SlideShare a Scribd company logo

Mobile Security: 5 Steps to Mobile Risk Management

D
DMIMarketing

Hundreds of companies, and the most demanding Federal agencies rely on DMI for Mobile Security services and solutions. And with more than 500,000 devices under management, we know how to do it right. Now we’ve distilled 9 years of Mobile Security best practices into a white paper you can download. The paper lays out a smart, sensible approach to managing mobile risk without unnecessary cost and business disruption. Please be our guest and check out the white paper. You’ll learn: How to identify and protect against the threats that matter the most What to do about “the hottest new technologies” How to get the most protection for the least cost and disruption The key differences and similarities between Mobile and traditional cybersecurity - See more at: http://dminc.com/solutions/enterprise-mobility-services/mobilesecuritywp/#sthash.yTptNZRw.dpuf

TechnologyBusiness
1 of 9
Download to read offline
1DMI WHITE PAPER Nearly 80 percent of American investors say they aren’t likely to invest in companies that have suffered multiple cyber attacks1 . Analysts estimate that data breaches cost large enterprises an average of $5.4 million per breach2 and can erode brand value by hundreds of millions of dollars3 . As data breaches have damaged business performance and company valuations, data security concerns have broken out of the CIO’s office and into the boardroom, where CEOs are being challenged to explain what they’re doing to ensure that vital revenue streams and shareholder value are being safeguarded. As the business stakes have been raised, the explosive growth in mobile devices has multiplied the threat. Nearly 40% of organizations in another recent study had data breaches resulting from lost or stolen mobile devices, including tablet computers, smartphones and USB drives that contained confidential or sensitive data4 . So what does a company need to do to manage the risk of data loss through mobile devices? This white paper outlines a rational, risk-based approach to data protection that’s designed particularly for the new world of mobile devices. 1 Zogby Analytics/HBGary Feb 25, 2013 2 Ponemon Institute 2013 Cost of Data Breach Study 3 Ponemon Institute October 2011 4 Ponemon Institute 2011 Cost of Data Breach Study MOBILE SECURITY: 5 STEPS TO MOBILE RISK MANAGEMENT
2DMI WHITE PAPER Mobile Security: 5 Steps to Mobile Risk Management Historically, when new business process-changing technologies become available, e.g. Email, Web Services, Laptops, Wifi, Cloud Services, and now ubiquitous and heterogeneous Mobile Devices, the focus is on figuring out how to use and manage the technology. Worrying about securing it comes later. Then a familiar pattern is often repeated: a period of time is spent admiring the security problem; eventually a myriad of disparate “bolt on” point security solutions are developed; then finally security is integrated into the technology. Right now, Mobile technologies are somewhere between admiring the problem, and bolting on solutions. Mobile security vendors are in a rush to launch new products. Dozens of new point solutions are flooding the market, and enterprises are challenged to determine what they need, and how to integrate them into their infrastructure. The problem is that there is little discussion of what the business requirements for security actually are. Mobile Security is not just one thing. There are multifaceted threats and risks that need to be managed. These include secure identity and access control; data protection and content management; application management and security; malware protection; digital forensics, secure transport, monitoring and reporting, policy enforcement and device management. Each of these plays a critical part in managing risk, because no organization has the same risk profile. Balancing which to prioritize, and how much to implement takes expertise. Users Data & Content Apps Networks Devices Secure Identity Application Security Data Protection Secure Transport Access Control Malware Protection Content Management Monitoring/Reporting Privacy Controls Digital Forensics Application Management Policy Enforcement Device Management Mobile Security Landscape
3DMI WHITE PAPER Mobile Security: 5 Steps to Mobile Risk Management A Risk-Based Approach The key to real security is taking a risk-based approach. This means developing a set of practical business and security requirements that point the way to the technologies and policies that eliminate the most risk without unduly impacting usability and needed business functionality. This avoids the common backwards approach: buying a technology based on feature set, then figuring out how to integrate it into the business process. Establishing business security requirements involves answering the question, “secure from what?” Almost every organization will have a different answer. There will certainly be standard risk-based approaches and security features that apply across the board. But the priority of controls, the way they are implemented, and the way they are managed will be unique to each organization. The Twenty Critical Security Controls, developed by the SANS Institute, have helped many large enterprises and government agencies begin to transform security by focusing their spending on the key controls that block attacks that have the greatest overall impact on security. Several of these Critical Security Controls apply just as well to mobile devices as to traditional computers: Asset and configuration management Strong authentication and identity management Protection of sensitive data at rest and in transit Protection against Lost/stolen/decommissioned devices Protection from malware from email or web Device-specific Operating System vulnerabilities Connecting to insecure/rogue wifi Protection and management of web and email traffic The organization’s unique business requirements will determine where to start and how to build. For companies with intellectual property to protect, encryption will be a high priority; organizations that field many mobile apps might need to focus on application security; companies where users need to access internal applications might require strong identity management. Many tools are available for each area. Selecting the right one depends on an organization’s unique environment and requirements. To help define requirements and determine the best approach, DMI recommends a Five Step Mobile Risk Management Process.
