1. www.adira.org Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management and Governance)  IS governance consultant, certified by ISACA, (CGEIT)  Teacher at ……..  IS Auditor trained at IAE of Paris  Operational experience based on more than 20 years as CIO in international environment

2. www.adira.org Governance & management rules 1/4  BYOD policy must be approved by executive management  Executive management receives regularly scheduled status reports on BYOD usage  Executive management receives on risk management status report on regular basis Governance structure Goal : BYOD is subject to oversight and monitoring by management Governance structure Goal : BYOD is subject to oversight and monitoring by management Policies Goal : Policies supporting BYOD initiatives have been defined, documented, approved, implemented and maintained Policies Goal : Policies supporting BYOD initiatives have been defined, documented, approved, implemented and maintained  Employee BYOD Agreement / Mobile Acceptable Use Policy (MAUP)  BYOD processes are integrated into HR services, policies, and compliance.  Limited access for third parties when connecting to the enterprise networks and IT systems  Exemptions from BYOD policies

3. www.adira.org  Impact analysis must be carried out to identify potential impacts and risk on BYOD approach  BYOD procedures must be updated according to the legal requirements Legal Goal : BYOD procedures comply with legal requirements and minimize the organization’s exposure to legal actions Legal Goal : BYOD procedures comply with legal requirements and minimize the organization’s exposure to legal actions  Identifying skills and competences needed for the BYOD environment  Setting up the process to support BYOD usage within the enterprise Technical and users support Goal : A support function, dedicated to BYOD area must be established to process technical and user issues Technical and users support Goal : A support function, dedicated to BYOD area must be established to process technical and user issues Governance & management rules 2/4

4. www.adira.org Governance & management rules 3/4  BYOD Initial Risk Assessment (prior to implementing the BYOD program) (data confidentiality, juridical, human, technical,..)  BYOD Ongoing Risk Assessment Risk management Goal : BYOD is subject to routine risk assessment processes Risk management Goal : BYOD is subject to routine risk assessment processes  Initial Training : BYOD users are required to attend initial training on BYOD policy and procedures  Security and Awareness Training : Security awareness, at least annually Training Goal : BYOD users attend initial orientation training and regular follow-up training Training Goal : BYOD users attend initial orientation training and regular follow-up training

5. www.adira.org Governance & management rules 4/4  Device Access Restrictions: BYOD users are required to restrict access to their devices.  Data Access / Encryption / Data Protection  Malware Protection: BYOD mobile devices are required to have standard anti-malware defenses.  ……. Mobile device layer security Goal : BYOD users are required to maintain basic security procedures for the device Mobile device layer security Goal : BYOD users are required to maintain basic security procedures for the device  Central management of BYOD devices characteristics, configuration, owner,....  Central management of IT procedures / Monitoring of BYOD usage  Remote management ....... Mobile device management Goal : Enterprises has to use an Identification and Maintenance of Configuration Items Mobile device management Goal : Enterprises has to use an Identification and Maintenance of Configuration Items

6. www.adira.org Maturity assessment, example and tools This spider graph is an example of the assessment results and maturity target for a BYOD management assessment Link to COBIT process

7. www.adira.org Going Further …Conclusion  Operational sales force tools  Attract talents  E-reputation  Users satisfaction / productivity  …….. BYOD phenomenon is a risk but could be a value creation opportunity Data governance encourages behavior in the valuation, creation, storage, use, archival and deletion of data and information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of data and information in enabling an organization to achieve its goals.  Data policies  Data classification and valuation  Data quality (accuracy, accessibility, consistency, completeness,…..)  Data compliance  Data security  Data management and ownership  ……….. BYOD reinforces the enterprise data management and governance needs

8. www.adira.org Questions Thanks for your attention