Il secondo volume dedicato alle vie di roccia classiche e moderne del gruppo di Brenta prende in considerazione il versante che si affaccia su Molveno, la nota e ridente località turistica, famosa per il suo bel lago. La minuziosa ricerca di informazioni da parte dell'autore ha portato alla raccolta di 116 itinerari, sia storici che moderni, sulle pareti che fanno da contorno alla Val delle Seghe, la valle che si inoltra appunto da Molveno verso il cuore del gruppo. La guida è stata divisa in quattro settori:
Massiccio del Monte Daino: Dosso di Lodrin, Cima Sparavieri, Monte Daino, Croz del Rifugio, Bastione dei Casinati, Bimbo delle Fontanefredde, Cima Fontanefredde, Pilastro Felice spellini.
Massodi: Castel Alto dei Massodi, Castelletto dei Massodi, Naso dei Massodi.
Val Perse: Cima Sella, Torre delle Val Perse, Rocca delle Val Perse, Cima delle Val Perse, Cima Roma, Cima della Vallazza, Cima della Gaiarda, Cima Guardiola.
Croz dell'Altissimo: Croz dell'Altissimo.
Presentato da Alessandro Gogna al Film Festival di Trento il 27 aprile 2014
www.ideamontagna.it/librimontagna/libro-alpinismo-montagna.asp?cod=54
Risk managment and Insurance chap1-3 Addis Ababa University School of CommerceAshenafi Abera Wolde
Risk affects every aspect of an organization. The effects of risk are not
confined within any predictable boundaries; a single event can easily
influence several areas of an organization at once, producing consequences
far beyond the immediate impact. The pervasiveness and complexity of risk
presents strong challenges to managers, one of the most important being
the coordination of risk management across areas within the organization.
It deals with: the nature and management of pure risks, insurance and
reinsurance; risk concepts, classification of risks, management of pure risks
through various risk handling tools, industrial safety, general principles of
insurance and major classes of insurance, reinsurance and development &
regulation of the insurance Ethiopia
Il secondo volume dedicato alle vie di roccia classiche e moderne del gruppo di Brenta prende in considerazione il versante che si affaccia su Molveno, la nota e ridente località turistica, famosa per il suo bel lago. La minuziosa ricerca di informazioni da parte dell'autore ha portato alla raccolta di 116 itinerari, sia storici che moderni, sulle pareti che fanno da contorno alla Val delle Seghe, la valle che si inoltra appunto da Molveno verso il cuore del gruppo. La guida è stata divisa in quattro settori:
Massiccio del Monte Daino: Dosso di Lodrin, Cima Sparavieri, Monte Daino, Croz del Rifugio, Bastione dei Casinati, Bimbo delle Fontanefredde, Cima Fontanefredde, Pilastro Felice spellini.
Massodi: Castel Alto dei Massodi, Castelletto dei Massodi, Naso dei Massodi.
Val Perse: Cima Sella, Torre delle Val Perse, Rocca delle Val Perse, Cima delle Val Perse, Cima Roma, Cima della Vallazza, Cima della Gaiarda, Cima Guardiola.
Croz dell'Altissimo: Croz dell'Altissimo.
Presentato da Alessandro Gogna al Film Festival di Trento il 27 aprile 2014
www.ideamontagna.it/librimontagna/libro-alpinismo-montagna.asp?cod=54
Risk managment and Insurance chap1-3 Addis Ababa University School of CommerceAshenafi Abera Wolde
Risk affects every aspect of an organization. The effects of risk are not
confined within any predictable boundaries; a single event can easily
influence several areas of an organization at once, producing consequences
far beyond the immediate impact. The pervasiveness and complexity of risk
presents strong challenges to managers, one of the most important being
the coordination of risk management across areas within the organization.
It deals with: the nature and management of pure risks, insurance and
reinsurance; risk concepts, classification of risks, management of pure risks
through various risk handling tools, industrial safety, general principles of
insurance and major classes of insurance, reinsurance and development &
regulation of the insurance Ethiopia
Every lender must make the decision on whether or not to report credit data. Furnishing data to the credit bureaus is still voluntary, but there are a number of reasons to embrace this action as a lender. Here are five reasons to consider if you are on the fence about becoming a data furnisher.
Influencing the Influnecers - Bridging the gap with Social Media Jenny Brennan
Using social media to stand out online can be a challenge for most small businesses in a noisy online world. In this presentation, I share the essential steps necessary to influence leaders in your industry, but also those who influence the decisions of others - our clients and customers.
