SlideShare uma empresa Scribd logo

Mobility Risk, Strategy and Policy

H Contrex
H Contrex
Tecnologia
1 de 29
Baixar para ler offline
Mobility, Risk, Strategy & Policy Addressing Mobile Business & Technology Issues Orienting mobile strategy to negotiate risk landscape obstacles Harry Contreras – CISSP ISSA Phoenix Chapter - April, 2011 – Copyright 2011
Mobility Risk, Strategy and Policy April 2011- Presentation Outline • Mobility issues facing businesses today • Risk and Liability issues • Strategy development • Policy program issues and concerns • Delivery elements • Summary with Q&A opportunity • Resources & References - Take Away Orienting mobile strategy to negotiate risk landscape obstacles
Mobility Risk, Strategy and Policy Mobility Issues to Assess and Address Risks Strategy Policy Delivery Identify the common and Develop strategy within Authorized and endorsed Identify the actions to unique risks of mobile the framework of the corporate policy & deliver a mobile strategy. technology that are in identified risks that standards for mobile What it will take to scope for business use. impact the business. technology use in the support, maintain and Consider liability and With stakeholders define company. sustain with currency a choices for risks the requirements that Communicate and train complete plan for an accepted, avoided and meet elements for via compliance & security enterprise. transferred. advancing business awareness programs. objectives. We will follow these four tracks throughout the presentation Risks Strategy Policy Delivery
Mobility Risk, Strategy and Policy Risk & Liability Issues Assessing company risk with mobile technologies Establish understanding of company tolerance for risk • Business culture • Company compliance impacts points • Consumer technologies introduce new risk issues Integrate cross-linkages with existing Compliance issues • Consult with your company Legal department • Corporate governance determines One of the first areas to “do your homework”. Risk
Mobility Risk, Strategy and Policy Risk & Liability Issues Regulatory, Liability and Risk Landscape Regulatory “entanglements” • Personal, Health and Card Holder privacy regulations • SEC regulation • Rule 26 / e-Discovery • Forensics and investigations • IRS Regulation and Reporting requirements Company and Operations specific issues • Corporate Contractual obligations • Business “verticals” - i.e. health industry, government contracting • Global operation regional issues - i.e. European work councils Other “surprises” both foreign and domestic. Risk
Mobility Risk, Strategy and Policy Risk & Liability Issues Business operating issues and risk posture • Separation of asset ownership- i.e. BYO assets (More on this later.) • Business owned or employee owned • Ownership and control of platform resident data • Business capitalization concerns Employee privacy issues or business “enablers” • “Invading technologies” to consider • Presence • Geo-location • Tracking and utilization reporting Identity specific usage issues • Business representative – i.e. how phone number associated • Personal, non-Company persona How much or how little is the Company willing to address. Risk
Mobility Risk, Strategy and Policy Risk & Liability Issues Business issues and risks for BYO assets • How much encroachment do company controls extend? • Comingled personal and Company information • Are business resources and services being “misappropriated”? How do employees expect Company services at their disposal? • Truth or fallacy? - Reality Check • Employees expect free-reign utilization of assets and services • Do not want and will not tolerate limitations Assessing risk and liability usage issues for BYO assets • HR reports employees are doing “WHAT” with their devices? • Client claims that employee took recording of their conversation • Liability remains for Company regardless of approach Can you say it with me… “No employee entitlements to Company provisioned services for personal use.” Risk
Mobility Risk, Strategy and Policy Risk & Liability Issues Industry perspective – “Peersay”, NetworkWorld.com – 3/21/2011 Tablets and smartphones in the enterprise There are two types of risk. One, to the organization, of sensitive content being exposed of the device is lost, hacked or otherwise compromised. In some cases there are financial penalties for this, as well as costly notification practices that need to be complied with if it involves any customer data. The other is to the employee. In the event of a legal action involving anything they may have been involved in, or a data call to “…produce any/all records related to XYZ, “ the employees device may be subject to search. This could risk exposing their personal data, including passwords, contacts, browser history and other things they may not want their employer or others to have access to. Comingling business/personal content and activity just plain isn’t good sense. Even a one-person consulting business keeps it personal and business financial assets/accounts independent of each other; why doesn’t it make the same sense to keep your information assets independent? Larry With this as a “backdrop” … “Discuss, discuss…” Risk
Mobility Risk, Strategy and Policy Risk & Liability Issues Assessing company risk with mobile technologies Original risk issues for mobile technologies remain • Approaches for laptops and enterprise architected solutions for mobile platforms (i.e. RIM, Good Technology) have addressed most of the risks over time Newer mobile technologies bring added complexity • Consumer grade technologies are introducing and broadening the risk and threat horizon • “Not ready for enterprise introduction” • Patchwork quilt of solutions to weave together for mixed results and effectiveness • “Consumer use mentality” is the “insider threat” today. Remember, once you go “Tablet” you can never go back. Risk
Mobility Risk, Strategy and Policy Risk & Liability Issues Assessing company risk with mobile technologies Accept or Retain the identified risk. The risk is unlikely or impact does not warrant any further action, the company simply decides to bear any recovery costs. Avoid or Reject the risk. When costs of likelihood of the risk are great, it is not feasible to continue in that area of activity – product, process or geography. Transfer or Share the risk. When risk is part of the business operation and cost is predictable then the company may elect to insure, warranty or contract (outsource). Mitigate or Reduce the risk. The identified risk(s) are core to the business and the implementation of controls are applied to reduce likelihood and impact to the business. Ignore the risk. A identified option of choice to consciously do nothing. Potential for catastrophic business impact and serious legal and liability repercussions. Burying your head in the sand – not an option. Presentation points in due diligence for management briefing. Risk
Mobility Risk, Strategy and Policy Strategy Development Where is your Strategy now? New or inherited Mobile Strategy • What is in place now? • Functional or “death spiral” • What is your charter for this initiative? • Build new or patch and repair What you may need or what may be missing – Resources (Any way you can get them allocated - internal or contracted.) • Enterprise Architect or IT Strategist • Subject Matter Expert (SME) Engineer • Analyst • Project Manager • Leadership/Management endorsement - oversight The all important “management underwriting” license for change. Strategy
Mobility Risk, Strategy and Policy Strategy Development What is the approach for “services”? • In-house vs. Hosted • Will need to build out or negotiate contract(s) • Take opportunity to research each option • Can business replicate what providers have already built? Present state analysis and comparison to “to-be” state • Are there any accounting stats or metrics to baseline? • What is Cost of Doing Business today for strategy • Can gains and improvements be attained with volume discounts? • Will outsourcing “provisioning” be beneficial? • Is “standardization” going to be an issue? • Does your Telcom services strategy run parallel or intersect? • Is there an expectation or goal for cost/expense limitation? Be on the lookout for “scope creep” around every corner. Strategy
Mobility Risk, Strategy and Policy Strategy Development Ask these same questions with the BYO assets approach What is the approach for “services”? • In-house vs. Hosted • Will need to build out or negotiate contract(s) • Take opportunity to research each option • Can business replicate what providers have already done Present state analysis and comparison to “to-be” state • Are there any accounting stats or metrics to baseline? • What is Cost of Doing Business today for strategy • Can gains and improvements be attained with volume discounts? • Will outsourcing “provisioning” be beneficial? • Is “standardization” going to be an issue? • Does your Telcom services strategy run parallel or intersect? How may personal plans on how many providers come into play? The BYO approach compounds the variables & dilutes volume plans. Strategy
