SlideShare a Scribd company logo

ISACA smart security for smart devices

Download as PPTX, PDF
Marc Vael, profile picture
Marc Vael

The document discusses smart security strategies for smart mobile devices. It defines smart mobile devices and outlines their business benefits, including increased productivity and improved customer service. However, it also notes risks like data breaches and issues around network security and managing devices. The document recommends strategies like implementing policies and standards, providing education, reviewing security regularly through audits, and recognizing that security is only as strong as its weakest link.

Technology
1 of 42
Downloaded 43 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
Smart Security for Smart Mobile Devices Marc Vael International Vice-President
Smart Mobile Device Definition An electronic device that is • cordless (unless while being charged), • mobile (easily transportable), • always connected (via WiFi, 3G, 4G etc.) • capable of voice/video communication, internet browsing, "geo-location" (for search purposes) and that can operate to some extent autonomously.
ISACA smart security for smart devices
ISACA smart security for smart devices
ISACA smart security for smart devices
Smart Mobile Device Business Benefits 1. Increased workforce productivity—facilitates completion of work offsite (+40%). 2. Improved customer service—sales person or account manager can access the CRM system while at a customer site + provide ad hoc solutions & current customer account information. 3. Response to customer problems or questions at any time—35% improvement in customer satisfaction in best-in-business enterprises. 4. Improved turnaround times for problem resolution—more flexibility facing the challenges of time zones or office hours. 5. Increased business process efficiency—shortened & more efficient business processes. SCM+ by providing employees with information to speed the capture of inbound supply chain data + shortening feedback loop between supply chain and production planning. 6. Employee security & safety—one of the first reasons for mobile device adoption: allow employees to travel to/from remote locations while staying in touch. 7. Employee retention—management creates positives for business & employees. Using mobile devices can improve work-life balance by facilitating the ability of employees to work remotely: increase employee retention by up to 25%
Smart Mobile Device Business Benefits
ISACA smart security for smart devices
ISACA smart security for smart devices
ISACA smart security for smart devices
Impact of an attack on the business
Smart Mobile Device Risks ISACA, Business Risks & Security Assessment for Mobile Devices, January 2008
Smart Mobile Device Risks ISACA, Secure Mobile Devices, 20 July 2010, page 6
Smart Mobile Device Risks
ISACA smart security for smart devices
ISACA smart security for smart devices
Mobile Device Security Issues • Threats differ by industry (e.g. intelligence/security/ police forces, fuel and energy, health and disease control, transportation, media, financial, food, retail, etc.); thus countermeasures must appropriately match the threat. • Cost-benefit case for mobile devices depends solely on the value of corporate data at risk. Thus, critical data must be inventoried + appropriate security solutions implemented. • Businesses can not manage what they can not identify, track or measure. Critical information is not always inventoried and proactively secured. • Some companies outsource network security. When the third party employees leave, what customer data leave with them? Business data are available to providers with different business goals and objectives.
Mobile Device Security Issues • Network security issues include: ‣ Conventional firewall and VPN security systems are inadequate. ‣ Lack of integration with evolving WAN network security solutions. ‣ A blurred network perimeter can cause the boundary between the “private and locally managed and owned” side of a network and the “public and usually provider-managed” side of a network to be less clear. ‣ If communication can be intercepted, piggybacked, impersonated or rerouted to “bad” people, “good” people can look “bad” and “bad” people can look “good” from any location. ‣ Encrypted remote connections are assumed to be secure. Little consideration is given to securing the end point. E-mail and other communications are encrypted only from phone to phone, or mobile device to server. Beyond that point, e-mail, instant messages and file transfers may be transmitted unencrypted over the Internet. ‣ Ad hoc service provisioning: requesting and receiving application service on demand wherever one is located.
Mobile Device Security Issues
ISACA smart security for smart devices
ISACA smart security for smart devices
Business Model for Information Security
ISACA smart security for smart devices
ISACA, Business Risks & Security Assessment for Mobile Devices, January 2008
ISACA, Business Risks & Security Assessment for Mobile Devices, January 2008
ISACA smart security for smart devices
Smart device security strategies Policies & Standards
Smart device security strategies
Smart device security strategies EDUCATION!
Smart device security strategies Measuring performance
Smart device security metrics Most common security metrics used in evaluating the adequacy of mobile device security include: • Number of breaches or successful attacks • Virus protection and frequency of virus definition updates • Currency of patch management on the servers • Compliance with federal regulations • Cost of security solutions • Cost of loss • Evaluation of risk Are these metrics sufficient? Do you factor total cost of ownership? How do you measure the benefit & value of mobile devices and the security solutions? So, how can CISOs explain the value of incorporating adequate security?
Smart device security strategies Review / Audit
ISACA smart security for smart devices
Auditing Mobile Device Security 1. PLANNING & SCOPING THE AUDIT 1.1 Define audit/assurance objectives. 1.2 Define boundaries of review. 1.3 Identify & document risks. 1.4 Define assignment success. 1.5 Define audit/assurance resources required. 1.6 Define deliverables. 1.7 Communicate the process. 2. MOBILE DEVICE SECURITY 2.1 Mobile Device Security Policy 2.2 Risk Management 2.3 Device Management 2.4 Access Control 2.5 Stored Data 2.6 Malware Avoidance 2.7 Secure Transmission 2.8 Awareness Training
Conclusion s
Conclusion Business executives rarely know where to start. While mobile technology is burgeoning with new innovations, time-tested mitigation techniques and evolving tool sets are available and highly effective. Organizations need to: • Recognize mobile technology risks + commit resources to take decisive actions to control their vulnerabilities • Inventory high-value data & most serious exposures • Evaluate which countermeasures directly & cost-effectively reduce their highest risks • Implement reasonable strategy that phases in improvements in information security commensurate with risk & resources • Commit ongoing resources to revise & refine over time as circumstances evolve For business leaders who fail to implement sufficient safeguards, the costs can be catastrophic. With the integration of an increasingly networked world, their problems become everyone’s.
ISACA smart security for smart devices
ISACA smart security for smart devices
Your (device) security solution is as strong … … as its weakest link
“I don’t care how many millions of dollars you spend on security technology. If you don’t have people trained properly, I’m going to get in if I want to get in.” Susie Thunder, Cyberpunk
Contact information Marc Vael CISA, CISM, CISSP, CRISC, CGEIT, ITIL Service Manager International Vice-President ISACA 3701 Algonquin Road, Suite 1010 Rolling Meadows IL 60008 USA http://www.isaca.org/ marc@vael.net http://www.linkedin.com/in/marcvael http://twitter.com/marcvael
ISACA smart security for smart devices

