SlideShare a Scribd company logo

Securing Mobile Devices with COBIT 5

Download as PPTX, PDF
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F

Discussion about ISACA's research publication "Securing Mobil Device using COBIT 5 for Security"

Education
1 of 57
Securing Mobile Devices Using COBIT® 5 for Information Security Dipresentasikan oleh: Sarwono Sutikno, Dr.Eng,CISA,CISSP,CISM ssarwono@gmail.com
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM • Dosen Sekolah Teknik Elektro dan Informatika ITB • Dosen Universitas Pertahanan RI m.k. Cyber Warfare Dynamics dan Cyber Security Policy and Strategy • ISACA Academy Advocate for ITB • (ISC)2 Information Security Leadership Award 2011 - Senior Information Security Professional • Sedang membuat kurikulum S2 Keamanan Informasi di ITB, akan mulai Agustus 2013 • Cyber Security Center ITB - KOICA
Outline • Guiding Principles for Mobile Device Security • What Is a Mobile Device? • Mobile Device Impact on Business and Society • Threats, Vulnerabilities and Associated Risk • Security Governance • Security Management for Mobile Devices • Hardening Mobile Devices • Mobile Device Security Assurance
Guiding Principles for Mobile Device Security 1. Know the business value and risk of mobile device use. 2. Clearly state the business case for mobile device use. 3. Establish systemic security for mobile devices. 4. Establish security governance over mobile devices. 5. Manage mobile device security using enablers. 6. Place security technology in context. 7. Know the assurance universe and objectives. 8. Provide reasonable assurance over mobile device security.
What Is a Mobile Device? Mobile Device Use—Past, Present and Future • Mobility and Flexibility • Patterns of Work • Organizational Perimeter • Other Impacts
Mobile Device Impact on Business and Society
Threats, Vulnerabilities and Associated Risk • Physical Risk • Organizational Risk • Technical Risk
Security Governance • The Business Case • Standardized Enterprise Solutions – Hardware (front and back end) – OS – Applications – Data and information – User administration – Systems management (direct and remote) • BYOD • Combined Scenario • Private Use of Mobile Devices • Defining the Business Case
Standardized Enterprise Sol.
BYOD
Combined Solution
Security Management for Mobile Devices • Mobile Device Categories and Classification • Existing Security Controls • Principles, Policies and Frameworks • Processes • Organizational Structures • Culture, Ethics and Behavior • Information • Services, Infrastructure and Applications • People, Skills and Competencies
COBIT Enterprise Enabler
Key Operating Procedures • Auditing mobile devices—Procedure to facilitate audit of mobile devices, alignedwith internal/external audit programs • Change management—Procedure describing how general change management (which is usually standardized) should be applied to mobile devices • Patch management—Procedure describing how patches for mobile devices are identified, acquired, tested, deployed • Malware protection—Procedure describing various technical steps and measures for protecting mobile devices against malware • Encryption, VPN, encapsulation—Procedure describing encryption for data at rest and data in flow, VPN tunnels and data encapsulation • Damage, loss, theft—Procedure describing user and organization steps in the event of device loss, damage or theft
Security Management Process
Security Monitoring Process
Organizational Structure
Culture, Ethics and Behavior
Information • Step 1: Categorize information. Identify information unique to the device as opposed to replicated information. • Step 2: Identify what is done with the information— storage, processing, creation, sharing. • Step 3: Determine information and transaction sensitivity. • Step 4: Analyze the protection provided by preapplied controls. • Step 5: Determine requirements for additional controls. • Step 6: Develop and implement an action plan for additional controls.
Protecting Personal Information • Remove/prohibit—This is available only in a centralized management scenario with mobile devices provided by the organization. • Segregate—Take technical steps to separate personal information on the device. • Anonymize—Separate the personal identity of the user from the technical identity of the mobile device. • Permit—Obtain end-user permission to store, process and use personal information.
Skill set
Hardening Mobile Devices • Device and SIM card (if applicable) • Permanent internal storage • Removable or external storage • Connectivity (all channels) • Remote functionality (lockdown, GPS, etc.)
Mobile Device Security Assurance • Auditing and Reviewing Mobile Devices • Investigation and Forensics for Mobile Devices
Investigative Requirements • Develop the proper capabilities to perform forensic and investigative analysis • Forensic and investigative policies and procedures should be established • Identify the multidisciplinary team that will likely be involved
Diskusi

