The document discusses developing a strategy for managing risks associated with mobile technology in businesses. It covers assessing risks, developing a strategy, creating policies, and delivering the strategy. The key points are:
1) Businesses must identify risks of mobile technology, such as privacy issues, and determine how much risk they are willing to accept.
2) A strategy must be developed within the framework of identified risks and meet business objectives. It should address issues like controls, standardization, and costs.
3) Authorized policies are needed to communicate and enforce the corporate standards for mobile use.
4) A delivery plan is required to support the strategy and ensure it can be managed, supported, affordable and sustainable
A Guide to IT Consulting- Business.comBusiness.com
IT consulting is an umbrella term for a variety of interrelated activities. This whitepaper breaks down those activities while introducing the benefits and drawbacks of offshoring IT. Oh, and be sure to follow the three steps to choosing the perfect IT consultant.
IT Outsourcing Trends - 2016 and beyond Euro IT Group
Worldwide IT Outsourcing market
Digitalization puts pressure on all organizations
Business leads technology
Large contract renegotiation
New working & pricing models
Flexible sourcing models
Project management trends
Co-opetition between IT service providers
Focus on risk
Employment strategies
New technology trends
Learn How to Create a Seamless Omni-Channel Retail ExperiencePerficient, Inc.
The smarter consumer is redefining the shopping experience. Are you prepared?
A personalized shopping experience includes the ability to deliver a seamless omni-channel experience where the consumer can interact with your brand via any combination of channels. It ensures that all back-end systems are integrated and able to share information about the customer’s brand interactions regardless of the channels involved.
Join us as Perficient’s industry experts share how they work with large retailers to deliver an end-to-end solution that streamlines operations and increases capabilities utilizing IBM’s Sterling Order Management software. We'll look at real customer implementation stories and hold an interactive Q&A to show how your organization can achieve a seamless omni-channel experience.
The Facility, together with its partners FSDA and AFD, organized a webinar on "Making change happen within insurers".
In this webinar, we highlighted the change management activities of two partners - AXA Mansard (Nigeria) and SUNU Assurances (Cote D'Ivoire). It also outlined FSDA and ILO's change management framework and step-by-step process.
The presenters discussed activities, results and lessons that will be helpful to other organizations that wish to go through a similar change process.
Presenters: Omosolape Odeniyi (AXA Mansard), Gildas N'Zouba (SUNU Assurances) and Paul Musoke (FSDA). Moderator: Aparna Dalal (the ILO's Impact Insurance Facility).
A Guide to IT Consulting- Business.comBusiness.com
IT consulting is an umbrella term for a variety of interrelated activities. This whitepaper breaks down those activities while introducing the benefits and drawbacks of offshoring IT. Oh, and be sure to follow the three steps to choosing the perfect IT consultant.
IT Outsourcing Trends - 2016 and beyond Euro IT Group
Worldwide IT Outsourcing market
Digitalization puts pressure on all organizations
Business leads technology
Large contract renegotiation
New working & pricing models
Flexible sourcing models
Project management trends
Co-opetition between IT service providers
Focus on risk
Employment strategies
New technology trends
Learn How to Create a Seamless Omni-Channel Retail ExperiencePerficient, Inc.
The smarter consumer is redefining the shopping experience. Are you prepared?
A personalized shopping experience includes the ability to deliver a seamless omni-channel experience where the consumer can interact with your brand via any combination of channels. It ensures that all back-end systems are integrated and able to share information about the customer’s brand interactions regardless of the channels involved.
Join us as Perficient’s industry experts share how they work with large retailers to deliver an end-to-end solution that streamlines operations and increases capabilities utilizing IBM’s Sterling Order Management software. We'll look at real customer implementation stories and hold an interactive Q&A to show how your organization can achieve a seamless omni-channel experience.
The Facility, together with its partners FSDA and AFD, organized a webinar on "Making change happen within insurers".
