AUDITING FOR PERSONALLY-OWNED DEVICES
|
|
- Kerry Black
- 6 years ago
- Views:
Transcription
1 Digital Forensics TECHNICAL ARTICLE AUDITING FOR PERSONALLY-OWNED DEVICES Warren Kruse, CISSP, CFCE, EnCE, DFCP Vice President for Digital Forensics
2 Auditing for Personally-Owned Devices Bring Your Own Device (BYOD) is the increasingly common practice of allowing employees to use personally-owned mobile devices, such as cellular phones or tablets, in the workplace and for jobrelated activities. According to Gartner Research, The proliferation of lower-priced tablets and their growing capability is accelerating the shift from PCs to tablets. 1 Gartner further anticipates that users will increasingly rely on their tablet as their main computing device. Given this, it seems likely that the use of personally-owned devices at work will continue to rise. Arguably, there are important benefi ts to be gained by allowing BYOD, including improved productivity and morale; however, the practice also introduces signifi cant challenges. First, if confi dential or proprietary business information is stored on employees devices, organizations may face serious problems where information security is concerned. Additionally, when employees use a device for both business and personal tasks, the resulting data is blended which means employees personally identifi able information may be subject to collection in the event the employer becomes involved in litigation. The suggestion that an employee may be required to submit to such a procedure raises serious issues where the individual s right to privacy is concerned. In its Commentary on Rule 34 and Rule 45, Possession, Custody, or Control, the Sedona Conference notes that the reality is that an employee may constructively and realistically have both custody and control over a BYOD device, although the device may hold enterprise owned information; the employee both owns and accesses the data. Without the employee s consent, an employer is not likely to have the legal right to both secure control and custody of the device, much less preserve information on the same device. 2 To guard against potential confl icts, organizations often implement BYOD policies which make use of the personally-owned device conditional upon the employee s consent to collection and analysis of mobile device data in the event of a legal obligation. However, without an effective means of auditing the technical infrastructure, enforcement of such a policy is impossible, as are meaningful information security measures and effective management of discovery efforts. A recent survey polled respondents on their employers BYOD practices and policies, and sought to capture any additional information they wanted to share. The results were surprising 60% of respondents indicated their fi rms allowed personally-owned devices to be used, but a majority of the respondents indicated their organizations did not have a policy addressing BYOD. Only one respondent indicated that their organization performed compliance auditing for BYOD. 2
3 The need to audit for BYOD is summed up in this statement: users bring their own mobile devices no matter what IT says 92% of companies report that some workers are using non-companyissued computing devices for work-related tasks. 3 Clearly, a well-defi ned and executable auditing program is a necessary component of information security and discovery preparedness across the organization. However, recognizing the need, and determining how to actually do it are two very different matters. As evidenced by the results of the survey, organizations need practical guidance regarding the nuts and bolts of BYOD auditing. In this article, we discuss many of the critical elements, including mobile device management, secondary concerns, and manual auditing. Auditing via Mobile Device Management The fi rst, most critical component of any audit methodology is a Mobile Device Management platform, or MDM. The MDM is an application which creates a unique ID for every device on which it is installed; thereafter, all communication between the device and corporate resources, such as an server, includes the device s ID. This makes it easy to detect and report on devices which weren t issued by the organization or registered by way of the MDM. Fig. 1: Devices which are not connecting via the MDM can be identifi ed. Most MDM platforms support a variety of responses to connection attempts by unregistered devices, from simply denying the connection and logging the attempt, to wiping all data from the offending device. There are a great number of MDM platforms on the market. As with virtually every kind of technology, choosing the one which will best meet your organization s needs is a daunting challenge in and of itself. However, Enterprise ios has compiled a comparison of the major players, which provides a good starting point. Secondary Concerns MDM platforms aren t an instant solution - no MDM can completely prevent every form of unauthorized access, or capture every activity for auditing purposes. Alternative access methods like EWS, POP, and imap can afford determined users a means of connecting to organizational IT resources while avoiding the MDM and other, traditional audit methods. 3
