Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright - 2008 Movidan, Inc. All rights reserved. 1 Dont think, however, that we have lost our taste for risk. We remain prepared to lose $6 billion.

Similar presentations


Presentation on theme: "Copyright - 2008 Movidan, Inc. All rights reserved. 1 Dont think, however, that we have lost our taste for risk. We remain prepared to lose $6 billion."— Presentation transcript:

1 Copyright Movidan, Inc. All rights reserved. 1 Dont think, however, that we have lost our taste for risk. We remain prepared to lose $6 billion in a single event, if we have been paid appropriately for assuming that risk. We are not willing, though, to take on even very small exposures at prices that dont reflect our evaluation of loss probabilities…Our behavior here parallels that which we employ in financial markets: Be fearful when others are greedy, and be greedy when others are fearful. Warren Buffett, 2006 Shareholder Letter3

2 Copyright Movidan, Inc. All rights reserved. 2 Risk Management in a Mobile World Presented by Bruce Christofferson

3 Copyright Movidan, Inc. All rights reserved. 3 Agenda Introduction Definitions Security Program Parts Risk Management Framework Smartphone Risk Evaluation Criteria Smartphone Controls to Implement Now Wrap Up

4 Copyright Movidan, Inc. All rights reserved. 4 Introduction Security Program developer for several wireless telecom providers Developed the Risk Management program for Cingular Founded the Mobile Technology Security Center at AT&T Now consulting at another Seattle area wireless telecom provider

5 Copyright Movidan, Inc. All rights reserved. 5 Definitions Feature vs. Smartphones Feature phone – simple PIM and browser, limited capability Smartphone – full-featured PIM, browser, and other applications Mobile Worker Regularly works out of office or on the road Company-Owned vs. Personally-Owned Smartphones Defined by who owns the smartphone at the end of the day

6 Copyright Movidan, Inc. All rights reserved. 6 Survey Questions A smartphone with company data – either personally or company owned? Support mobile workers with smartphones? Only allow company-owned smartphones to hold sensitive data? Have clear policies and requirements governing the use of those smartphones? Know what to do if your smartphone is lost or stolen?

7 Copyright Movidan, Inc. All rights reserved. 7 In the News Good News… By 2010, smartphones will be primary tool of mobile workforce… Ray Kurzweil, 2007 RSA conference Size and Growth of Smartphone Market Will Exceed Laptop Market for Next Five Years Smartphone OS-based phones will grow at more than a 30% compound annual growth rate for the next five years globally… Instat.com, 11/13/2007 Not so good news… Mobile malware very active in first quarter of 2008 Kaspersky, SC Magazine, 5/12/08 McAfee warns of mobile-malware threat ZD Net Asia, 2/13/08

8 Copyright Movidan, Inc. All rights reserved. 8 Consider the Smartphone Device size - a vulnerability Pointsec Mobile Technologies, Taxi Study month period 85,619 mobile phones 21,460 PDAs Pointsec Mobile Technologies, London Taxi Study Months 54,874 mobile phones 4,718 handheld PDAs British Crime Survey, ,000 people were the victim of mobile phone theft 90 percent of these phones are generally barred from active use within 48 hours

9 Copyright Movidan, Inc. All rights reserved. 9 Dont think, however, that we have lost our taste for risk. We remain prepared to lose $6 billion in a single event, if we have been paid appropriately for assuming that risk. We are not willing, though, to take on even very small exposures at prices that dont reflect our evaluation of loss probabilities…Our behavior here parallels that which we employ in financial markets: Be fearful when others are greedy, and be greedy when others are fearful. -Warren Buffett, 2006 Shareholder Letter3

10 Copyright Movidan, Inc. All rights reserved. 10 A Security Programs Parts

11 Copyright Movidan, Inc. All rights reserved. 11 A Security Programs Parts

12 Copyright Movidan, Inc. All rights reserved. 12 Risk Management Framework

13 Copyright Movidan, Inc. All rights reserved. 13 Risk Management Framework

14 Copyright Movidan, Inc. All rights reserved. 14 Definitions Risk Management Risk Vulnerability Exploit Threat Likelihood Impact Security Control

15 Copyright Movidan, Inc. All rights reserved. 15 Smartphone Risk Evaluation OS/platform security Bypassing security features Remote lock-down Security Management Malware attacks Apps certified, signed, and/or verified Policy setting granularity Easily wiped or killed OS extensibility Peripheral protection Device security implementation Over-The-Air (OTA) or hardwired management

16 Copyright Movidan, Inc. All rights reserved. 16 Risk Calculations

17 Copyright Movidan, Inc. All rights reserved. 17 Risk Management Framework

18 Copyright Movidan, Inc. All rights reserved. 18 Risk/Reward Equation

19 Copyright Movidan, Inc. All rights reserved. 19 Basic Smartphone Security Controls Strong passwords Device lock after period of inactivity Device wipe after X number invalid login attempt Data store encryption that supports eDiscovery regulations Assess, control, and audit the download of third-party applications Implement and enforce written smartphone security policies Develop a lost/stolen device process Create awareness program to help users understand their responsibilities in protecting sensitive company information

20 Copyright Movidan, Inc. All rights reserved. 20 Other Security Control Considerations Anti-Malware Software Everyone should play by the same rules A Mobile VPN and your perimeter Regulatory and contractual requirements Location based services (LBS) Personally owned vs. company owned phones

21 Copyright Movidan, Inc. All rights reserved. 21 Wrap Up Bruce Christofferson, CISSP, CISA, CISM


Download ppt "Copyright - 2008 Movidan, Inc. All rights reserved. 1 Dont think, however, that we have lost our taste for risk. We remain prepared to lose $6 billion."

Similar presentations


Ads by Google