Mobility Risk, Strategy and Policy Strategy Development Adding Controls Plotting a Successful Strategy $$$$ + Cost Tolerance Axis y teg tra S es $$ b ile Is su Mo ce an m pli Co Every Business has its own “Sweet Spot” 0 + Risk Tolerance Axis - Anything goes Non-functional Unsupportable Model Overly draconian Success or Ultimate “Fail” Strategy
Mobility Risk, Strategy and Policy Strategy Development What are we up against with newer mobile technologies? • Lack of built-in security • Open and easily extensible operating architectures • Poor control over devices • Poor control over connectivity • Weak connection security • Weak authentication of user and device • Poor working practices • Compromise of stored data Control, Contain, Maintain and Explain… • Asset sprawl, capitalization, operational expense, support costs • Policy, standardization, licensing • Regulatory compliance, content management, security controls • Add to and refine this list… iPhones, Androids, and Blackberrys… Oh My! Strategy
Mobility Risk, Strategy and Policy Strategy Development Several mobile security strategy approaches available today • Basic device management • Enhanced device management • Walled garden • Risk based management • Basic device management – use Microsoft Activesync for simple policy management. • Enhanced device management – use mobile device management software for more sophisticated control of company-issue devices. • Walled garden / Virtual workspace – Allow corporate access from personal devices, but wall it off from the device’s personal content. • Risk based management – Set policies that restrict corporate access of phones with high risk factors, like unauthorized apps or out-of-date policies. The more product solutions are applied – the more profits are eroded. Strategy
Mobility Risk, Strategy and Policy Strategy Development Some focus points for major solutions in your strategy • Set strategy, policies and standards • Deploy standard hardware, apps and security software • Virus protection, firewalls, disable concurrent connection options • Use device authentication to eliminate “rogue” devices connecting • Consider two-factor authentication – smart cards, imbedded tokens • Harden / lock-down operating systems and device options • White list authorized and support applications – app fingerprinting • Implement software upgrade and patch management solutions • Encrypt stored data and removable storage media • Use remote kill and data wipe solutions • Educate user of mobile use requirements/policy • Provide helpdesk and IT support to mobile users • Scan networks for unauthorized devices and connections Strategy
Mobility Risk, Strategy and Policy Strategy Development Strategy
Mobility Risk, Strategy and Policy Strategy Development Technology Landscape Considerations GSM, UMTS, LTE HSPA CDMA, CDMA2000, UMB 3G 4G WiFi WiMax Bluetooth Wireless Technology Continuum Which bands, services, operators and where does your solution fit? Strategy
Mobility Risk, Strategy and Policy Strategy Development What services and features fit into your business model? • Multiple service bands – which ones are operator specific • Phone / Voice capability with simultaneous Data session capability • What is the bandwidth overhead for the mobile application portfolio? • Email – Single Company source or all services allowed? • Internet browsing allow all or filter? Liabilities? • Are texting and Multi Media Services included in operating costs? • Audio – Allow personal music files? (How will you address licensing?) • Allow audio recording capability? Liabilities? • Allow video recording capabilities? Liabilities? • Camera phone “follies” – (Your own mental image goes here.) • Limit instant messaging to in-house services or allow all? • Global Positioning Services (GPS) • Tele-presence / Video conferencing • Is unified communications (UC) in your Telcom Plan All equate to bandwidth – Bandwidth equates to expense. Strategy
Mobility Risk, Strategy and Policy Strategy Development Strategy Analysis: The What, When, Why, How and Who – What = Identify risks to the business – When = Prioritize actions – Why = Cost justification – How = Solutions/Mitigation approaches – Who = Assign actions to carry out Famous phrase applies here – “Choose wisely grasshopper.” Strategy
Mobility Risk, Strategy and Policy Policy Program What is the approach for mobile “policy” issues? • First and foremost - • Will need to be endorsed by Corporate representation • Take opportunity to review and align • Consider the following • Business culture • Compliance & regulations • Risk mitigation targets What is required in policy statements • Are policy statements expectation for behavioral controls • Are policy statements declarations of automated enforcement • It can be one, the other or combination in policy What did we have to say about that in the Acceptable Use Policy? Policy
Mobility Risk, Strategy and Policy Policy Program Other considerations for “Mobile Technology Use Policy” • Consult with Legal Team - • Inclusion of “Opt-In” – Employee sign off on Mobile policy • Where any “personally owned device” enters into the program • Objective - • Acknowledging company controls and expectations when an “event” condition occurs and implications to personal information and access to personal device. “Bricking” is a last resort • Rendering a field unit inoperable has consequences • Both good and bad results • Is it the only communication resource for employee? • Read in health, safety and other personnel issues here… What did we have to say about that in the Acceptable Use Policy? Policy
Mobility Risk, Strategy and Policy Policy Program – Hierarch of Policies Overarching Global Policy (Core) Authorized & Endorsed Acceptable Use Privacy and Data (AUP) Acceptable Use Policy IT Security Policy Manual Protection Implementation policy details endorsed by Human Resources, Policy Legal and Compliance Security Position Statements (Core) Addresses new technologies & Mitigating immediate business risks AUP Mobile Technology Policy Subordinate Security Standards Opt-In (Sign-Off) to participate Detailed technology specs Required compliance controls in Company plan. Security Awareness Content Awareness Library of Tools & Resources Security IT Security IT Security IT Security Position Policy Standards Awareness Statements Manual Materials Policy
Mobility Risk, Strategy and Policy Delivering the Strategy What to include in the Delivery plan • First and foremost - • Must be manageable • Must be supportable • Must be affordable • Must be sustainable • Is it aligned with business use model • Addresses Compliance & regulations • Can assets be forensically interrogated? • Risk mitigation targets must be addressed • Data escape controls in place What next? • Once you embark on a plan of action – course corrections will impact all of the previously defined variable elements Critical Success Factors Delivery
Mobility Risk, Strategy and Policy Delivering the Strategy Delivery element analysis: The What, When, Why, How and Who • Why = Business objectives for mobility • What = Strategy, policy and technologies • How = Delivery plan • Who = Resources, personnel and funding • When = Delivery timeline Critical Success Factors Delivery
Mobility Risk, Strategy and Policy Summary Sustaining Security Objectives for the Organization Security - Be recognized as the visionary security leaders that collaboratively consults with the business. Security –Enable the business with compliant and consistent security policy and controls focused on secure future computing within the Company. Security - Ensure governed, integrated protection for entire Company and resources. Protecting colleagues, company assets and reputation Risk Strategy Policy Delivery
Mobility, Risk, Strategy & Policy Addressing Mobile Business & Technology Issues Conclusion – Question & Answers - Disclaimer - “Not a lawyer.” This presentation is available at: http://www.slideshare.net/hcontrex H. Contreras – CISSP ISSA Phoenix Chapter - April, 2011 – Copyright 2011
Mobility Risk, Strategy and Policy References – Resources Information Week, Grant Moerschel – Jan 29, 2011 4 Strategies To Lower Mobile Device Risk NetworkWorld, Toolshed: Mark Gibbs – Feb 7, 2011 Mobile Devices: You’re losing control SCMagazine, Greg Masters – Feb 17, 2010 On the go: Mobile Security (http://scmagazineus.com) Information Week, David F. Carr – Dec 6, 2010 iPad in the Enterprise ComputerWorld, Security Manager’s Journal – Mathias Thurman – Mar 22, 2010 BYOPC won’t be a party for security ComputerWorld, Opinion – Steven J. Vaughan-Nichols – Mar 21, 2011 I Want My iPad at Work! ProfitLine, White Paper – Nov, 2009 Culture Shift–The most overlooked aspect of deploying smart devices in the enterprise This presentation is available at: http://www.slideshare.net/hcontrex H. Contreras – CISSP ISSA Phoenix Chapter - April, 2011 – Copyright 2011