4DMI WHITE PAPER Mobile Security: 5 Steps to Mobile Risk Management 5 Step Process for Mobile Risk Management: Understand how employees want to use Mobile Devices and Applications Identify potential threats Define the impact to the business based on probable threat scenarios Develop policies and procedures to protect the business to an acceptable level Implement manageable procedural and technical controls, and monitor their effectiveness 1 2 3 4 5 Step 1: Understand User Requirements This may vary by industry, business needs or organizational culture, but a typical list of user requirements for a personal mobile device is likely to include: Access to enterprise applications (email, calendar, contacts, business applications, Sharepoint servers, etc) Ability to make both personal and professional calls Privacy for personal employee activities, data, photos, emails, texts, and applications (i.e., no corporate collecting, monitoring, or tracking) Prohibition of organizational backup or wipe of personal data Step 2: Identify Potential Threats Some common threats introduced or exacerbated by mobile devices are listed below. Like user requirements, threats that are relevant to any given organization will vary depending on industry, corporate culture, and current security program and architecture implementation. Corporate loss of control of data on device (lost/stolen/decommissioned/employment separation) Compromise of user credentials (malicious applications, insecure applications or operating systems, credentials passed in clear over public networks, phishing web sites) Unauthorized access to sensitive data (data passed over network in clear, data stored unencrypted on device, data backed up to uncontrolled system) Devices (intentionally or unintentionally) used as recording devices (phone, or camera on during meetings, pictures or video of sensitive information)
5DMI WHITE PAPER Mobile Security: 5 Steps to Mobile Risk Management Step 3: Define the impact to the business based on probable threat scenarios Business risk is about loss of Confidentiality, Integrity, or Availability (CIA). Each kind of loss is associated with a different level of business impact. And the approaches to monitoring and protecting against each type of loss are different. An adversary might use a spear phishing email to compromise an endpoint to steal user credentials to access a database to exfiltrate data (loss of Confidentiality). Or, they could corrupt (loss of Integrity) or delete (loss of Availability) that data. One problem with traditional risk modeling is that it often sets a “value” for an asset based on a simple measurement, such as the cost of a lost device. But business impact value is more complicated--value of data, of business process, of loss of future revenue, etc. must all be considered. And the impact of a loss may even vary depending on how the asset is lost. For a given set of data, loss of Confidentiality (trade secrets fall into the hands of a competitor) might have a greater business impact than loss of Availability, or Integrity (the same data is deleted or corrupted). Standards need to be created that call out different levels of impact and different controls for each of these three (CIA) risks. More important, the likelihood and impact of a security event need to be factored in to achieve better prioritization. A whole paper could be written about vulnerabilities in mobile operating systems, applications, or ActiveSync. But risk management is about playing to the rule and not the exception. A rational approach addresses the more likely and costly threats before getting to the more esoteric. Loss of a device is very common—for most organizations, it’s likely to be a high priority for risk management. What about a hacker in a coffee shop sniffing WiFi traffic and pulling data or credentials off the air? This is where it’s necessary to think about unique business characteristics and how they influence risk: does your company manage a lot of intellectual property? Are there significant regulatory requirements for how to protect and control data? Do you have a diverse workforce distributed around the country, or around the globe with different privacy laws? Do your users only access email, or do you have critical business applications running on your mobile devices, or do you collect critical business data on them? These are the kinds of questions that need to be answered, and risks factored for each. A security program built around the threats that get the most “press” is likely to be both costly and ineffective. Successful programs address the risks that carry the greatest business impact and that are most likely to occur--like expecting that users will lose mobile devices.
6DMI WHITE PAPER Mobile Security: 5 Steps to Mobile Risk Management Step 4: Develop policies and procedures to protect the business to an acceptable level Mobile security can be complicated. If the organization owns the mobile endpoints, the same security controls and policy processes can be applied as are being used to protect laptops: Require good passwords Encrypt the data Antivirus (only effective on Android) Educate users about phishing emails that ask for credentials Educate users about application risks, don’t allow apps over public wifi Keep phones out of meetings when talking about proprietary information But BYOD introduces significant privacy issues. Employees might need to sign off on a policy that authorizes forensics testing on their device. Implementation becomes more complex because it may require separation for work email, calendar, contacts, phone, and documents from personal data. A policy should include: Maintenance and management of a list of devices (linked to users) that are authorized to access company resources Tracking of devices and users accessing company resources at any given time Restricted access from devices with insufficient protection against compromise to data or user credentials Controlled access to data, applications, and resources based policies such as data classification, user, device, network, or location Secured company data, at rest (at server and locally), and in transit (across mobile network or wifi) Protection of devices from unauthorized access or malicious code Maintenance of user privacy (email, texts, contacts, voicemails, applications, etc) Regular security evaluation of all business applications to identify data leakage or unnecessary access to device resources (e.g., camera, contacts list, call history, etc) Removal of corporate data from personal devices in case of loss, theft, or separation from employment An additional item that might require discussion with HR or legal: Geo-location (do you need to know where your employees are?) This might have privacy implications whether company owned or BYOD.
