System Characteristics • Statistics August 2011 This is trial version www.adultpdf.com... System Characteristics • Of the world’s 30 top Mobile network operators by subscriber only thr
Trang 1System Characteristics
• Statistics August 2011
This is trial version www.adultpdf.com
Trang 2System Characteristics
• Of the world’s 30 top Mobile network
operators by subscriber only three are not
GSM (they are all CDMA)
• Top 3
– China Mobile - 600 million – Singapore SingTel - 382 million – UK Vodafone - 341 million
This is trial version www.adultpdf.com
Trang 3System Characteristics
• Others
• Infrared – 125 devices
• Infrared (IR) refers to light waves of a lower frequency than human eyes can receive and interpret
• Infrared is a "line of sight" technology
• IrDA is a half-duplex, short-range data transfer technology
• Bluetooth – 1400 devices
• About 1 milliwatt strength
• Establishes what are known as piconets A piconet contains a minimum of two devices with a maximum of eight
• RFID – 280 staff with passports for business travel
– Radio Frequency Identification
– Used in credit/debit cards
– Used in E-Passports
• WiFi – 2 networks
– 802.11b/g/a/n
This is trial version www.adultpdf.com
Trang 4Vulnerabilities
• Any legal threats/vulnerabilities?
– Singapore E-Commerce and Electronic Transactions Act 1998 – Singapore Computer Misuse (Amendment) Bill 1998
– Sarbanes Oxley
– Singapore Electronic Transactions Act
– Malaysia Computer Crimes Act
This is trial version www.adultpdf.com
Trang 5Vulnerabilities
• Other Issues
– Web use
– Instant messaging
– Weak Access Controls
– Corporate data on insecure devices
– Viruses
– Bluetooth hacks
– Use of scanners, DVDs, USB
This is trial version www.adultpdf.com
Trang 6Controls
• Determine the current state of controls over mobile technology
– Is there a Governance strategy and corresponding
implementation?
– Roles & responsibilities?
– Access controls?
• Mobiles, laptops, USB, tablets
– Logging & monitoring?
This is trial version www.adultpdf.com
Trang 7Controls
• Determine controls to mitigate or eliminate the identified risks
• The goal of the recommended controls is to reduce the level of risk
to the IT system and its data to an acceptable level
– Management’s risk tolerance
• Input to the risk mitigation process, during which the
recommended procedural and technical security controls are
evaluated, prioritized, and implemented
• Considerations:
– Cost benefit analysis
– Operational impact
Management controls Operational controls
This is trial version www.adultpdf.com
Trang 8Controls
• Implement Mobile Standards
– Access controls
• Passwords, inactivity lockouts, software use
– Rules of use
• Web browsing, corporate information in emails/instant messaging, Bluetooth
• Implement Procedures
– Registration, lost or stolen devices, termination
This is trial version www.adultpdf.com
Trang 9Controls
• Implement software controls
– Antivirus
• McAfee, F-Secure, AVG
– Firewalls
• Laptops & Smartphones
– Encryption
• EFS or BitLocker in Windows, PGP, Guardian Edge for smartphones
– USB use controls
This is trial version www.adultpdf.com
Trang 10Controls
• Implement other controls
– Patch management
• Easy for laptops, more difficult for smartphones
– Configuration management
– DRP/BCP
This is trial version www.adultpdf.com
Trang 11Web Sites
• Audit of IT Governance
– http://www.cic.gc.ca/english/resources/audit/governance.asp
• Auditing Mobile
–
http://www.isaca.org/Knowledge- Center/Research/ResearchDeliverables/Pages/Mobile-Computing-Security-Audit-Assurance-Program.aspx* ISACA members
• Laws and Mobile Security
– ISACA Journal Volume 4, 2009- Impact of Laws & Regulations on Mobile Security, B Lewis
• http://www.isaca.org/Journal/Past-Issues/2009/Volume-4/Pages/The-Impact-of-Laws-and-Regulations-on-Mobile-Technology1.aspx
This is trial version www.adultpdf.com
Trang 12THANK YOU
This is trial version www.adultpdf.com