More Related Content

PDF
2014 the future evolution of cybersecurity
Matthew Rosenquist
 
PDF
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
PDF
The Future of Cyber Security - Matthew Rosenquist
Matthew Rosenquist
 
PDF
Chapter 12 iso 27001 awareness
newbie2019
 
PPTX
Your cyber security webinar
Empired
 
PDF
IBM Security Strategy Overview
xband
 
PDF
Securing the Cloud by Matthew Rosenquist 2016
Matthew Rosenquist
 
PDF
Pivotal Role of HR in Cybersecurity
Matthew Rosenquist
 
2014 the future evolution of cybersecurity
Matthew Rosenquist
 
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
The Future of Cyber Security - Matthew Rosenquist
Matthew Rosenquist
 
Chapter 12 iso 27001 awareness
newbie2019
 
Your cyber security webinar
Empired
 
IBM Security Strategy Overview
xband
 
Securing the Cloud by Matthew Rosenquist 2016
Matthew Rosenquist
 
Pivotal Role of HR in Cybersecurity
Matthew Rosenquist
 

What's hot (19)

PDF
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 
PDF
Strategy considerations for building a security operations center
CMR WORLD TECH
 
PDF
System of security controls
S.E. CTS CERT-GOV-MD
 
PDF
True Cost of Data Breaches
Matthew Rosenquist
 
PDF
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
PPTX
Soc
Mukesh Chaudhari
 
PDF
Mergers and Acquisition Security - Areas of Interest
Matthew Rosenquist
 
PDF
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
Shah Sheikh
 
PDF
Cybersecurity for Energy: Moving Beyond Compliance
EnergySec
 
PPTX
SAM05_Barber PW (7-9-15)
Norm Barber
 
PDF
Security Transformation Services
xband
 
PDF
"Thinking diffrent" about your information security strategy
Jason Clark
 
PPTX
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Sirius
 
PPTX
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
IBM Security
 
PPTX
IT Security and Management - Prelim Lessons by Mark John Lado
Mark John Lado, MIT
 