In this webinar, we highlighted the change management activities of two partners - AXA Mansard (Nigeria) and SUNU Assurances (Cote D'Ivoire). It also outlined FSDA and ILO's change management framework and step-by-step process.
The presenters discussed activities, results and lessons that will be helpful to other organizations that wish to go through a similar change process.
Presenters: Omosolape Odeniyi (AXA Mansard), Gildas N'Zouba (SUNU Assurances) and Paul Musoke (FSDA). Moderator: Aparna Dalal (the ILO's Impact Insurance Facility).
Conduct Risk – What Corporates Can Learn From The Financial SectorEversheds Sutherland
Over the last few years the financial services industry has wrestled with the impact of poor conduct. Fines and penalties have soared, franchises have been damaged and the legal and regulatory burden has forced a complete rewriting of business models. As a result there has been a sharpened focus from both a regulatory and governance perspective on “conduct risk” – the pro-active management of anything in which an institution might engage which could impact on customer outcomes, or market integrity. We look into what corporates in other sectors can learn from financial institutions in terms of compliance, culture, governance and ”conduct risk”.
ACS presentation - Managing a Portfolio of IT investmentsMicrosolve
“Managing a Portfolio of IT Investments” and was based on the work of Professor Peter Weill.
Investing in IT is a challenging endeavor and this presentation points out some things to look for and some techniques to move IT budgeting from a tactical chore to a strategic lever.
PrideOne Events | Transforming The Contingent Workforce Ecosystem Into A Comp...Allen Yesilevich
The consultant and freelance economies show no signs of slowing down. These trends create tremendous opportunities, as well as risks, for employers. Learn best practices for navigating the contingent workforce ecosystem- creating cost-savings and leveraging workforce flexibility while avoiding issues such as worker misclassification and rogue spend. Executing on this approach now requires a team effort among all stakeholders involved. @KateGoss @BryanPena @JimLanzalotto @KellyShea @NoahGold
Conduct Risk – What Corporates Can Learn From The Financial SectorEversheds Sutherland
Over the last few years the financial services industry has wrestled with the impact of poor conduct. Fines and penalties have soared, franchises have been damaged and the legal and regulatory burden has forced a complete rewriting of business models. As a result there has been a sharpened focus from both a regulatory and governance perspective on “conduct risk” – the pro-active management of anything in which an institution might engage which could impact on customer outcomes, or market integrity. We look into what corporates in other sectors can learn from financial institutions in terms of compliance, culture, governance and ”conduct risk”.
ACS presentation - Managing a Portfolio of IT investmentsMicrosolve
“Managing a Portfolio of IT Investments” and was based on the work of Professor Peter Weill.
Investing in IT is a challenging endeavor and this presentation points out some things to look for and some techniques to move IT budgeting from a tactical chore to a strategic lever.
PrideOne Events | Transforming The Contingent Workforce Ecosystem Into A Comp...Allen Yesilevich
The consultant and freelance economies show no signs of slowing down. These trends create tremendous opportunities, as well as risks, for employers. Learn best practices for navigating the contingent workforce ecosystem- creating cost-savings and leveraging workforce flexibility while avoiding issues such as worker misclassification and rogue spend. Executing on this approach now requires a team effort among all stakeholders involved. @KateGoss @BryanPena @JimLanzalotto @KellyShea @NoahGold
This is a very simple presentation which shows the primary need for governance. Usability (consistency, search capability, clarity) is where the "secret" lies. Having some basic rules for navigation, graphics, colors and content type takes a little bit of work on the front end, but your users will appreciate it and ultimately, it will be your success factor.
Understanding New Technology and Security Risks as you respond to COVID-19Emma Kelly
As world economies reopen, businesses must adjust their risk management posture for the “new normal”, while continuing to drive digital transformation initiatives. The “new normal” has brought change to key risk vectors across people, process, and technology. To enable effective financial and operational controls, business teams must adapt to these changes and fully understand these new technology and security risks.
