14. T 10 Risks
op
1. L oss
2. T heft
3. M alware
4. Stealth installs
5. Data interception
6. Direct attack
7. Call hi-jacking
8. VP hi-jacking
N
9. Session hi-jacking
10. Device hi-jacking
15. Step 1
Quantify the Problem
• Stop.
• First measure the problem
• Conduct a survey
• How many devices? Running what applications?
• Processing, storing, transmitting: what data?
• Draft Asset Register
• Draft Risk Register
16. Step 2
Draft policies
• Device ownership
• Device liability
• Acceptable devices
• Acceptable use
• Acceptable applications
• Minimum device security requirements
• Where to report lost/stolen devices
• Security Awareness Program
17. Consider…
• Mandating the use of PINs to access devices
• Mandating use of complex passwords to access
applications
• Set max number of password failures
• Set max days of non-use lock out
• Specify password change interval
• Prevent password reuse via password history
• Set screen-lock
18. Step 3
Configuration
• Firewall
• Anti-virus (Malware, Trojans, Spyware)
• O/S Updates
• Hardening
• Back end support servers
• VPN dual authentication
19. Consider…
• Adding or removing root certs
• Configuring WiFi including trusted SSIDs, passwords, etc.
• Configuring VPN settings and usage
• Blocking installation of additional apps from the AppStore
• Blocking GeoLocation
• Blocking use of the iPhone’s camera
• Blocking screen captures
• Blocking use of the iTunes Music Store
• Blocking use of YouTube
• Blocking explicit content