PPTX
Practical steps for assessing tablet & mobile device security
EnclaveSecurity
 
PDF
Security operations center 5 security controls
AlienVault
 
PDF
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Matthew Rosenquist
 
PPTX
Your cyber security webinar
Intergen
 
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 
Strategy considerations for building a security operations center
CMR WORLD TECH
 
System of security controls
S.E. CTS CERT-GOV-MD
 
True Cost of Data Breaches
Matthew Rosenquist
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
Soc
Mukesh Chaudhari
 
Mergers and Acquisition Security - Areas of Interest
Matthew Rosenquist
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
Shah Sheikh
 
Cybersecurity for Energy: Moving Beyond Compliance
EnergySec
 
SAM05_Barber PW (7-9-15)
Norm Barber
 
Security Transformation Services
xband
 
"Thinking diffrent" about your information security strategy
Jason Clark
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Sirius
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
IBM Security
 
IT Security and Management - Prelim Lessons by Mark John Lado
Mark John Lado, MIT
 
Practical steps for assessing tablet & mobile device security
EnclaveSecurity
 
Security operations center 5 security controls
AlienVault
 
Challenges for the Next Generation of Cybersecurity Professionals - Matthew R...
Matthew Rosenquist
 
Your cyber security webinar
Intergen
 
Ad

Similar to ISACA smart security for smart devices (20)

PDF
6 Ways to Fight the Data Loss Gremlins
Intronis MSP Solutions by Barracuda
 
PDF
5 Steps to Mobile Risk Management
DMIMarketing
 
DOC
report on Mobile security
JAYANT RAJURKAR
 
PDF
Protect your hybrid workforce across the attack chain
David J Rosenthal
 
PDF
DigaCore _ Why Senior Living Staff Need Strong Mobile Device Security.pdf
Diga Core
 
PDF
Mobile Security: 5 Steps to Mobile Risk Management
DMIMarketing
 
PDF
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
DMI
 
PDF
Why Cybersecurity Services Are Non-Negotiable in Today’s Digital World.pdf
SingsysPteLtd1
 
PDF
ZS Infotech v1.0
Muhammad Zubair
 
PDF
The Role Of Data Analytics In Cybersecurity
ABMCollege2
 
PDF
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
SelectedPresentations
 
PPTX
Best Data Security Management: A Complete Guide for 2025
HawkShield
 
PPTX
Strengthening Data Rooms Amidst Rising Cyber Threats
Home
 
PDF
Delve Labs - Upcoming Security Challenges for the Internet of Things
Frederic Roy-Gobeil, CPA, CGA, M.Tax.
 
PPTX
What every executive needs to know about information technology security
Legal Services National Technology Assistance Project (LSNTAP)
 
PPT
Cognitive security
Iqra khalil
 
PDF
AGEOS Infrastructure Cyber Security White Paper
Mestizo Enterprises
 
PDF
Security White Paper
MobiWee
 
PDF
Safeguard Your Business
DWP Information Architects Inc.
 
PDF
Exploring Cybersecurity Services: Types, Relevance, and Becoming a Pro
Mobile Security
 
6 Ways to Fight the Data Loss Gremlins
Intronis MSP Solutions by Barracuda
 
5 Steps to Mobile Risk Management
DMIMarketing
 
report on Mobile security
JAYANT RAJURKAR
 
Protect your hybrid workforce across the attack chain
David J Rosenthal
 
DigaCore _ Why Senior Living Staff Need Strong Mobile Device Security.pdf
Diga Core
 
Mobile Security: 5 Steps to Mobile Risk Management
DMIMarketing
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
DMI
 
Why Cybersecurity Services Are Non-Negotiable in Today’s Digital World.pdf
SingsysPteLtd1
 
ZS Infotech v1.0
Muhammad Zubair
 
The Role Of Data Analytics In Cybersecurity
ABMCollege2
 
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
SelectedPresentations
 
Best Data Security Management: A Complete Guide for 2025
HawkShield
 
Strengthening Data Rooms Amidst Rising Cyber Threats
Home
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Frederic Roy-Gobeil, CPA, CGA, M.Tax.
 
What every executive needs to know about information technology security
Legal Services National Technology Assistance Project (LSNTAP)
 
Cognitive security
Iqra khalil
 
AGEOS Infrastructure Cyber Security White Paper
Mestizo Enterprises
 
Security White Paper
MobiWee
 
Safeguard Your Business
DWP Information Architects Inc.
 