Recommended

Security Awareness and Training
Security Awareness and TrainingSecurity Awareness and Training
Security Awareness and TrainingPriyank Hada
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about themBen Rothke
 
Achieving Secure BYOD in Government Agencies
Achieving Secure BYOD in Government AgenciesAchieving Secure BYOD in Government Agencies
Achieving Secure BYOD in Government AgenciesProofpoint
 
Mobile Device Security Training
Mobile Device Security TrainingMobile Device Security Training
Mobile Device Security TrainingBryan Len
 
Mobile Device Managment
Mobile Device Managment Mobile Device Managment
Mobile Device Managment InnoTech
 
Establishing Security and Trust in the Digital World
Establishing Security and Trust in the Digital WorldEstablishing Security and Trust in the Digital World
Establishing Security and Trust in the Digital WorldE Radar
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application SecurityLenin Aboagye
 
Mobile application securitry risks ISACA Silicon Valley 2012
Mobile application securitry risks ISACA Silicon Valley 2012Mobile application securitry risks ISACA Silicon Valley 2012
Mobile application securitry risks ISACA Silicon Valley 2012Symosis Security (Previously C-Level Security)
 

Recommended

Security Awareness and Training
Security Awareness and TrainingSecurity Awareness and Training
Security Awareness and TrainingPriyank Hada
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about themBen Rothke
 
Achieving Secure BYOD in Government Agencies
Achieving Secure BYOD in Government AgenciesAchieving Secure BYOD in Government Agencies
Achieving Secure BYOD in Government AgenciesProofpoint
 
Mobile Device Security Training
Mobile Device Security TrainingMobile Device Security Training
Mobile Device Security TrainingBryan Len
 
Mobile Device Managment
Mobile Device Managment Mobile Device Managment
Mobile Device Managment InnoTech
 
Establishing Security and Trust in the Digital World
Establishing Security and Trust in the Digital WorldEstablishing Security and Trust in the Digital World
Establishing Security and Trust in the Digital WorldE Radar
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application SecurityLenin Aboagye
 
Mobile application securitry risks ISACA Silicon Valley 2012
Mobile application securitry risks ISACA Silicon Valley 2012Mobile application securitry risks ISACA Silicon Valley 2012
Mobile application securitry risks ISACA Silicon Valley 2012Symosis Security (Previously C-Level Security)
 
Accellion - The European Information Security Summit, London
Accellion - The European Information Security Summit, LondonAccellion - The European Information Security Summit, London
Accellion - The European Information Security Summit, LondonProofpoint
 
The intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionThe intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionEnclaveSecurity
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
Webinar on Enterprise Security & android
Webinar on Enterprise Security & androidWebinar on Enterprise Security & android
Webinar on Enterprise Security & androidEndeavour Software Technologies
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Murray Security Services
 
ResearchProjectPPT
ResearchProjectPPTResearchProjectPPT
ResearchProjectPPTdannyboi17
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)k33a
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraIGN MANTRA
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityDhani Ahmad
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecuritySina Manavi
 
Cyber security issues
Cyber security issuesCyber security issues
Cyber security issuesNadhirah Kadir
 
BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)Michael W. Chitwa
 
Byod
ByodByod
ByodAsifulla Azad
 
IoT security
IoT securityIoT security
IoT securityYashKesharwani2
 
BYOD
BYODBYOD
BYODNeeraj Muduli
 
Bring your own device
Bring your own deviceBring your own device
Bring your own deviceC/D/H Technology Consultants
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust DesignationMurray Security Services
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slidesecommerce
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security EssentialsSkoda Minotti
 
E gov keamanan informasi 3 okt 2016 - kpk
E gov keamanan informasi 3 okt 2016 - kpkE gov keamanan informasi 3 okt 2016 - kpk
E gov keamanan informasi 3 okt 2016 - kpkSarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
IT governance in SMEs
IT governance in SMEsIT governance in SMEs
IT governance in SMEsChuong Mai
 

More Related Content

What's hot

Accellion - The European Information Security Summit, London
Accellion - The European Information Security Summit, LondonAccellion - The European Information Security Summit, London
Accellion - The European Information Security Summit, LondonProofpoint
 
The intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionThe intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionEnclaveSecurity
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
ResearchProjectPPT
ResearchProjectPPTResearchProjectPPT
ResearchProjectPPTdannyboi17
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)k33a
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraIGN MANTRA
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityDhani Ahmad
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecuritySina Manavi
 
BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)Michael W. Chitwa
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slidesecommerce
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security EssentialsSkoda Minotti
 

What's hot (20)

Accellion - The European Information Security Summit, London
Accellion - The European Information Security Summit, LondonAccellion - The European Information Security Summit, London
Accellion - The European Information Security Summit, London
 
The intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionThe intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protection
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
 
Webinar on Enterprise Security & android
Webinar on Enterprise Security & androidWebinar on Enterprise Security & android
Webinar on Enterprise Security & android
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
 
ResearchProjectPPT
ResearchProjectPPTResearchProjectPPT
ResearchProjectPPT
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile Security
 
Cyber security issues
Cyber security issuesCyber security issues
Cyber security issues
 
BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)
 
Byod
ByodByod
Byod
 
IoT security
IoT securityIoT security
IoT security
 
BYOD
BYODBYOD
BYOD
 
Bring your own device
Bring your own deviceBring your own device
Bring your own device
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slides
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security Essentials
 

Viewers also liked

IT governance in SMEs
IT governance in SMEsIT governance in SMEs
IT governance in SMEsChuong Mai
 
Web Security and Network Security
Web Security and Network SecurityWeb Security and Network Security
Web Security and Network Securitycrussell79
 
Cobit 5 used in an information security review
Cobit 5 used in an information security reviewCobit 5 used in an information security review
Cobit 5 used in an information security reviewJohnbarchie
 
Basic Security Requirements
Basic Security RequirementsBasic Security Requirements
Basic Security RequirementsSteven Cahill
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information securityElkanouni Mohamed
 
ITIL v3 Foundation Overview
ITIL v3 Foundation OverviewITIL v3 Foundation Overview
ITIL v3 Foundation Overviewadabbas
 

Viewers also liked (7)

E gov keamanan informasi 3 okt 2016 - kpk
E gov keamanan informasi 3 okt 2016 - kpkE gov keamanan informasi 3 okt 2016 - kpk
E gov keamanan informasi 3 okt 2016 - kpk
 
IT governance in SMEs
IT governance in SMEsIT governance in SMEs
IT governance in SMEs
 
Web Security and Network Security
Web Security and Network SecurityWeb Security and Network Security
Web Security and Network Security
 
Cobit 5 used in an information security review
Cobit 5 used in an information security reviewCobit 5 used in an information security review
Cobit 5 used in an information security review
 
Basic Security Requirements
Basic Security RequirementsBasic Security Requirements
Basic Security Requirements
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information security
 
ITIL v3 Foundation Overview
ITIL v3 Foundation OverviewITIL v3 Foundation Overview
ITIL v3 Foundation Overview
 

Similar to Securing Mobile Devices with COBIT 5

Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainEC-Council
 
Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020tmbainjr131
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestJay McLaughlin
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)Pace IT at Edmonds Community College
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesAugmentedWorldExpo
 
Building a Mobile Security Model
Building a Mobile Security Model Building a Mobile Security Model
Building a Mobile Security Model tmbainjr131
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityEnclaveSecurity
 
Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the EnterpriseWill Adams
 
SuprTEK Continuous Monitoring
SuprTEK Continuous MonitoringSuprTEK Continuous Monitoring
SuprTEK Continuous MonitoringTieu Luu
 
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyDevelop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyOracleIDM
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythSecurity Innovation
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devicesMarc Vael
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmtmadunix
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)Pace IT at Edmonds Community College
 
Kaseya Connect 2012 - TO ALLOW BYOD OR NOT, THAT IS THE QUESTION!
Kaseya Connect 2012 - TO ALLOW BYOD OR NOT, THAT IS THE QUESTION!Kaseya Connect 2012 - TO ALLOW BYOD OR NOT, THAT IS THE QUESTION!
Kaseya Connect 2012 - TO ALLOW BYOD OR NOT, THAT IS THE QUESTION!Kaseya
 
Risk Assessment
Risk AssessmentRisk Assessment
Risk Assessmentjenito21
 
Information security
Information securityInformation security
Information securityPraveen Minz
 

Similar to Securing Mobile Devices with COBIT 5 (20)

Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
 
Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, West
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
 
Building a Mobile Security Model
Building a Mobile Security Model Building a Mobile Security Model
Building a Mobile Security Model
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device security
 
