Running head: WIRELESS AND MOBILE SECURITY PLAN
Wireless and Mobile Security Plan
Patrick C. Behan
Regis University
Context: Our networks are becoming more vulnerable because of wireless and mobile computing. Ubiquitous devices can and do pose a significant vulnerability. In this activity, you are to think outside the box and determine how to best defend against these threats.
Scenario - You are an Information Security engineer for a midsized company. The company would like to offer direct sales of its “WigIT” app to its consumers on the World Wide Web. Your manager has asked you to prepare an informational paper for the Chief Executive Officer (CEO) on wireless and mobile risk management. What risks do you envision and how will
…show more content…
Also, what is the significance of these threats and how will they impact our day to day operations within the company. With the advent of the internet the way we secure our devices and/or data requires some time to think about what is the best way and not compromise customer or user satisfaction.
Employee interaction on all devices are relatively the same and have similar impact on all systems. Some companies are allowing you to bring your own device (BYOD) to work for an enhanced work experience and increased productivity. Some of the benefits from this are no tracking of daily productivity, the comfortability of having your own device, and lower costs to maintain company property. Depending on the size of your company BYOD could be extremely beneficial and allow the employees to take on much of the burden of debt to work at the company. The average mobile device cost approximately three hundred dollars and if you have anywhere from 10 to 20 employees that could raise the cost to about 500 dollars. Apple and windows users tend to be more familiar with their devices so it is easier to manipulate their business requirements as they need. Lastly, having the flexibility to utilize one device vice several saves a lot of discomfort whether on business or official travel. The ability to have your own dedicated
The next step is to identify the risks, threats and vulnerabilities. Hackers attack from the Internet, failure of hardware or software systems, or network outages are the most common threats. And common vulnerabilities are absence of firewall and antivirus software, absence of update patches, not adequately trained associates etc.
Providing wireless access to the employees would be beneficial for the organization in several ways. Cellular phones, laptops and tablets are all mobile devices that an employee can take with them whether it is within the same building or away from the office. Allowing an employee to access the network through a digital device at any location would improve availability to information when needed. For example, a sales person is away from the office making connections with product companies and he needs the part number of the products they specifically use in the shop, he can search for the information he needs by logging into to the network, through a Virtual Private Network (VPN) connection, with his phone or tablet and pull those numbers. The sales person can also pull real time inventory reports that are accurate and up to
I would say cyber attacks pose the biggest threats. Cyber attacks against companies like Lockheed Martin, Northrop-Grumman, Sony, Google, Visa and
The inappropriate disclosure or misuse of sensitive information by an employee may result in financial considerations and legal consequences for an organization. “Mobile devices provide all kinds of new scenarios for business data to go missing, be shared with others, or be stolen. You need to go into BYOD thinking this way, not just for everyday activity, but also when employees move on from your organization” (Arnold, n.d.).
Friedman, J., & Hoffman, D. V. (2008). Protecting data on mobile devices: A taxonomy of security threats to mobile computing and review of applicable defenses. Information Knowledge Systems Management, 7(1, 2), 159-180.
Risk management includes the “overall decision-making process of identifying threats and vulnerabilities and their potential impacts, determining the costs to mitigate such events, and deciding what actions are cost effective to take to control these risks” (Conklin et al, 2012, pg. 678). For the proper development of risk management techniques, every person at every level of the organization, especially those involved in the Information Security (IS) department “must be actively involved in the following activities:
When employees are motivated to work, productivity is high. According to IBM, employees are more comfortable with their personal phones and tend to have upgraded versions. The enterprise will then benefit from the latest features on the employees phones allowing them to be more productive. With that,
For example, all of our director and deputy directors have blackberry mobile devices. These devices are ideal to have when there’s a lot of travel that is in place. These gives the worker time to reply via email and still be able to not miss suspense’s and etc. just because they are not readily available as a typical office
The purpose of this security plan is to elicit the potential threats to an organisation physical and electronic information holdings. Organisations in general are starting to take information security more sincerely due to the proliferation of mobile services, VPN connections, terrorism and natural disasters. We must however acknowledge that this very technology advancement is regarded as efficient but is also leading to a higher level of security risks. These risks must be mitigated to ensure the confidentiality, integrity, and availability of information assets. (The SANS Institute. 2007)
Other types of risks could be the using of personal device at work. This principle is known as BYOD. BYOD is an IT policy where employees are allowed or encouraged to use their personal mobile device such as phones, tablets, and laptops to access enterprise data and systems. BYOD can expose a company network, and easily attract more attackers. Not only this kind of principle help the company, but it also can cause a serious security breach. Data theft is at high vulnerability when employees are using mobile devices, and particularly their own to share data, access company information, or neglect to change mobile passwords. It is important that a company that allows its employees to use their own devices to list BYOD in their risks list. To
Some of these critical challenges that this industry faces are: network access control, identification, authentication, wireless and mobility, and most recently, securing cloud computing. With the increase of technology, wireless devices, and number of attacks happening, our main goal is protect your network and increase productivity by identifying and eliminate threats before they happen. There are companies that haven’t been so lucky. The costs and potential consequences of security problems can be devastating, if not, disastrous.
Many companies in United States and around the world have started to worry about the iPhone usage and how much they are becoming dependent by organizations in order to conduct their business. Landman (2010) stated, “The threat from accidental or malicious misuse by employees is a significant threat to business” (p. 14). For this reason, using an iPhone in the workplace is putting companies on alert because the owner of the iPhone can store volatile information about their place where they work. Any information about the company such as e-mails, photos, and other digital evidence used in the work place could be sent to their competitors and used against the company itself and these are real life dangers in the corporate world.
As a first line of defense, many organizations enforce ActiveSync policies, preinstalled in most consumer mobile devices, to enforce password protection and remote wipe and lock. More sophisticated IT departments may request the installation of additional mobile device management software agents to extend corporate IT reach into any application and functionality of your device. While security and manageability are legitimate concerns for the company, most BYOD programs rely on IT tools that don’t make a clear separation between personal and corporate data and applications. As a result, in case of unauthorized access a real or presumed situation the whole content of the device is more or less likely to be deleted and the device will be unusable. In regards to privacy, from a legal standpoint the fact that the employee owns the device holds no bearing in the event of litigation. As mentioned earlier regarding discovery, the court may require forensic review of all devices in connection with the litigation. An employee participating in a company’s BYOD program may be asked to produce their personal devices for a third party examination. The employee will have to make any personal information stored in the device accessible. This also includes the history of websites visited; songs and movies download and played copies of financial
Massé, D. (2012). $389 M mobile application security market set to explode as threats increase. Microwave Journal, 55(11), 56-56.
Main Point 1: So, what are the possible threats on mobiles. According to Norton, an anti-malware software, some of the biggest issues in mobile security are related to device loss or device theft. In either case, sensitive corporate information could get into the wrong hands. Another big element of mobile security is preventing malware on mobile devices from attacking corporate systems. Yet another significant part of mobile security involves device data leakage, where mobile device screens can display information that could be captured by unauthorized parties.