Exploring Cybersecurity Services: Types, Relevance, and Becoming a Pro
Mobile Security
 
Ad

More from Marc Vael (20)

PDF
How secure are chat and webconf tools
Marc Vael
 
PDF
my experience as ciso
Marc Vael
 
PDF
Advantages of privacy by design in IoE
Marc Vael
 
PDF
Cybersecurity governance existing frameworks (nov 2015)
Marc Vael
 
PDF
Cybersecurity nexus vision
Marc Vael
 
PDF
ISACA Reporting relevant IT risks to stakeholders
Marc Vael
 
PDF
Cloud security lessons learned and audit
Marc Vael
 
PDF
Value-added it auditing
Marc Vael
 
PDF
ISACA Internet of Things open forum presentation
Marc Vael
 
PDF
hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?
Marc Vael
 
PDF
The value of big data analytics
Marc Vael
 
PDF
Social media risks and controls
Marc Vael
 
PDF
The view of auditor on cybercrime
Marc Vael
 
PDF
ISACA Mobile Payments Forum presentation
Marc Vael
 
PDF
Belgian Data Protection Commission's new audit programme
Marc Vael
 
PDF
ISACA Cloud Computing Risks
Marc Vael
 
PDF
Information security awareness (sept 2012) bis handout
Marc Vael
 
PPTX
Securing big data (july 2012)
Marc Vael
 
PDF
Valuendo cyberwar and security (jan 2012) handout
Marc Vael
 
PDF
How to handle multilayered IT security today
Marc Vael
 
How secure are chat and webconf tools
Marc Vael
 
my experience as ciso
Marc Vael
 
Advantages of privacy by design in IoE
Marc Vael
 
Cybersecurity governance existing frameworks (nov 2015)
Marc Vael
 
Cybersecurity nexus vision
Marc Vael
 
ISACA Reporting relevant IT risks to stakeholders
Marc Vael
 
Cloud security lessons learned and audit
Marc Vael
 
Value-added it auditing
Marc Vael
 
ISACA Internet of Things open forum presentation
Marc Vael
 
hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?
Marc Vael
 
The value of big data analytics
Marc Vael
 
Social media risks and controls
Marc Vael
 
The view of auditor on cybercrime
Marc Vael
 
ISACA Mobile Payments Forum presentation
Marc Vael
 
Belgian Data Protection Commission's new audit programme
Marc Vael
 
ISACA Cloud Computing Risks
Marc Vael
 
Information security awareness (sept 2012) bis handout
Marc Vael
 
Securing big data (july 2012)
Marc Vael
 
Valuendo cyberwar and security (jan 2012) handout
Marc Vael
 
How to handle multilayered IT security today
Marc Vael
 

Recently uploaded (20)

PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Approach and Philosophy of On baking technology
30anthuong17
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Cloud computing and distributed systems.
kkkkkhan
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 

