Mobile Device Security A Comprehensive Guide to Securing Your Information in a Moving World

Name: Mobile Device Security A Comprehensive Guide to Securing Your Information in a Moving World
Price: 90.22 USD
Availability: InStock
ISBN: 9781439820162

ISBN-10: 1439820163

ISBN-13: 9781439820162

Edition: 2011

Authors: Stephen Fried

This item qualifies for FREE shipping.

30 day, 100% satisfaction guarantee!

Buy new: $96.14

Marketplace

2 new & used from $90.22

what's this?

Rush Rewards U
Members Receive:

You have reached 400 XP and carrot coins. That is the daily max!

Description:

Identifying the increasing security threats to corporate data on Smartphones, personal digital assistants (PDAs), and other mobile devices that employ a variety of data communication and storage technologies, such as e-maillPIM synchronization software, infrared data transmission, and removable data storage, this book details how mobile devices can become a "backdoor" to the enterprise. It specifies immediate actions that can be taken by an IT security manager to defend against these threats and the regulatory and compliance issues relevant to a comprehensive handheld security policy.

Book details

Copyright year: 2011
Publisher: Taylor & Francis Group
Publication date: 8/3/2010
Binding: Hardcover
Pages: 302
Size: 6.42" wide x 9.61" long x 0.87" tall
Weight: 1.452
Language: English



Acknowledgments


About the Author


Trademarks


Introduction


How Did We Get Here?


The Beginning of the End


Where We Are Now


The Real Problems


What You'll Learn in This Book


A Note on Technology and Terminology


Final Thoughts



What Are You Trying to Protect?


Finding a Definition for Mobile Data


Mobile Data Scenarios


Other Factors to Consider


Defining a Mobile Device


Distinct, but Intertwined


Movable Data, Movable Risk


Following the Path


The Inverse Distance Principle


The Effect on Our Approach


Conclusion


Action Plan


Notes



It's All about the Risk


Loss or Disclosure of Data to Inappropriate Persons


Loss of Money


Loss of Trust or Damage to Your Reputation


You Are Not Immune


Risk, Threat, and Value


Risk: Lost or Stolen Mobile Devices


Risk: Inability to Secure Devices to Desired Level, Granularity, or Uniformity


Risk: Access to Internal Information from Uncontrolled Devices


Risk: Introduction of Malware into the Environment from Unprotected Mobile Devices


Risk: Information Loss Due to Uneducated, Inattentive, or Uncaring Users


Risk: Lack of Compliance with the Legislation du Jour


Evaluating Your Risks


How Valuable Is Your Data?


What about Countermeasures?


Conclusion


Action Plan


Notes



The Many Faces of Mobility


Following the Bits


Portable Storage Devices


Portable Storage Devices: Intentional Mobility


Portable Storage Devices: Unintentional Mobility


Tape Storage


Tapes: Intentional Mobility


Tapes: Unintentional Mobility


Dual-Use Devices


Dual-Use Devices: Intentional Mobility


Dual-Use Devices: Unintentional Mobility


Smartphones and Personal Digital Assistants


Smartphones and PDAs: Intentional and Unintentional Mobility


Optical Media (CD and DVD)


Optical Media: Intentional Mobility


Optical Media: Unintentional Mobility


Portable Computers


Portable Computers: Intentional Mobility


Portable Computers: Unintentional Mobility


Electronic Mail


E-mail: Intentional Mobility


E-mail: Unintentional Mobility


Instant Messaging and Text Messaging


IM and Texting: Intentional Mobility


IM and Texting: Unintentional Mobility


Conclusion


Action Plan


Notes



Data at Rest, Data in Motion


It's All a Matter of Physics


More Definitions


Protecting Data at Rest


Physical Protection Methods


Keep the Storage Device Hidden


Split the Data onto Multiple Devices


Use a Locked Container


Use Tamper-Proof or Tamper-Evident Containers


Use a Special Courier


Use Obscurity to Your Advantage


Physical Protection Summary


Logical Protection Mechanisms


Authentication


Access Controls


Encryption


Effective Data Management


The Problem of Heterogeneous Information


Protecting Data in Motion


Physical Controls


Logical Protections


The Rise of Monocultures


Insecurity in the Links


Multiple Networks Mean Multiple Data Paths


Establishing PC Restrictions


Conclusion


Action Plan


Notes



Mobile Data Security Models


A Device-Centric Model


Access Control


Data-Flow Restrictions


Device Management


Selective Feature Restrictions


Logging and Auditing Capabilities


Defining Your Scope


Defining Acceptable Use Cases


Who Gets Access?


Keeping Up with Device Technology


Device-Centric Challenges


A Data-Centric Model


Data-Centric Access Controls


Blocking Certain Data Types


Encryption


Information Rights Management


Data-Centric Challenges


Which Model Do You Choose?


Conclusion


Action Plan



Encryption


Uses for Encryption


The Importance of Standards


Symmetric Encryption


Asymmetric Encryption


When to Use Encryption


Infrastructure and Workflow Compatibility


Encryption Impediments


Mobile Data Encryption Methods


Full-Disk Encryption


File- and Directory-Based Encryption


Virtual Disk and Volume Encryption


Hardware-Encrypted Storage Drives


Tape Encryption


Key Management


Data Protection vs. Data Recovery


Conclusion


Action Plan


Notes



Defense-in-Depth: Mobile Security Controls


Countermeasures as Controls


Directive and Administrative Controls


Policies


Administrative Changes


Deterrent Controls


Policies


Education and Awareness


Organizational Culture


Preventive Controls


Encryption


Trusted Platform Modules


Content Filtering and Data Loss Prevention


Desktop Virtualization


Centralized Device Management


Detective Controls


The Importance of Logs


Auditing as a Detective Control


Physical Security


Conclusion


Action Plan


Notes



Defense-in-Depth: Specific Technology Controls


Portable Computer Controls


Antimalware Services


Workstation-Based Firewalls


Standard Configurations


VPN and Multifactor Authentication


Network Access Control


Disabling Automatic Program Execution


Removing Unnecessary Data


Physical Protection


Portable Storage Devices


Dual-Use Devices


Smartphones and PDAs


Optical Media


E-mail


Instant Messaging (IM) and Text Messaging


Conclusion


Action Plan


Note



Creating a Mobile Security Policy


Setting the Goal Statement


Mobile Device Policy Issues


Device Ownership


Device Management


Device Personalization


Mobile Data Issues



Data Can Be Moved to Any Mobile Device



Data Is Not Allowed to Be Moved to Any Mobile Device



Data Is Allowed to Be Moved to Only Approved Devices



Only Certain Types of Data Can Be Transferred to Mobile Devices



All Data Transferred to a Mobile Device Must Have Minimum Security Protections


Defining Technology Standards


End-User Standards


Device Standards


Data Protection Standards


When Are Protections Required?


Conclusion


Action Plan



Building the Business Case for Mobile Security


Identifying the Catalyst


Forward-Thinking Leadership


Recent Incidents or Losses


Fear of Publicity and Reputational Damage


Audit Findings


Legislative or Regulatory Changes


Contractual or Business Obligations


Alignment with Company Objectives


Determining the Impact of the Problem


Financial Losses


Reputational Damage


Cost of Remediation and Cleanup


Operational Impact


Describe the Current State of Controls


The Proposed Solution


Program Time Line


Financial Analysis


Calculating the Return on Investment


Alternatives Considered


Conclusion


Action Plan


Index