A key change has been a move to a work from home workforce. Organizations must rethink their approach to approach to enabling employee access to key enterprise systems and sensitive data.
In this session, we will share our thoughts on where new risks have emerged and traditional risks have changed. In addition, we will provide a point of view on the latest technologies and techniques to help you assess and control risks in enterprise systems that enable business finance and operations management.
Join SafePaaS CEO Adil Khan and Director Dan Miller at Altum Strategy Group.
There's an App for That, and That, and That: Managing Mobile in the WorkforceHuman Capital Media
Hardly a provider of human capital or workforce management has missed the tsunami of mobile applications, connecting smartphones or tablets to HCM applications over the cloud. These always-handy “in-your-pocket” applications can provide immediacy and 24/7 accessibility to both managers and workers. But what does this mean for your organization?
Neither HR nor IT departments can afford to give employees access to this plethora of applications without serious planning. This webinar looks at the areas that need to be addressed in moving to a mobile workforce.
Join Dr. Katherine Jones, longtime industry analyst covering HCM technology at Bersin by Deloitte, Deloitte Consulting LLP, to review the critical areas underlying a mobile strategy and deployment in your organization.
You will learn:
Criteria in developing a mobile strategy for your organization.
Device management: Who’s responsible.
The impact of BYOD (bring your own device) vs. corporate-supplied mobile devices.
Planning for security and cost.
Cost ramifications.
Bersin by Deloitte delivers research-based people strategies designed to help leaders and their organizations in their efforts to achieve exceptional business performance. Our WhatWorks® membership gives Fortune 1000 and Global 2000 HR professionals the information and tools they need to design and implement leading practice solutions, benchmark against others, develop their staff, and select and implement systems. A piece of Bersin by Deloitte research is downloaded on average approximately every minute during the business day. More than 5,000 organizations worldwide use our research and consulting to guide their HR, talent and learning strategies. For more information, please visit http://www.deloitte.com/bersin or http://www.bersin.com.
Building Application Security programs from scratch or dropping into existing organizations with some AppSec functions can be a war zone. As practitioners are on the front lines of implementing AppSec programs, there is no one-size fits all or a magic supplier who can come in and solve all opportunities. It takes a dedicated staff to drive an effective program beyond the check the box mentality, with a critical focus on security culture.
Through the talk, I'd like to provide insight into the nuances of dealing with different environments large to small and the associated lessons learned to help drive the culture of security to truly provide defensive capabilities and empower the organization.
Enterprise mobile strategy framework - 1st partAlgarytm
This presentation explains the basic building blocks of a robust enterprise mobile strategy. In this webinar's slides, we discussed how to leverage design thinking to put together a road map, BYOD/Device Strategy, Rugged device Strategy, Mobility Governance. We also buy vs build decision - when to buy turn-key apps and when to build yourself, Native vs Hybrid vs HTML5.
Webinar 1: Service2Media - app strategy and organisationService2Media
Mobile technology has caused a tremendous shift in the way consumers and employees view and interact with their world. Building mobile enterprise apps at a consumer quality level and building a process to replicate it over and over is difficult. How “mature” is your organisation in integrating mobile for improved processes, measured ROI and customer experience? Join our Webinar series to learn more.
Similar to Mobility Risk, Strategy and Policy (20)
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Neuro-symbolic is not enough, we need neuro-*semantic*
Mobility Risk, Strategy and Policy
1. Mobility, Risk, Strategy & Policy
Addressing Mobile Business & Technology Issues
Orienting mobile strategy to negotiate risk landscape obstacles
Harry Contreras – CISSP
ISSA Phoenix Chapter - April, 2011 – Copyright 2011
2. Mobility Risk, Strategy and Policy
April 2011- Presentation Outline
• Mobility issues facing businesses today
• Risk and Liability issues
• Strategy development
• Policy program issues and concerns
• Delivery elements
• Summary with Q&A opportunity
• Resources & References - Take Away
Orienting mobile strategy to negotiate risk landscape obstacles
3. Mobility Risk, Strategy and Policy
Mobility Issues to Assess and Address
Risks Strategy Policy Delivery
Identify the common and Develop strategy within Authorized and endorsed Identify the actions to
unique risks of mobile the framework of the corporate policy & deliver a mobile strategy.
