SlideShare ist ein Scribd-Unternehmen logo

ISACA smart security for smart devices

Als PPTX, PDF herunterladen
Marc Vael
Marc Vael

I made this presentation for an ISACA webinar on smart device security in July 2012.

Technologie
1 von 42
Smart Security for Smart Mobile Devices Marc Vael International Vice-President
Smart Mobile Device Definition An electronic device that is • cordless (unless while being charged), • mobile (easily transportable), • always connected (via WiFi, 3G, 4G etc.) • capable of voice/video communication, internet browsing, "geo-location" (for search purposes) and that can operate to some extent autonomously.
Smart Mobile Device Business Benefits 1. Increased workforce productivity—facilitates completion of work offsite (+40%). 2. Improved customer service—sales person or account manager can access the CRM system while at a customer site + provide ad hoc solutions & current customer account information. 3. Response to customer problems or questions at any time—35% improvement in customer satisfaction in best-in-business enterprises. 4. Improved turnaround times for problem resolution—more flexibility facing the challenges of time zones or office hours. 5. Increased business process efficiency—shortened & more efficient business processes. SCM+ by providing employees with information to speed the capture of inbound supply chain data + shortening feedback loop between supply chain and production planning. 6. Employee security & safety—one of the first reasons for mobile device adoption: allow employees to travel to/from remote locations while staying in touch. 7. Employee retention—management creates positives for business & employees. Using mobile devices can improve work-life balance by facilitating the ability of employees to work remotely: increase employee retention by up to 25%
Smart Mobile Device Business Benefits
Impact of an attack on the business
Smart Mobile Device Risks ISACA, Business Risks & Security Assessment for Mobile Devices, January 2008
Smart Mobile Device Risks ISACA, Secure Mobile Devices, 20 July 2010, page 6
Smart Mobile Device Risks
Mobile Device Security Issues • Threats differ by industry (e.g. intelligence/security/ police forces, fuel and energy, health and disease control, transportation, media, financial, food, retail, etc.); thus countermeasures must appropriately match the threat. • Cost-benefit case for mobile devices depends solely on the value of corporate data at risk. Thus, critical data must be inventoried + appropriate security solutions implemented. • Businesses can not manage what they can not identify, track or measure. Critical information is not always inventoried and proactively secured. • Some companies outsource network security. When the third party employees leave, what customer data leave with them? Business data are available to providers with different business goals and objectives.
Mobile Device Security Issues • Network security issues include: ‣ Conventional firewall and VPN security systems are inadequate. ‣ Lack of integration with evolving WAN network security solutions. ‣ A blurred network perimeter can cause the boundary between the “private and locally managed and owned” side of a network and the “public and usually provider-managed” side of a network to be less clear. ‣ If communication can be intercepted, piggybacked, impersonated or rerouted to “bad” people, “good” people can look “bad” and “bad” people can look “good” from any location. ‣ Encrypted remote connections are assumed to be secure. Little consideration is given to securing the end point. E-mail and other communications are encrypted only from phone to phone, or mobile device to server. Beyond that point, e-mail, instant messages and file transfers may be transmitted unencrypted over the Internet. ‣ Ad hoc service provisioning: requesting and receiving application service on demand wherever one is located.
Mobile Device Security Issues
Business Model for Information Security
ISACA, Business Risks & Security Assessment for Mobile Devices, January 2008
ISACA, Business Risks & Security Assessment for Mobile Devices, January 2008
Smart device security strategies Policies & Standards
Smart device security strategies
Smart device security strategies EDUCATION!
Smart device security strategies Measuring performance
Smart device security metrics Most common security metrics used in evaluating the adequacy of mobile device security include: • Number of breaches or successful attacks • Virus protection and frequency of virus definition updates • Currency of patch management on the servers • Compliance with federal regulations • Cost of security solutions • Cost of loss • Evaluation of risk Are these metrics sufficient? Do you factor total cost of ownership? How do you measure the benefit & value of mobile devices and the security solutions? So, how can CISOs explain the value of incorporating adequate security?
Smart device security strategies Review / Audit
Auditing Mobile Device Security 1. PLANNING & SCOPING THE AUDIT 1.1 Define audit/assurance objectives. 1.2 Define boundaries of review. 1.3 Identify & document risks. 1.4 Define assignment success. 1.5 Define audit/assurance resources required. 1.6 Define deliverables. 1.7 Communicate the process. 2. MOBILE DEVICE SECURITY 2.1 Mobile Device Security Policy 2.2 Risk Management 2.3 Device Management 2.4 Access Control 2.5 Stored Data 2.6 Malware Avoidance 2.7 Secure Transmission 2.8 Awareness Training
Conclusion s
Conclusion Business executives rarely know where to start. While mobile technology is burgeoning with new innovations, time-tested mitigation techniques and evolving tool sets are available and highly effective. Organizations need to: • Recognize mobile technology risks + commit resources to take decisive actions to control their vulnerabilities • Inventory high-value data & most serious exposures • Evaluate which countermeasures directly & cost-effectively reduce their highest risks • Implement reasonable strategy that phases in improvements in information security commensurate with risk & resources • Commit ongoing resources to revise & refine over time as circumstances evolve For business leaders who fail to implement sufficient safeguards, the costs can be catastrophic. With the integration of an increasingly networked world, their problems become everyone’s.
Your (device) security solution is as strong … … as its weakest link
“I don’t care how many millions of dollars you spend on security technology. If you don’t have people trained properly, I’m going to get in if I want to get in.” Susie Thunder, Cyberpunk
Contact information Marc Vael CISA, CISM, CISSP, CRISC, CGEIT, ITIL Service Manager International Vice-President ISACA 3701 Algonquin Road, Suite 1010 Rolling Meadows IL 60008 USA http://www.isaca.org/ marc@vael.net http://www.linkedin.com/in/marcvael http://twitter.com/marcvael
ISACA smart security for smart devices