Recomendados

SLVA - Top IT Trends and Priorities for 2014
SLVA - Top IT Trends and Priorities for 2014SLVA - Top IT Trends and Priorities for 2014
SLVA - Top IT Trends and Priorities for 2014SLVA Information Security
 
A Guide to IT Consulting- Business.com
A Guide to IT Consulting- Business.comA Guide to IT Consulting- Business.com
A Guide to IT Consulting- Business.comBusiness.com
 
IT Outsourcing Trends - 2016 and beyond
IT Outsourcing Trends - 2016 and beyond IT Outsourcing Trends - 2016 and beyond
IT Outsourcing Trends - 2016 and beyond Euro IT Group
 
Learn How to Create a Seamless Omni-Channel Retail Experience
Learn How to Create a Seamless Omni-Channel Retail ExperienceLearn How to Create a Seamless Omni-Channel Retail Experience
Learn How to Create a Seamless Omni-Channel Retail ExperiencePerficient, Inc.
 
Webinar - Making change happen within insurers
Webinar - Making change happen within insurersWebinar - Making change happen within insurers
Webinar - Making change happen within insurersImpact Insurance Facility
 
CPO Event - Louis Ferretti, What Every Procurement Professional Should Know ...
CPO Event - Louis Ferretti, What Every Procurement Professional Should Know ...CPO Event - Louis Ferretti, What Every Procurement Professional Should Know ...
CPO Event - Louis Ferretti, What Every Procurement Professional Should Know ...Global Business Intel
 
How to sell MCS - Managed Content Services
How to sell MCS - Managed Content ServicesHow to sell MCS - Managed Content Services
How to sell MCS - Managed Content ServicesAtle Skjekkeland
 
Ibm odm fraud detection & management system
Ibm odm fraud detection & management systemIbm odm fraud detection & management system
Ibm odm fraud detection & management systemsflynn073
 

Recomendados

SLVA - Top IT Trends and Priorities for 2014
SLVA - Top IT Trends and Priorities for 2014SLVA - Top IT Trends and Priorities for 2014
SLVA - Top IT Trends and Priorities for 2014SLVA Information Security
 
A Guide to IT Consulting- Business.com
A Guide to IT Consulting- Business.comA Guide to IT Consulting- Business.com
A Guide to IT Consulting- Business.comBusiness.com
 
IT Outsourcing Trends - 2016 and beyond
IT Outsourcing Trends - 2016 and beyond IT Outsourcing Trends - 2016 and beyond
IT Outsourcing Trends - 2016 and beyond Euro IT Group
 
Learn How to Create a Seamless Omni-Channel Retail Experience
Learn How to Create a Seamless Omni-Channel Retail ExperienceLearn How to Create a Seamless Omni-Channel Retail Experience
Learn How to Create a Seamless Omni-Channel Retail ExperiencePerficient, Inc.
 
Webinar - Making change happen within insurers
Webinar - Making change happen within insurersWebinar - Making change happen within insurers
Webinar - Making change happen within insurersImpact Insurance Facility
 
CPO Event - Louis Ferretti, What Every Procurement Professional Should Know ...
CPO Event - Louis Ferretti, What Every Procurement Professional Should Know ...CPO Event - Louis Ferretti, What Every Procurement Professional Should Know ...
CPO Event - Louis Ferretti, What Every Procurement Professional Should Know ...Global Business Intel
 
How to sell MCS - Managed Content Services
How to sell MCS - Managed Content ServicesHow to sell MCS - Managed Content Services
How to sell MCS - Managed Content ServicesAtle Skjekkeland
 
Ibm odm fraud detection & management system
Ibm odm fraud detection & management systemIbm odm fraud detection & management system
Ibm odm fraud detection & management systemsflynn073
 
How to improve processes - what you need to know in 2 min
How to improve processes - what you need to know in 2 minHow to improve processes - what you need to know in 2 min
How to improve processes - what you need to know in 2 minAtle Skjekkeland
 
State of the Capture Industry 2014
State of the Capture Industry 2014State of the Capture Industry 2014
State of the Capture Industry 2014Atle Skjekkeland
 
Cyber security framework
Cyber security frameworkCyber security framework
Cyber security frameworkYann Lecourt
 
Cost Saving
Cost SavingCost Saving
Cost SavingAlan Richards
 
Conduct Risk – What Corporates Can Learn From The Financial Sector
Conduct Risk – What Corporates Can Learn From The Financial SectorConduct Risk – What Corporates Can Learn From The Financial Sector
Conduct Risk – What Corporates Can Learn From The Financial SectorEversheds Sutherland
 
Information Systems Governance
Information Systems GovernanceInformation Systems Governance
Information Systems GovernanceMark Roman
 
It Governance Slides for MISA Ontario June 2009
It Governance Slides for MISA Ontario June 2009It Governance Slides for MISA Ontario June 2009
It Governance Slides for MISA Ontario June 2009Ben Perry
 