7DMI WHITE PAPER Mobile Security: 5 Steps to Mobile Risk Management Step 5: Implement manageable procedural and technical controls, and monitor their effectiveness Once requirements have been established to mitigate the potential risks to the business it’s possible to estimate the size, scale, complexity, and budget for implementation. It might be that having better visibility of what devices are connected and insuring that they are encrypted is enough. A lot can be done with ActiveSync, which doesn’t cost anything. An MDM platform offers more control. Container, wrapper, or secure virtualization might be necessary to meet some security requirements. Requirements drive a progression from simple and inexpensive to more complex and costly as illustrated below. Where risk management comes in is identifying what sequence these would be implemented, based on needs of the business, and priorities for protection. The bottom line is that it takes a rational plan, and an understanding of available technologies. The number of mobile security technology tool companies is growing weekly. First MDMs, then containers, then application wrappers to give more granular control; then encryption tools, and strong authentication tools; application management tools, and even handsets with secure virtualization. Today, many enterprises struggle to to achieve application security – this is true both of commercial apps and custom apps. How to manage secure connectivity to mobile devices; how to secure the data contained in the apps; how to maintain app security by seamlessly pushing
8DMI WHITE PAPER Mobile Security: 5 Steps to Mobile Risk Management updates and patches to user devices… these have all become major concerns. And each layer of concern brings more cost and complexity. As enterprises are challenged to determine what tools are needed and how to integrate them, the key is to keep coming back to the question of which risks are the most impactful to the business. These are the areas that must be secured first. Deciding what level to achieve is the first step. Then research or assistance may be needed to understand all these tools and how they work together, how they integrate, and what benefits they bring. Finally, it’s necessary to set up a monitoring and management structure to maintain this posture going forward. Some organizations may choose to handle mobile security internally, others may outsource to specialists. Either way, it’s important to set the balance, applying the security that’s necessary without over spending on trying to cover everything. It takes a risk-based approach to prioritize organizational needs and develop a security architecture and process to match. The DMI Security Services Approach DMI has developed a comprehensive security service that effectively manages the risks that mobile devices bring to the Enterprise. We take a Risk-Based Approach--putting priority on the risks that carry the greatest business impact; and combine it with a unique security foundation, tailored to meet each client’s specific needs. Then we address the whole life cycle by repeatedly applying our 5-Step Process. Through the entire process, our focus is on defining and matching customer requirements to protect from the threats that are most relevant to each individual organization today, while engaging in ongoing monitoring to identify and eliminate the threats of tomorrow.
9DMI WHITE PAPER Mobile Security: 5 Steps to Mobile Risk Management About DMI DMI is the world’s leading provider of enterprise mobility services and solutions. We build enterprise class mobile solutions that generate results for the world’s top brands and businesses. Our mobile solutions combine the award-winning user experience design that has made us one of the top creators of consumer apps, with the deep middleware and engineering expertise that we’ve used to build and manage enterprise applications for the most demanding IT departments in the world. DMI mobility solutions improve business processes, tap new revenue streams, build customer loyalty, and increase employee productivity. And we offer a full range of Managed Services to securely set up, configure, and manage your mobile devices. The proof: We’ve built more than 400 mobile apps – in the past 12 months alone – for more than 150 leading organizations – like Disney, Coca Cola, Toyota, Vodafone, P&G, The National Guard, and Universal Studios. We offer brilliant creative and user experience: Our mobile app development group was named the Best Branded App Developer at the 2012 Mobile Entertainment Awards. We have 500,000 devices under management for more that 100+ clients, including many Fortune 500 companies – like BP, Johnson & Johnson, Sears, The Associated Press, Allergan, and more. At BP, we’re deploying 1,000 managed mobile devices each day. We provide 24 x 7 x 365 mobile service support for more than 500,000 users. DMI is the one call our customers need to make to resolve any issue – devices, apps, infrastructure, even carriers. We offer a full range of security options that include Federal-grade hardware-based security, two-factor authentication, secure container, and sophisticated encryption solutions. With our expertise and economies of scale, we can provide mobility management at a higher service level and on average 20% lower cost than most companies can do on their own. Pervasive excellence is our commitment to quality service. DMI is one of only a handful of companies that is CMMI L3 appraised for both application development and services, as well as ISO 9001:2008, ISO 27000:2005, and ISO 20000-1:2005 certified. Our average D&B Open Ratings performance score from our clients is 93/100. DMI One Rock Spring Plaza 6550 Rock Spring Dr Bethesda, MD 20817 DMInc.com DMI Sales Team U.S. Sales: 855.963.2099 Intn’l Sales: 240.200.5848 sales@DMInc.com ©2013 Digital Management, Inc. All right reserved.