4 Manual Auditing The absence of a proper MDM platform doesn t mean that you re without any means of assessing BYOD behavior. Below, we discuss some simple steps you can take to better understand your organization s device usage. Using ActiveSync ActiveSync is a data synchronization protocol developed and released by Microsoft, to keep , calendar events, and contacts on a mobile device up to date with your desktop and server data. Each time the device connects to the server to sync its messages, the device s model number and IMEI, or International Mobile Station Equipment Identity, are sent to the server and recorded in the log. This means that you can run a scheduled report on the Exchange ActiveSync logs, and compare the recorded IDs with an inventory of approved device IDs. You can then respond in the manner which your organization deems appropriate - for example, by simply warning employees who are in violation of your policies, or by blocking all unauthorized devices from communicating through ActiveSync. This can be done using your Exchange Server s Allow/ Block/Quarantine list, or with a simple power shell script. This approach makes the assumption that the organization has an accurate inventory of all corporate devices in use. Often, organizations keep very inaccurate records regarding companyissued devices, and there s no effi cient way to reconcile IMEI numbers once devices are out in the fi eld. Using Network Access Control If your organization has an active and working Network Access Control system in place, access control becomes a simple matter of authorizing good systems (with a built-in certifi cate, run-time system confi guration check, or real-time password entered by the end user). Anything that can t be authorized by the NAC becomes unauthorized and is blocked. Like ActiveSync, NAC systems keep logs which can be parsed and analyzed to identify unauthorized equipment. Auditing in the Cloud The cloud offers important benefi ts in cost control and resource management; however, if devices and platforms are no longer directly managed, adding MDM-like controls often proves diffi cult. What s more, logs may be harder to access, so manual auditing will be more time-consuming and challenging. If your organization is considering migrating to the cloud, ensure that the following are in place with your cloud storage / application provider especially if you re migrating mail service: Identity Management: The provider must be able to demonstrate that user identities and access controls are carefully monitored. 4
5 Availability: The provider must offer consistently high (99.5% or higher) uptimes, and must provide documented procedures for recovering from a breach or loss. Logging and monitoring: The provider must have extensive logging and auditing mechanisms in place, and should be willing and able to assist with analysis of your users activities upon request. Conclusion BYOD policies provide real benefi ts for employees, but they also pose real challenges for technical teams. Auditing employees use of corporate IT resources can become an unmanageable task without the right tools and techniques. If possible, a Mobile Device Management platform should be in place to automate and streamline the more common auditing activities. If an MDM is unattainable, tech teams can use manual techniques to gather and analyze data regarding employees activities. Of course, any cloud migration strategy should include consideration of audit needs and requirements, and stakeholders should be well-informed regarding the impact that cloud services will have on auditing efforts The Sedona Conference: Commentary on Rule 34 and Rule 45 Possession, Custody, or Control, April (registration required)
6 About the Author Warren G. Kruse II, MSc, CISSP, CFCE, EnCE, DFCP Vice President, Data Forensics, Altep, Inc. - An Advanced Discovery Company With more than 30 years experience in law enforcement and forensic science, Warren is the author of Computer Forensics: Incident Response Essentials. The diverse range of matters Warren has assisted with includes theft of trade secrets, Wikileaks investigations, misappropriation of intellectual property, breach of contract, internal employment disputes, fraud investigations, and wage and hour class actions, among others. Warren previously served as the President of the Digital Forensics Certifi cation Board. 6
7 DECADES OF EXPERIENCE. PROVEN TECHNOLOGIES. UNSURPASSED SERVICE. CONSULTING DATA FORENSICS Litigation Readiness 30(b)(6) Witnesses Subject Matter Experts ediscovery Liaisons Compliance Risk Assessment High Tech Investigations BYOD Strategy Expert Testimony Standard & Non-Standard Data Acquisition Incident Response CYBER SECURITY DISCOVERY Computer System Security Analysis Penetration Testing Data Incident Investigation Data Breach Notifi cation Data Privacy Collection Early Data Assessment Electronic Data Discovery Paper Discovery Secure Hosting and Review ESI Vault To learn more about our certifi cations visit us at cations For a list of our locations visit us at Altep, Inc. (800) Altep, Inc. - All Rights Reserved
CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018
CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018 Cyber fraud attacks happen; they can t all be stopped. The higher order question must be how can we, as fraud examiners and assurance professionals,
More informationDigital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS
Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS Digital Forensics Readiness: PREPARE BEFORE AN INCIDENT HAPPENS 2 Digital Forensics Readiness The idea that all networks can be compromised
More informationPROVIDING INVESTIGATIVE SOLUTIONS
PROVIDING INVESTIGATIVE SOLUTIONS Experienced Professionals Northeast Intelligence Group, Inc. (NEIG) has been helping clients meet challenges for more than twenty years. By providing meaningful and timely
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationBYOD (Bring Your Own Device): Employee-owned Technology in the Workplace
BYOD (Bring Your Own Device): Employee-owned Technology in the Workplace MCHRMA Spring Conference April 4, 2014 PRESENTED BY: Sonya Guggemos MCIT Staff Counsel for Risk Control sguggemos@mcit.org The information
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationForensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services
Forensic Technology & Discovery Services Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services Forensic Technology & Discovery Services EY s Forensic
More informationBYOD WORK THE NUTS AND BOLTS OF MAKING. Brent Gatewood, CRM
THE NUTS AND BOLTS OF MAKING BYOD Mobile technology is changing at an astonishing rate, and employees are increasingly using their personally owned devices for business purposes sanctioned or not. Organizations,
More informationBUILT FOR THE STORM. AND THE NORM.