Biz model 3 value proposition, cust selection
Biz model 3 value proposition, cust selectionBiz model 3 value proposition, cust selection
Biz model 3 value proposition, cust selectionJeffrey Funk Business Models
 
ACS presentation - Managing a Portfolio of IT investments
ACS presentation - Managing a Portfolio of IT investmentsACS presentation - Managing a Portfolio of IT investments
ACS presentation - Managing a Portfolio of IT investmentsMicrosolve
 
Outsourcing risk mitigation and critical success factors
Outsourcing risk mitigation and critical success factorsOutsourcing risk mitigation and critical success factors
Outsourcing risk mitigation and critical success factorsSPAN Infotech (India) Pvt Ltd
 
Developing a business case for intranet investment and measuring ROI
Developing a business case for intranet investment and measuring ROIDeveloping a business case for intranet investment and measuring ROI
Developing a business case for intranet investment and measuring ROIIntergen
 
52 Software Selection Tips to Pick the Best-Fit Software and Impress Your Col...
52 Software Selection Tips to Pick the Best-Fit Software and Impress Your Col...52 Software Selection Tips to Pick the Best-Fit Software and Impress Your Col...
52 Software Selection Tips to Pick the Best-Fit Software and Impress Your Col...SelectHub
 
It Governance in time of Covid-19
It Governance in time of Covid-19It Governance in time of Covid-19
It Governance in time of Covid-19Rudy Shoushany
 
PrideOne Events | Transforming The Contingent Workforce Ecosystem Into A Comp...
PrideOne Events | Transforming The Contingent Workforce Ecosystem Into A Comp...PrideOne Events | Transforming The Contingent Workforce Ecosystem Into A Comp...
PrideOne Events | Transforming The Contingent Workforce Ecosystem Into A Comp...Allen Yesilevich
 
QlikView for Risk and Customer Intelligence
QlikView for Risk and Customer IntelligenceQlikView for Risk and Customer Intelligence
QlikView for Risk and Customer IntelligenceQlikView-India
 
How to Automate Records Management
How to Automate Records ManagementHow to Automate Records Management
How to Automate Records ManagementAtle Skjekkeland
 
IT Services Development
IT Services DevelopmentIT Services Development
IT Services DevelopmentElijah Ezendu
 
Boost your bottom line with scalable it methodologies
Boost your bottom line with scalable it methodologiesBoost your bottom line with scalable it methodologies
Boost your bottom line with scalable it methodologiesNirtiSingla
 
Business Driven Technology Considerations
Business Driven Technology ConsiderationsBusiness Driven Technology Considerations
Business Driven Technology ConsiderationsDominic Lumsden
 
IT Risk assessment and Audit Planning
IT Risk assessment and Audit PlanningIT Risk assessment and Audit Planning
IT Risk assessment and Audit Planninggoreankush1
 
Data lifecycle mgmt_destruction
Data lifecycle mgmt_destructionData lifecycle mgmt_destruction
Data lifecycle mgmt_destructionH Contrex
 
Disaster Planning And Communications Are Essential
Disaster Planning And Communications Are EssentialDisaster Planning And Communications Are Essential
Disaster Planning And Communications Are EssentialCydney Davis
 

Mais conteúdo relacionado

Mais procurados

How to improve processes - what you need to know in 2 min
How to improve processes - what you need to know in 2 minHow to improve processes - what you need to know in 2 min
How to improve processes - what you need to know in 2 minAtle Skjekkeland
 
State of the Capture Industry 2014
State of the Capture Industry 2014State of the Capture Industry 2014
State of the Capture Industry 2014Atle Skjekkeland
 
Cyber security framework
Cyber security frameworkCyber security framework
Cyber security frameworkYann Lecourt
 
Conduct Risk – What Corporates Can Learn From The Financial Sector
Conduct Risk – What Corporates Can Learn From The Financial SectorConduct Risk – What Corporates Can Learn From The Financial Sector
Conduct Risk – What Corporates Can Learn From The Financial SectorEversheds Sutherland
 
Information Systems Governance
Information Systems GovernanceInformation Systems Governance
Information Systems GovernanceMark Roman
 
It Governance Slides for MISA Ontario June 2009
It Governance Slides for MISA Ontario June 2009It Governance Slides for MISA Ontario June 2009
It Governance Slides for MISA Ontario June 2009Ben Perry
 
ACS presentation - Managing a Portfolio of IT investments
ACS presentation - Managing a Portfolio of IT investmentsACS presentation - Managing a Portfolio of IT investments
ACS presentation - Managing a Portfolio of IT investmentsMicrosolve
 
Outsourcing risk mitigation and critical success factors
Outsourcing risk mitigation and critical success factorsOutsourcing risk mitigation and critical success factors
Outsourcing risk mitigation and critical success factorsSPAN Infotech (India) Pvt Ltd
 
Developing a business case for intranet investment and measuring ROI
Developing a business case for intranet investment and measuring ROIDeveloping a business case for intranet investment and measuring ROI
Developing a business case for intranet investment and measuring ROIIntergen
 
52 Software Selection Tips to Pick the Best-Fit Software and Impress Your Col...
52 Software Selection Tips to Pick the Best-Fit Software and Impress Your Col...52 Software Selection Tips to Pick the Best-Fit Software and Impress Your Col...
52 Software Selection Tips to Pick the Best-Fit Software and Impress Your Col...SelectHub
 
It Governance in time of Covid-19
It Governance in time of Covid-19It Governance in time of Covid-19
It Governance in time of Covid-19Rudy Shoushany
 
PrideOne Events | Transforming The Contingent Workforce Ecosystem Into A Comp...
PrideOne Events | Transforming The Contingent Workforce Ecosystem Into A Comp...PrideOne Events | Transforming The Contingent Workforce Ecosystem Into A Comp...
PrideOne Events | Transforming The Contingent Workforce Ecosystem Into A Comp...Allen Yesilevich
 
QlikView for Risk and Customer Intelligence
QlikView for Risk and Customer IntelligenceQlikView for Risk and Customer Intelligence
QlikView for Risk and Customer IntelligenceQlikView-India
 
How to Automate Records Management
How to Automate Records ManagementHow to Automate Records Management
How to Automate Records ManagementAtle Skjekkeland
 
IT Services Development
IT Services DevelopmentIT Services Development
IT Services DevelopmentElijah Ezendu
 
Boost your bottom line with scalable it methodologies
Boost your bottom line with scalable it methodologiesBoost your bottom line with scalable it methodologies
Boost your bottom line with scalable it methodologiesNirtiSingla
 
Business Driven Technology Considerations
Business Driven Technology ConsiderationsBusiness Driven Technology Considerations
Business Driven Technology ConsiderationsDominic Lumsden
 
