SlideShare une entreprise Scribd logo

5 steps-to-mobile-risk-management-whitepaper-golden-gekko

DMI
DMI

5 STEP PROCESS TO MOBILE RISK MANAGEMENT 1/ Understand how employees want to use Mobile Devices and Applications 2/ Identify potential threats 3/ Define the impact to the business based on probable threat scenarios 4/ Develop policies and procedures to protect the business to an acceptable level 5/ Implement manageable procedural and technical controls, and monitor their effectiveness

TechnologieBusiness
1  sur  19
Télécharger pour lire hors ligne
5 STEPS TO MOBILE RISK MANAGEMENT
OF AMERICAN INVESTORS SAY THEY AREN’T LIKELY TO INVEST IN COMPANIES THAT HAVE SUFFERED MULTIPLE CYBER ATTACKS. 80%
ANALYSTS ESTIMATE THAT DATABREACHESCOSTLARGE ENTERPRISES AN AVERAGE OF$5.4MILLIONPERBREACH. $5.4
NEARLY40%OFORGANIZATIONS HAD DATA BREACHES RESULTING FROMLOSTORSTOLENDEVICES. 40%
Nearly 80% of American investors say they aren’t likely to invest in companies that have suffered multiple cyber attacks. Analysts estimate that data breaches cost large enterprises an average of $5.4 million per breach and can erode brand value by hundreds of millions of dollars. As data breaches have damaged business performance and company valuations, data security concerns have broken out of the CIO’s office and into the boardroom, where CEOs are being challenged to explain what they’re doing to ensure that vital revenue streams and shareholder value is being safeguarded. INTRODUCTION As the business stakes have been raised, the explosive growth in mobile devices has multiplied the threat. Nearly 40% of organizations in another recent study had data breaches resulting from lost or stolen mobile devices, including tablet computers, smartphones and USB drives that contained confidential or sensitive data. So what does a company need to do to manage the risk of data loss through mobile devices? This white paper outlines a rational, risk-based approach to data protection that’s designed particularly for the new world of mobile devices.
Mobile Security 2013 6 Historically, when new business process-changing technologies become available, e.g. Email, Web Services, Laptops, Wifi, Cloud Services, and now ubiquitous and heterogeneous Mobile Devices, the focus is on figuring out how to use and manage the technology. Worrying about securing it comes later. Then a familiar pattern is often repeated: a period of time is spent admiring the security problem; eventually a myriad of disparate “bolt on” point security solutions are developed; then finally security is integrated into the technology. Right now, Mobile technologies are somewhere between admiring the problem, and bolting on solutions. Mobile security vendors are in a rush to launch new products. Dozens of new point solutions are flooding the market, and enterprises are challenged to determine what they need, and how to integrate them into their infrastructure. The problem is that there is little discussion of what the business requirements for security actually are. Mobile Security is not just one thing. There are multifaceted threats and risks that need to be managed. These include secure identity and access control; data protection and content management; application management and security; malware protection; digital forensics, secure transport, monitoring and reporting, policy enforcement and device management. Each of these plays a critical part in managing risk, because no organization has the same risk profile. Balancing which to prioritize, and how much to implement takes expertise. WiFi Internet Bluetooth TelCom
Mobile Security 2013 7 MOBILE SECURITY LANDSCAPE USERS DATA APPS Secure Identity Access Control Privacy Controls Data Protection Content Management Digital Forensics Secure Transport Monitoring/Reporting Policy Enforcement Device Management Application Management Application Security Malware Protection NETWORKS & DEVICES
Mobile Security 2013 8 The key to real security is taking a risk-based approach. This means developing a set of practical business and securityrequirementsthatpointthewaytothetechnologies and policies that eliminate the most risk without unduly impacting usability and needed business functionality. This avoids the common backwards approach: buying a technology based on feature set, then figuring out how to integrate it into the business process. Establishing business security requirements involves answering the question, “secure from what?” Almost every organization will have a different answer. There will certainly be standard risk-based approaches and security features that apply across the board. But the priority of controls, the way they are implemented, and the way they are managed will be unique to each organization. The Twenty Critical Security Controls, developed by the SANS Institute, have helped many large enterprises and government agencies begin to transform security by focusing their spending on the key controls that block attacks that have the greatest overall impact on security. Several of these Critical Security Controls apply just as well to mobile devices as to traditional computers: • Asset and configuration management • Strong authentication and identity management • Protection of sensitive data at rest and in transit • Protection against Lost/stolen/decommissioned devices • Protection from malware for email or web • Device-specific Operating System vulnerabilities • Connecting to insecure/rogue wifi • Protection and management of web and email traffic The organization’s unique business requirements will determine where to start and how to build. For companies with intellectual property to protect, encryption will be a high priority; organizations that field many mobile apps might need to focus on application security; companies where users need to access internal applications might require strong identity management. Many tools are available for each area. Selecting the right one depends on an organization’s unique environment and requirements. To help define requirements and determine the best approach, DMI recommends a Five Step Mobile Risk Management Process. A RISK-BASED APPROACH
Mobile Security 2013 9 5 STEP PROCESS FOR MOBILE RISK MANAGEMENT Understand how employees want to use Mobile Devices and Applications Identify potential threats Define the impact to the business based on probable threat scenarios Develop policies and procedures to protect the business to an acceptable level Implement manageable procedural and technical controls, and monitor their effectiveness 1 2 3 4 5
Mobile Security 2013 10 UNDERSTAND USER REQUIREMENTS 1 Thismayvarybyindustry,businessneedsororganizational culture, but a typical list of user requirements for a personal mobile device is likely to include: • Access to enterprise applications (email, calendar, contacts, business appplications, Sharepoint servers, etc) • Ability to make both personal and professional calls • Privacy for personal employee activities, data, photos, emails, texts, and applications (i.e., no corporate collecting, monitoring, or tracking) • Prohibitionoforganizationalbackuporwipeofpersonal data
Mobile Security 2013 11 IDENTIFY POTENTIAL THREATS 2 Somecommonthreatsintroducedorexacerbatedbymobile devices are listed on the right. Like user requirements, threats that are relevant to any given organization will vary depending on industry, corporate culture, and current security program and architecture implementation. • Corporate loss of control of data on device (lost / stolen / decommissioned / employment separation) • Compromise of user credentials (malicious applications, insecure applications or operating systems, credentials passed in clear over public networks, phishing websites) • Unauthorized access to sensitive data (data passed over network in clear, data stored uncrypted on device, data backed up to uncontrolled system) • Devices (intentionally or unintentionally) used as recording devices (phone, or camera on during meetings, pictures or video of sensitive information) 6’0’’ 5’0’’ 4’0’’ 3’0’’