Найти IT - уникальный городской форум, на котором можно узнать абсолютно всё о работе в сфере IT! Всего за пару часов студенты Петербурга смогут найти работу в лучших компаниях страны, узнать о всех хитростях трудоустройства для IT-специалистов, лично пообщаться с профессионалами, узнать о самых интересных новинках в области IT и даже весело отдохнуть.
Every lender must make the decision on whether or not to report credit data. Furnishing data to the credit bureaus is still voluntary, but there are a number of reasons to embrace this action as a lender. Here are five reasons to consider if you are on the fence about becoming a data furnisher.
Influencing the Influnecers - Bridging the gap with Social Media Jenny Brennan
Using social media to stand out online can be a challenge for most small businesses in a noisy online world. In this presentation, I share the essential steps necessary to influence leaders in your industry, but also those who influence the decisions of others - our clients and customers.
Найти IT - уникальный городской форум, на котором можно узнать абсолютно всё о работе в сфере IT! Всего за пару часов студенты Петербурга смогут найти работу в лучших компаниях страны, узнать о всех хитростях трудоустройства для IT-специалистов, лично пообщаться с профессионалами, узнать о самых интересных новинках в области IT и даже весело отдохнуть.
Найти IT - уникальный городской форум, на котором можно узнать абсолютно всё о работе в сфере IT! Всего за пару часов студенты Петербурга смогут найти работу в лучших компаниях страны, узнать о всех хитростях трудоустройства для IT-специалистов, лично пообщаться с профессионалами, узнать о самых интересных новинках в области IT и даже весело отдохнуть.
Making your mobile app more popular through social isn’t as easy as adding a Facebook share or like button. When designing around a social dynamic, you must understand the user - what, when, and how they want to share.
Найти IT - уникальный городской форум, на котором можно узнать абсолютно всё о работе в сфере IT! Всего за пару часов студенты Петербурга смогут найти работу в лучших компаниях страны, узнать о всех хитростях трудоустройства для IT-специалистов, лично пообщаться с профессионалами, узнать о самых интересных новинках в области IT и даже весело отдохнуть.
Panopticon Data Visualization Software 6.1.1 IntroductionHugh Heinsohn
Panopticon 6.1.1 is the latest release of our comprehensive data visualization suite. It incorporates a number of important enhancements, including new data connectors, improvements to key visualizations, including Treemaps and Heatmaps, and a completely new visualization, the Timeseries Scatter Plot.
Panopticon 6.1.1 includes these changes:
- New Timeseries Scatter Plot Visualization
- Treemap and Heat Matrix (Tile) provide control over detail variable display
- Enhanced Heat Matrix tile to support multiple display fields
- Border specification around visualizations
- UI Enhancements to the Time Window Filter
- Interpolation capability across time axis gaps
- Numeric Identity Bucketing to support numeric values as categories
- HTML client support for data export
- New Time Series Product calculations
- Ability to pass zoom bounds into actions through special parameters
- Snapshot will be kept as last time slice for streaming time series
- Action button supports passing of parameters to parameters
- Java version of the Apache ActiveMQ connector
- Java version of the OneMarketData OneTick connector
- Java version of the Kx kdb+tick connector
- Updated Apache ActiveMQ connector to improve subscriber performance
- Enhanced parsing of timestamps in the Text, XML and OData connectors
- Command Line Utilities for the .NET server
El Guest Blogging es una de las mejores formas para conseguir la visibilidad que necesitas con tu blog.
Aquí te explico cómo NO debes hacer una propuesta para escribir un artículo como invitado (con casos reales que he tenido en mi propio blog) y lo que sí debes hacer.
5 STEP PROCESS TO MOBILE RISK MANAGEMENT
1/ Understand how employees want to use Mobile Devices and Applications
2/ Identify potential threats
3/ Define the impact to the business based on probable threat scenarios
4/ Develop policies and procedures to protect the business to an acceptable level
5/ Implement manageable procedural and technical controls, and monitor their effectiveness
We are a new generation IT Software Company, helping our customers to optimize their IT investments, while preparing them for the best-in-class operating model, for delivering that “competitive edge” in their marketplace.
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
Presentacion realizada en Argentina y Paraguay Durante Marzo 2014.
En Argentina por Faustino Sanchez. En Paraguay por Santiago Cavanna.
