access to the minimum necessary resources and connections. 4.1.2 Only approved applications can be installed and used on mobile devices. A list of approved applications will be maintained and require applications to be signed and/or provide sufficient sandboxing capabilities. 4.1.3 Disable Bluetooth capabilities unless necessary. If necessary, consider additional controls including increased authentication, decrease power use, limit services available, stronger encryption, avoid use of security mode 1, etc. 4.1.4 Access to [organization name] information resources using a mobile device must be approved, documented, and logged. 4.2 Authentication 4.2.1 Mobile device access must require a PIN. 4.2.2 SIM access must require a PIN. 4.2.3 Strong passwords are required for applications that access or store sensitive information. Password policies should enforce length, complexity, lockout, forbid weak words, etc. 4.2.4 Mobile device must require PIN to unlock after a period of inactivity. Mobile Device Security Policy Page 1
  • 2. 4.3 Encryption 4.3.1 The use of encryption is required for all mobile devices that must store or access sensitive information. While full disk encryption is preferable, application or file encryption solutions are acceptable at this time. 4.3.2 The use of encryption is required for the transmission of sensitive information to/from mobile devices. 4.4 Incident Detection and Response 4.4.1 Develop, document, and implement procedure to quickly respond to lost or stolen mobile devices. 4.4.2 Every mobile device will have the capability to remotely wipe and/or track its location on demand. 4.5 User Training and Awareness 4.5.1 Users that use personal mobile devices for business use will notify IT and provide system details. 4.5.2 Users will review all links and URLs prior to clicking to prevent a successful phishing attempt. 4.5.3 Users will limit storage of sensitive data on mobile devices. However, critical data that is stored will be backed up to [organization name] 's file server on a regular basis. 4.5.4 Users will only install approved applications and forward suspicious permission requests to IT prior to granting access to the application. 4.5.5 Users will physically secure the mobile device when left unattended. When left in a car, mobile device will be hidden from view. 4.5.6 Users will not allow unattended access to mobile device by another user. 4.5.7 Users will notify IT immediately if mobile device is lost or stolen. 4.5.8 Users will return mobile device at the end of employment. At which time, device will be wiped and reissued. 4.5.9 Users critical to [organization name] will not use mobile device while operating a motor vehicle. 4.6 Vulnerability Management 4.6.1 All mobile device system and application software in use must be identified and documented. 4.6.2 Critical security updates for in-use software must be deployed to all mobile devices. 4.6.3 Anti-virus software should be used on devices with known malicious software when available. 5.0 Definitions Bluetooth A technology used to transmit data wirelessly. Information Resource Includes data, application, system, network, and/or people. Full Disk Encryption A process that encrypts the entire hard drive/partition. Mobile Device A portable electronic device, including smartphones, PDAs, laptops, USB drives, DVD/CD, etc PIN Personal Identification Number Remote Wipe Use of software to destroy data on mobile device remotely. Sandboxing The ability to restrict an application's access to specific device resources. Sensitive Information Types of sensitive information that may be stored on a mobile device include: authentication credentials, downloaded sensitive data (email and attachments), call logs, business contact info, location/positional info. Signing A process to determine authenticity and accountability for an application. SIM Subscriber Identity Module Mobile Device Security Policy Page 2