Mobile Security 2013 12 DEFINE THE IMPACT TO THE BUSINESS BASED ON PROBABLE THREAT SCENARIOS 3 Business risk is about loss of Confidentiality, Integrity, or Availability (CIA). Each kind of loss is associated with a different level of business impact. And the approaches to monitoring and protecting against each type of loss are different. An adversary might use a spear phishing email to compromise an endpoint to steal user credentials to accessadatabasetoexfiltratedata(lossofConfidentiality). Or, they could corrupt (loss of Integrity) or delete (loss of Availability) that data. One problem with traditional risk modeling is that it often setsa“value”foranassetbasedonasimplemeasurement, such as the cost of a lost device. But business impact value is more complicated--value of data, of business process, of loss of future revenue, etc. must all be considered. And the impact of a loss may even vary depending on how the asset is lost. For a given set of data, loss of Confidentiality (trade secrets fall into the hands of a competitor) might have a greater business impact than loss of Availability, or Integrity (the same data is deleted or corrupted). Standards need to be created that call out different levels of impact and different controls for each of these three (CIA) risks. More importantly, the likelihood and impact of a security event needs to be factored in to achieve better prioritization. A whole paper could be written about vulnerabilities in mobile operating systems, applications, or ActiveSync. But risk management is about playing to the rule and not the exception. A rational approach addresses the more likely and costly threats before getting to the more esoteric.
Mobile Security 2013 13 Loss of a device is very common—for most organizations, it’s likely to be a high priority for risk management. What about a hacker in a coffee shop sniffing WiFi traffic and pulling data or credentials off the air? This is where it’s necessary to think about unique business characteristics and how they influence risk: does your company manage a lot of intellectual property? Are there significant regulatory requirements for how to protect and control data? Do you have a diverse workforce distributed around the country, or around the globe with different privacy laws? Do your users only access email, or do you have critical business applications running on your mobile devices, or do you collect critical business data on them? These are the kinds of questions that need to be answered, and risks factored for each. A security program built around the threats that get the most “press” is likely to be both costly and ineffective. Successful programs address the risks that carry the greatest business impact and that are most likely to occur--like expecting that users will lose mobile devices.
Mobile Security 2013 14 DEVELOP POLICIES AND PROCEDURES TO PROTECT THE BUSINESS TOANACCEPTABLE LEVEL 4 Mobile security can be complicated. If the organization owns the mobile endpoints, the same security controls and policy processes can be applied as are being used to protect laptops: • Require good passwords • Encrypt the data • Antivirus (only effective on Android) • Educate users about phishing emails that ask for credentials • Educate users about application risks, don’t allow apps over public wifi • Keep phones out of meetings when talking about proprietary information ButBYODintroducessignificantprivacyissues.Employees might need to sign off on a policy that authorizes forensics testing on their device. Implementation becomes more complex because it may require separation for work email, calendar, contacts, phone, and documents from personal data. A policy should include: • Maintenance and management of a list of devices (linked to users) that are authorized to access company resources • Tracking of devices and users accessing company resources at any given time • Restricted access from devices with insufficient protection against compromise to data or user credentials • Controlled access to data, applications, and resources based policies such as data classification, user, device, network, or location (...)
Mobile Security 2013 15 An aditional item that might require discussion with HR or legal: Geo-location (do you need to know where your employees are?) This might have privacy implications whether company owned or BYOD. • Secured company data, at rest (at server and locally), and in transit (across mobile network or wifi) • Protection of devices from unauthorized access or malicious code • Maintenance of user privacy (email, texts, contacts, voicemails, applications, etc) • Regular security evaluation of all business applications to identify data leakage or unnecessary access to device resources (e.g., camera, contacts list, call history, etc) • Removal of corporate data from personal devices in case of loss, theft, or separation from employment.
Mobile Security 2013 16 IMPLEMENTMANAGEABLE PROCEDURAL,TECHNICAL CONTROLS & MONITOR THEIR EFFECTIVENESS STACKING MOBILE SECURITY 5 Once requirements have been established to mitigate the potential risks to the business it’s possible to estimate the size, scale, complexity, and budget for implementation. It might be that having better visibility of what devices are connected and insuring that they are encrypted is enough. AlotcanbedonewithActiveSync,whichdoesn’tcostanything. DEVICE FORENSICSSECURITY MATURITY LEVEL SECURITYREQUIREMENTS USER PRIVACY APPLICATION SECURITY SECURE PROTECTION DATA PROTECTION MALWARE PROTECTION DEVICE MANAGEMENT ASSET & CONFIGURATION MANAGEMENT COMPROMISED APPLICATIONS, PROTECTION OF OS VULNERABILITIES ENCRYPTION OF DATA AT REST AND IN TRANSIT 2 FACTOR OR CERTIFICATE- BASED AUTHENTICATION SECURE CODING: DATA LEAKAGE PROTECTION; APPLICATION POLICY CONTROLS REGULATORY COMPLIANCE; SEPARATION OF PERSONAL&BUSINESS DATA & APPS eDISCOVERY; HACKING OR MISS-USE EVENTS An MDM platform offers more control. Container, wrapper, or secure virtualization might be necessary to meet some security requirements. Requirements drive a progression from simple and inexpensive to more complex and costly as illustrated below.
Mobile Security 2013 17 Where risk management comes in is identifying in what sequence these would be implemented, based on needs of the business, and priorities for protection. The bottom line is that it takes a rational plan, and an understanding of available technologies. The number of mobile security technology tool companies is growing weekly. First MDMs, then containers, then application wrappers to give more granular control; then encryption tools, and strong authentication tools; application management tools, and even handsets with secure virtualization. Today, many enterprises struggle to to achieve application security – this is true both of commercial apps and custom apps. How to manage secure connectivity to mobile devices; how to secure the data contained in the apps; how to maintain app security by seamlessly pushing updates and patches to user devices… these have all become major concerns. And each layer of concern brings more cost and complexity. As enterprises are challenged to determine what tools are needed and how to integrate them, the key is to keep coming back to the question of which risks are the most impactful to the business. These are the areas that must be secured first. Deciding what level to achieve is the first step. Then research or assistance may be needed to understand all these tools and how they work together, how they integrate, and what benefits they bring. Finally, it’s necessary to set up a monitoring and management structure to maintain this posture going forward. Some organizations may choose to handle mobile security internally, others may outsource to specialists. Either way, it’s important to set the balance, applying the security that’s necessary without over spending on trying to cover everything. It takes a risk-based approach to prioritize organizational needs and develop a security architecture and process to match.
Zogby Analytics/HBGary Feb 25, 2013 Ponemon Institue 2013 Cost of Data Breach Study Ponemon Institute October 2011 Ponemon Institute 2011 Cost of Data Breach Study SOURCES
Stockholm Golden Gekko Bondegatan 64 c 116 33 Stockholm Sweden +46 855 921 601 sales@goldengekko.com Phnom Penh Street 106 House 14 Phnom Penh Kingdom of Cambodia +855 12 725 210 pp@goldengekko.com goldengekko.com mobilize yourideas London 22 Ganton Street London W1F 7BY United Kingdom Sales +44 20 3290 9955 Other +44 20 7558 8107 info@goldengekko.com Berlin Torstrasse 98 10119 Berlin Germany info@goldengekko.com 7th floor Tower 270 Condominium 86 Chambers Street New York USA info@goldengekko.com Barcelona Sales +34 93 001 3655 Other +34 93 001 3261 Fax +34 932 008 482 sales@goldengekko.com Bruc 49, ppal 08009 Barcelona Spain New York