BUILT FOR THE STORM. AND THE NORM. Data volumes are overwhelming. Stakes are sky-high. Time frames are shorter than ever. GET ANSWERS NOW. EM[URGENT]CY EXIT In a world where the routine can quickly become
More informationWHITEPAPER. How to secure your Post-perimeter world
How to secure your Post-perimeter world WHAT IS THE POST-PERIMETER WORLD? In an increasingly cloud and mobile focused world, there are three key realities enterprises must consider in order to move forward
More informationMOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner
MOBILE SECURITY 2017 SPOTLIGHT REPORT Group Partner Information Security PRESENTED BY OVERVIEW Security and privacy risks are on the rise with the proliferation of mobile devices and their increasing use
More informationIncident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles
Incident Response Lessons From the Front Lines Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles 1 Conflict of Interest Nolan Garrett Has no real or apparent conflicts of
More informationForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.
Real-time Visibility Network Access Control Endpoint Compliance Mobile Security ForeScout CounterACT Continuous Monitoring and Mitigation Rapid Threat Response Benefits Rethink IT Security Security Do
More informationAuditing Bring Your Own Devices (BYOD) Risks. Shannon Buckley
Auditing Bring Your Own Devices (BYOD) Risks Shannon Buckley Agenda 1. Understanding the trend towards BYOD. 2. Weighing up the cost benefit vs. the risks. 3. Identifying and mitigating the risks. 4. Tips
More informationBHConsulting. Your trusted cybersecurity partner
Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised
More informationCredit Card Data Compromise: Incident Response Plan
Credit Card Data Compromise: Incident Response Plan Purpose It is the objective of the university to maintain secure financial transactions. In order to comply with state law and contractual obligations,
More informationTHINGS YOU NEED TO KNOW BEFORE DELVING INTO THE WORLD OF DIGITAL EVIDENCE. Roland Bastin Partner Risk Advisory Deloitte
Inside magazine issue 16 Part 03 - From a risk and cyber perspective perspective Roland Bastin Partner Risk Advisory Deloitte Gunnar Mortier Senior Manager Risk Advisory Deloitte THINGS YOU NEED TO KNOW
More informationArchiving. Services. Optimize the management of information by defining a lifecycle strategy for data. Archiving. ediscovery. Data Loss Prevention
Symantec Enterprise Vault TransVault CommonDesk ARCviewer Vault LLC Optimize the management of information by defining a lifecycle strategy for data Backup is for recovery, archiving is for discovery.
