Risk Factory: Getting a Grip on Mobile Devices

  • Published on
    21-Jun-2015

  • View
    347

  • Download
    2

DESCRIPTION

%Ways to Get

Transcript

1. Getting a Grip on MobileDevices 2. L year thousands of asttravellers left personal items inLondon taxi cabs 3. 27 toilet seats 4. 4 sets of false teeth 5. 3 dogs 6. 2 babies 7. 1 cat 8. 1 pheasant 9. Funeral ashes 10. A dead body 11. Over 75,000 mobilecomputing devices 12. These devices can hold10k photos 200k docs 100k emails 13. H do you Get a Grip owon that? 14. T 10 Risks op1. L oss2. T heft3. Malware4. Stealth installs5. Data interception6. Direct attack7. Call hi-jacking8. VP hi-jacking N9. Session hi-jacking10. Device hi-jacking 15. Step 1Quantify the Problem Stop. First measure the problem Conduct a survey How many devices? Running what applications? Processing, storing, transmitting: what data? Draft Asset Register Draft Risk Register 16. Step 2Draft policies Device ownership Device liability Acceptable devices Acceptable use Acceptable applications Minimum device security requirements Where to report lost/stolen devices Security Awareness Program 17. Consider Mandating the use of PINs to access devices Mandating use of complex passwords to accessapplications Set max number of password failures Set max days of non-use lock out Specify password change interval Prevent password reuse via password history Set screen-lock 18. Step 3Configuration Firewall Anti-virus (Malware, Trojans, Spyware) O/S Updates Hardening Back end support servers VPN dual authentication 19. Consider Adding or removing root certs Configuring WiFi including trusted SSIDs, passwords, etc. Configuring VPN settings and usage Blocking installation of additional apps from the AppStore Blocking GeoLocation Blocking use of the iPhones camera Blocking screen captures Blocking use of the iTunes Music Store Blocking use of YouTube Blocking explicit content 20. 20 21. Step 4Encryption Data Disk Document, File & Folder Laptop Port & Device Controls Removable Media & Device Email 22. Step 5Incident response Included in BC/DR Plan Back ups Alternatives: Find it Track it Kill it 23. H to Get a Grip ow Quantify the problem policies Configuration Encryption Incident Response 24. Source 25. the problem in hand 26. A different perspective26 Dover Street London United KingdomW 4L1S Y+44 (0)20 3586 1025www.riskfactory.com