Trata sobre el problema de la presencia de vulnerabilidades en aplicaciones, el impacto que tiene en las organizaciones y la forma que se encuentra disponible para descubrirlas en forma temprana y facilitar su remediacion
Links disponibles en
http://www.santiagocavanna.com/segurinfo-2014-el-costo-oculto-de-las-aplicaciones-vulnerables/
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...Ulf Mattsson
Not too long ago, many security experts believed that the best way to defend data was to apply the strongest possible technological protections to all of the data, all of the time. While that plan may work perfectly in theory, in the real world of business this model creates unacceptable costs, performance and availability problems.
What works from both IT and management standpoints? Risk-adjusted data security. Protecting data according to risk enables organizations to determine their most significant security exposures, target their budgets towards addressing the most critical issues, strengthen their security and compliance profile, and achieve the right balance between business needs and security demands.
Other issues that risk-adjusted security addresses are the unnecessary expenses, availability problems and system performance lags that result when data is over-protected. And cloud-based technologies, mobile devices and the distributed enterprise require a risk-mitigation approach to security, focused on securing mission critical data, rather than the now-unachievable ‘protect all the data at all costs’ model of years past.
Here’s how to develop and deploy a risk-adjusted data protection plan
Cybersecurity risk assessments help organizations identify.pdfTheWalkerGroup1
Cybersecurity risk assessments help organizations identify, manage and mitigate all forms of cyber risk. It is a critical component of any comprehensive data protection strategy.
Partner with HARMAN Digital Transformation Solutions (DTS) to build products and solutions that address real customer needs in real-time, and accelerate business growth.
7 Practices To Safeguard Your Business From Security Breaches!Caroline Johnson
Cybercriminals are out to get your business, and they're doing it in a big way. It's no secret that though cybercriminals often target large businesses, smaller organizations are also attractive to them. The logic is simple: small businesses usually follow a standard "not much to steal" mindset using fewer controls and easy-to-breach data protection strategies.
Here are the seven best practices every small business should implement immediately to protect their organization from cyberattacks and keep their data safe from thieves and hackers. To know about it visit: https://bit.ly/3G96FDr
Module 02 Performance Risk-based Analytics With all the advancemIlonaThornburg83
Module 02 Performance Risk-based Analytics
With all the advancements in technology and encryption levels, some methods are faster or slower than others. In most cases a cybersecurity professional must weigh cost, performance, and security. Risk is a powerful tool used by all cybersecurity professionals to assist in making these decisions, and in influencing appropriate stakeholders by providing appropriate information with regard to these three elements.
Risk analysis or risk base analytics helps determine the level of risk to an organization. The first step in this process is to determine the sensitivity of the data being processed. The example below is a common data classification for many organizations; however, depending on how the data will be used, these data fields may vary due to classification levels.
· Public: Data available to the general public and approved for distribution outside the organization.
· Examples: press releases, directory information (not subject to a government regulations or blocks), product catalogs, application and request forms, and other general information that is openly shared. The type of information an organization would choose to post on its website offers a good example of Public data.
· Internal: Data necessary for the operation of the business and generally available to all internal users, users of that particular customer, and potentially interested third-parties if appropriate and when authorized.
· Examples: Some memos, correspondence, and meeting minutes; contact lists that contain information that is not publicly available; and procedural documentation that should remain internal.
· Confidential: Data generally not made available outside the organization and the unauthorized access, use, disclosure, duplication, modification, or destruction of which could adversely impact the organization and/or customers. All confidential information is sensitive in nature and must be restricted to those with a legitimate business need to know.
· Examples:
· Information covered by the Family Educational Rights and Privacy Act (FERPA), which requires protection of records for current and former students. This includes pictures of students kept for official purposes.
· Personally identifiable information entrusted to the organization’s care that is not restricted use data, such as information regarding applicants, donors, potential donors, or competitive marketing research data.
· Information covered by the Gramm-Leach-Bliley Act (GLB), which requires protection of certain financial records.
· Individual employment information, including salary, benefits and performance appraisals for current, former, and prospective employees.
· Legally privileged information.
· Information that is the subject of a confidentiality agreement.
· Restricted: Data that MUST be specifically protected via various access, confidentiality, integrity and/or non-repudiation controls in order to comply with legislative, regulatory, con ...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...Precise Testing Solution
In this pdf post, we’ll discuss and understand what are these three major goals of cybersecurity which every business should have to comply with in their best practices.
DMI has helped several U.S. Federal Government agencies develop strategies, cost justifications and deployment plans for secure enterprise mobility solutions.
The allure of incredibly powerful, easy-to-use handheld devices, constant global connectivity, and an app for everything have given rise to a stunning consumer-driven transformation of the IT landscape.