More informationThe Maximum Security Marriage: Mobile File Management is Necessary and Complementary to Mobile Device Management
The Maximum Security Marriage: Mobile File Management is Necessary and Complementary to Mobile Device Management The bring your own device (BYOD) trend in the workplace is at an all-time high, and according
More informationSecurity Breaches: How to Prepare and Respond
Security Breaches: How to Prepare and Respond BIOS SARAH A. SARGENT Sarah is a CIPP/US- and CIPP/E-certified attorney at Godfrey & Kahn S.C. in Milwaukee, Wisconsin. She specializes in cybersecurity and
More informationBYOD Risks, Challenges and Solutions. The primary challenges companies face when it comes to BYOD and how these challenges can be handled
BYOD Risks, Challenges and Solutions. The primary challenges companies face when it comes to BYOD and how these challenges can be handled effectively. Contents Introduction.... 3 Primary Bring Your Own
More informationBig data privacy in Australia
Five-article series Big data privacy in Australia Three actions you can take towards compliance Article 5 Big data and privacy Three actions you can take towards compliance There are three actions that
More informationPEDs in the Workplace: It s a Mad, Mad BYOD World
PEDs in the Workplace: It s a Mad, Mad BYOD World Technology in the Workplace Technology in the workplace has transformed over the years from this The World s First Computer (1946) 2015 Snell & Wilmer
More informationSales Presentation Case 2018 Dell EMC
Sales Presentation Case 2018 Dell EMC Introduction: As a member of the Dell Technologies unique family of businesses, Dell EMC serves a key role in providing the essential infrastructure for organizations
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationInsider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm
Insider Threat Program: Protecting the Crown Jewels Monday, March 2, 2:15 pm - 3:15 pm Take Away Identify your critical information Recognize potential insider threats What happens after your critical
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationThe Mobile Risk Management Company. Overview of Fixmo and Mobile Risk Management (MRM) Solutions
The Mobile Risk Management Company Overview of Fixmo and Mobile Risk Management (MRM) Solutions Company Proprietary Information Copyright Fixmo Inc., 2012 Introduction to Fixmo Founded on a simple idea:
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationSecuring Health Data in a BYOD World
Business White Paper Securing Health Data in a BYOD World Five strategies to minimize risk Page 2 of 9 Securing Health Data in a BYOD World Table of Contents Page 2 Introduction Page 3 BYOD Adoption Drivers
More informationForensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services
Forensic Technology & Discovery Services Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services Forensic Technology & Discovery Services EY s Forensic
More informationAnticipating the wider business impact of a cyber breach in the health care industry
Anticipating the wider business impact of a cyber breach in the health care industry John Gelinne, Director Cyber Risk Services Deloitte & Touche LLP jgelinne@deloitte.com commodore_22 Hector Calzada,
More informationFive Tips to Mastering Enterprise Mobility
Five Tips to Mastering Enterprise Mobility Table of Contents Introduction Tip 1: Assess Your Environment Tip 2: Review Security Protocols Tip 3: Be Smart About BYOD Tip 4: Consider Customized Mobility
More informationCHANGING FACE OF MOBILITY RAISES THE STAKES FOR ENDPOINT DATA PROTECTION
CHANGING FACE OF MOBILITY RAISES THE STAKES FOR ENDPOINT DATA PROTECTION CONTENTS: Enterprise Mobility Strategy and BYOD Policies Endpoint Vulnerabilities and Challenges Conclusion For several decades,
More informationLCU Privacy Breach Response Plan
LCU Privacy Breach Response Plan Sept 2018 Prevention Communication & Notification Evaluation of Risks Breach Containment & Preliminary Assessment Introduction The Credit Union makes every effort to safeguard
More informationIncident Response Services to Help You Prepare for and Quickly Respond to Security Incidents
Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk
More informationRSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief
RSA Solution Brief Managing Risk Within Advanced Security Operations RSA Solution Brief How do you advance your security operations function? Increasingly sophisticated security threats and the growing
More informationARCHIVING FIRST STEPS TOWARDS ENTERPRISE INFORMATION ARCHIVING
EMAIL ARCHIVING FIRST STEPS TOWARDS ENTERPRISE INFORMATION ARCHIVING 2013 2014 2015 2016 2017 Worldwide Email Accounts (M) 3,899 4,116 4,353 4,626 4,920 Business Email Accounts (M) % Business Email Accounts
More informationAvoiding the Pitfalls of Bring Your Own Device Policies
Pitfalls of Bring Device Policies BYOD/T Represents a Constant Battle Between Compliance Objectives and Employee Usability Presenters: Constantinos Dino G. Panagopoulos, Labor and Employment Group Philip
More informationOracle Data Cloud ( ODC ) Inbound Security Policies
Oracle Data Cloud ( ODC ) Inbound Security Policies Contents Contents... 1 Overview... 2 Oracle Data Cloud Security Policy... 2 Oracle Information Security Practices - General... 2 Security Standards...
More informationTIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE
TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE Association of Corporate Counsel NYC Chapter 11/1 NYC BDO USA, LLP, a Delaware limited liability partnership,
More informationMobile Device Management: A Real Need for the Mobile World
Mobile Device Management: A Real Need for the Mobile World In today s modern workplace, employees are utilizing a variety of mobile devices both in and out of the office. Gone are the days when employees
More informationHPE DATA PRIVACY AND SECURITY
ARUBA, a Hewlett Packard Enterprise company, product services ( Services ) This Data Privacy and Security Agreement ("DPSA") Schedule governs the privacy and security of Personal Data by HPE in connection
More informationIBM Resilient Incident Response Platform On Cloud
Service Description IBM Resilient Incident Response Platform On Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means the contracting party and its authorized
More informationOperationalize Security To Secure Your Data Perimeter
Operationalize Security To Secure Your Data Perimeter GET STARTED Protecting Your Data Without Sacrificing Business Agility Every day, companies generate mountains of data that are critical to their business.
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationData Privacy Breach Policy and Procedure
Data Privacy Breach Policy and Procedure Document Information Last revision date: April 16, 2018 Adopted date: Next review: January 1 Annually Overview A privacy breach is an action that results in an
More informationBHConsulting. Your trusted cybersecurity partner
Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised
More informationMOBILE DEVICE MANAGEMENT OR PRETTY MUCH EVERYTHING YOU NEED TO KNOW ABOUT MOBILE DEVICES IN THE WORKPLACE!
MOBILE DEVICE MANAGEMENT OR PRETTY MUCH EVERYTHING YOU NEED TO KNOW ABOUT MOBILE DEVICES IN THE WORKPLACE! 47% of all employees now use their smartphone, tablet PC or other portable device for work purposes
More informationNEN The Education Network
NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected
More informationQuestion 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:
Cybercrime Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1: Organizations can prevent cybercrime from occurring through the proper use of personnel, resources,
More informationA Roadmap for BYOD Adoption. By Jon Oltsik, Sr. Principal Analyst, and Bob Laliberte, Sr. Analyst
White Paper A Roadmap for BYOD Adoption By Jon Oltsik, Sr. Principal Analyst, and Bob Laliberte, Sr. Analyst April 2012 This ESG White Paper was commissioned by Enterasys and is distributed under license
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationApproved 10/15/2015. IDEF Baseline Functional Requirements v1.0
Approved 10/15/2015 IDEF Baseline Functional Requirements v1.0 IDESG.org IDENTITY ECOSYSTEM STEERING GROUP IDEF Baseline Functional Requirements v1.0 NOTES: (A) The Requirements language is presented in
More informationHow to Respond to a HIPAA Breach. Tuesday, Oct. 25, 2016
How to Respond to a HIPAA Breach Tuesday, Oct. 25, 2016 This Webinar is Brought to You By. About HealthInsight and Mountain-Pacific Quality Health HealthInsight and Mountain-Pacific Quality Health are
More informationUnderstanding Computer Forensics
Understanding Computer Forensics also known as: How to do a computer forensic investigation... and not get burned Nick Klein SANS Canberra Community Night 11 February 2013 The scenario... Your boss tells
More informationInformation Security Management Criteria for Our Business Partners
Information Security Management Criteria for Our Business Partners Ver. 2.1 April 1, 2016 Global Procurement Company Information Security Enhancement Department Panasonic Corporation 1 Table of Contents
More informationBy: James A. Sherer, Melinda L. McLellan, & Emily R. Fedeles 1
PRIVACY, SECURITY, AND PRACTICAL CONSIDERATIONS FOR DEVELOPING OR ENHANCING A BYOD PROGRAM By: James A. Sherer, Melinda L. McLellan, & Emily R. Fedeles 1 The development and implementation of a bring your
More informationBREAKING BARRIERS TO COLLABORATE WITH THE C-SUITE
BREAKING BARRIERS TO COLLABORATE WITH THE C-SUITE 31st Annual SoCal ISSA Security Symposium Wendy T. Wu Vice President Agenda + CISO: Then and Now + Who are the Stakeholders and What Do They Care About?
