Risk Factory: Getting a Grip on Mobile Devices


Published on

%Ways to Get

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Risk Factory: Getting a Grip on Mobile Devices

  1. 1. Getting a Grip on Mobile Devices
  2. 2. L year thousands of asttravellers left personal items inLondon taxi cabs
  3. 3. 27 toilet seats
  4. 4. 4 sets of false teeth
  5. 5. 3 dogs
  6. 6. 2 babies
  7. 7. 1 cat
  8. 8. 1 pheasant
  9. 9. Funeral ashes
  10. 10. A dead body
  11. 11. Over 75,000 mobilecomputing devices
  12. 12. These devices can hold10k photos 200k docs 100k emails
  13. 13. H do you Get a Grip ow on that?
  14. 14. T 10 Risks op1. L oss2. T heft3. M alware4. Stealth installs5. Data interception6. Direct attack7. Call hi-jacking8. VP hi-jacking N9. Session hi-jacking10. Device hi-jacking
  15. 15. Step 1Quantify the Problem• Stop.• First measure the problem• Conduct a survey• How many devices? Running what applications?• Processing, storing, transmitting: what data?• Draft Asset Register• Draft Risk Register
  16. 16. Step 2Draft policies• Device ownership• Device liability• Acceptable devices• Acceptable use• Acceptable applications• Minimum device security requirements• Where to report lost/stolen devices• Security Awareness Program
  17. 17. Consider…• Mandating the use of PINs to access devices• Mandating use of complex passwords to access applications• Set max number of password failures• Set max days of non-use lock out• Specify password change interval• Prevent password reuse via password history• Set screen-lock
  18. 18. Step 3Configuration• Firewall• Anti-virus (Malware, Trojans, Spyware)• O/S Updates• Hardening• Back end support servers• VPN dual authentication
  19. 19. Consider…• Adding or removing root certs• Configuring WiFi including trusted SSIDs, passwords, etc.• Configuring VPN settings and usage• Blocking installation of additional apps from the AppStore• Blocking GeoLocation• Blocking use of the iPhone’s camera• Blocking screen captures• Blocking use of the iTunes Music Store• Blocking use of YouTube• Blocking explicit content
  20. 20. 20
  21. 21. Step 4Encryption• Data• Disk• Document, File & Folder• Laptop• Port & Device Controls• Removable Media & Device• Email
  22. 22. Step 5Incident response• Included in BC/DR Plan• Back ups• Alternatives: – Find it – Track it – Kill it
  23. 23. H to Get a Grip ow Quantify the problem policies Configuration Encryption Incident Response
  24. 24. Source
  25. 25. the problem in hand
  26. 26. A different perspective 26 Dover Street London United Kingdom W 4L 1S Y +44 (0)20 3586 1025 www.riskfactory.com