Recommandé

Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprisesTaranggg11
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperNetIQ
 
Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for SecurityJoey Jablonski
 
The 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach StudyThe 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach StudyIBM Security
 

Recommandé

Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprisesTaranggg11
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperNetIQ
 
Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for SecurityJoey Jablonski
 
The 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach StudyThe 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach StudyIBM Security
 
An Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesAn Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesJerry Harding
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityBooz Allen Hamilton
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksIBM Security
 
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016Forrester-Wave-Digital_Risk_Monitoring-Q3-2016
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016rsouthal2003
 
Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?ObserveIT
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutionsJonny Nässlander
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust DesignationMurray Security Services
 
Get Prepared
Get PreparedGet Prepared
Get PreparedHewlett Packard Enterprise Business Value Exchange
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the worldSeqrite
 
You Are the Target
You Are the TargetYou Are the Target
You Are the TargetEMC
 
5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams 5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams Arun Chinnaraju MBA, PMP, CSM, CSPO, SA
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?IBM Security
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaEMC
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021Management Events
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printjames morris
 
Plan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestPlan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestHewlett Packard Enterprise Business Value Exchange
 
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframeBig Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframePrecisely
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITEnvision Technology Advisors
 
Mobile Application Security by Design
Mobile Application Security by DesignMobile Application Security by Design
Mobile Application Security by DesignDMI
 
Don't Mobilize Your Business – Reinvent It
Don't Mobilize Your Business – Reinvent ItDon't Mobilize Your Business – Reinvent It
Don't Mobilize Your Business – Reinvent ItDMI
 

Contenu connexe

Tendances

An Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesAn Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesJerry Harding
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityBooz Allen Hamilton
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksIBM Security
 
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016Forrester-Wave-Digital_Risk_Monitoring-Q3-2016
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016rsouthal2003
 
Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?ObserveIT
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the worldSeqrite
 
You Are the Target
You Are the TargetYou Are the Target
You Are the TargetEMC
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?IBM Security
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaEMC
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021Management Events
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printjames morris
 
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframeBig Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframePrecisely
 

Tendances (20)

An Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security PracticesAn Introduction to zOS Real-time Infrastructure and Security Practices
An Introduction to zOS Real-time Infrastructure and Security Practices
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of Mobility
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
 
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016Forrester-Wave-Digital_Risk_Monitoring-Q3-2016
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016
 
Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?Insider Threats: Out of Sight, Out of Mind?
Insider Threats: Out of Sight, Out of Mind?
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutions
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
 