Recommended

5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekkoDMI
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
Information security trends and concerns
Information security trends and concernsInformation security trends and concerns
Information security trends and concernsJohn Napier
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printjames morris
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gapxband
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksIBM Security
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust DesignationMurray Security Services
 

Recommended

5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekkoDMI
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
Information security trends and concerns
Information security trends and concernsInformation security trends and concerns
Information security trends and concernsJohn Napier
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printjames morris
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gapxband
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksIBM Security
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust DesignationMurray Security Services
 
Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?ObserveIT
 
Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for SecurityJoey Jablonski
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITEnvision Technology Advisors
 
An Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesAn Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesJerry Harding
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityBooz Allen Hamilton
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprisesTaranggg11
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001Hiran Kanishka
 
5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams 5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams Arun Chinnaraju MBA, PMP, CSM, CSPO, SA
 
McNair_Paper_Hill
McNair_Paper_HillMcNair_Paper_Hill
McNair_Paper_HillDennis Hill
 
Wp evolving-threats-endpoint-security
Wp evolving-threats-endpoint-securityWp evolving-threats-endpoint-security
Wp evolving-threats-endpoint-securityAi K
 
Interset-advanced threat detection wp
Interset-advanced threat detection wpInterset-advanced threat detection wp
Interset-advanced threat detection wpCMR WORLD TECH
 
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataX-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataIBM Security
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to itIT-Toolkits.org
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?IBM Security
 
Get Prepared
Get PreparedGet Prepared
Get PreparedHewlett Packard Enterprise Business Value Exchange
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksSkillmine Technology Consulting
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksSkillmine Technology Consulting
 
Big Data Analytics Solutions
Big Data Analytics SolutionsBig Data Analytics Solutions
Big Data Analytics Solutionsharman041
 

More Related Content

What's hot

Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?ObserveIT
 
An Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesAn Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesJerry Harding
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityBooz Allen Hamilton
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprisesTaranggg11
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001Hiran Kanishka
 
McNair_Paper_Hill
McNair_Paper_HillMcNair_Paper_Hill
McNair_Paper_HillDennis Hill
 
Wp evolving-threats-endpoint-security
Wp evolving-threats-endpoint-securityWp evolving-threats-endpoint-security
Wp evolving-threats-endpoint-securityAi K
 
Interset-advanced threat detection wp
Interset-advanced threat detection wpInterset-advanced threat detection wp
Interset-advanced threat detection wpCMR WORLD TECH
 
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataX-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataIBM Security
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to itIT-Toolkits.org
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?IBM Security
 

What's hot (18)

Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?
 
Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for Security
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of IT
 
An Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesAn Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security Practices
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of Mobility
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprises
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001
 
5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams 5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams
 
McNair_Paper_Hill
McNair_Paper_HillMcNair_Paper_Hill
McNair_Paper_Hill
 
Wp evolving-threats-endpoint-security
Wp evolving-threats-endpoint-securityWp evolving-threats-endpoint-security
Wp evolving-threats-endpoint-security
 
Interset-advanced threat detection wp
Interset-advanced threat detection wpInterset-advanced threat detection wp
Interset-advanced threat detection wp
 
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataX-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - Web
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS Deck
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to it
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
 
Get Prepared
Get PreparedGet Prepared
Get Prepared
 

Similar to Mobile Security: 5 Steps to Mobile Risk Management

InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
Big Data Analytics Solutions
Big Data Analytics SolutionsBig Data Analytics Solutions
Big Data Analytics Solutionsharman041
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemIlonaThornburg83
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfTheWalkerGroup1
 
Creating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware PracticesCreating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware PracticesDiane M. Metcalf
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...Ulf Mattsson
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...Precise Testing Solution
 
7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!Caroline Johnson
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data securityKeith Braswell
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting InformationLaura Martin
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Mobile Application Security by Design
Mobile Application Security by DesignMobile Application Security by Design
Mobile Application Security by DesignDMI
 

Similar to Mobile Security: 5 Steps to Mobile Risk Management (20)

InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
Big Data Analytics Solutions
Big Data Analytics SolutionsBig Data Analytics Solutions
Big Data Analytics Solutions
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
What every executive needs to know about information technology security
What every executive needs to know about information technology securityWhat every executive needs to know about information technology security
What every executive needs to know about information technology security
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancem
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdf
 
Creating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware PracticesCreating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware Practices
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
 
7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data security
 
CISO-Fundamentals
CISO-FundamentalsCISO-Fundamentals
CISO-Fundamentals
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting Information
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Mobile Application Security by Design
Mobile Application Security by DesignMobile Application Security by Design
Mobile Application Security by Design
 

More from DMIMarketing

Portal Integration with SAP BusinessObjects (SDK)
Portal Integration with SAP BusinessObjects (SDK)Portal Integration with SAP BusinessObjects (SDK)
Portal Integration with SAP BusinessObjects (SDK)DMIMarketing
 
SAP BusinessObjects 4.x Upgrade / Migration to 4.x
SAP BusinessObjects 4.x Upgrade / Migration to 4.xSAP BusinessObjects 4.x Upgrade / Migration to 4.x
SAP BusinessObjects 4.x Upgrade / Migration to 4.xDMIMarketing
 
Data Driven Mobile Strategy
Data Driven Mobile StrategyData Driven Mobile Strategy
Data Driven Mobile StrategyDMIMarketing
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 
BYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessBYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessDMIMarketing
 
Essential Guide to Becoming A Mobile App Rock Star - part III - Enterprise Apps
Essential Guide to Becoming A Mobile App Rock Star - part III - Enterprise AppsEssential Guide to Becoming A Mobile App Rock Star - part III - Enterprise Apps
Essential Guide to Becoming A Mobile App Rock Star - part III - Enterprise AppsDMIMarketing
 
Essential Guide to Becoming A Mobile App Rock Star - part II - Enterprise Apps
Essential Guide to Becoming A Mobile App Rock Star - part II - Enterprise AppsEssential Guide to Becoming A Mobile App Rock Star - part II - Enterprise Apps
Essential Guide to Becoming A Mobile App Rock Star - part II - Enterprise AppsDMIMarketing
 