ISACA smart security for smart devices

  • 1. Smart Security for Smart Mobile Devices Marc Vael International Vice-President
  • 2. Smart Mobile Device Definition An electronic device that is • cordless (unless while being charged), • mobile (easily transportable), • always connected (via WiFi, 3G, 4G etc.) • capable of voice/video communication, internet browsing, "geo-location" (for search purposes) and that can operate to some extent autonomously.
  • 6. Smart Mobile Device Business Benefits 1. Increased workforce productivity—facilitates completion of work offsite (+40%). 2. Improved customer service—sales person or account manager can access the CRM system while at a customer site + provide ad hoc solutions & current customer account information. 3. Response to customer problems or questions at any time—35% improvement in customer satisfaction in best-in-business enterprises. 4. Improved turnaround times for problem resolution—more flexibility facing the challenges of time zones or office hours. 5. Increased business process efficiency—shortened & more efficient business processes. SCM+ by providing employees with information to speed the capture of inbound supply chain data + shortening feedback loop between supply chain and production planning. 6. Employee security & safety—one of the first reasons for mobile device adoption: allow employees to travel to/from remote locations while staying in touch. 7. Employee retention—management creates positives for business & employees. Using mobile devices can improve work-life balance by facilitating the ability of employees to work remotely: increase employee retention by up to 25%
  • 7. Smart Mobile Device Business Benefits
  • 11. Impact of an attack on the business
  • 12. Smart Mobile Device Risks ISACA, Business Risks & Security Assessment for Mobile Devices, January 2008
  • 13. Smart Mobile Device Risks ISACA, Secure Mobile Devices, 20 July 2010, page 6
  • 17. Mobile Device Security Issues • Threats differ by industry (e.g. intelligence/security/ police forces, fuel and energy, health and disease control, transportation, media, financial, food, retail, etc.); thus countermeasures must appropriately match the threat. • Cost-benefit case for mobile devices depends solely on the value of corporate data at risk. Thus, critical data must be inventoried + appropriate security solutions implemented. • Businesses can not manage what they can not identify, track or measure. Critical information is not always inventoried and proactively secured. • Some companies outsource network security. When the third party employees leave, what customer data leave with them? Business data are available to providers with different business goals and objectives.
  • 18. Mobile Device Security Issues • Network security issues include: ‣ Conventional firewall and VPN security systems are inadequate. ‣ Lack of integration with evolving WAN network security solutions. ‣ A blurred network perimeter can cause the boundary between the “private and locally managed and owned” side of a network and the “public and usually provider-managed” side of a network to be less clear. ‣ If communication can be intercepted, piggybacked, impersonated or rerouted to “bad” people, “good” people can look “bad” and “bad” people can look “good” from any location. ‣ Encrypted remote connections are assumed to be secure. Little consideration is given to securing the end point. E-mail and other communications are encrypted only from phone to phone, or mobile device to server. Beyond that point, e-mail, instant messages and file transfers may be transmitted unencrypted over the Internet. ‣ Ad hoc service provisioning: requesting and receiving application service on demand wherever one is located.
  • 22. Business Model for Information Security
  • 24. ISACA, Business Risks & Security Assessment for Mobile Devices, January 2008
  • 25. ISACA, Business Risks & Security Assessment for Mobile Devices, January 2008
  • 27. Smart device security strategies Policies & Standards
  • 29. Smart device security strategies EDUCATION!
  • 30. Smart device security strategies Measuring performance
  • 31. Smart device security metrics Most common security metrics used in evaluating the adequacy of mobile device security include: • Number of breaches or successful attacks • Virus protection and frequency of virus definition updates • Currency of patch management on the servers • Compliance with federal regulations • Cost of security solutions • Cost of loss • Evaluation of risk Are these metrics sufficient? Do you factor total cost of ownership? How do you measure the benefit & value of mobile devices and the security solutions? So, how can CISOs explain the value of incorporating adequate security?
  • 34. Auditing Mobile Device Security 1. PLANNING & SCOPING THE AUDIT 1.1 Define audit/assurance objectives. 1.2 Define boundaries of review. 1.3 Identify & document risks. 1.4 Define assignment success. 1.5 Define audit/assurance resources required. 1.6 Define deliverables. 1.7 Communicate the process. 2. MOBILE DEVICE SECURITY 2.1 Mobile Device Security Policy 2.2 Risk Management 2.3 Device Management 2.4 Access Control 2.5 Stored Data 2.6 Malware Avoidance 2.7 Secure Transmission 2.8 Awareness Training
  • 36. Conclusion Business executives rarely know where to start. While mobile technology is burgeoning with new innovations, time-tested mitigation techniques and evolving tool sets are available and highly effective. Organizations need to: • Recognize mobile technology risks + commit resources to take decisive actions to control their vulnerabilities • Inventory high-value data & most serious exposures • Evaluate which countermeasures directly & cost-effectively reduce their highest risks • Implement reasonable strategy that phases in improvements in information security commensurate with risk & resources • Commit ongoing resources to revise & refine over time as circumstances evolve For business leaders who fail to implement sufficient safeguards, the costs can be catastrophic. With the integration of an increasingly networked world, their problems become everyone’s.
  • 39. Your (device) security solution is as strong … … as its weakest link
  • 40. “I don’t care how many millions of dollars you spend on security technology. If you don’t have people trained properly, I’m going to get in if I want to get in.” Susie Thunder, Cyberpunk
  • 41. Contact information Marc Vael CISA, CISM, CISSP, CRISC, CGEIT, ITIL Service Manager International Vice-President ISACA 3701 Algonquin Road, Suite 1010 Rolling Meadows IL 60008 USA http://www.isaca.org/ marc@vael.net http://www.linkedin.com/in/marcvael http://twitter.com/marcvael