Get Prepared
Get PreparedGet Prepared
Get Prepared
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world
 
You Are the Target
You Are the TargetYou Are the Target
You Are the Target
 
5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams 5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - China
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_print
 
Plan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestPlan for the Worst; Fight for the Best
Plan for the Worst; Fight for the Best
 
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframeBig Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of IT
 

En vedette

Mobile Application Security by Design
Mobile Application Security by DesignMobile Application Security by Design
Mobile Application Security by DesignDMI
 
Don't Mobilize Your Business – Reinvent It
Don't Mobilize Your Business – Reinvent ItDon't Mobilize Your Business – Reinvent It
Don't Mobilize Your Business – Reinvent ItDMI
 
Cambodian Life - Living and Working in Phnom Penh
Cambodian Life - Living and Working in Phnom PenhCambodian Life - Living and Working in Phnom Penh
Cambodian Life - Living and Working in Phnom PenhDMI
 
Innovation through Hackathons
Innovation through HackathonsInnovation through Hackathons
Innovation through HackathonsDMI
 
DMI – We Can See the Future
DMI – We Can See the FutureDMI – We Can See the Future
DMI – We Can See the FutureDMI
 
Top 8 Enterprise Mobility Trends 2015
Top 8 Enterprise Mobility Trends 2015Top 8 Enterprise Mobility Trends 2015
Top 8 Enterprise Mobility Trends 2015DMI
 
DMI – World Gaming Executive Summit
DMI – World Gaming Executive SummitDMI – World Gaming Executive Summit
DMI – World Gaming Executive SummitDMI
 
10 Design Trends 2015 - UX & UI Trends for Mobile Solutions
10 Design Trends 2015 - UX & UI Trends for Mobile Solutions10 Design Trends 2015 - UX & UI Trends for Mobile Solutions
10 Design Trends 2015 - UX & UI Trends for Mobile SolutionsDMI
 
Top 10 Trends for Winners in Mobile 2016
Top 10 Trends for Winners in Mobile 2016Top 10 Trends for Winners in Mobile 2016
Top 10 Trends for Winners in Mobile 2016DMI
 
Top 10 Mobile Trends 2015
Top 10 Mobile Trends 2015Top 10 Mobile Trends 2015
Top 10 Mobile Trends 2015DMI
 
Top 10 Trends at MWC16
Top 10 Trends at MWC16Top 10 Trends at MWC16
Top 10 Trends at MWC16DMI
 
DMI 2017 Mobile Trends
DMI 2017 Mobile TrendsDMI 2017 Mobile Trends
DMI 2017 Mobile TrendsDMI
 

En vedette (12)

Mobile Application Security by Design
Mobile Application Security by DesignMobile Application Security by Design
Mobile Application Security by Design
 
Don't Mobilize Your Business – Reinvent It
Don't Mobilize Your Business – Reinvent ItDon't Mobilize Your Business – Reinvent It
Don't Mobilize Your Business – Reinvent It
 
Cambodian Life - Living and Working in Phnom Penh
Cambodian Life - Living and Working in Phnom PenhCambodian Life - Living and Working in Phnom Penh
Cambodian Life - Living and Working in Phnom Penh
 
Innovation through Hackathons
Innovation through HackathonsInnovation through Hackathons
Innovation through Hackathons
 
DMI – We Can See the Future
DMI – We Can See the FutureDMI – We Can See the Future
DMI – We Can See the Future
 
Top 8 Enterprise Mobility Trends 2015
Top 8 Enterprise Mobility Trends 2015Top 8 Enterprise Mobility Trends 2015
Top 8 Enterprise Mobility Trends 2015
 
DMI – World Gaming Executive Summit
DMI – World Gaming Executive SummitDMI – World Gaming Executive Summit
DMI – World Gaming Executive Summit
 
10 Design Trends 2015 - UX & UI Trends for Mobile Solutions
10 Design Trends 2015 - UX & UI Trends for Mobile Solutions10 Design Trends 2015 - UX & UI Trends for Mobile Solutions
10 Design Trends 2015 - UX & UI Trends for Mobile Solutions
 
Top 10 Trends for Winners in Mobile 2016
Top 10 Trends for Winners in Mobile 2016Top 10 Trends for Winners in Mobile 2016
Top 10 Trends for Winners in Mobile 2016
 
Top 10 Mobile Trends 2015
Top 10 Mobile Trends 2015Top 10 Mobile Trends 2015
Top 10 Mobile Trends 2015
 
Top 10 Trends at MWC16
Top 10 Trends at MWC16Top 10 Trends at MWC16
Top 10 Trends at MWC16
 
DMI 2017 Mobile Trends
DMI 2017 Mobile TrendsDMI 2017 Mobile Trends
DMI 2017 Mobile Trends
 

Similaire à 5 steps-to-mobile-risk-management-whitepaper-golden-gekko

5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsCognizant
 
Cybersecurity – a critical business issue
Cybersecurity – a critical business issueCybersecurity – a critical business issue
Cybersecurity – a critical business issueSonaliG6
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeSean Varga
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecJessica Lavery Pozerski
 
Peoplesoft Best Practices for Maintaining Security
Peoplesoft Best Practices for Maintaining SecurityPeoplesoft Best Practices for Maintaining Security
Peoplesoft Best Practices for Maintaining SecurityAppsian
 
Peoplesoft Erp
Peoplesoft ErpPeoplesoft Erp
Peoplesoft ErpAppsian
 
Appsian securing mobile_ess_solution_brief
Appsian securing mobile_ess_solution_briefAppsian securing mobile_ess_solution_brief
Appsian securing mobile_ess_solution_briefAppsian
 