Essential Guide to Becoming A Mobile App Rock Star - part I - Enterprise Apps
Essential Guide to Becoming A Mobile App Rock Star - part I - Enterprise AppsEssential Guide to Becoming A Mobile App Rock Star - part I - Enterprise Apps
Essential Guide to Becoming A Mobile App Rock Star - part I - Enterprise AppsDMIMarketing
 
Essential Guide to Becoming A Mobile App Rock Star - part III - Consumer-faci...
Essential Guide to Becoming A Mobile App Rock Star - part III - Consumer-faci...Essential Guide to Becoming A Mobile App Rock Star - part III - Consumer-faci...
Essential Guide to Becoming A Mobile App Rock Star - part III - Consumer-faci...DMIMarketing
 
Essential Guide to Becoming A Mobile App Rock Star - part II - Consumer-facin...
Essential Guide to Becoming A Mobile App Rock Star - part II - Consumer-facin...Essential Guide to Becoming A Mobile App Rock Star - part II - Consumer-facin...
Essential Guide to Becoming A Mobile App Rock Star - part II - Consumer-facin...DMIMarketing
 
Essential Guide to Becoming A Mobile App Rock Star - part I - Consumer-facing...
Essential Guide to Becoming A Mobile App Rock Star - part I - Consumer-facing...Essential Guide to Becoming A Mobile App Rock Star - part I - Consumer-facing...
Essential Guide to Becoming A Mobile App Rock Star - part I - Consumer-facing...DMIMarketing
 
6 Ways to Shake Up Social in Your App
6 Ways to Shake Up Social in Your App6 Ways to Shake Up Social in Your App
6 Ways to Shake Up Social in Your AppDMIMarketing
 
Driving Traffic to Your Mobile Apps & Sites
Driving Traffic to Your Mobile Apps & SitesDriving Traffic to Your Mobile Apps & Sites
Driving Traffic to Your Mobile Apps & SitesDMIMarketing
 
Mobile World Congress - Report
Mobile World Congress - ReportMobile World Congress - Report
Mobile World Congress - ReportDMIMarketing
 
Enterprise Mobile Strategy
Enterprise Mobile StrategyEnterprise Mobile Strategy
Enterprise Mobile StrategyDMIMarketing
 
Secure Trustworthy Enterprise
Secure Trustworthy EnterpriseSecure Trustworthy Enterprise
Secure Trustworthy EnterpriseDMIMarketing
 
Game Changing IT Solutions
Game Changing IT SolutionsGame Changing IT Solutions
Game Changing IT SolutionsDMIMarketing
 

More from DMIMarketing (18)

Portal Integration with SAP BusinessObjects (SDK)
Portal Integration with SAP BusinessObjects (SDK)Portal Integration with SAP BusinessObjects (SDK)
Portal Integration with SAP BusinessObjects (SDK)
 
SAP BusinessObjects 4.x Upgrade / Migration to 4.x
SAP BusinessObjects 4.x Upgrade / Migration to 4.xSAP BusinessObjects 4.x Upgrade / Migration to 4.x
SAP BusinessObjects 4.x Upgrade / Migration to 4.x
 
Data Driven Mobile Strategy
Data Driven Mobile StrategyData Driven Mobile Strategy
Data Driven Mobile Strategy
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
BYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessBYOD: Six Essentials for Success
BYOD: Six Essentials for Success
 
Essential Guide to Becoming A Mobile App Rock Star - part III - Enterprise Apps
Essential Guide to Becoming A Mobile App Rock Star - part III - Enterprise AppsEssential Guide to Becoming A Mobile App Rock Star - part III - Enterprise Apps
Essential Guide to Becoming A Mobile App Rock Star - part III - Enterprise Apps
 
Essential Guide to Becoming A Mobile App Rock Star - part II - Enterprise Apps
Essential Guide to Becoming A Mobile App Rock Star - part II - Enterprise AppsEssential Guide to Becoming A Mobile App Rock Star - part II - Enterprise Apps
Essential Guide to Becoming A Mobile App Rock Star - part II - Enterprise Apps
 
Essential Guide to Becoming A Mobile App Rock Star - part I - Enterprise Apps
Essential Guide to Becoming A Mobile App Rock Star - part I - Enterprise AppsEssential Guide to Becoming A Mobile App Rock Star - part I - Enterprise Apps
Essential Guide to Becoming A Mobile App Rock Star - part I - Enterprise Apps
 
Essential Guide to Becoming A Mobile App Rock Star - part III - Consumer-faci...
Essential Guide to Becoming A Mobile App Rock Star - part III - Consumer-faci...Essential Guide to Becoming A Mobile App Rock Star - part III - Consumer-faci...
Essential Guide to Becoming A Mobile App Rock Star - part III - Consumer-faci...
 
Essential Guide to Becoming A Mobile App Rock Star - part II - Consumer-facin...
Essential Guide to Becoming A Mobile App Rock Star - part II - Consumer-facin...Essential Guide to Becoming A Mobile App Rock Star - part II - Consumer-facin...
Essential Guide to Becoming A Mobile App Rock Star - part II - Consumer-facin...
 