Driving Traffic to Your Mobile Apps & SitesDMIMarketing
Many Brands, Businesses and Mobile Developers make the mistake of developing and launching their apps without planning how to reach their target audience.
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
Hundreds of companies, and the most demanding Federal agencies rely on DMI for Mobile Security services and solutions. And with more than 500,000 devices under management, we know how to do it right.
Now we’ve distilled 9 years of Mobile Security best practices into a white paper you can download. The paper lays out a smart, sensible approach to managing mobile risk without unnecessary cost and business disruption.
Please be our guest and check out the white paper. You’ll learn:
How to identify and protect against the threats that matter the most
What to do about “the hottest new technologies”
How to get the most protection for the least cost and disruption
The key differences and similarities between Mobile and traditional cybersecurity
- See more at: http://dminc.com/solutions/enterprise-mobility-services/mobilesecuritywp/#sthash.yTptNZRw.dpuf
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
5 Steps to Mobile Risk Management
1. MOBILE SECURITY:
5 STEPS TO MOBILE
RISK MANAGEMENT
Nearly 80 percent of American investors say they aren’t likely to invest in companies that have
suffered multiple cyber attacks1. Analysts estimate that data breaches cost large enterprises an
average of $5.4 million per breach2 and can erode brand value by hundreds of millions of dollars3.
As data breaches have damaged business performance and company valuations, data security
concerns have broken out of the CIO’s office and into the boardroom, where CEOs are being
challenged to explain what they’re doing to ensure that vital revenue streams and shareholder
value are being safeguarded.
As the business stakes have been raised, the explosive growth in mobile devices has multiplied the
threat. Nearly 40% of organizations in another recent study had data breaches resulting from lost
or stolen mobile devices, including tablet computers, smartphones and USB drives that contained
confidential or sensitive data4.
So what does a company need to do to manage the risk of data loss through mobile devices? This
white paper outlines a rational, risk-based approach to data protection that’s designed particularly
for the new world of mobile devices.
1
Zogby Analytics/HBGary Feb 25, 2013
Ponemon Institute 2013 Cost of Data Breach Study
3
Ponemon Institute October 2011
4
Ponemon Institute 2011 Cost of Data Breach Study
2
DMI WHITE PAPER
1
2. Mobile Security: 5 Steps to Mobile Risk Management
Historically, when new business process-changing technologies become available, e.g. Email, Web
Services, Laptops, Wifi, Cloud Services, and now ubiquitous and heterogeneous Mobile Devices,
the focus is on figuring out how to use and manage the technology. Worrying about securing
it comes later. Then a familiar pattern is often repeated: a period of time is spent admiring the
security problem; eventually a myriad of disparate “bolt on” point security solutions are developed;
then finally security is integrated into the technology.
Right now, Mobile technologies are somewhere between admiring the problem, and bolting on
solutions. Mobile security vendors are in a rush to launch new products. Dozens of new point
solutions are flooding the market, and enterprises are challenged to determine what they need,
and how to integrate them into their infrastructure.
The problem is that there is little discussion of what the business requirements for security actually
are. Mobile Security is not just one thing. There are multifaceted threats and risks that need to
be managed. These include secure identity and access control; data protection and content
management; application management and security; malware protection; digital forensics, secure
transport, monitoring and reporting, policy enforcement and device management. Each of these
plays a critical part in managing risk, because no organization has the same risk profile. Balancing
which to prioritize, and how much to implement takes expertise.
Mobile Security Landscape
Secure Identity
Users
Access Control
Privacy Controls
Data & Content
Data Protection
Content Management
Application Management
Apps
Application Security
Malware Protection
Networks
Digital Forensics
Secure Transport
Monitoring/Reporting
Devices
Policy Enforcement
Device Management
DMI WHITE PAPER
2
3. Mobile Security: 5 Steps to Mobile Risk Management
A Risk-Based Approach
The key to real security is taking a risk-based approach. This means developing a set of practical
business and security requirements that point the way to the technologies and policies that
eliminate the most risk without unduly impacting usability and needed business functionality. This
avoids the common backwards approach: buying a technology based on feature set, then figuring
out how to integrate it into the business process.
Establishing business security requirements involves answering the question, “secure from what?”
Almost every organization will have a different answer. There will certainly be standard risk-based
approaches and security features that apply across the board. But the priority of controls, the way
they are implemented, and the way they are managed will be unique to each organization.