More informationBest Practices for Campus Security. January 26, 2017
Best Practices for Campus Security January 26, 2017 Welcome to Safe University (Safe U ) Protecting People, Property, and Tradition: The Safe University (Safe U SM ) Program By G. Michael Verden, Owner
More informationPTLGateway Data Breach Policy
1 PTLGateway Data Breach Policy Last Updated Date: 02 March 2018 Data Breach Policy This page informs you of our policy which is to establish the goals and the vision for the breach response process. This
More informationAutomating the Top 20 CIS Critical Security Controls
20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises
More informationApex Information Security Policy
Apex Information Security Policy Table of Contents Sr.No Contents Page No 1. Objective 4 2. Policy 4 3. Scope 4 4. Approval Authority 5 5. Purpose 5 6. General Guidelines 7 7. Sub policies exist for 8
More informationHow to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
How to implement NIST Cybersecurity Framework using ISO 27001 WHITE PAPER Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
More informationCyber Security in M&A. Joshua Stone, CIA, CFE, CISA
Cyber Security in M&A Joshua Stone, CIA, CFE, CISA Agenda About Whitley Penn, LLP The Threat Landscape Changed Cybersecurity Due Diligence Privacy Practices Cybersecurity Practices Costs of a Data Breach
More informationData Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory
Audience: NDCBF IT Security Team Last Reviewed/Updated: March 2018 Contact: Henry Draughon hdraughon@processdeliveysystems.com Overview... 2 Sensitive Data Inventory and Classification... 3 Applicable
More informationMartijn Loderus. Merritt Maxim. Principal Analyst Forrester. Director & Global Practice Partner for Advisory Consulting Janrain
Merritt Maxim Principal Analyst Forrester Martijn Loderus Director & Global Practice Partner for Advisory Consulting Janrain Merritt and Martijn will share insights on Digital Transformation & Drivers
More informationPresented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0
Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationSay Goodbye to Enterprise IT: Welcome to the Mobile First World. Sean Ginevan, Senior Director, Strategy Infosecurity Europe
Say Goodbye to Enterprise IT: Welcome to the Mobile First World Sean Ginevan, Senior Director, Strategy Infosecurity Europe - 2015 Sean Ginevan Sr. Director, Strategy, MobileIron Linkedin.com/in/sginevan
More informationSDR Guide to Complete the SDR
I. General Information You must list the Yale Servers & if Virtual their host Business Associate Agreement (BAA ) in place. Required for the new HIPAA rules Contract questions are critical if using 3 Lock
More informationForeScout Extended Module for Splunk
Enterprise Strategy Group Getting to the bigger truth. ESG Lab Review ForeScout Extended Module for Splunk Date: May 2017 Author: Tony Palmer, Senior Lab Analyst Abstract This report provides a first look
More informationTop Ten Tips for Managing e-discovery Vendors
Top Ten Tips for Managing e-discovery Vendors Apr 03, 2013 Top Ten By Daniel B. Garrie This resource is sponsored by: By Daniel B. Garrie, Senior Managing Partner, Law & Forensics LLC, Thomson Reuters
More informationAvailable online at ScienceDirect. Procedia Computer Science 78 (2016 ) Madhavi Dhingra
Available online at www.sciencedirect.com ScienceDirect Procedia Computer Science 78 (2016 ) 179 184 International Conference on Information Security & Privacy (ICISP2015), 11-12 December 2015, Nagpur,
More informationPROFILE: ACCESS DATA
COMPANY PROFILE PROFILE: ACCESS DATA MARCH 2011 AccessData Group provides digital investigations and litigation support software and services for corporations, law firms, law enforcement, government agencies
More informationEU General Data Protection Regulation (GDPR) Achieving compliance
EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,
More informationPROCEDURE COMPREHENSIVE HEALTH SERVICES, INC
PROCEDURE COMPREHENSIVE HEALTH SERVICES, INC APPROVAL AUTHORITY: President, CHSi GARY G. PALMER /s/ OPR: Director, Information Security NUMBER: ISSUED: VERSION: APRIL 2015 2 THOMAS P. DELAINE JR. /s/ 1.0
More informationInformation Security BYOD Procedure
Information Security BYOD Procedure A. Procedure 1. Audience 1.1 This document sets out the terms of use for BYOD within the University of Newcastle. The procedure applies to all employees of the University,
More informationCOURSE BROCHURE CISA TRAINING
COURSE BROCHURE CISA TRAINING What is CISA? The CISA, Certified Information Systems Auditor, is a professional designation which provides great benefits and increased influence for an individual within
More informationPrivileged Account Security: A Balanced Approach to Securing Unix Environments
Privileged Account Security: A Balanced Approach to Securing Unix Environments Table of Contents Introduction 3 Every User is a Privileged User 3 Privileged Account Security: A Balanced Approach 3 Privileged
More informationStandard for Security of Information Technology Resources
MARSHALL UNIVERSITY INFORMATION TECHNOLOGY COUNCIL Standard ITP-44 Standard for Security of Information Technology Resources 1 General Information: Marshall University expects all individuals using information
More informationWhen Recognition Matters WHITEPAPER CLFE CERTIFIED LEAD FORENSIC EXAMINER.