Essential Guide to Becoming A Mobile App Rock Star - part I - Consumer-facing...
Essential Guide to Becoming A Mobile App Rock Star - part I - Consumer-facing...Essential Guide to Becoming A Mobile App Rock Star - part I - Consumer-facing...
Essential Guide to Becoming A Mobile App Rock Star - part I - Consumer-facing...
 
6 Ways to Shake Up Social in Your App
6 Ways to Shake Up Social in Your App6 Ways to Shake Up Social in Your App
6 Ways to Shake Up Social in Your App
 
Driving Traffic to Your Mobile Apps & Sites
Driving Traffic to Your Mobile Apps & SitesDriving Traffic to Your Mobile Apps & Sites
Driving Traffic to Your Mobile Apps & Sites
 
Mobile World Congress - Report
Mobile World Congress - ReportMobile World Congress - Report
Mobile World Congress - Report
 
Enterprise Mobile Strategy
Enterprise Mobile StrategyEnterprise Mobile Strategy
Enterprise Mobile Strategy
 
Secure Trustworthy Enterprise
Secure Trustworthy EnterpriseSecure Trustworthy Enterprise
Secure Trustworthy Enterprise
 
Game Changing IT Solutions
Game Changing IT SolutionsGame Changing IT Solutions
Game Changing IT Solutions
 
Buckle Up
Buckle UpBuckle Up
Buckle Up
 

Recently uploaded

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 

Recently uploaded (20)

