Skip to content

Mobile Device Security A Comprehensive Guide to Securing Your Information in a Moving World

Spend $50 to get a free DVD!

ISBN-10: 1439820163

ISBN-13: 9781439820162

Edition: 2011

Authors: Stephen Fried

Shipping box This item qualifies for FREE shipping.
Blue ribbon 30 day, 100% satisfaction guarantee!
what's this?
Rush Rewards U
Members Receive:
Carrot Coin icon
XP icon
You have reached 400 XP and carrot coins. That is the daily max!


Identifying the increasing security threats to corporate data on Smartphones, personal digital assistants (PDAs), and other mobile devices that employ a variety of data communication and storage technologies, such as e-maillPIM synchronization software, infrared data transmission, and removable data storage, this book details how mobile devices can become a "backdoor" to the enterprise. It specifies immediate actions that can be taken by an IT security manager to defend against these threats and the regulatory and compliance issues relevant to a comprehensive handheld security policy.
Customers also bought

Book details

Copyright year: 2011
Publisher: Auerbach Publishers, Incorporated
Publication date: 6/16/2010
Binding: Hardcover
Pages: 302
Size: 6.25" wide x 9.25" long x 0.75" tall
Weight: 1.452
Language: English

About the Author
How Did We Get Here?
The Beginning of the End
Where We Are Now
The Real Problems
What You'll Learn in This Book
A Note on Technology and Terminology
Final Thoughts
What Are You Trying to Protect?
Finding a Definition for Mobile Data
Mobile Data Scenarios
Other Factors to Consider
Defining a Mobile Device
Distinct, but Intertwined
Movable Data, Movable Risk
Following the Path
The Inverse Distance Principle
The Effect on Our Approach
Action Plan
It's All about the Risk
Loss or Disclosure of Data to Inappropriate Persons
Loss of Money
Loss of Trust or Damage to Your Reputation
You Are Not Immune
Risk, Threat, and Value
Risk: Lost or Stolen Mobile Devices
Risk: Inability to Secure Devices to Desired Level, Granularity, or Uniformity
Risk: Access to Internal Information from Uncontrolled Devices
Risk: Introduction of Malware into the Environment from Unprotected Mobile Devices
Risk: Information Loss Due to Uneducated, Inattentive, or Uncaring Users
Risk: Lack of Compliance with the Legislation du Jour
Evaluating Your Risks
How Valuable Is Your Data?
What about Countermeasures?
Action Plan
The Many Faces of Mobility
Following the Bits
Portable Storage Devices
Portable Storage Devices: Intentional Mobility
Portable Storage Devices: Unintentional Mobility
Tape Storage
Tapes: Intentional Mobility
Tapes: Unintentional Mobility
Dual-Use Devices
Dual-Use Devices: Intentional Mobility
Dual-Use Devices: Unintentional Mobility
Smartphones and Personal Digital Assistants
Smartphones and PDAs: Intentional and Unintentional Mobility
Optical Media (CD and DVD)
Optical Media: Intentional Mobility
Optical Media: Unintentional Mobility
Portable Computers
Portable Computers: Intentional Mobility
Portable Computers: Unintentional Mobility
Electronic Mail
E-mail: Intentional Mobility
E-mail: Unintentional Mobility
Instant Messaging and Text Messaging
IM and Texting: Intentional Mobility
IM and Texting: Unintentional Mobility
Action Plan
Data at Rest, Data in Motion
It's All a Matter of Physics
More Definitions
Protecting Data at Rest
Physical Protection Methods
Keep the Storage Device Hidden
Split the Data onto Multiple Devices
Use a Locked Container
Use Tamper-Proof or Tamper-Evident Containers
Use a Special Courier
Use Obscurity to Your Advantage
Physical Protection Summary
Logical Protection Mechanisms
Access Controls
Effective Data Management
The Problem of Heterogeneous Information
Protecting Data in Motion
Physical Controls
Logical Protections
The Rise of Monocultures
Insecurity in the Links
Multiple Networks Mean Multiple Data Paths
Establishing PC Restrictions
Action Plan
Mobile Data Security Models
A Device-Centric Model
Access Control
Data-Flow Restrictions
Device Management
Selective Feature Restrictions
Logging and Auditing Capabilities
Defining Your Scope
Defining Acceptable Use Cases
Who Gets Access?
Keeping Up with Device Technology
Device-Centric Challenges
A Data-Centric Model
Data-Centric Access Controls
Blocking Certain Data Types
Information Rights Management
Data-Centric Challenges
Which Model Do You Choose?
Action Plan
Uses for Encryption
The Importance of Standards
Symmetric Encryption
Asymmetric Encryption
When to Use Encryption
Infrastructure and Workflow Compatibility
Encryption Impediments
Mobile Data Encryption Methods
Full-Disk Encryption
File- and Directory-Based Encryption
Virtual Disk and Volume Encryption
Hardware-Encrypted Storage Drives
Tape Encryption
Key Management
Data Protection vs. Data Recovery
Action Plan
Defense-in-Depth: Mobile Security Controls
Countermeasures as Controls
Directive and Administrative Controls
Administrative Changes
Deterrent Controls
Education and Awareness
Organizational Culture
Preventive Controls
Trusted Platform Modules
Content Filtering and Data Loss Prevention
Desktop Virtualization
Centralized Device Management
Detective Controls
The Importance of Logs
Auditing as a Detective Control
Physical Security
Action Plan
Defense-in-Depth: Specific Technology Controls
Portable Computer Controls
Antimalware Services
Workstation-Based Firewalls
Standard Configurations
VPN and Multifactor Authentication
Network Access Control
Disabling Automatic Program Execution
Removing Unnecessary Data
Physical Protection
Portable Storage Devices
Dual-Use Devices
Smartphones and PDAs
Optical Media
Instant Messaging (IM) and Text Messaging
Action Plan
Creating a Mobile Security Policy
Setting the Goal Statement
Mobile Device Policy Issues
Device Ownership
Device Management
Device Personalization
Mobile Data Issues
Data Can Be Moved to Any Mobile Device
Data Is Not Allowed to Be Moved to Any Mobile Device
Data Is Allowed to Be Moved to Only Approved Devices
Only Certain Types of Data Can Be Transferred to Mobile Devices
All Data Transferred to a Mobile Device Must Have Minimum Security Protections
Defining Technology Standards
End-User Standards
Device Standards
Data Protection Standards
When Are Protections Required?
Action Plan
Building the Business Case for Mobile Security
Identifying the Catalyst
Forward-Thinking Leadership
Recent Incidents or Losses
Fear of Publicity and Reputational Damage
Audit Findings
Legislative or Regulatory Changes
Contractual or Business Obligations
Alignment with Company Objectives
Determining the Impact of the Problem
Financial Losses
Reputational Damage
Cost of Remediation and Cleanup
Operational Impact
Describe the Current State of Controls
The Proposed Solution
Program Time Line
Financial Analysis
Calculating the Return on Investment
Alternatives Considered
Action Plan