technology that are in identified risks that standards for mobile What it will take to
scope for business use. impact the business. technology use in the support, maintain and
Consider liability and With stakeholders define company. sustain with currency a
choices for risks the requirements that Communicate and train complete plan for an
accepted, avoided and meet elements for via compliance & security enterprise.
transferred. advancing business awareness programs.
objectives.
We will follow these four tracks throughout the presentation
Risks Strategy Policy Delivery
4. Mobility Risk, Strategy and Policy
Risk & Liability Issues
Assessing company risk with mobile technologies
Establish understanding of company tolerance for risk
• Business culture
• Company compliance impacts points
• Consumer technologies introduce new risk issues
Integrate cross-linkages with existing Compliance issues
• Consult with your company Legal department
• Corporate governance determines
One of the first areas to “do your homework”.
Risk
5. Mobility Risk, Strategy and Policy
Risk & Liability Issues
Regulatory, Liability and Risk Landscape
Regulatory “entanglements”
• Personal, Health and Card Holder privacy regulations
• SEC regulation
• Rule 26 / e-Discovery
• Forensics and investigations
• IRS Regulation and Reporting requirements
Company and Operations specific issues
• Corporate Contractual obligations
• Business “verticals” - i.e. health industry, government contracting
• Global operation regional issues - i.e. European work councils
Other “surprises” both foreign and domestic.
Risk
6. Mobility Risk, Strategy and Policy
Risk & Liability Issues
Business operating issues and risk posture
• Separation of asset ownership- i.e. BYO assets (More on this later.)
• Business owned or employee owned
• Ownership and control of platform resident data
• Business capitalization concerns
Employee privacy issues or business “enablers”
• “Invading technologies” to consider
• Presence
• Geo-location
• Tracking and utilization reporting
Identity specific usage issues
• Business representative – i.e. how phone number associated
• Personal, non-Company persona
How much or how little is the Company willing to address.
Risk
7. Mobility Risk, Strategy and Policy
Risk & Liability Issues
Business issues and risks for BYO assets
• How much encroachment do company controls extend?
• Comingled personal and Company information
• Are business resources and services being “misappropriated”?
How do employees expect Company services at their disposal?
• Truth or fallacy? - Reality Check
• Employees expect free-reign utilization of assets and services
• Do not want and will not tolerate limitations
Assessing risk and liability usage issues for BYO assets
• HR reports employees are doing “WHAT” with their devices?
• Client claims that employee took recording of their conversation
• Liability remains for Company regardless of approach
Can you say it with me…
“No employee entitlements to Company provisioned services for personal use.”
Risk
8. Mobility Risk, Strategy and Policy
Risk & Liability Issues
Industry perspective – “Peersay”, NetworkWorld.com – 3/21/2011
Tablets and smartphones in the enterprise
There are two types of risk. One, to the organization, of sensitive content being
exposed of the device is lost, hacked or otherwise compromised. In some cases
there are financial penalties for this, as well as costly notification practices that need
to be complied with if it involves any customer data.
The other is to the employee. In the event of a legal action involving anything they
may have been involved in, or a data call to “…produce any/all records related to
XYZ, “ the employees device may be subject to search. This could risk exposing
their personal data, including passwords, contacts, browser history and other things
they may not want their employer or others to have access to.
Comingling business/personal content and activity just plain isn’t good sense. Even a
one-person consulting business keeps it personal and business financial
assets/accounts independent of each other; why doesn’t it make the same sense to
keep your information assets independent?