Outside the Office: Mobile Security
Outside the Office: Mobile SecurityOutside the Office: Mobile Security
Outside the Office: Mobile Security
 
Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the Enterprise
 
SuprTEK Continuous Monitoring
SuprTEK Continuous MonitoringSuprTEK Continuous Monitoring
SuprTEK Continuous Monitoring
 
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyDevelop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devices
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmt
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
 
Kaseya Connect 2012 - TO ALLOW BYOD OR NOT, THAT IS THE QUESTION!
Kaseya Connect 2012 - TO ALLOW BYOD OR NOT, THAT IS THE QUESTION!Kaseya Connect 2012 - TO ALLOW BYOD OR NOT, THAT IS THE QUESTION!
Kaseya Connect 2012 - TO ALLOW BYOD OR NOT, THAT IS THE QUESTION!
 
R.a 1
R.a 1R.a 1
R.a 1
 
Risk Assessment
Risk AssessmentRisk Assessment
Risk Assessment
 
Information security
Information securityInformation security
Information security
 

More from Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F

More from Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F (20)

TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Keamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdf
Keamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdfKeamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdf
Keamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdf
 
Keamanan Informasi Metaverse - 18 Juni 2022.pdf
Keamanan Informasi Metaverse - 18 Juni 2022.pdfKeamanan Informasi Metaverse - 18 Juni 2022.pdf
Keamanan Informasi Metaverse - 18 Juni 2022.pdf
 
Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...
Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...
Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...
 
SMKI vs SMAP vs SMM vs SMOP v06
SMKI vs SMAP vs SMM vs SMOP v06SMKI vs SMAP vs SMM vs SMOP v06
SMKI vs SMAP vs SMM vs SMOP v06
 
Tata Kelola Informasi & Teknologi (I&T), dan Aset Informasi
Tata Kelola Informasi & Teknologi (I&T), dan Aset InformasiTata Kelola Informasi & Teknologi (I&T), dan Aset Informasi
Tata Kelola Informasi & Teknologi (I&T), dan Aset Informasi
 
Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021
 
Kuliah tamu itb 11 maret 2020
Kuliah tamu itb 11 maret 2020Kuliah tamu itb 11 maret 2020
Kuliah tamu itb 11 maret 2020
 
Keamanan Informasi - batasan
Keamanan Informasi - batasanKeamanan Informasi - batasan
Keamanan Informasi - batasan
 
Buku gratifikasi dalam perspektif agama - Desember 2019 - KPK
Buku gratifikasi dalam perspektif agama - Desember 2019 - KPKBuku gratifikasi dalam perspektif agama - Desember 2019 - KPK
Buku gratifikasi dalam perspektif agama - Desember 2019 - KPK
 
Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...
Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...
Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...
 
Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019
Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019 Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019
Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019
 
Indeks Presepsi Korupsi Indonesia 20 thn Reformasi - TII
Indeks Presepsi Korupsi Indonesia 20 thn Reformasi - TIIIndeks Presepsi Korupsi Indonesia 20 thn Reformasi - TII
Indeks Presepsi Korupsi Indonesia 20 thn Reformasi - TII
 
Materi wisuda untag 7 sep2019 won
Materi wisuda untag 7 sep2019 wonMateri wisuda untag 7 sep2019 won
Materi wisuda untag 7 sep2019 won
 
Materi caleg road show bus nganjuk - mod won
Materi caleg road show bus nganjuk - mod wonMateri caleg road show bus nganjuk - mod won
Materi caleg road show bus nganjuk - mod won
 
Antikorupsi mahasiswa
Antikorupsi mahasiswaAntikorupsi mahasiswa
Antikorupsi mahasiswa
 
Islam, pendidikan karakter & antikorupsi mod won v02
Islam, pendidikan karakter & antikorupsi mod won v02Islam, pendidikan karakter & antikorupsi mod won v02
Islam, pendidikan karakter & antikorupsi mod won v02
 
SMKI vs SMAP vs SMM vs SML v04
SMKI vs SMAP vs SMM vs SML v04SMKI vs SMAP vs SMM vs SML v04
SMKI vs SMAP vs SMM vs SML v04
 
Perguruan tinggi dan pencegahan korupsi mod won
Perguruan tinggi dan pencegahan korupsi mod wonPerguruan tinggi dan pencegahan korupsi mod won
Perguruan tinggi dan pencegahan korupsi mod won
 
Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019
Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019
Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019
 