IT Risk assessment and Audit Planning
IT Risk assessment and Audit PlanningIT Risk assessment and Audit Planning
IT Risk assessment and Audit Planninggoreankush1
 

Mais procurados (20)

How to improve processes - what you need to know in 2 min
How to improve processes - what you need to know in 2 minHow to improve processes - what you need to know in 2 min
How to improve processes - what you need to know in 2 min
 
State of the Capture Industry 2014
State of the Capture Industry 2014State of the Capture Industry 2014
State of the Capture Industry 2014
 
Cyber security framework
Cyber security frameworkCyber security framework
Cyber security framework
 
Cost Saving
Cost SavingCost Saving
Cost Saving
 
Conduct Risk – What Corporates Can Learn From The Financial Sector
Conduct Risk – What Corporates Can Learn From The Financial SectorConduct Risk – What Corporates Can Learn From The Financial Sector
Conduct Risk – What Corporates Can Learn From The Financial Sector
 
Information Systems Governance
Information Systems GovernanceInformation Systems Governance
Information Systems Governance
 
It Governance Slides for MISA Ontario June 2009
It Governance Slides for MISA Ontario June 2009It Governance Slides for MISA Ontario June 2009
It Governance Slides for MISA Ontario June 2009
 
Biz model 3 value proposition, cust selection
Biz model 3 value proposition, cust selectionBiz model 3 value proposition, cust selection
Biz model 3 value proposition, cust selection
 
ACS presentation - Managing a Portfolio of IT investments
ACS presentation - Managing a Portfolio of IT investmentsACS presentation - Managing a Portfolio of IT investments
ACS presentation - Managing a Portfolio of IT investments
 
Outsourcing risk mitigation and critical success factors
Outsourcing risk mitigation and critical success factorsOutsourcing risk mitigation and critical success factors
Outsourcing risk mitigation and critical success factors
 
Developing a business case for intranet investment and measuring ROI
Developing a business case for intranet investment and measuring ROIDeveloping a business case for intranet investment and measuring ROI
Developing a business case for intranet investment and measuring ROI
 
52 Software Selection Tips to Pick the Best-Fit Software and Impress Your Col...
52 Software Selection Tips to Pick the Best-Fit Software and Impress Your Col...52 Software Selection Tips to Pick the Best-Fit Software and Impress Your Col...
52 Software Selection Tips to Pick the Best-Fit Software and Impress Your Col...
 
It Governance in time of Covid-19
It Governance in time of Covid-19It Governance in time of Covid-19
It Governance in time of Covid-19
 
PrideOne Events | Transforming The Contingent Workforce Ecosystem Into A Comp...
PrideOne Events | Transforming The Contingent Workforce Ecosystem Into A Comp...PrideOne Events | Transforming The Contingent Workforce Ecosystem Into A Comp...
PrideOne Events | Transforming The Contingent Workforce Ecosystem Into A Comp...
 
QlikView for Risk and Customer Intelligence
QlikView for Risk and Customer IntelligenceQlikView for Risk and Customer Intelligence
QlikView for Risk and Customer Intelligence
 
How to Automate Records Management
How to Automate Records ManagementHow to Automate Records Management
How to Automate Records Management
 
IT Services Development
IT Services DevelopmentIT Services Development
IT Services Development
 
Boost your bottom line with scalable it methodologies
Boost your bottom line with scalable it methodologiesBoost your bottom line with scalable it methodologies
Boost your bottom line with scalable it methodologies
 
Business Driven Technology Considerations
Business Driven Technology ConsiderationsBusiness Driven Technology Considerations
Business Driven Technology Considerations
 
IT Risk assessment and Audit Planning
IT Risk assessment and Audit PlanningIT Risk assessment and Audit Planning
IT Risk assessment and Audit Planning
 

Destaque

Data lifecycle mgmt_destruction
Data lifecycle mgmt_destructionData lifecycle mgmt_destruction
Data lifecycle mgmt_destructionH Contrex
 
Disaster Planning And Communications Are Essential
Disaster Planning And Communications Are EssentialDisaster Planning And Communications Are Essential
Disaster Planning And Communications Are EssentialCydney Davis
 
SharePoint Governance
SharePoint GovernanceSharePoint Governance
SharePoint GovernanceCydney Davis
 
Asset Management Components by Cydney Davis
Asset Management Components by Cydney DavisAsset Management Components by Cydney Davis
Asset Management Components by Cydney DavisCydney Davis
 
Policy and risk issues for byod
Policy and risk issues for byodPolicy and risk issues for byod
Policy and risk issues for byodH Contrex
 
A Global Info Sec Policy Strategy
A Global Info Sec Policy StrategyA Global Info Sec Policy Strategy
A Global Info Sec Policy StrategyH Contrex
 
Security Metrics Program
Security Metrics ProgramSecurity Metrics Program
Security Metrics ProgramCydney Davis
 

Destaque (7)

Data lifecycle mgmt_destruction
Data lifecycle mgmt_destructionData lifecycle mgmt_destruction
Data lifecycle mgmt_destruction
 
Disaster Planning And Communications Are Essential
Disaster Planning And Communications Are EssentialDisaster Planning And Communications Are Essential
Disaster Planning And Communications Are Essential
 
SharePoint Governance
SharePoint GovernanceSharePoint Governance
SharePoint Governance
 
Asset Management Components by Cydney Davis
Asset Management Components by Cydney DavisAsset Management Components by Cydney Davis
Asset Management Components by Cydney Davis
 
Policy and risk issues for byod
Policy and risk issues for byodPolicy and risk issues for byod
Policy and risk issues for byod
 
A Global Info Sec Policy Strategy
A Global Info Sec Policy StrategyA Global Info Sec Policy Strategy
A Global Info Sec Policy Strategy
 
Security Metrics Program
Security Metrics ProgramSecurity Metrics Program
Security Metrics Program
 

Semelhante a Mobility Risk, Strategy and Policy

From Device Selection to Data Protection: Selecting the Right Mobility Soluti...
From Device Selection to Data Protection: Selecting the Right Mobility Soluti...From Device Selection to Data Protection: Selecting the Right Mobility Soluti...
From Device Selection to Data Protection: Selecting the Right Mobility Soluti...Enterprise Mobile
 
Creating an effective mobility policy for your business
Creating an effective mobility policy for your businessCreating an effective mobility policy for your business
Creating an effective mobility policy for your businessVisageMobile
 
IT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersIT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersCisco Mobility
 
Abiliti Enterprise Governance 2010[Final]
Abiliti Enterprise Governance 2010[Final]Abiliti Enterprise Governance 2010[Final]
Abiliti Enterprise Governance 2010[Final]Nigel Tebbutt
 