Larry
With this as a “backdrop” … “Discuss, discuss…”
Risk
9. Mobility Risk, Strategy and Policy
Risk & Liability Issues
Assessing company risk with mobile technologies
Original risk issues for mobile technologies remain
• Approaches for laptops and enterprise architected solutions for
mobile platforms (i.e. RIM, Good Technology) have addressed most of
the risks over time
Newer mobile technologies bring added complexity
• Consumer grade technologies are introducing and broadening the
risk and threat horizon
• “Not ready for enterprise introduction”
• Patchwork quilt of solutions to weave together for mixed results and
effectiveness
• “Consumer use mentality” is the “insider threat” today.
Remember, once you go “Tablet” you can never go back.
Risk
10. Mobility Risk, Strategy and Policy
Risk & Liability Issues
Assessing company risk with mobile technologies
Accept or Retain the identified risk. The risk is unlikely or impact does not warrant
any further action, the company simply decides to bear any recovery costs.
Avoid or Reject the risk. When costs of likelihood of the risk are great, it is not
feasible to continue in that area of activity – product, process or geography.
Transfer or Share the risk. When risk is part of the business operation and cost is
predictable then the company may elect to insure, warranty or contract (outsource).
Mitigate or Reduce the risk. The identified risk(s) are core to the business and the
implementation of controls are applied to reduce likelihood and impact to the business.
Ignore the risk. A identified option of choice to consciously do nothing. Potential
for catastrophic business impact and serious legal and liability repercussions.
Burying your head in the sand – not an option.
Presentation points in due diligence for management briefing.
Risk
11. Mobility Risk, Strategy and Policy
Strategy Development
Where is your Strategy now?
New or inherited Mobile Strategy
• What is in place now?
• Functional or “death spiral”
• What is your charter for this initiative?
• Build new or patch and repair
What you may need or what may be missing – Resources
(Any way you can get them allocated - internal or contracted.)
• Enterprise Architect or IT Strategist
• Subject Matter Expert (SME) Engineer
• Analyst
• Project Manager
• Leadership/Management endorsement - oversight
The all important “management underwriting” license for change.
Strategy
12. Mobility Risk, Strategy and Policy
Strategy Development
What is the approach for “services”?
• In-house vs. Hosted
• Will need to build out or negotiate contract(s)
• Take opportunity to research each option
• Can business replicate what providers have already built?
Present state analysis and comparison to “to-be” state
• Are there any accounting stats or metrics to baseline?
• What is Cost of Doing Business today for strategy
• Can gains and improvements be attained with volume discounts?
• Will outsourcing “provisioning” be beneficial?
• Is “standardization” going to be an issue?
• Does your Telcom services strategy run parallel or intersect?
• Is there an expectation or goal for cost/expense limitation?
Be on the lookout for “scope creep” around every corner.
Strategy
13. Mobility Risk, Strategy and Policy
Strategy Development
Ask these same questions with the BYO assets approach
What is the approach for “services”?
• In-house vs. Hosted
• Will need to build out or negotiate contract(s)
• Take opportunity to research each option
• Can business replicate what providers have already done
Present state analysis and comparison to “to-be” state
• Are there any accounting stats or metrics to baseline?
• What is Cost of Doing Business today for strategy
• Can gains and improvements be attained with volume discounts?
• Will outsourcing “provisioning” be beneficial?
• Is “standardization” going to be an issue?
• Does your Telcom services strategy run parallel or intersect?
How may personal plans on how many providers come into play?
The BYO approach compounds the variables & dilutes volume plans.
Strategy
14. Mobility Risk, Strategy and Policy
Strategy Development
Adding Controls
Plotting a Successful Strategy
$$$$ +
Cost Tolerance Axis
y
teg
tra
S es
$$ b ile
Is su
Mo ce
an
m pli
Co
Every Business has its own “Sweet Spot”
0
+ Risk Tolerance Axis -
Anything goes Non-functional
Unsupportable Model Overly draconian
Success or Ultimate “Fail”
Strategy
15. Mobility Risk, Strategy and Policy
Strategy Development
What are we up against with newer mobile technologies?