The Twenty Critical Security Controls, developed by the SANS Institute, have helped many large
enterprises and government agencies begin to transform security by focusing their spending on the
key controls that block attacks that have the greatest overall impact on security. Several of these
Critical Security Controls apply just as well to mobile devices as to traditional computers:
Asset and configuration management
Strong authentication and identity management
Protection of sensitive data at rest and in transit
Protection against Lost/stolen/decommissioned devices
Protection from malware from email or web
Device-specific Operating System vulnerabilities
Connecting to insecure/rogue wifi
Protection and management of web and email traffic
The organization’s unique business requirements will determine where to start and how to build.
For companies with intellectual property to protect, encryption will be a high priority; organizations
that field many mobile apps might need to focus on application security; companies where users
need to access internal applications might require strong identity management. Many tools are
available for each area. Selecting the right one depends on an organization’s unique environment
and requirements. To help define requirements and determine the best approach, DMI
recommends a Five Step Mobile Risk Management Process.
DMI WHITE PAPER
3
4. Mobile Security: 5 Steps to Mobile Risk Management
5 Step Process for Mobile Risk Management:
1
Understand how employees want to use Mobile Devices and Applications
2
Identify potential threats
3
Define the impact to the business based on probable threat scenarios
4
Develop policies and procedures to protect the business to an acceptable level
Implement manageable procedural and technical controls, and monitor their effectiveness
5
Step 1: Understand User Requirements
This may vary by industry, business needs or organizational culture, but a typical list of user
requirements for a personal mobile device is likely to include:
Access to enterprise applications (email, calendar, contacts, business applications,
Sharepoint servers, etc)
Ability to make both personal and professional calls
Privacy for personal employee activities, data, photos, emails, texts, and applications
(i.e., no corporate collecting, monitoring, or tracking)
Prohibition of organizational backup or wipe of personal data
Step 2: Identify Potential Threats
Some common threats introduced or exacerbated by mobile devices are listed below. Like user
requirements, threats that are relevant to any given organization will vary depending on industry,
corporate culture, and current security program and architecture implementation.
Corporate loss of control of data on device (lost/stolen/decommissioned/employment
separation)
Compromise of user credentials (malicious applications, insecure applications or operating
systems, credentials passed in clear over public networks, phishing web sites)
Unauthorized access to sensitive data (data passed over network in clear, data stored
unencrypted on device, data backed up to uncontrolled system)
Devices (intentionally or unintentionally) used as recording devices (phone, or camera on
during meetings, pictures or video of sensitive information)
DMI WHITE PAPER
4
5. Mobile Security: 5 Steps to Mobile Risk Management
Step 3: Define the impact to the business based on probable
threat scenarios
Business risk is about loss of Confidentiality, Integrity, or Availability (CIA). Each kind of loss is
associated with a different level of business impact. And the approaches to monitoring and
protecting against each type of loss are different. An adversary might use a spear phishing email
to compromise an endpoint to steal user credentials to access a database to exfiltrate data (loss of
Confidentiality). Or, they could corrupt (loss of Integrity) or delete (loss of Availability) that data.
One problem with traditional risk modeling is that it often sets a “value” for an asset based
on a simple measurement, such as the cost of a lost device. But business impact value is more
complicated--value of data, of business process, of loss of future revenue, etc. must all be
considered. And the impact of a loss may even vary depending on how the asset is lost. For a given
set of data, loss of Confidentiality (trade secrets fall into the hands of a competitor) might have a
greater business impact than loss of Availability, or Integrity (the same data is deleted or corrupted).
Standards need to be created that call out different levels of impact and different controls for each
of these three (CIA) risks. More important, the likelihood and impact of a security event need to be
factored in to achieve better prioritization. A whole paper could be written about vulnerabilities in
mobile operating systems, applications, or ActiveSync. But risk management is about playing to the
rule and not the exception. A rational approach addresses the more likely and costly threats before
getting to the more esoteric.
Loss of a device is very common—for most organizations, it’s likely to be a high priority for risk
management. What about a hacker in a coffee shop sniffing WiFi traffic and pulling data or
credentials off the air? This is where it’s necessary to think about unique business characteristics
and how they influence risk: does your company manage a lot of intellectual property? Are there
significant regulatory requirements for how to protect and control data? Do you have a diverse
workforce distributed around the country, or around the globe with different privacy laws? Do
your users only access email, or do you have critical business applications running on your mobile
devices, or do you collect critical business data on them? These are the kinds of questions that
need to be answered, and risks factored for each.