Big Data Analytics Solutions
Big Data Analytics SolutionsBig Data Analytics Solutions
Big Data Analytics Solutionsharman041
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Complicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analyticsComplicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analyticsCA Technologies
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
Cyber Security Solutions in Europe
Cyber Security Solutions in Europe Cyber Security Solutions in Europe
Cyber Security Solutions in Europe Securityium
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionEMC
 

Similaire à 5 steps-to-mobile-risk-management-whitepaper-golden-gekko (20)

5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting Reputations
 
Cybersecurity – a critical business issue
Cybersecurity – a critical business issueCybersecurity – a critical business issue
Cybersecurity – a critical business issue
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracode
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSec
 
Peoplesoft Best Practices for Maintaining Security
Peoplesoft Best Practices for Maintaining SecurityPeoplesoft Best Practices for Maintaining Security
Peoplesoft Best Practices for Maintaining Security
 
Peoplesoft Erp
Peoplesoft ErpPeoplesoft Erp
Peoplesoft Erp
 
Appsian securing mobile_ess_solution_brief
Appsian securing mobile_ess_solution_briefAppsian securing mobile_ess_solution_brief
Appsian securing mobile_ess_solution_brief
 
A data-centric program
A data-centric program A data-centric program
A data-centric program
 
Big Data Analytics Solutions
Big Data Analytics SolutionsBig Data Analytics Solutions
Big Data Analytics Solutions
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Complicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analyticsComplicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analytics
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
Cyber Security Solutions in Europe
Cyber Security Solutions in Europe Cyber Security Solutions in Europe
Cyber Security Solutions in Europe
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud Prevention
 

Plus de DMI

CX Audit Workshop
CX Audit WorkshopCX Audit Workshop
CX Audit WorkshopDMI
 
7 Trends & Insights MWC 2017
7 Trends & Insights MWC 20177 Trends & Insights MWC 2017
7 Trends & Insights MWC 2017DMI
 
MWC 2015 - A Recap of the Key Announcements, Highlights and Trends
MWC 2015 - A Recap of the Key Announcements, Highlights and TrendsMWC 2015 - A Recap of the Key Announcements, Highlights and Trends
MWC 2015 - A Recap of the Key Announcements, Highlights and TrendsDMI
 
Top 8 Mobile Finance Trends 2015
Top 8 Mobile Finance Trends 2015Top 8 Mobile Finance Trends 2015
Top 8 Mobile Finance Trends 2015DMI
 
UX & UI Design - Differentiate through design
UX & UI Design - Differentiate through designUX & UI Design - Differentiate through design
UX & UI Design - Differentiate through designDMI
 
Winning the mobile user in 2015
Winning the mobile user in 2015Winning the mobile user in 2015
Winning the mobile user in 2015DMI
 
Golden Gekko presentation Google I/O 2014
Golden Gekko presentation Google I/O 2014Golden Gekko presentation Google I/O 2014
Golden Gekko presentation Google I/O 2014DMI
 
Golden Gekko Review of iOS8- for users and developers
Golden Gekko Review of iOS8- for users and developersGolden Gekko Review of iOS8- for users and developers
Golden Gekko Review of iOS8- for users and developersDMI
 
User Testing- guiding the way to success
User Testing- guiding the way to successUser Testing- guiding the way to success
User Testing- guiding the way to successDMI
 
Golden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacyGolden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacyDMI
 
MWC 2014- key highlights, trends and announcements
MWC 2014- key highlights, trends and announcementsMWC 2014- key highlights, trends and announcements
MWC 2014- key highlights, trends and announcementsDMI
 
Warburtons Enterprise App Case Study
Warburtons Enterprise App Case StudyWarburtons Enterprise App Case Study
Warburtons Enterprise App Case StudyDMI
 
An introduction to Beacons
An introduction to BeaconsAn introduction to Beacons
An introduction to BeaconsDMI
 
2014 UX/UI trends for mobile solutions
2014 UX/UI trends for mobile solutions2014 UX/UI trends for mobile solutions
2014 UX/UI trends for mobile solutionsDMI
 
Mobile Marketing presentation from Magnus Jern, CEO Golden Gekko, at CREA Dig...
Mobile Marketing presentation from Magnus Jern, CEO Golden Gekko, at CREA Dig...Mobile Marketing presentation from Magnus Jern, CEO Golden Gekko, at CREA Dig...
Mobile Marketing presentation from Magnus Jern, CEO Golden Gekko, at CREA Dig...DMI
 
Top mobile trends 2014
Top mobile trends 2014Top mobile trends 2014
Top mobile trends 2014DMI
 
Google Cloud Lightning Talk
Google Cloud Lightning TalkGoogle Cloud Lightning Talk
Google Cloud Lightning TalkDMI
 
6 quick wins for enterprise mobility infographic
6 quick wins for enterprise mobility infographic6 quick wins for enterprise mobility infographic
6 quick wins for enterprise mobility infographicDMI
 

Plus de DMI (18)

CX Audit Workshop
CX Audit WorkshopCX Audit Workshop
CX Audit Workshop
 
7 Trends & Insights MWC 2017
7 Trends & Insights MWC 20177 Trends & Insights MWC 2017
7 Trends & Insights MWC 2017
 
MWC 2015 - A Recap of the Key Announcements, Highlights and Trends
MWC 2015 - A Recap of the Key Announcements, Highlights and TrendsMWC 2015 - A Recap of the Key Announcements, Highlights and Trends
MWC 2015 - A Recap of the Key Announcements, Highlights and Trends
 