Empfohlen

2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
Matthew Rosenquist
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
The Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistThe Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew Rosenquist
Matthew Rosenquist
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
newbie2019
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Empired
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overview
xband
 
Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016
Matthew Rosenquist
 
Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in Cybersecurity
Matthew Rosenquist
 

Empfohlen

2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
Matthew Rosenquist
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
The Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistThe Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew Rosenquist
Matthew Rosenquist
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
newbie2019
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Empired
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overview
xband
 
Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016
Matthew Rosenquist
 
Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in Cybersecurity
Matthew Rosenquist
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
CMR WORLD TECH
 
System of security controls
System of security controlsSystem of security controls
System of security controls
S.E. CTS CERT-GOV-MD
 
True Cost of Data Breaches
True Cost of Data BreachesTrue Cost of Data Breaches
True Cost of Data Breaches
Matthew Rosenquist
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
Soc
SocSoc
Soc
Mukesh Chaudhari
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
Matthew Rosenquist
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
PECB
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
Shah Sheikh
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
EnergySec
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
Norm Barber
 
Security Transformation Services
Security Transformation ServicesSecurity Transformation Services
Security Transformation Services
xband
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
Jason Clark
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Sirius
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
IBM Security
 
IT Security and Management - Prelim Lessons by Mark John Lado
IT Security and Management - Prelim Lessons by Mark John LadoIT Security and Management - Prelim Lessons by Mark John Lado
IT Security and Management - Prelim Lessons by Mark John Lado
Mark John Lado, MIT
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device security
EnclaveSecurity
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
AlienVault
 
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Matthew Rosenquist
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Intergen
 
6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss Gremlins6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss Gremlins
Intronis MSP Solutions by Barracuda
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
DMIMarketing
 

Weitere ähnliche Inhalte

Was ist angesagt?

Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
Matthew Rosenquist
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
PECB
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
Norm Barber
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Sirius
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
IBM Security
 
IT Security and Management - Prelim Lessons by Mark John Lado
IT Security and Management - Prelim Lessons by Mark John LadoIT Security and Management - Prelim Lessons by Mark John Lado
IT Security and Management - Prelim Lessons by Mark John Lado
Mark John Lado, MIT
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device security
EnclaveSecurity
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Intergen
 

Was ist angesagt? (20)

Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
System of security controls
System of security controlsSystem of security controls
System of security controls
 
True Cost of Data Breaches
True Cost of Data BreachesTrue Cost of Data Breaches
True Cost of Data Breaches
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 
Soc
SocSoc
Soc
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
Security Transformation Services
Security Transformation ServicesSecurity Transformation Services
Security Transformation Services
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
 
IT Security and Management - Prelim Lessons by Mark John Lado
IT Security and Management - Prelim Lessons by Mark John LadoIT Security and Management - Prelim Lessons by Mark John Lado
IT Security and Management - Prelim Lessons by Mark John Lado
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device security
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 

Ähnlich wie ISACA smart security for smart devices

report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile security
JAYANT RAJURKAR
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chain
David J Rosenthal
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
DMIMarketing
 
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterpriseMbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
SelectedPresentations
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
Frederic Roy-Gobeil, CPA, CGA, M.Tax.
 