Understanding New Technology and Security Risks as you respond to COVID-19
Understanding New Technology and Security Risks as you respond to COVID-19Understanding New Technology and Security Risks as you respond to COVID-19
Understanding New Technology and Security Risks as you respond to COVID-19Emma Kelly
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessJoel Cardella
 
Con Brochure
Con BrochureCon Brochure
Con Brochuremartgroot
 
Applying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_effortsApplying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_effortsSubhajit Bhuiya
 
There's an App for That, and That, and That: Managing Mobile in the Workforce
There's an App for That, and That, and That: Managing Mobile in the WorkforceThere's an App for That, and That, and That: Managing Mobile in the Workforce
There's an App for That, and That, and That: Managing Mobile in the WorkforceHuman Capital Media
 
Battle Tested Application Security
Battle Tested Application SecurityBattle Tested Application Security
Battle Tested Application SecurityTy Sbano
 
Strategy formulation lecture notes
Strategy formulation lecture notesStrategy formulation lecture notes
Strategy formulation lecture noteswilliamwachira
 
Enterprise mobile strategy framework - 1st part
Enterprise mobile strategy framework - 1st partEnterprise mobile strategy framework - 1st part
Enterprise mobile strategy framework - 1st partAlgarytm
 
Axis Technology - Consulting Overview
Axis Technology - Consulting OverviewAxis Technology - Consulting Overview
Axis Technology - Consulting OverviewAxis Technology, LLC
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
Webinar 1: Service2Media - app strategy and organisation
Webinar 1: Service2Media - app strategy and organisationWebinar 1: Service2Media - app strategy and organisation
Webinar 1: Service2Media - app strategy and organisationService2Media
 

Semelhante a Mobility Risk, Strategy and Policy (20)

Belgina ism-v3 3
Belgina ism-v3 3Belgina ism-v3 3
Belgina ism-v3 3
 
From Device Selection to Data Protection: Selecting the Right Mobility Soluti...
From Device Selection to Data Protection: Selecting the Right Mobility Soluti...From Device Selection to Data Protection: Selecting the Right Mobility Soluti...
From Device Selection to Data Protection: Selecting the Right Mobility Soluti...
 
A smarter way to manage identities
A smarter way to manage identitiesA smarter way to manage identities
A smarter way to manage identities
 
Creating an effective mobility policy for your business
Creating an effective mobility policy for your businessCreating an effective mobility policy for your business
Creating an effective mobility policy for your business
 
IT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leadersIT Guide for Mobility: Making the case for Security leaders
IT Guide for Mobility: Making the case for Security leaders
 
Abiliti Enterprise Governance 2010[Final]
Abiliti Enterprise Governance 2010[Final]Abiliti Enterprise Governance 2010[Final]
Abiliti Enterprise Governance 2010[Final]
 
Understanding New Technology and Security Risks as you respond to COVID-19
Understanding New Technology and Security Risks as you respond to COVID-19Understanding New Technology and Security Risks as you respond to COVID-19
Understanding New Technology and Security Risks as you respond to COVID-19
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing business
 
Con Brochure
Con BrochureCon Brochure
Con Brochure
 
Applying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_effortsApplying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_efforts
 
There's an App for That, and That, and That: Managing Mobile in the Workforce
There's an App for That, and That, and That: Managing Mobile in the WorkforceThere's an App for That, and That, and That: Managing Mobile in the Workforce
There's an App for That, and That, and That: Managing Mobile in the Workforce
 
Strategy formulation
Strategy formulationStrategy formulation
Strategy formulation
 
Battle Tested Application Security
Battle Tested Application SecurityBattle Tested Application Security
Battle Tested Application Security
 
Strategy formulation lecture notes
Strategy formulation lecture notesStrategy formulation lecture notes
Strategy formulation lecture notes
 
Enterprise mobile strategy framework - 1st part
Enterprise mobile strategy framework - 1st partEnterprise mobile strategy framework - 1st part
Enterprise mobile strategy framework - 1st part
 
General Insurance
General InsuranceGeneral Insurance
General Insurance
 
Axis Technology - Consulting Overview
Axis Technology - Consulting OverviewAxis Technology - Consulting Overview
Axis Technology - Consulting Overview
 
Risk Product.pptx
Risk Product.pptxRisk Product.pptx
Risk Product.pptx
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
Webinar 1: Service2Media - app strategy and organisation
Webinar 1: Service2Media - app strategy and organisationWebinar 1: Service2Media - app strategy and organisation
Webinar 1: Service2Media - app strategy and organisation
 

Último

How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Último (20)

How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Mobility Risk, Strategy and Policy