• Lack of built-in security
• Open and easily extensible operating architectures
• Poor control over devices
• Poor control over connectivity
• Weak connection security
• Weak authentication of user and device
• Poor working practices
• Compromise of stored data
Control, Contain, Maintain and Explain…
• Asset sprawl, capitalization, operational expense, support costs
• Policy, standardization, licensing
• Regulatory compliance, content management, security controls
• Add to and refine this list…
iPhones, Androids, and Blackberrys… Oh My!
Strategy
16. Mobility Risk, Strategy and Policy
Strategy Development
Several mobile security strategy approaches available today
• Basic device management
• Enhanced device management
• Walled garden
• Risk based management
• Basic device management – use Microsoft Activesync for simple
policy management.
• Enhanced device management – use mobile device management
software for more sophisticated control of company-issue devices.
• Walled garden / Virtual workspace – Allow corporate access from
personal devices, but wall it off from the device’s personal content.
• Risk based management – Set policies that restrict corporate access
of phones with high risk factors, like unauthorized apps or out-of-date
policies.
The more product solutions are applied – the more profits are eroded.
Strategy
17. Mobility Risk, Strategy and Policy
Strategy Development
Some focus points for major solutions in your strategy
• Set strategy, policies and standards
• Deploy standard hardware, apps and security software
• Virus protection, firewalls, disable concurrent connection options
• Use device authentication to eliminate “rogue” devices connecting
• Consider two-factor authentication – smart cards, imbedded tokens
• Harden / lock-down operating systems and device options
• White list authorized and support applications – app fingerprinting
• Implement software upgrade and patch management solutions
• Encrypt stored data and removable storage media
• Use remote kill and data wipe solutions
• Educate user of mobile use requirements/policy
• Provide helpdesk and IT support to mobile users
• Scan networks for unauthorized devices and connections
Strategy
19. Mobility Risk, Strategy and Policy
Strategy Development
Technology Landscape Considerations
GSM, UMTS, LTE
HSPA
CDMA, CDMA2000, UMB
3G
4G
WiFi
WiMax
Bluetooth
Wireless Technology Continuum
Which bands, services, operators and where does your solution fit?
Strategy
20. Mobility Risk, Strategy and Policy
Strategy Development
What services and features fit into your business model?
• Multiple service bands – which ones are operator specific
• Phone / Voice capability with simultaneous Data session capability
• What is the bandwidth overhead for the mobile application portfolio?
• Email – Single Company source or all services allowed?
• Internet browsing allow all or filter? Liabilities?
• Are texting and Multi Media Services included in operating costs?
• Audio – Allow personal music files? (How will you address licensing?)
• Allow audio recording capability? Liabilities?
• Allow video recording capabilities? Liabilities?
• Camera phone “follies” – (Your own mental image goes here.)
• Limit instant messaging to in-house services or allow all?
• Global Positioning Services (GPS)
• Tele-presence / Video conferencing
• Is unified communications (UC) in your Telcom Plan
All equate to bandwidth – Bandwidth equates to expense.
Strategy
21. Mobility Risk, Strategy and Policy
Strategy Development
Strategy Analysis:
The What, When, Why, How and Who
– What = Identify risks to the business
– When = Prioritize actions
– Why = Cost justification
– How = Solutions/Mitigation approaches
– Who = Assign actions to carry out
Famous phrase applies here – “Choose wisely grasshopper.”
Strategy
22. Mobility Risk, Strategy and Policy
Policy Program
What is the approach for mobile “policy” issues?
• First and foremost -
• Will need to be endorsed by Corporate representation
• Take opportunity to review and align
• Consider the following
• Business culture
• Compliance & regulations
• Risk mitigation targets
What is required in policy statements
• Are policy statements expectation for behavioral controls
• Are policy statements declarations of automated enforcement
• It can be one, the other or combination in policy
What did we have to say about that in the Acceptable Use Policy?
