System Characteristics • Statistics August 2011 This is trial version www.adultpdf.com System Characteristics • Of the world’s 30 top Mobile network operators by subscriber only three are not GSM (they are all CDMA) – India’s Reliance Communications (17th) – USA’s Verizon (19th) – China Telecom (21st) • Top – China Mobile – Singapore SingTel – UK Vodafone - 600 million - 382 million - 341 million This is trial version www.adultpdf.com System Characteristics • Others • Infrared – 125 devices • • • • Bluetooth – 1400 devices • • • Infrared (IR) refers to light waves of a lower frequency than human eyes can receive and interpret Infrared is a "line of sight" technology IrDA is a half-duplex, short-range data transfer technology About milliwatt strength Establishes what are known as piconets A piconet contains a minimum of two devices with a maximum of eight RFID – 280 staff with passports for business travel – Radio Frequency Identification – Used in credit/debit cards – Used in E-Passports • WiFi – networks – 802.11b/g/a/n This is trial version www.adultpdf.com Vulnerabilities • Any legal threats/vulnerabilities? – – – – – Singapore E-Commerce and Electronic Transactions Act 1998 Singapore Computer Misuse (Amendment) Bill 1998 Sarbanes Oxley Singapore Electronic Transactions Act Malaysia Computer Crimes Act This is trial version www.adultpdf.com Vulnerabilities • Other Issues – – – – – – – Web use Instant messaging Weak Access Controls Corporate data on insecure devices Viruses Bluetooth hacks Use of scanners, DVDs, USB This is trial version www.adultpdf.com Controls • Determine the current state of controls over mobile technology – Is there a Governance strategy and corresponding implementation? – Roles & responsibilities? – Access controls? • Mobiles, laptops, USB, tablets – Logging & monitoring? This is trial version www.adultpdf.com Controls • Determine controls to mitigate or eliminate the identified risks • The goal of the recommended controls is to reduce the level of risk to the IT system and its data to an acceptable level – Management’s risk tolerance • Input to the risk mitigation process, during which the recommended procedural and technical security controls are evaluated, prioritized, and implemented • Considerations: – Cost benefit analysis – Operational impact – Feasibility Technical controls Management controls Operational controls This is trial version www.adultpdf.com Controls • Implement Mobile Standards – Access controls • Passwords, inactivity lockouts, software use – Rules of use • Web browsing, corporate information in emails/instant messaging, Bluetooth • Implement Procedures – Registration, lost or stolen devices, termination This is trial version www.adultpdf.com Controls • Implement software controls – Antivirus • McAfee, F-Secure, AVG – Firewalls • Laptops & Smartphones – Encryption • EFS or BitLocker in Windows, PGP, Guardian Edge for smartphones – USB use controls This is trial version www.adultpdf.com Controls • Implement other controls – Patch management • Easy for laptops, more difficult for smartphones – Configuration management – DRP/BCP This is trial version www.adultpdf.com Web Sites • Audit of IT Governance – http://www.cic.gc.ca/english/resources/audit/governance.asp • Auditing Mobile – http://www.isaca.org/KnowledgeCenter/Research/ResearchDeliverables/Pages/Mobile-Computing-SecurityAudit-Assurance-Program.aspx* ISACA members • Laws and Mobile Security – ISACA Journal Volume 4, 2009- Impact of Laws & Regulations on Mobile Security, B Lewis • http://www.isaca.org/Journal/Past-Issues/2009/Volume-4/Pages/The-Impact-ofLaws-and-Regulations-on-Mobile-Technology1.aspx This is trial version www.adultpdf.com THANK YOU This is trial version www.adultpdf.com ... Laws and Mobile Security – ISACA Journal Volume 4, 2009- Impact of Laws & Regulations on Mobile Security, B Lewis • http://www.isaca.org/Journal/Past-Issues/2009/Volume-4/Pages/The-Impact-ofLaws-and-Regulations-on -Mobile- Technology1.aspx... identified risks • The goal of the recommended controls is to reduce the level of risk to the IT system and its data to an acceptable level – Management’s risk tolerance • Input to the risk mitigation... Audit of IT Governance – http://www.cic.gc.ca/english/resources/audit/governance.asp • Auditing Mobile – http://www.isaca.org/KnowledgeCenter/Research/ResearchDeliverables/Pages /Mobile- Computing-SecurityAudit-Assurance-Program.aspx*