  • 1. Mobility, Risk, Strategy & Policy Addressing Mobile Business & Technology Issues Orienting mobile strategy to negotiate risk landscape obstacles Harry Contreras – CISSP ISSA Phoenix Chapter - April, 2011 – Copyright 2011
  • 2. Mobility Risk, Strategy and Policy April 2011- Presentation Outline • Mobility issues facing businesses today • Risk and Liability issues • Strategy development • Policy program issues and concerns • Delivery elements • Summary with Q&A opportunity • Resources & References - Take Away Orienting mobile strategy to negotiate risk landscape obstacles
  • 3. Mobility Risk, Strategy and Policy Mobility Issues to Assess and Address Risks Strategy Policy Delivery Identify the common and Develop strategy within Authorized and endorsed Identify the actions to unique risks of mobile the framework of the corporate policy & deliver a mobile strategy. technology that are in identified risks that standards for mobile What it will take to scope for business use. impact the business. technology use in the support, maintain and Consider liability and With stakeholders define company. sustain with currency a choices for risks the requirements that Communicate and train complete plan for an accepted, avoided and meet elements for via compliance & security enterprise. transferred. advancing business awareness programs. objectives. We will follow these four tracks throughout the presentation Risks Strategy Policy Delivery
  • 4. Mobility Risk, Strategy and Policy Risk & Liability Issues Assessing company risk with mobile technologies Establish understanding of company tolerance for risk • Business culture • Company compliance impacts points • Consumer technologies introduce new risk issues Integrate cross-linkages with existing Compliance issues • Consult with your company Legal department • Corporate governance determines One of the first areas to “do your homework”. Risk
  • 5. Mobility Risk, Strategy and Policy Risk & Liability Issues Regulatory, Liability and Risk Landscape Regulatory “entanglements” • Personal, Health and Card Holder privacy regulations • SEC regulation • Rule 26 / e-Discovery • Forensics and investigations • IRS Regulation and Reporting requirements Company and Operations specific issues • Corporate Contractual obligations • Business “verticals” - i.e. health industry, government contracting • Global operation regional issues - i.e. European work councils Other “surprises” both foreign and domestic. Risk
  • 6. Mobility Risk, Strategy and Policy Risk & Liability Issues Business operating issues and risk posture • Separation of asset ownership- i.e. BYO assets (More on this later.) • Business owned or employee owned • Ownership and control of platform resident data • Business capitalization concerns Employee privacy issues or business “enablers” • “Invading technologies” to consider • Presence • Geo-location • Tracking and utilization reporting Identity specific usage issues • Business representative – i.e. how phone number associated • Personal, non-Company persona How much or how little is the Company willing to address. Risk
  • 7. Mobility Risk, Strategy and Policy Risk & Liability Issues Business issues and risks for BYO assets • How much encroachment do company controls extend? • Comingled personal and Company information • Are business resources and services being “misappropriated”? How do employees expect Company services at their disposal? • Truth or fallacy? - Reality Check • Employees expect free-reign utilization of assets and services • Do not want and will not tolerate limitations Assessing risk and liability usage issues for BYO assets • HR reports employees are doing “WHAT” with their devices? • Client claims that employee took recording of their conversation • Liability remains for Company regardless of approach Can you say it with me… “No employee entitlements to Company provisioned services for personal use.” Risk
  • 8. Mobility Risk, Strategy and Policy Risk & Liability Issues Industry perspective – “Peersay”, NetworkWorld.com – 3/21/2011 Tablets and smartphones in the enterprise There are two types of risk. One, to the organization, of sensitive content being exposed of the device is lost, hacked or otherwise compromised. In some cases there are financial penalties for this, as well as costly notification practices that need to be complied with if it involves any customer data. The other is to the employee. In the event of a legal action involving anything they may have been involved in, or a data call to “…produce any/all records related to XYZ, “ the employees device may be subject to search. This could risk exposing their personal data, including passwords, contacts, browser history and other things they may not want their employer or others to have access to. Comingling business/personal content and activity just plain isn’t good sense. Even a one-person consulting business keeps it personal and business financial assets/accounts independent of each other; why doesn’t it make the same sense to keep your information assets independent? Larry With this as a “backdrop” … “Discuss, discuss…” Risk
  • 9. Mobility Risk, Strategy and Policy Risk & Liability Issues Assessing company risk with mobile technologies Original risk issues for mobile technologies remain • Approaches for laptops and enterprise architected solutions for mobile platforms (i.e. RIM, Good Technology) have addressed most of the risks over time Newer mobile technologies bring added complexity • Consumer grade technologies are introducing and broadening the risk and threat horizon • “Not ready for enterprise introduction” • Patchwork quilt of solutions to weave together for mixed results and effectiveness • “Consumer use mentality” is the “insider threat” today. Remember, once you go “Tablet” you can never go back. Risk
  • 10. Mobility Risk, Strategy and Policy Risk & Liability Issues Assessing company risk with mobile technologies Accept or Retain the identified risk. The risk is unlikely or impact does not warrant any further action, the company simply decides to bear any recovery costs. Avoid or Reject the risk. When costs of likelihood of the risk are great, it is not feasible to continue in that area of activity – product, process or geography. Transfer or Share the risk. When risk is part of the business operation and cost is predictable then the company may elect to insure, warranty or contract (outsource). Mitigate or Reduce the risk. The identified risk(s) are core to the business and the implementation of controls are applied to reduce likelihood and impact to the business. Ignore the risk. A identified option of choice to consciously do nothing. Potential for catastrophic business impact and serious legal and liability repercussions. Burying your head in the sand – not an option. Presentation points in due diligence for management briefing. Risk
  • 11. Mobility Risk, Strategy and Policy Strategy Development Where is your Strategy now? New or inherited Mobile Strategy • What is in place now? • Functional or “death spiral” • What is your charter for this initiative? • Build new or patch and repair What you may need or what may be missing – Resources (Any way you can get them allocated - internal or contracted.) • Enterprise Architect or IT Strategist • Subject Matter Expert (SME) Engineer • Analyst • Project Manager • Leadership/Management endorsement - oversight The all important “management underwriting” license for change. Strategy
  • 12. Mobility Risk, Strategy and Policy Strategy Development What is the approach for “services”? • In-house vs. Hosted • Will need to build out or negotiate contract(s) • Take opportunity to research each option • Can business replicate what providers have already built? Present state analysis and comparison to “to-be” state • Are there any accounting stats or metrics to baseline? • What is Cost of Doing Business today for strategy • Can gains and improvements be attained with volume discounts? • Will outsourcing “provisioning” be beneficial? • Is “standardization” going to be an issue? • Does your Telcom services strategy run parallel or intersect? • Is there an expectation or goal for cost/expense limitation? Be on the lookout for “scope creep” around every corner. Strategy
  • 13. Mobility Risk, Strategy and Policy Strategy Development Ask these same questions with the BYO assets approach What is the approach for “services”? • In-house vs. Hosted • Will need to build out or negotiate contract(s) • Take opportunity to research each option • Can business replicate what providers have already done Present state analysis and comparison to “to-be” state • Are there any accounting stats or metrics to baseline? • What is Cost of Doing Business today for strategy • Can gains and improvements be attained with volume discounts? • Will outsourcing “provisioning” be beneficial? • Is “standardization” going to be an issue? • Does your Telcom services strategy run parallel or intersect? How may personal plans on how many providers come into play? The BYO approach compounds the variables & dilutes volume plans. Strategy