Top 8 Mobile Finance Trends 2015
Top 8 Mobile Finance Trends 2015Top 8 Mobile Finance Trends 2015
Top 8 Mobile Finance Trends 2015
 
UX & UI Design - Differentiate through design
UX & UI Design - Differentiate through designUX & UI Design - Differentiate through design
UX & UI Design - Differentiate through design
 
Winning the mobile user in 2015
Winning the mobile user in 2015Winning the mobile user in 2015
Winning the mobile user in 2015
 
Golden Gekko presentation Google I/O 2014
Golden Gekko presentation Google I/O 2014Golden Gekko presentation Google I/O 2014
Golden Gekko presentation Google I/O 2014
 
Golden Gekko Review of iOS8- for users and developers
Golden Gekko Review of iOS8- for users and developersGolden Gekko Review of iOS8- for users and developers
Golden Gekko Review of iOS8- for users and developers
 
User Testing- guiding the way to success
User Testing- guiding the way to successUser Testing- guiding the way to success
User Testing- guiding the way to success
 
Golden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacyGolden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacy
 
MWC 2014- key highlights, trends and announcements
MWC 2014- key highlights, trends and announcementsMWC 2014- key highlights, trends and announcements
MWC 2014- key highlights, trends and announcements
 
Warburtons Enterprise App Case Study
Warburtons Enterprise App Case StudyWarburtons Enterprise App Case Study
Warburtons Enterprise App Case Study
 
An introduction to Beacons
An introduction to BeaconsAn introduction to Beacons
An introduction to Beacons
 
2014 UX/UI trends for mobile solutions
2014 UX/UI trends for mobile solutions2014 UX/UI trends for mobile solutions
2014 UX/UI trends for mobile solutions
 
Mobile Marketing presentation from Magnus Jern, CEO Golden Gekko, at CREA Dig...
Mobile Marketing presentation from Magnus Jern, CEO Golden Gekko, at CREA Dig...Mobile Marketing presentation from Magnus Jern, CEO Golden Gekko, at CREA Dig...
Mobile Marketing presentation from Magnus Jern, CEO Golden Gekko, at CREA Dig...
 
Top mobile trends 2014
Top mobile trends 2014Top mobile trends 2014
Top mobile trends 2014
 
Google Cloud Lightning Talk
Google Cloud Lightning TalkGoogle Cloud Lightning Talk
Google Cloud Lightning Talk
 
6 quick wins for enterprise mobility infographic
6 quick wins for enterprise mobility infographic6 quick wins for enterprise mobility infographic
6 quick wins for enterprise mobility infographic
 

Dernier

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 

Dernier (20)