Recently uploaded

How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 

Recently uploaded (20)

How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 

Securing Mobile Devices with COBIT 5

  • 1. Securing Mobile Devices Using COBIT® 5 for Information Security Dipresentasikan oleh: Sarwono Sutikno, Dr.Eng,CISA,CISSP,CISM ssarwono@gmail.com
  • 2. Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM • Dosen Sekolah Teknik Elektro dan Informatika ITB • Dosen Universitas Pertahanan RI m.k. Cyber Warfare Dynamics dan Cyber Security Policy and Strategy • ISACA Academy Advocate for ITB • (ISC)2 Information Security Leadership Award 2011 - Senior Information Security Professional • Sedang membuat kurikulum S2 Keamanan Informasi di ITB, akan mulai Agustus 2013 • Cyber Security Center ITB - KOICA
  • 3. Outline • Guiding Principles for Mobile Device Security • What Is a Mobile Device? • Mobile Device Impact on Business and Society • Threats, Vulnerabilities and Associated Risk • Security Governance • Security Management for Mobile Devices • Hardening Mobile Devices • Mobile Device Security Assurance
  • 4. Guiding Principles for Mobile Device Security 1. Know the business value and risk of mobile device use. 2. Clearly state the business case for mobile device use. 3. Establish systemic security for mobile devices. 4. Establish security governance over mobile devices. 5. Manage mobile device security using enablers. 6. Place security technology in context. 7. Know the assurance universe and objectives. 8. Provide reasonable assurance over mobile device security.
  • 5. What Is a Mobile Device? Mobile Device Use—Past, Present and Future • Mobility and Flexibility • Patterns of Work • Organizational Perimeter • Other Impacts
  • 6.
  • 7.
  • 8. Mobile Device Impact on Business and Society
  • 9. Threats, Vulnerabilities and Associated Risk • Physical Risk • Organizational Risk • Technical Risk
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16. Security Governance • The Business Case • Standardized Enterprise Solutions – Hardware (front and back end) – OS – Applications – Data and information – User administration – Systems management (direct and remote) • BYOD • Combined Scenario • Private Use of Mobile Devices • Defining the Business Case
  • 18. BYOD
  • 20.
  • 21.
  • 22.
  • 23. Security Management for Mobile Devices • Mobile Device Categories and Classification • Existing Security Controls • Principles, Policies and Frameworks • Processes • Organizational Structures • Culture, Ethics and Behavior • Information • Services, Infrastructure and Applications • People, Skills and Competencies
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34. Key Operating Procedures • Auditing mobile devices—Procedure to facilitate audit of mobile devices, alignedwith internal/external audit programs • Change management—Procedure describing how general change management (which is usually standardized) should be applied to mobile devices • Patch management—Procedure describing how patches for mobile devices are identified, acquired, tested, deployed • Malware protection—Procedure describing various technical steps and measures for protecting mobile devices against malware • Encryption, VPN, encapsulation—Procedure describing encryption for data at rest and data in flow, VPN tunnels and data encapsulation • Damage, loss, theft—Procedure describing user and organization steps in the event of device loss, damage or theft
  • 36.
  • 39.
  • 40.
  • 42. Information • Step 1: Categorize information. Identify information unique to the device as opposed to replicated information. • Step 2: Identify what is done with the information— storage, processing, creation, sharing. • Step 3: Determine information and transaction sensitivity. • Step 4: Analyze the protection provided by preapplied controls. • Step 5: Determine requirements for additional controls. • Step 6: Develop and implement an action plan for additional controls.
  • 43. Protecting Personal Information • Remove/prohibit—This is available only in a centralized management scenario with mobile devices provided by the organization. • Segregate—Take technical steps to separate personal information on the device. • Anonymize—Separate the personal identity of the user from the technical identity of the mobile device. • Permit—Obtain end-user permission to store, process and use personal information.
  • 45. Hardening Mobile Devices • Device and SIM card (if applicable) • Permanent internal storage • Removable or external storage • Connectivity (all channels) • Remote functionality (lockdown, GPS, etc.)
  • 46. Mobile Device Security Assurance • Auditing and Reviewing Mobile Devices • Investigation and Forensics for Mobile Devices
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54. Investigative Requirements • Develop the proper capabilities to perform forensic and investigative analysis • Forensic and investigative policies and procedures should be established • Identify the multidisciplinary team that will likely be involved
  • 55.
  • 56.