Policy
23. Mobility Risk, Strategy and Policy
Policy Program
Other considerations for “Mobile Technology Use Policy”
• Consult with Legal Team -
• Inclusion of “Opt-In” – Employee sign off on Mobile policy
• Where any “personally owned device” enters into the program
• Objective -
• Acknowledging company controls and expectations when an
“event” condition occurs and implications to personal information
and access to personal device.
“Bricking” is a last resort
• Rendering a field unit inoperable has consequences
• Both good and bad results
• Is it the only communication resource for employee?
• Read in health, safety and other personnel issues here…
What did we have to say about that in the Acceptable Use Policy?
Policy
24. Mobility Risk, Strategy and Policy
Policy Program – Hierarch of Policies
Overarching Global Policy (Core)
Authorized & Endorsed
Acceptable Use Privacy and
Data (AUP) Acceptable Use Policy
IT Security Policy Manual Protection
Implementation policy details endorsed by Human Resources,
Policy Legal and Compliance
Security Position Statements (Core)
Addresses new technologies &
Mitigating immediate business risks
AUP Mobile Technology Policy
Subordinate Security Standards Opt-In (Sign-Off) to participate
Detailed technology specs
Required compliance controls in Company plan.
Security Awareness Content
Awareness Library of Tools & Resources
Security IT Security IT Security IT Security
Position Policy Standards Awareness
Statements Manual Materials
Policy
25. Mobility Risk, Strategy and Policy
Delivering the Strategy
What to include in the Delivery plan
• First and foremost -
• Must be manageable
• Must be supportable
• Must be affordable
• Must be sustainable
• Is it aligned with business use model
• Addresses Compliance & regulations
• Can assets be forensically interrogated?
• Risk mitigation targets must be addressed
• Data escape controls in place
What next?
• Once you embark on a plan of action – course corrections will
impact all of the previously defined variable elements
Critical Success Factors
Delivery
26. Mobility Risk, Strategy and Policy
Delivering the Strategy
Delivery element analysis:
The What, When, Why, How and Who
• Why = Business objectives for mobility
• What = Strategy, policy and technologies
• How = Delivery plan
• Who = Resources, personnel and funding
• When = Delivery timeline
Critical Success Factors
Delivery
27. Mobility Risk, Strategy and Policy
Summary
Sustaining Security Objectives for the Organization
Security - Be recognized as the visionary security leaders that collaboratively
consults with the business.
Security –Enable the business with compliant and consistent security policy
and controls focused on secure future computing within the Company.
Security - Ensure governed, integrated protection for entire Company and
resources.
Protecting colleagues, company assets and reputation
Risk Strategy Policy Delivery
28. Mobility, Risk, Strategy & Policy
Addressing Mobile Business & Technology Issues
Conclusion – Question & Answers
- Disclaimer -
“Not a lawyer.”
This presentation is available at: http://www.slideshare.net/hcontrex
H. Contreras – CISSP ISSA Phoenix Chapter - April, 2011 – Copyright 2011
29. Mobility Risk, Strategy and Policy
References – Resources
Information Week, Grant Moerschel – Jan 29, 2011
4 Strategies To Lower Mobile Device Risk
NetworkWorld, Toolshed: Mark Gibbs – Feb 7, 2011
Mobile Devices: You’re losing control
SCMagazine, Greg Masters – Feb 17, 2010
On the go: Mobile Security (http://scmagazineus.com)
Information Week, David F. Carr – Dec 6, 2010
iPad in the Enterprise
ComputerWorld, Security Manager’s Journal – Mathias Thurman – Mar 22, 2010
BYOPC won’t be a party for security
ComputerWorld, Opinion – Steven J. Vaughan-Nichols – Mar 21, 2011
I Want My iPad at Work!
ProfitLine, White Paper – Nov, 2009
Culture Shift–The most overlooked aspect of deploying smart devices in the
enterprise
This presentation is available at: http://www.slideshare.net/hcontrex
H. Contreras – CISSP ISSA Phoenix Chapter - April, 2011 – Copyright 2011