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 

5 steps-to-mobile-risk-management-whitepaper-golden-gekko

  • 1. 5 STEPS TO MOBILE RISK MANAGEMENT
  • 2. OF AMERICAN INVESTORS SAY THEY AREN’T LIKELY TO INVEST IN COMPANIES THAT HAVE SUFFERED MULTIPLE CYBER ATTACKS. 80%
  • 3. ANALYSTS ESTIMATE THAT DATABREACHESCOSTLARGE ENTERPRISES AN AVERAGE OF$5.4MILLIONPERBREACH. $5.4
  • 4. NEARLY40%OFORGANIZATIONS HAD DATA BREACHES RESULTING FROMLOSTORSTOLENDEVICES. 40%
  • 5. Nearly 80% of American investors say they aren’t likely to invest in companies that have suffered multiple cyber attacks. Analysts estimate that data breaches cost large enterprises an average of $5.4 million per breach and can erode brand value by hundreds of millions of dollars. As data breaches have damaged business performance and company valuations, data security concerns have broken out of the CIO’s office and into the boardroom, where CEOs are being challenged to explain what they’re doing to ensure that vital revenue streams and shareholder value is being safeguarded. INTRODUCTION As the business stakes have been raised, the explosive growth in mobile devices has multiplied the threat. Nearly 40% of organizations in another recent study had data breaches resulting from lost or stolen mobile devices, including tablet computers, smartphones and USB drives that contained confidential or sensitive data. So what does a company need to do to manage the risk of data loss through mobile devices? This white paper outlines a rational, risk-based approach to data protection that’s designed particularly for the new world of mobile devices.
  • 6. Mobile Security 2013 6 Historically, when new business process-changing technologies become available, e.g. Email, Web Services, Laptops, Wifi, Cloud Services, and now ubiquitous and heterogeneous Mobile Devices, the focus is on figuring out how to use and manage the technology. Worrying about securing it comes later. Then a familiar pattern is often repeated: a period of time is spent admiring the security problem; eventually a myriad of disparate “bolt on” point security solutions are developed; then finally security is integrated into the technology. Right now, Mobile technologies are somewhere between admiring the problem, and bolting on solutions. Mobile security vendors are in a rush to launch new products. Dozens of new point solutions are flooding the market, and enterprises are challenged to determine what they need, and how to integrate them into their infrastructure. The problem is that there is little discussion of what the business requirements for security actually are. Mobile Security is not just one thing. There are multifaceted threats and risks that need to be managed. These include secure identity and access control; data protection and content management; application management and security; malware protection; digital forensics, secure transport, monitoring and reporting, policy enforcement and device management. Each of these plays a critical part in managing risk, because no organization has the same risk profile. Balancing which to prioritize, and how much to implement takes expertise. WiFi Internet Bluetooth TelCom
  • 7. Mobile Security 2013 7 MOBILE SECURITY LANDSCAPE USERS DATA APPS Secure Identity Access Control Privacy Controls Data Protection Content Management Digital Forensics Secure Transport Monitoring/Reporting Policy Enforcement Device Management Application Management Application Security Malware Protection NETWORKS & DEVICES
  • 8. Mobile Security 2013 8 The key to real security is taking a risk-based approach. This means developing a set of practical business and securityrequirementsthatpointthewaytothetechnologies and policies that eliminate the most risk without unduly impacting usability and needed business functionality. This avoids the common backwards approach: buying a technology based on feature set, then figuring out how to integrate it into the business process. Establishing business security requirements involves answering the question, “secure from what?” Almost every organization will have a different answer. There will certainly be standard risk-based approaches and security features that apply across the board. But the priority of controls, the way they are implemented, and the way they are managed will be unique to each organization. The Twenty Critical Security Controls, developed by the SANS Institute, have helped many large enterprises and government agencies begin to transform security by focusing their spending on the key controls that block attacks that have the greatest overall impact on security. Several of these Critical Security Controls apply just as well to mobile devices as to traditional computers: • Asset and configuration management • Strong authentication and identity management • Protection of sensitive data at rest and in transit • Protection against Lost/stolen/decommissioned devices • Protection from malware for email or web • Device-specific Operating System vulnerabilities • Connecting to insecure/rogue wifi • Protection and management of web and email traffic The organization’s unique business requirements will determine where to start and how to build. For companies with intellectual property to protect, encryption will be a high priority; organizations that field many mobile apps might need to focus on application security; companies where users need to access internal applications might require strong identity management. Many tools are available for each area. Selecting the right one depends on an organization’s unique environment and requirements. To help define requirements and determine the best approach, DMI recommends a Five Step Mobile Risk Management Process. A RISK-BASED APPROACH
  • 9. Mobile Security 2013 9 5 STEP PROCESS FOR MOBILE RISK MANAGEMENT Understand how employees want to use Mobile Devices and Applications Identify potential threats Define the impact to the business based on probable threat scenarios Develop policies and procedures to protect the business to an acceptable level Implement manageable procedural and technical controls, and monitor their effectiveness 1 2 3 4 5
  • 10. Mobile Security 2013 10 UNDERSTAND USER REQUIREMENTS 1 Thismayvarybyindustry,businessneedsororganizational culture, but a typical list of user requirements for a personal mobile device is likely to include: • Access to enterprise applications (email, calendar, contacts, business appplications, Sharepoint servers, etc) • Ability to make both personal and professional calls • Privacy for personal employee activities, data, photos, emails, texts, and applications (i.e., no corporate collecting, monitoring, or tracking) • Prohibitionoforganizationalbackuporwipeofpersonal data
  • 11. Mobile Security 2013 11 IDENTIFY POTENTIAL THREATS 2 Somecommonthreatsintroducedorexacerbatedbymobile devices are listed on the right. Like user requirements, threats that are relevant to any given organization will vary depending on industry, corporate culture, and current security program and architecture implementation. • Corporate loss of control of data on device (lost / stolen / decommissioned / employment separation) • Compromise of user credentials (malicious applications, insecure applications or operating systems, credentials passed in clear over public networks, phishing websites) • Unauthorized access to sensitive data (data passed over network in clear, data stored uncrypted on device, data backed up to uncontrolled system) • Devices (intentionally or unintentionally) used as recording devices (phone, or camera on during meetings, pictures or video of sensitive information) 6’0’’ 5’0’’ 4’0’’ 3’0’’
