Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile Devices and Wireless Tracy Jackson Liz Nenni Matt Hinson Chris Eiben.

Published byIsaak Balsam Modified over 10 years ago

Similar presentations

Presentation on theme: "Mobile Devices and Wireless Tracy Jackson Liz Nenni Matt Hinson Chris Eiben."— Presentation transcript:

1 Mobile Devices and Wireless Tracy Jackson Liz Nenni Matt Hinson Chris Eiben

2 What is a Mobile Device/Wireless? Mobile Device: a device that is easy to use, enables remote access to business networks and the internet, and enables quick transfer of data. Mobile Device: a device that is easy to use, enables remote access to business networks and the internet, and enables quick transfer of data. Wireless Communication: the transfer of information over a distance without the use of electrical conductors or wires Wireless Communication: the transfer of information over a distance without the use of electrical conductors or wires

3 What are some examples of Mobile Devices? Laptops Laptops Cell Phones Cell Phones PDAs PDAs Flash Drives Flash Drives Bluetooth Bluetooth Mouse/Keyboard Mouse/Keyboard Mp3 Players Mp3 Players Garage Door Opener Garage Door Opener GPS GPS Cordless phone Cordless phone Cameras Cameras Graphing Calculator Graphing Calculator Nintendo Wii (game controllers) Nintendo Wii (game controllers)

4 How does Wireless Work? Wireless networks Wireless networks use electromagnetic radiation as their means of transmitting data through space. An access point (AP) device is physically connected to the LAN (typically a router) The AP has an antenna and sends and receives data packets through space A wireless device then connects to the WLAN using its transmitter to connect to the AP, and then to the LAN.

5 Survey

6 Growing Popularity Used for day to day activities Used for day to day activities Affordable Affordable Necessary to keep up with competitors using the same technology Necessary to keep up with competitors using the same technology Convenient Size Convenient Size

7 What are the Advantages? Enhanced productivity Enhanced productivity Portability: Stay connected even away from home or office, resulting in a more flexible work life Portability: Stay connected even away from home or office, resulting in a more flexible work life

8 Risk: Physical theft/loss of device Laptop theft accounted for 50% of reported security attacks. CSI, The 12th Annual Computer Crime and Security Survey, 2007 Laptop theft accounted for 50% of reported security attacks. CSI, The 12th Annual Computer Crime and Security Survey, 2007 Lost or stolen laptops and mobile devices are the most frequent cause of a data breach, accounting for 49% of data breaches in 2007. Ponemon Institute, U.S. Costs of a Data Breach, November 2007 Lost or stolen laptops and mobile devices are the most frequent cause of a data breach, accounting for 49% of data breaches in 2007. Ponemon Institute, U.S. Costs of a Data Breach, November 2007

9 Mitigation Cable Locks Cable Locks Never leave hardware unattended Never leave hardware unattended Make hardware as inconspicuous as possible Make hardware as inconspicuous as possible Invest in tracking/recovery software Invest in tracking/recovery software

10 Risk: Data loss/leakage 7 out of 10 government mobile devices are unencrypted. Government Accountability Office (GAO), IT Security: Federal Agency efforts to encrypt sensitive information are under way, but work remains, June 2008 7 out of 10 government mobile devices are unencrypted. Government Accountability Office (GAO), IT Security: Federal Agency efforts to encrypt sensitive information are under way, but work remains, June 2008 The cost of recovering from a single data breach now averages $6.3M - thats up 31 percent since 2006 and nearly 90 percent since 2005. Ponemon Institute, U.S. Costs of a Data Breach, November 2007 The cost of recovering from a single data breach now averages $6.3M - thats up 31 percent since 2006 and nearly 90 percent since 2005. Ponemon Institute, U.S. Costs of a Data Breach, November 2007

11 Wireless networks Infrastructure Mode Infrastructure Mode Ad-hoc mode Ad-hoc mode

12 Specific Threats to Wireless Networks Unauthorized use of service Unauthorized use of service Jamming Jamming Constant Jamming Constant Jamming Deceptive Jamming Deceptive Jamming

13 Mitigation Encryption Encryption Authentication Authentication

14

15 Common Sense Solutions Understand what is really at risk Understand what is really at risk Take controls seriously Take controls seriously Dont be too trusting of people Dont be too trusting of people Use technology for help Use technology for help TEST! TEST!