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 

Mobile Security: 5 Steps to Mobile Risk Management

  • 1. 1DMI WHITE PAPER Nearly 80 percent of American investors say they aren’t likely to invest in companies that have suffered multiple cyber attacks1 . Analysts estimate that data breaches cost large enterprises an average of $5.4 million per breach2 and can erode brand value by hundreds of millions of dollars3 . As data breaches have damaged business performance and company valuations, data security concerns have broken out of the CIO’s office and into the boardroom, where CEOs are being challenged to explain what they’re doing to ensure that vital revenue streams and shareholder value are being safeguarded. As the business stakes have been raised, the explosive growth in mobile devices has multiplied the threat. Nearly 40% of organizations in another recent study had data breaches resulting from lost or stolen mobile devices, including tablet computers, smartphones and USB drives that contained confidential or sensitive data4 . So what does a company need to do to manage the risk of data loss through mobile devices? This white paper outlines a rational, risk-based approach to data protection that’s designed particularly for the new world of mobile devices. 1 Zogby Analytics/HBGary Feb 25, 2013 2 Ponemon Institute 2013 Cost of Data Breach Study 3 Ponemon Institute October 2011 4 Ponemon Institute 2011 Cost of Data Breach Study MOBILE SECURITY: 5 STEPS TO MOBILE RISK MANAGEMENT
  • 2. 2DMI WHITE PAPER Mobile Security: 5 Steps to Mobile Risk Management Historically, when new business process-changing technologies become available, e.g. Email, Web Services, Laptops, Wifi, Cloud Services, and now ubiquitous and heterogeneous Mobile Devices, the focus is on figuring out how to use and manage the technology. Worrying about securing it comes later. Then a familiar pattern is often repeated: a period of time is spent admiring the security problem; eventually a myriad of disparate “bolt on” point security solutions are developed; then finally security is integrated into the technology. Right now, Mobile technologies are somewhere between admiring the problem, and bolting on solutions. Mobile security vendors are in a rush to launch new products. Dozens of new point solutions are flooding the market, and enterprises are challenged to determine what they need, and how to integrate them into their infrastructure. The problem is that there is little discussion of what the business requirements for security actually are. Mobile Security is not just one thing. There are multifaceted threats and risks that need to be managed. These include secure identity and access control; data protection and content management; application management and security; malware protection; digital forensics, secure transport, monitoring and reporting, policy enforcement and device management. Each of these plays a critical part in managing risk, because no organization has the same risk profile. Balancing which to prioritize, and how much to implement takes expertise. Users Data & Content Apps Networks Devices Secure Identity Application Security Data Protection Secure Transport Access Control Malware Protection Content Management Monitoring/Reporting Privacy Controls Digital Forensics Application Management Policy Enforcement Device Management Mobile Security Landscape
  • 3. 3DMI WHITE PAPER Mobile Security: 5 Steps to Mobile Risk Management A Risk-Based Approach The key to real security is taking a risk-based approach. This means developing a set of practical business and security requirements that point the way to the technologies and policies that eliminate the most risk without unduly impacting usability and needed business functionality. This avoids the common backwards approach: buying a technology based on feature set, then figuring out how to integrate it into the business process. Establishing business security requirements involves answering the question, “secure from what?” Almost every organization will have a different answer. There will certainly be standard risk-based approaches and security features that apply across the board. But the priority of controls, the way they are implemented, and the way they are managed will be unique to each organization. The Twenty Critical Security Controls, developed by the SANS Institute, have helped many large enterprises and government agencies begin to transform security by focusing their spending on the key controls that block attacks that have the greatest overall impact on security. Several of these Critical Security Controls apply just as well to mobile devices as to traditional computers: Asset and configuration management Strong authentication and identity management Protection of sensitive data at rest and in transit Protection against Lost/stolen/decommissioned devices Protection from malware from email or web Device-specific Operating System vulnerabilities Connecting to insecure/rogue wifi Protection and management of web and email traffic The organization’s unique business requirements will determine where to start and how to build. For companies with intellectual property to protect, encryption will be a high priority; organizations that field many mobile apps might need to focus on application security; companies where users need to access internal applications might require strong identity management. Many tools are available for each area. Selecting the right one depends on an organization’s unique environment and requirements. To help define requirements and determine the best approach, DMI recommends a Five Step Mobile Risk Management Process.
  • 4. 4DMI WHITE PAPER Mobile Security: 5 Steps to Mobile Risk Management 5 Step Process for Mobile Risk Management: Understand how employees want to use Mobile Devices and Applications Identify potential threats Define the impact to the business based on probable threat scenarios Develop policies and procedures to protect the business to an acceptable level Implement manageable procedural and technical controls, and monitor their effectiveness 1 2 3 4 5 Step 1: Understand User Requirements This may vary by industry, business needs or organizational culture, but a typical list of user requirements for a personal mobile device is likely to include: Access to enterprise applications (email, calendar, contacts, business applications, Sharepoint servers, etc) Ability to make both personal and professional calls Privacy for personal employee activities, data, photos, emails, texts, and applications (i.e., no corporate collecting, monitoring, or tracking) Prohibition of organizational backup or wipe of personal data Step 2: Identify Potential Threats Some common threats introduced or exacerbated by mobile devices are listed below. Like user requirements, threats that are relevant to any given organization will vary depending on industry, corporate culture, and current security program and architecture implementation. Corporate loss of control of data on device (lost/stolen/decommissioned/employment separation) Compromise of user credentials (malicious applications, insecure applications or operating systems, credentials passed in clear over public networks, phishing web sites) Unauthorized access to sensitive data (data passed over network in clear, data stored unencrypted on device, data backed up to uncontrolled system) Devices (intentionally or unintentionally) used as recording devices (phone, or camera on during meetings, pictures or video of sensitive information)
  • 5. 5DMI WHITE PAPER Mobile Security: 5 Steps to Mobile Risk Management Step 3: Define the impact to the business based on probable threat scenarios Business risk is about loss of Confidentiality, Integrity, or Availability (CIA). Each kind of loss is associated with a different level of business impact. And the approaches to monitoring and protecting against each type of loss are different. An adversary might use a spear phishing email to compromise an endpoint to steal user credentials to access a database to exfiltrate data (loss of Confidentiality). Or, they could corrupt (loss of Integrity) or delete (loss of Availability) that data. One problem with traditional risk modeling is that it often sets a “value” for an asset based on a simple measurement, such as the cost of a lost device. But business impact value is more complicated--value of data, of business process, of loss of future revenue, etc. must all be considered. And the impact of a loss may even vary depending on how the asset is lost. For a given set of data, loss of Confidentiality (trade secrets fall into the hands of a competitor) might have a greater business impact than loss of Availability, or Integrity (the same data is deleted or corrupted). Standards need to be created that call out different levels of impact and different controls for each of these three (CIA) risks. More important, the likelihood and impact of a security event need to be factored in to achieve better prioritization. A whole paper could be written about vulnerabilities in mobile operating systems, applications, or ActiveSync. But risk management is about playing to the rule and not the exception. A rational approach addresses the more likely and costly threats before getting to the more esoteric. Loss of a device is very common—for most organizations, it’s likely to be a high priority for risk management. What about a hacker in a coffee shop sniffing WiFi traffic and pulling data or credentials off the air? This is where it’s necessary to think about unique business characteristics and how they influence risk: does your company manage a lot of intellectual property? Are there significant regulatory requirements for how to protect and control data? Do you have a diverse workforce distributed around the country, or around the globe with different privacy laws? Do your users only access email, or do you have critical business applications running on your mobile devices, or do you collect critical business data on them? These are the kinds of questions that need to be answered, and risks factored for each. A security program built around the threats that get the most “press” is likely to be both costly and ineffective. Successful programs address the risks that carry the greatest business impact and that are most likely to occur--like expecting that users will lose mobile devices.