  • 12. Mobile Security 2013 12 DEFINE THE IMPACT TO THE BUSINESS BASED ON PROBABLE THREAT SCENARIOS 3 Business risk is about loss of Confidentiality, Integrity, or Availability (CIA). Each kind of loss is associated with a different level of business impact. And the approaches to monitoring and protecting against each type of loss are different. An adversary might use a spear phishing email to compromise an endpoint to steal user credentials to accessadatabasetoexfiltratedata(lossofConfidentiality). Or, they could corrupt (loss of Integrity) or delete (loss of Availability) that data. One problem with traditional risk modeling is that it often setsa“value”foranassetbasedonasimplemeasurement, such as the cost of a lost device. But business impact value is more complicated--value of data, of business process, of loss of future revenue, etc. must all be considered. And the impact of a loss may even vary depending on how the asset is lost. For a given set of data, loss of Confidentiality (trade secrets fall into the hands of a competitor) might have a greater business impact than loss of Availability, or Integrity (the same data is deleted or corrupted). Standards need to be created that call out different levels of impact and different controls for each of these three (CIA) risks. More importantly, the likelihood and impact of a security event needs to be factored in to achieve better prioritization. A whole paper could be written about vulnerabilities in mobile operating systems, applications, or ActiveSync. But risk management is about playing to the rule and not the exception. A rational approach addresses the more likely and costly threats before getting to the more esoteric.
  • 13. Mobile Security 2013 13 Loss of a device is very common—for most organizations, it’s likely to be a high priority for risk management. What about a hacker in a coffee shop sniffing WiFi traffic and pulling data or credentials off the air? This is where it’s necessary to think about unique business characteristics and how they influence risk: does your company manage a lot of intellectual property? Are there significant regulatory requirements for how to protect and control data? Do you have a diverse workforce distributed around the country, or around the globe with different privacy laws? Do your users only access email, or do you have critical business applications running on your mobile devices, or do you collect critical business data on them? These are the kinds of questions that need to be answered, and risks factored for each. A security program built around the threats that get the most “press” is likely to be both costly and ineffective. Successful programs address the risks that carry the greatest business impact and that are most likely to occur--like expecting that users will lose mobile devices.
  • 14. Mobile Security 2013 14 DEVELOP POLICIES AND PROCEDURES TO PROTECT THE BUSINESS TOANACCEPTABLE LEVEL 4 Mobile security can be complicated. If the organization owns the mobile endpoints, the same security controls and policy processes can be applied as are being used to protect laptops: • Require good passwords • Encrypt the data • Antivirus (only effective on Android) • Educate users about phishing emails that ask for credentials • Educate users about application risks, don’t allow apps over public wifi • Keep phones out of meetings when talking about proprietary information ButBYODintroducessignificantprivacyissues.Employees might need to sign off on a policy that authorizes forensics testing on their device. Implementation becomes more complex because it may require separation for work email, calendar, contacts, phone, and documents from personal data. A policy should include: • Maintenance and management of a list of devices (linked to users) that are authorized to access company resources • Tracking of devices and users accessing company resources at any given time • Restricted access from devices with insufficient protection against compromise to data or user credentials • Controlled access to data, applications, and resources based policies such as data classification, user, device, network, or location (...)
  • 15. Mobile Security 2013 15 An aditional item that might require discussion with HR or legal: Geo-location (do you need to know where your employees are?) This might have privacy implications whether company owned or BYOD. • Secured company data, at rest (at server and locally), and in transit (across mobile network or wifi) • Protection of devices from unauthorized access or malicious code • Maintenance of user privacy (email, texts, contacts, voicemails, applications, etc) • Regular security evaluation of all business applications to identify data leakage or unnecessary access to device resources (e.g., camera, contacts list, call history, etc) • Removal of corporate data from personal devices in case of loss, theft, or separation from employment.
  • 16. Mobile Security 2013 16 IMPLEMENTMANAGEABLE PROCEDURAL,TECHNICAL CONTROLS & MONITOR THEIR EFFECTIVENESS STACKING MOBILE SECURITY 5 Once requirements have been established to mitigate the potential risks to the business it’s possible to estimate the size, scale, complexity, and budget for implementation. It might be that having better visibility of what devices are connected and insuring that they are encrypted is enough. AlotcanbedonewithActiveSync,whichdoesn’tcostanything. DEVICE FORENSICSSECURITY MATURITY LEVEL SECURITYREQUIREMENTS USER PRIVACY APPLICATION SECURITY SECURE PROTECTION DATA PROTECTION MALWARE PROTECTION DEVICE MANAGEMENT ASSET & CONFIGURATION MANAGEMENT COMPROMISED APPLICATIONS, PROTECTION OF OS VULNERABILITIES ENCRYPTION OF DATA AT REST AND IN TRANSIT 2 FACTOR OR CERTIFICATE- BASED AUTHENTICATION SECURE CODING: DATA LEAKAGE PROTECTION; APPLICATION POLICY CONTROLS REGULATORY COMPLIANCE; SEPARATION OF PERSONAL&BUSINESS DATA & APPS eDISCOVERY; HACKING OR MISS-USE EVENTS An MDM platform offers more control. Container, wrapper, or secure virtualization might be necessary to meet some security requirements. Requirements drive a progression from simple and inexpensive to more complex and costly as illustrated below.
  • 17. Mobile Security 2013 17 Where risk management comes in is identifying in what sequence these would be implemented, based on needs of the business, and priorities for protection. The bottom line is that it takes a rational plan, and an understanding of available technologies. The number of mobile security technology tool companies is growing weekly. First MDMs, then containers, then application wrappers to give more granular control; then encryption tools, and strong authentication tools; application management tools, and even handsets with secure virtualization. Today, many enterprises struggle to to achieve application security – this is true both of commercial apps and custom apps. How to manage secure connectivity to mobile devices; how to secure the data contained in the apps; how to maintain app security by seamlessly pushing updates and patches to user devices… these have all become major concerns. And each layer of concern brings more cost and complexity. As enterprises are challenged to determine what tools are needed and how to integrate them, the key is to keep coming back to the question of which risks are the most impactful to the business. These are the areas that must be secured first. Deciding what level to achieve is the first step. Then research or assistance may be needed to understand all these tools and how they work together, how they integrate, and what benefits they bring. Finally, it’s necessary to set up a monitoring and management structure to maintain this posture going forward. Some organizations may choose to handle mobile security internally, others may outsource to specialists. Either way, it’s important to set the balance, applying the security that’s necessary without over spending on trying to cover everything. It takes a risk-based approach to prioritize organizational needs and develop a security architecture and process to match.
  • 18. Zogby Analytics/HBGary Feb 25, 2013 Ponemon Institue 2013 Cost of Data Breach Study Ponemon Institute October 2011 Ponemon Institute 2011 Cost of Data Breach Study SOURCES
  • 19. Stockholm Golden Gekko Bondegatan 64 c 116 33 Stockholm Sweden +46 855 921 601 sales@goldengekko.com Phnom Penh Street 106 House 14 Phnom Penh Kingdom of Cambodia +855 12 725 210 pp@goldengekko.com goldengekko.com mobilize yourideas London 22 Ganton Street London W1F 7BY United Kingdom Sales +44 20 3290 9955 Other +44 20 7558 8107 info@goldengekko.com Berlin Torstrasse 98 10119 Berlin Germany info@goldengekko.com 7th floor Tower 270 Condominium 86 Chambers Street New York USA info@goldengekko.com Barcelona Sales +34 93 001 3655 Other +34 93 001 3261 Fax +34 932 008 482 sales@goldengekko.com Bruc 49, ppal 08009 Barcelona Spain New York