16 IS Auditing Guideline – Mobile Computing Planning Planning Obtain information regarding: intended use (business transactions or personal productivity), technology used, risk analysis, and policies used to manage computing Obtain information regarding: intended use (business transactions or personal productivity), technology used, risk analysis, and policies used to manage computing Conduct interviews and document analysis Conduct interviews and document analysis If a 3rd party is used to outsource IS or business function, review the agreement If a 3rd party is used to outsource IS or business function, review the agreement Relate risks to the criticality of the information stored on the mobile devices Relate risks to the criticality of the information stored on the mobile devices

17 Risk Analysis Auditor should consider the following when performing the risk analysis: Auditor should consider the following when performing the risk analysis: Privacy – examine protocols and procedures that protect sensitive information on mobile devices (such as physical access controls) Privacy – examine protocols and procedures that protect sensitive information on mobile devices (such as physical access controls) Authentication – certificate indicated verification by a certification authority Authentication – certificate indicated verification by a certification authority 2 Factor Authentication – verifies that the device and the end user are authorized 2 Factor Authentication – verifies that the device and the end user are authorized Data Integrity – detect changes in content or message during storage or transmission Data Integrity – detect changes in content or message during storage or transmission Non Repudiation – user cannot deny processing a transaction Non Repudiation – user cannot deny processing a transaction Confidentiality and Encryption – using algorithms to transform data Confidentiality and Encryption – using algorithms to transform data Unauthorized Use Unauthorized Use

18 Work Plan & Performance Work Plan Work Plan Auditor documents how risks threaten business, security, and IS objectives, and the controls put in place to address the risks Auditor documents how risks threaten business, security, and IS objectives, and the controls put in place to address the risks Identify weaknesses Identify weaknesses Performance of Audit Performance of Audit If control weaknesses exist, additional procedures may be necessary If control weaknesses exist, additional procedures may be necessary Consider discussing the audit with stakeholders prior to issuing report Consider discussing the audit with stakeholders prior to issuing report

19 Auditing Wireless Networks Access control, transmission control, viruses, and monitoring access points are important risks to consider Access control, transmission control, viruses, and monitoring access points are important risks to consider Firewall generally secures information but WLAN creates new challenges because it easier to access. Therefore control is more important. Firewall generally secures information but WLAN creates new challenges because it easier to access. Therefore control is more important. (Ex) If an employee were to bring in an unauthorized router in to work, unauthorized users could potentially access the network from outside the building (Ex) If an employee were to bring in an unauthorized router in to work, unauthorized users could potentially access the network from outside the building Access Point (AP) – security of APs is crucial for wireless network auditing, consider unauthorized access, unauthorized APs, improperly configured APs, and Ad Hoc networks Access Point (AP) – security of APs is crucial for wireless network auditing, consider unauthorized access, unauthorized APs, improperly configured APs, and Ad Hoc networks An Auditor might walk around the building looking for markings left on the ground by hackers indicating a spot in range of a wireless network An Auditor might walk around the building looking for markings left on the ground by hackers indicating a spot in range of a wireless network Wireless auditor – an automated system that detects anomalies Wireless auditor – an automated system that detects anomalies

20 Sources Business Risks and Mobile Devices.pdf Business Risks and Mobile Devices.pdf Business Risks and Mobile Devices.pdf Business Risks and Mobile Devices.pdf Case-Study-IT-Asset-Security-Tool-Helps-Healthcare- Provider-Track-97-of Case-Study-IT-Asset-Security-Tool-Helps-Healthcare- Provider-Track-97-of Case-Study-IT-Asset-Security-Tool-Helps-Healthcare- Provider-Track-97-of Case-Study-IT-Asset-Security-Tool-Helps-Healthcare- Provider-Track-97-of Laptops.pdf Laptops.pdf Laptops.pdf IS Audit Guideline Mobile Computing.pdf IS Audit Guideline Mobile Computing.pdf IS Audit Guideline Mobile Computing.pdf IS Audit Guideline Mobile Computing.pdf Risk and Control in Wi-Fi.pdf Risk and Control in Wi-Fi.pdf Risk and Control in Wi-Fi.pdf Risk and Control in Wi-Fi.pdf Securing Laptops.pdf Securing Laptops.pdf Securing Laptops.pdf Securing Laptops.pdf Tips for Protecting Laptops.pdf Tips for Protecting Laptops.pdf Tips for Protecting Laptops.pdf Tips for Protecting Laptops.pdf What Every IT Auditor Should Know About Wireless.pdf What Every IT Auditor Should Know About Wireless.pdf What Every IT Auditor Should Know About Wireless.pdf What Every IT Auditor Should Know About Wireless.pdf

Download ppt "Mobile Devices and Wireless Tracy Jackson Liz Nenni Matt Hinson Chris Eiben."

Similar presentations

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Copyright Critical Software S.A. 1998-2008 All Rights Reserved. COTS based approach for the Multilevel Security Problem Bernardo Patrão.

Copyright Critical Software S.A All Rights Reserved. COTS based approach for the Multilevel Security Problem Bernardo Patrão.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,

Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.
Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.

Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.

Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.

Similar presentations

Ads by Google