Security Procedures for Cell phones.

Uploaded on:
Category: Business / Finance
Individual Devices. 6. Issue: Mobile Workforce. Everything Connects. Unfriendly Environments. 7 ... Portable Armor: SafeNet: http: ...
Slide 1

Condition of Oregon Enterprise Security Office Jan. 14 th , 2010 Security Strategies for Mobile Devices

Slide 2

Welcome John Ritchie, CISSP State of Oregon Enterprise Security Office Information Security Analysis and Consultation

Slide 3

Introduction Enterprise Security Office (ESO) State Enterprise Perspective Multi-Agency, Cross-Agency Enterprise Policy and Oversight Not Operations

Slide 4

Agenda Overview of Issues Strategies For Developing Solutions Future Trends

Slide 5

Issue: Portable Storage, Storage and more Storage Easy Data Sharing Small, Smaller, Smallest, Lost Data Loss Prevention Bypass Security Controls

Slide 6

Issue: Mobile Workforce Culture Change Can\'t Be Ignored Huge Benefits Technical Challenges Porous Perimeter Firewalls? Individual Devices

Slide 7

Issue: Mobile Workforce Everything Connects Hostile Environments

Slide 8

Strategies For Coping Step By Step Define Business Needs Develop Policy Technical Implementation Audit Device Use and Compliance Step By Step (Refrain)

Slide 9

Strategy: Step By Step Start Somewhere Develop A Plan Something Is Better Than Nothing It All Costs Money

Slide 10

Strategy: Business Needs Define Benefits What Are Your Goals? Information Classification – Task #1 Where\'s Your Sensitive Data? What Will Your Employees Store On Mobile Devices?

Slide 11

Strategy: Policy Decision Points Strict Or Lenient? Gadget Ownership Decision Device Management Decisions Security

Slide 12

Policy Device Ownership Company-claimed (stricter) Control and Security Responsibility (for the most part) organization\'s Separation of Church and State Personal Devices (more permissive) Flexibility Employee Satisfaction Cost?

Slide 13

Policy Device Management Corporate versus Individual Management Supported Models versus All Models Standard Configuration Lost/Stolen/Sold Devices Employee Termination

Slide 14

Policy Security Data At Rest Data In Transit Access To Device Access to Enterprise Assets Comic by

Slide 15

Policy Responsibility Should Employee Share Responsibility? Arrangement Education Critical Component

Slide 16

Strategy: Technical Controls Intersect With Policy And Security Policy Without Controls Is… Integrate Solutions With Architecture Don\'t Forget About Existing Policies Acceptable Use

Slide 17

Strategy: Audit Device Use Education Visual Audits Manager drive-by Technical Audits Logging "Lessons Learned" Audits After-the-reality

Slide 18

Strategy: Step By Step (Refrain) Start Somewhere Develop A Plan Something Is Better Than Nothing It All Costs Money

Slide 19

Trends For the Future Increasingly Mobile Workforce Better Tools Current: Remote Access, Minimize Local Storage Developing Market for Tools Increasing Risk Targets For Attack Increasing Awareness? History of PC Security Awareness

Slide 20

State Reference Material Policies Statewide Information Security Plan and Standards

Slide 21

Questions? John Ritchie (503) 378-3910

Slide 22

Drive Encryption Tools Pointsec: CREDANT: GuardianEdge: encryption.php PGP: McAfee Endpoint Encryption: Microsoft BitLocker:

Slide 23

Drive Encryption Tools Mobile Armor: SafeNet: SecurStar: Utimaco Software: venture/gadget encryption/WinMagic:

Slide 24

Remote Device Wipe BlackBerry Enterprise Server Microsoft\'s System Center Mobile Device Manager Apple\'s iPhone 3.0 (with MobileMe)

Slide 25

Lost Device Tracking Adeona Project (Open Source): Software: Technologies:

Slide 26

Presentation, Desktop Virtualization Citrix XenDesktop: Citrix XenApp: VMware View:\'s Remote Desktop Services:

View more...