  • 6. 6DMI WHITE PAPER Mobile Security: 5 Steps to Mobile Risk Management Step 4: Develop policies and procedures to protect the business to an acceptable level Mobile security can be complicated. If the organization owns the mobile endpoints, the same security controls and policy processes can be applied as are being used to protect laptops: Require good passwords Encrypt the data Antivirus (only effective on Android) Educate users about phishing emails that ask for credentials Educate users about application risks, don’t allow apps over public wifi Keep phones out of meetings when talking about proprietary information But BYOD introduces significant privacy issues. Employees might need to sign off on a policy that authorizes forensics testing on their device. Implementation becomes more complex because it may require separation for work email, calendar, contacts, phone, and documents from personal data. A policy should include: Maintenance and management of a list of devices (linked to users) that are authorized to access company resources Tracking of devices and users accessing company resources at any given time Restricted access from devices with insufficient protection against compromise to data or user credentials Controlled access to data, applications, and resources based policies such as data classification, user, device, network, or location Secured company data, at rest (at server and locally), and in transit (across mobile network or wifi) Protection of devices from unauthorized access or malicious code Maintenance of user privacy (email, texts, contacts, voicemails, applications, etc) Regular security evaluation of all business applications to identify data leakage or unnecessary access to device resources (e.g., camera, contacts list, call history, etc) Removal of corporate data from personal devices in case of loss, theft, or separation from employment An additional item that might require discussion with HR or legal: Geo-location (do you need to know where your employees are?) This might have privacy implications whether company owned or BYOD.
  • 7. 7DMI WHITE PAPER Mobile Security: 5 Steps to Mobile Risk Management Step 5: Implement manageable procedural and technical controls, and monitor their effectiveness Once requirements have been established to mitigate the potential risks to the business it’s possible to estimate the size, scale, complexity, and budget for implementation. It might be that having better visibility of what devices are connected and insuring that they are encrypted is enough. A lot can be done with ActiveSync, which doesn’t cost anything. An MDM platform offers more control. Container, wrapper, or secure virtualization might be necessary to meet some security requirements. Requirements drive a progression from simple and inexpensive to more complex and costly as illustrated below. Where risk management comes in is identifying what sequence these would be implemented, based on needs of the business, and priorities for protection. The bottom line is that it takes a rational plan, and an understanding of available technologies. The number of mobile security technology tool companies is growing weekly. First MDMs, then containers, then application wrappers to give more granular control; then encryption tools, and strong authentication tools; application management tools, and even handsets with secure virtualization. Today, many enterprises struggle to to achieve application security – this is true both of commercial apps and custom apps. How to manage secure connectivity to mobile devices; how to secure the data contained in the apps; how to maintain app security by seamlessly pushing
  • 8. 8DMI WHITE PAPER Mobile Security: 5 Steps to Mobile Risk Management updates and patches to user devices… these have all become major concerns. And each layer of concern brings more cost and complexity. As enterprises are challenged to determine what tools are needed and how to integrate them, the key is to keep coming back to the question of which risks are the most impactful to the business. These are the areas that must be secured first. Deciding what level to achieve is the first step. Then research or assistance may be needed to understand all these tools and how they work together, how they integrate, and what benefits they bring. Finally, it’s necessary to set up a monitoring and management structure to maintain this posture going forward. Some organizations may choose to handle mobile security internally, others may outsource to specialists. Either way, it’s important to set the balance, applying the security that’s necessary without over spending on trying to cover everything. It takes a risk-based approach to prioritize organizational needs and develop a security architecture and process to match. The DMI Security Services Approach DMI has developed a comprehensive security service that effectively manages the risks that mobile devices bring to the Enterprise. We take a Risk-Based Approach--putting priority on the risks that carry the greatest business impact; and combine it with a unique security foundation, tailored to meet each client’s specific needs. Then we address the whole life cycle by repeatedly applying our 5-Step Process. Through the entire process, our focus is on defining and matching customer requirements to protect from the threats that are most relevant to each individual organization today, while engaging in ongoing monitoring to identify and eliminate the threats of tomorrow.
  • 9. 9DMI WHITE PAPER Mobile Security: 5 Steps to Mobile Risk Management About DMI DMI is the world’s leading provider of enterprise mobility services and solutions. We build enterprise class mobile solutions that generate results for the world’s top brands and businesses. Our mobile solutions combine the award-winning user experience design that has made us one of the top creators of consumer apps, with the deep middleware and engineering expertise that we’ve used to build and manage enterprise applications for the most demanding IT departments in the world. DMI mobility solutions improve business processes, tap new revenue streams, build customer loyalty, and increase employee productivity. And we offer a full range of Managed Services to securely set up, configure, and manage your mobile devices. The proof: We’ve built more than 400 mobile apps – in the past 12 months alone – for more than 150 leading organizations – like Disney, Coca Cola, Toyota, Vodafone, P&G, The National Guard, and Universal Studios. We offer brilliant creative and user experience: Our mobile app development group was named the Best Branded App Developer at the 2012 Mobile Entertainment Awards. We have 500,000 devices under management for more that 100+ clients, including many Fortune 500 companies – like BP, Johnson & Johnson, Sears, The Associated Press, Allergan, and more. At BP, we’re deploying 1,000 managed mobile devices each day. We provide 24 x 7 x 365 mobile service support for more than 500,000 users. DMI is the one call our customers need to make to resolve any issue – devices, apps, infrastructure, even carriers. We offer a full range of security options that include Federal-grade hardware-based security, two-factor authentication, secure container, and sophisticated encryption solutions. With our expertise and economies of scale, we can provide mobility management at a higher service level and on average 20% lower cost than most companies can do on their own. Pervasive excellence is our commitment to quality service. DMI is one of only a handful of companies that is CMMI L3 appraised for both application development and services, as well as ISO 9001:2008, ISO 27000:2005, and ISO 20000-1:2005 certified. Our average D&B Open Ratings performance score from our clients is 93/100. DMI One Rock Spring Plaza 6550 Rock Spring Dr Bethesda, MD 20817 DMInc.com DMI Sales Team U.S. Sales: 855.963.2099 Intn’l Sales: 240.200.5848 sales@DMInc.com ©2013 Digital Management, Inc. All right reserved.