  • 14. Mobility Risk, Strategy and Policy Strategy Development Adding Controls Plotting a Successful Strategy $$$$ + Cost Tolerance Axis y teg tra S es $$ b ile Is su Mo ce an m pli Co Every Business has its own “Sweet Spot” 0 + Risk Tolerance Axis - Anything goes Non-functional Unsupportable Model Overly draconian Success or Ultimate “Fail” Strategy
  • 15. Mobility Risk, Strategy and Policy Strategy Development What are we up against with newer mobile technologies? • Lack of built-in security • Open and easily extensible operating architectures • Poor control over devices • Poor control over connectivity • Weak connection security • Weak authentication of user and device • Poor working practices • Compromise of stored data Control, Contain, Maintain and Explain… • Asset sprawl, capitalization, operational expense, support costs • Policy, standardization, licensing • Regulatory compliance, content management, security controls • Add to and refine this list… iPhones, Androids, and Blackberrys… Oh My! Strategy
  • 16. Mobility Risk, Strategy and Policy Strategy Development Several mobile security strategy approaches available today • Basic device management • Enhanced device management • Walled garden • Risk based management • Basic device management – use Microsoft Activesync for simple policy management. • Enhanced device management – use mobile device management software for more sophisticated control of company-issue devices. • Walled garden / Virtual workspace – Allow corporate access from personal devices, but wall it off from the device’s personal content. • Risk based management – Set policies that restrict corporate access of phones with high risk factors, like unauthorized apps or out-of-date policies. The more product solutions are applied – the more profits are eroded. Strategy
  • 17. Mobility Risk, Strategy and Policy Strategy Development Some focus points for major solutions in your strategy • Set strategy, policies and standards • Deploy standard hardware, apps and security software • Virus protection, firewalls, disable concurrent connection options • Use device authentication to eliminate “rogue” devices connecting • Consider two-factor authentication – smart cards, imbedded tokens • Harden / lock-down operating systems and device options • White list authorized and support applications – app fingerprinting • Implement software upgrade and patch management solutions • Encrypt stored data and removable storage media • Use remote kill and data wipe solutions • Educate user of mobile use requirements/policy • Provide helpdesk and IT support to mobile users • Scan networks for unauthorized devices and connections Strategy
  • 18. Mobility Risk, Strategy and Policy Strategy Development Strategy
  • 19. Mobility Risk, Strategy and Policy Strategy Development Technology Landscape Considerations GSM, UMTS, LTE HSPA CDMA, CDMA2000, UMB 3G 4G WiFi WiMax Bluetooth Wireless Technology Continuum Which bands, services, operators and where does your solution fit? Strategy
  • 20. Mobility Risk, Strategy and Policy Strategy Development What services and features fit into your business model? • Multiple service bands – which ones are operator specific • Phone / Voice capability with simultaneous Data session capability • What is the bandwidth overhead for the mobile application portfolio? • Email – Single Company source or all services allowed? • Internet browsing allow all or filter? Liabilities? • Are texting and Multi Media Services included in operating costs? • Audio – Allow personal music files? (How will you address licensing?) • Allow audio recording capability? Liabilities? • Allow video recording capabilities? Liabilities? • Camera phone “follies” – (Your own mental image goes here.) • Limit instant messaging to in-house services or allow all? • Global Positioning Services (GPS) • Tele-presence / Video conferencing • Is unified communications (UC) in your Telcom Plan All equate to bandwidth – Bandwidth equates to expense. Strategy
  • 21. Mobility Risk, Strategy and Policy Strategy Development Strategy Analysis: The What, When, Why, How and Who – What = Identify risks to the business – When = Prioritize actions – Why = Cost justification – How = Solutions/Mitigation approaches – Who = Assign actions to carry out Famous phrase applies here – “Choose wisely grasshopper.” Strategy
  • 22. Mobility Risk, Strategy and Policy Policy Program What is the approach for mobile “policy” issues? • First and foremost - • Will need to be endorsed by Corporate representation • Take opportunity to review and align • Consider the following • Business culture • Compliance & regulations • Risk mitigation targets What is required in policy statements • Are policy statements expectation for behavioral controls • Are policy statements declarations of automated enforcement • It can be one, the other or combination in policy What did we have to say about that in the Acceptable Use Policy? Policy
  • 23. Mobility Risk, Strategy and Policy Policy Program Other considerations for “Mobile Technology Use Policy” • Consult with Legal Team - • Inclusion of “Opt-In” – Employee sign off on Mobile policy • Where any “personally owned device” enters into the program • Objective - • Acknowledging company controls and expectations when an “event” condition occurs and implications to personal information and access to personal device. “Bricking” is a last resort • Rendering a field unit inoperable has consequences • Both good and bad results • Is it the only communication resource for employee? • Read in health, safety and other personnel issues here… What did we have to say about that in the Acceptable Use Policy? Policy
  • 24. Mobility Risk, Strategy and Policy Policy Program – Hierarch of Policies Overarching Global Policy (Core) Authorized & Endorsed Acceptable Use Privacy and Data (AUP) Acceptable Use Policy IT Security Policy Manual Protection Implementation policy details endorsed by Human Resources, Policy Legal and Compliance Security Position Statements (Core) Addresses new technologies & Mitigating immediate business risks AUP Mobile Technology Policy Subordinate Security Standards Opt-In (Sign-Off) to participate Detailed technology specs Required compliance controls in Company plan. Security Awareness Content Awareness Library of Tools & Resources Security IT Security IT Security IT Security Position Policy Standards Awareness Statements Manual Materials Policy
  • 25. Mobility Risk, Strategy and Policy Delivering the Strategy What to include in the Delivery plan • First and foremost - • Must be manageable • Must be supportable • Must be affordable • Must be sustainable • Is it aligned with business use model • Addresses Compliance & regulations • Can assets be forensically interrogated? • Risk mitigation targets must be addressed • Data escape controls in place What next? • Once you embark on a plan of action – course corrections will impact all of the previously defined variable elements Critical Success Factors Delivery
  • 26. Mobility Risk, Strategy and Policy Delivering the Strategy Delivery element analysis: The What, When, Why, How and Who • Why = Business objectives for mobility • What = Strategy, policy and technologies • How = Delivery plan • Who = Resources, personnel and funding • When = Delivery timeline Critical Success Factors Delivery
  • 27. Mobility Risk, Strategy and Policy Summary Sustaining Security Objectives for the Organization Security - Be recognized as the visionary security leaders that collaboratively consults with the business. Security –Enable the business with compliant and consistent security policy and controls focused on secure future computing within the Company. Security - Ensure governed, integrated protection for entire Company and resources. Protecting colleagues, company assets and reputation Risk Strategy Policy Delivery
  • 28. Mobility, Risk, Strategy & Policy Addressing Mobile Business & Technology Issues Conclusion – Question & Answers - Disclaimer - “Not a lawyer.” This presentation is available at: http://www.slideshare.net/hcontrex H. Contreras – CISSP ISSA Phoenix Chapter - April, 2011 – Copyright 2011
  • 29. Mobility Risk, Strategy and Policy References – Resources Information Week, Grant Moerschel – Jan 29, 2011 4 Strategies To Lower Mobile Device Risk NetworkWorld, Toolshed: Mark Gibbs – Feb 7, 2011 Mobile Devices: You’re losing control SCMagazine, Greg Masters – Feb 17, 2010 On the go: Mobile Security (http://scmagazineus.com) Information Week, David F. Carr – Dec 6, 2010 iPad in the Enterprise ComputerWorld, Security Manager’s Journal – Mathias Thurman – Mar 22, 2010 BYOPC won’t be a party for security ComputerWorld, Opinion – Steven J. Vaughan-Nichols – Mar 21, 2011 I Want My iPad at Work! ProfitLine, White Paper – Nov, 2009 Culture Shift–The most overlooked aspect of deploying smart devices in the enterprise This presentation is available at: http://www.slideshare.net/hcontrex H. Contreras – CISSP ISSA Phoenix Chapter - April, 2011 – Copyright 2011