A security program built around the threats that get the most “press” is likely to be both costly and
ineffective. Successful programs address the risks that carry the greatest business impact and that
are most likely to occur--like expecting that users will lose mobile devices.
DMI WHITE PAPER
5
6. Mobile Security: 5 Steps to Mobile Risk Management
Step 4: Develop policies and procedures to protect the business to an
acceptable level
Mobile security can be complicated. If the organization owns the mobile endpoints, the same
security controls and policy processes can be applied as are being used to protect laptops:
Require good passwords
Encrypt the data
Antivirus (only effective on Android)
Educate users about phishing emails that ask for credentials
Educate users about application risks, don’t allow apps over public wifi
Keep phones out of meetings when talking about proprietary information
But BYOD introduces significant privacy issues. Employees might need to sign off on a policy that
authorizes forensics testing on their device. Implementation becomes more complex because it
may require separation for work email, calendar, contacts, phone, and documents from personal
data. A policy should include:
Maintenance and management of a list of devices (linked to users) that are authorized to
access company resources
Tracking of devices and users accessing company resources at any given time
Restricted access from devices with insufficient protection against compromise to data or
user credentials
Controlled access to data, applications, and resources based policies such as data
classification, user, device, network, or location
Secured company data, at rest (at server and locally), and in transit (across mobile network
or wifi)
Protection of devices from unauthorized access or malicious code
Maintenance of user privacy (email, texts, contacts, voicemails, applications, etc)
Regular security evaluation of all business applications to identify data leakage or unnecessary
access to device resources (e.g., camera, contacts list, call history, etc)
Removal of corporate data from personal devices in case of loss, theft, or separation
from employment
An additional item that might require discussion with HR or legal: Geo-location (do you need to
know where your employees are?) This might have privacy implications whether company owned
or BYOD.
DMI WHITE PAPER
6
7. Mobile Security: 5 Steps to Mobile Risk Management
Step 5: Implement manageable procedural and technical controls, and
monitor their effectiveness
Once requirements have been established to mitigate the potential risks to the business it’s
possible to estimate the size, scale, complexity, and budget for implementation. It might be that
having better visibility of what devices are connected and insuring that they are encrypted is
enough. A lot can be done with ActiveSync, which doesn’t cost anything. An MDM platform offers
more control. Container, wrapper, or secure virtualization might be necessary to meet some security
requirements. Requirements drive a progression from simple and inexpensive to more complex and
costly as illustrated below.
Where risk management comes in is identifying what sequence these would be implemented,
based on needs of the business, and priorities for protection.
The bottom line is that it takes a rational plan, and an understanding of available technologies.
The number of mobile security technology tool companies is growing weekly. First MDMs,
then containers, then application wrappers to give more granular control; then encryption tools,
and strong authentication tools; application management tools, and even handsets with secure
virtualization. Today, many enterprises struggle to to achieve application security – this is true
both of commercial apps and custom apps. How to manage secure connectivity to mobile devices;
how to secure the data contained in the apps; how to maintain app security by seamlessly pushing
DMI WHITE PAPER
7
8. Mobile Security: 5 Steps to Mobile Risk Management
updates and patches to user devices… these have all become major concerns. And each layer of
concern brings more cost and complexity. As enterprises are challenged to determine what tools
are needed and how to integrate them, the key is to keep coming back to the question of which
risks are the most impactful to the business. These are the areas that must be secured first.
Deciding what level to achieve is the first step. Then research or assistance may be needed to
understand all these tools and how they work together, how they integrate, and what benefits
they bring. Finally, it’s necessary to set up a monitoring and management structure to maintain
this posture going forward. Some organizations may choose to handle mobile security internally,
others may outsource to specialists. Either way, it’s important to set the balance, applying the
security that’s necessary without over spending on trying to cover everything. It takes a risk-based
approach to prioritize organizational needs and develop a security architecture and process
to match.
The DMI Security Services Approach
DMI has developed a comprehensive security service that effectively manages the risks that mobile
devices bring to the Enterprise. We take a Risk-Based Approach--putting priority on the risks that
carry the greatest business impact; and combine it with a unique security foundation, tailored to
meet each client’s specific needs.
Then we address the whole life cycle by repeatedly applying our 5-Step Process.
Through the entire process, our focus is on defining and matching customer requirements to
protect from the threats that are most relevant to each individual organization today, while
engaging in ongoing monitoring to identify and eliminate the threats of tomorrow.
DMI WHITE PAPER
8