Security White Paper
Security White PaperSecurity White Paper
Security White Paper
MobiWee
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trends
Christopher Bennett
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIO
Jim Romeo
 

Ähnlich wie ISACA smart security for smart devices (20)

6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss Gremlins6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss Gremlins
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile security
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chain
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
 
ZS Infotech v1.0
ZS Infotech v1.0ZS Infotech v1.0
ZS Infotech v1.0
 
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterpriseMbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
What every executive needs to know about information technology security
What every executive needs to know about information technology securityWhat every executive needs to know about information technology security
What every executive needs to know about information technology security
 
Cognitive security
Cognitive securityCognitive security
Cognitive security
 
AGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White PaperAGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White Paper
 
Security White Paper
Security White PaperSecurity White Paper
Security White Paper
 
Safeguard Your Business
Safeguard Your BusinessSafeguard Your Business
Safeguard Your Business
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistance
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trends
 
Top 5 Cybersecurity Trends in 2021 and Beyond
Top 5 Cybersecurity Trends in 2021 and BeyondTop 5 Cybersecurity Trends in 2021 and Beyond
Top 5 Cybersecurity Trends in 2021 and Beyond
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIO
 

Mehr von Marc Vael

Mehr von Marc Vael (20)

How secure are chat and webconf tools
How secure are chat and webconf toolsHow secure are chat and webconf tools
How secure are chat and webconf tools
 
my experience as ciso
my experience as cisomy experience as ciso
my experience as ciso
 
Advantages of privacy by design in IoE
Advantages of privacy by design in IoEAdvantages of privacy by design in IoE
Advantages of privacy by design in IoE
 
Cybersecurity governance existing frameworks (nov 2015)
Cybersecurity governance existing frameworks (nov 2015)Cybersecurity governance existing frameworks (nov 2015)
Cybersecurity governance existing frameworks (nov 2015)
 
Cybersecurity nexus vision
Cybersecurity nexus visionCybersecurity nexus vision
Cybersecurity nexus vision
 
ISACA Reporting relevant IT risks to stakeholders
ISACA Reporting relevant IT risks to stakeholdersISACA Reporting relevant IT risks to stakeholders
ISACA Reporting relevant IT risks to stakeholders
 
Cloud security lessons learned and audit
Cloud security lessons learned and auditCloud security lessons learned and audit
Cloud security lessons learned and audit
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditing
 
ISACA Internet of Things open forum presentation
ISACA Internet of Things open forum presentationISACA Internet of Things open forum presentation
ISACA Internet of Things open forum presentation
 
hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?
hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?
hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?
 
The value of big data analytics
The value of big data analyticsThe value of big data analytics
The value of big data analytics
 
Social media risks and controls
Social media risks and controlsSocial media risks and controls
Social media risks and controls
 
The view of auditor on cybercrime
The view of auditor on cybercrimeThe view of auditor on cybercrime
The view of auditor on cybercrime
 
ISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentation
 
Belgian Data Protection Commission's new audit programme
Belgian Data Protection Commission's new audit programmeBelgian Data Protection Commission's new audit programme
Belgian Data Protection Commission's new audit programme
 
ISACA Cloud Computing Risks
ISACA Cloud Computing RisksISACA Cloud Computing Risks
ISACA Cloud Computing Risks
 
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handoutInformation security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
 
Securing big data (july 2012)
Securing big data (july 2012)Securing big data (july 2012)
Securing big data (july 2012)
 
Valuendo cyberwar and security (jan 2012) handout
Valuendo cyberwar and security (jan 2012) handoutValuendo cyberwar and security (jan 2012) handout
Valuendo cyberwar and security (jan 2012) handout
 
How to handle multilayered IT security today
How to handle multilayered IT security todayHow to handle multilayered IT security today
How to handle multilayered IT security today
 

Kürzlich hochgeladen

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Kürzlich hochgeladen (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

ISACA smart security for smart devices

  • 1. Smart Security for Smart Mobile Devices Marc Vael International Vice-President
  • 2. Smart Mobile Device Definition An electronic device that is • cordless (unless while being charged), • mobile (easily transportable), • always connected (via WiFi, 3G, 4G etc.) • capable of voice/video communication, internet browsing, "geo-location" (for search purposes) and that can operate to some extent autonomously.
  • 3.
  • 4.
  • 5.
  • 6. Smart Mobile Device Business Benefits 1. Increased workforce productivity—facilitates completion of work offsite (+40%). 2. Improved customer service—sales person or account manager can access the CRM system while at a customer site + provide ad hoc solutions & current customer account information. 3. Response to customer problems or questions at any time—35% improvement in customer satisfaction in best-in-business enterprises. 4. Improved turnaround times for problem resolution—more flexibility facing the challenges of time zones or office hours. 5. Increased business process efficiency—shortened & more efficient business processes. SCM+ by providing employees with information to speed the capture of inbound supply chain data + shortening feedback loop between supply chain and production planning. 6. Employee security & safety—one of the first reasons for mobile device adoption: allow employees to travel to/from remote locations while staying in touch. 7. Employee retention—management creates positives for business & employees. Using mobile devices can improve work-life balance by facilitating the ability of employees to work remotely: increase employee retention by up to 25%
  • 7. Smart Mobile Device Business Benefits
  • 8.
  • 9.
  • 10.
  • 11. Impact of an attack on the business
  • 12. Smart Mobile Device Risks ISACA, Business Risks & Security Assessment for Mobile Devices, January 2008
  • 13. Smart Mobile Device Risks ISACA, Secure Mobile Devices, 20 July 2010, page 6
  • 15.
  • 16.
  • 17. Mobile Device Security Issues • Threats differ by industry (e.g. intelligence/security/ police forces, fuel and energy, health and disease control, transportation, media, financial, food, retail, etc.); thus countermeasures must appropriately match the threat. • Cost-benefit case for mobile devices depends solely on the value of corporate data at risk. Thus, critical data must be inventoried + appropriate security solutions implemented. • Businesses can not manage what they can not identify, track or measure. Critical information is not always inventoried and proactively secured. • Some companies outsource network security. When the third party employees leave, what customer data leave with them? Business data are available to providers with different business goals and objectives.
  • 18. Mobile Device Security Issues • Network security issues include: ‣ Conventional firewall and VPN security systems are inadequate. ‣ Lack of integration with evolving WAN network security solutions. ‣ A blurred network perimeter can cause the boundary between the “private and locally managed and owned” side of a network and the “public and usually provider-managed” side of a network to be less clear. ‣ If communication can be intercepted, piggybacked, impersonated or rerouted to “bad” people, “good” people can look “bad” and “bad” people can look “good” from any location. ‣ Encrypted remote connections are assumed to be secure. Little consideration is given to securing the end point. E-mail and other communications are encrypted only from phone to phone, or mobile device to server. Beyond that point, e-mail, instant messages and file transfers may be transmitted unencrypted over the Internet. ‣ Ad hoc service provisioning: requesting and receiving application service on demand wherever one is located.
  • 20.
  • 21.
  • 22. Business Model for Information Security
  • 23.
  • 24. ISACA, Business Risks & Security Assessment for Mobile Devices, January 2008
  • 25. ISACA, Business Risks & Security Assessment for Mobile Devices, January 2008
  • 26.
  • 27. Smart device security strategies Policies & Standards
  • 29. Smart device security strategies EDUCATION!
  • 30. Smart device security strategies Measuring performance
  • 31. Smart device security metrics Most common security metrics used in evaluating the adequacy of mobile device security include: • Number of breaches or successful attacks • Virus protection and frequency of virus definition updates • Currency of patch management on the servers • Compliance with federal regulations • Cost of security solutions • Cost of loss • Evaluation of risk Are these metrics sufficient? Do you factor total cost of ownership? How do you measure the benefit & value of mobile devices and the security solutions? So, how can CISOs explain the value of incorporating adequate security?
  • 33.
  • 34. Auditing Mobile Device Security 1. PLANNING & SCOPING THE AUDIT 1.1 Define audit/assurance objectives. 1.2 Define boundaries of review. 1.3 Identify & document risks. 1.4 Define assignment success. 1.5 Define audit/assurance resources required. 1.6 Define deliverables. 1.7 Communicate the process. 2. MOBILE DEVICE SECURITY 2.1 Mobile Device Security Policy 2.2 Risk Management 2.3 Device Management 2.4 Access Control 2.5 Stored Data 2.6 Malware Avoidance 2.7 Secure Transmission 2.8 Awareness Training
  • 36. Conclusion Business executives rarely know where to start. While mobile technology is burgeoning with new innovations, time-tested mitigation techniques and evolving tool sets are available and highly effective. Organizations need to: • Recognize mobile technology risks + commit resources to take decisive actions to control their vulnerabilities • Inventory high-value data & most serious exposures • Evaluate which countermeasures directly & cost-effectively reduce their highest risks • Implement reasonable strategy that phases in improvements in information security commensurate with risk & resources • Commit ongoing resources to revise & refine over time as circumstances evolve For business leaders who fail to implement sufficient safeguards, the costs can be catastrophic. With the integration of an increasingly networked world, their problems become everyone’s.
  • 37.
  • 38.
  • 39. Your (device) security solution is as strong … … as its weakest link
  • 40. “I don’t care how many millions of dollars you spend on security technology. If you don’t have people trained properly, I’m going to get in if I want to get in.” Susie Thunder, Cyberpunk
  • 41. Contact information Marc Vael CISA, CISM, CISSP, CRISC, CGEIT, ITIL Service Manager International Vice-President ISACA 3701 Algonquin Road, Suite 1010 Rolling Meadows IL 60008 USA http://www.isaca.org/ marc@vael.net http://www.linkedin.com/in/marcvael http://twitter.com/marcvael