When Recognition Matters WHITEPAPER CLFE www.pecb.com CONTENT 3 4 5 6 6 7 7 8 8 Introduction So, what is Computer Forensics? Key domains of a CLFE How does a CLFE approach the investigation? What are the
More informationProduct Overview Archive2Azure TM. Compliance Storage Solution Based on Microsoft Azure. From Archive360
Product Overview Compliance Storage Solution Based on Microsoft Azure From Archive360 1 Introduction The cloud has quickly become the preferred option for companies to help reverse the growing issues associated
More information21 CFR PART 11 COMPLIANCE
21 CFR PART 11 COMPLIANCE PRODUCT OVERVIEW ADD-ONS & INDIVIDUAL SOLUTIONS PLA SUPPORT CONTRACT TRAINING CONSULTING 21 CFR PART 11 COMPLIANCE PLA 3.0 Software For Biostatistical Analysis PLA 3.0 21 CFR
More informationExchange 2007 End of Service: Modernize with Office 365. Todd Sweetser Technical Solutions Professional
Exchange 2007 End of Service: Modernize with Office 365 Todd Sweetser Technical Solutions Professional Today s Presenter Todd has been in the IT industry for over two decades. He started out working with
More informationA Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016
A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016 Panelists Beverly J. Jones, Esq. Senior Vice President and Chief Legal Officer ASPCA Christin S. McMeley, CIPP-US
More informationDATA BREACH NUTS AND BOLTS
DATA BREACH NUTS AND BOLTS Your Company Has Been Hacked Now What? January 20, 2016 Universal City, California Sponsored by Hogan Lovells Moderator: Stephanie Yonekura, Hogan Lovells #IHCC16 Panelists:
More informationCyber Security Program
Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by
More informationDonor Credit Card Security Policy
Donor Credit Card Security Policy INTRODUCTION This document explains the Community Foundation of Northeast Alabama s credit card security requirements for donors as required by the Payment Card Industry
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationCertified Digital Forensics Examiner
Certified Digital Forensics Examiner ACCREDITATIONS EXAM INFORMATION The Certified Digital Forensics Examiner exam is taken online through Mile2 s Assessment and Certification System ( MACS ), which is
More informationDemonstrating Compliance in the Financial Services Industry with Veriato
Demonstrating Compliance in the Financial Services Industry with Veriato Demonstrating Compliance in the Financial Services Industry With Veriato The biggest challenge in ensuring data security is people.
More informationProfessional Training Course - Cybercrime Investigation Body of Knowledge -
Overview The expanded use of the Internet has facilitated rapid advances in communications, systems control, and information sharing. Those advances have created enormous opportunities for society, commerce
More informationThe HIPAA Omnibus Rule
The HIPAA Omnibus Rule What You Should Know and Do as Enforcement Begins Rebecca Fayed, Associate General Counsel and Privacy Officer Eric Banks, Information Security Officer 3 Biographies Rebecca C. Fayed
More informationBring Your Own Device. Peter Silva Technical Marketing Manager
Bring Your Own Device Peter Silva Technical Marketing Manager Bring-Your-Own-Device (BYOD) Personal devices for business apps Why implement BYOD? Increase employee satisfaction, productivity Reduce mobile
More informationSecuring Institutional Data in a Mobile World
University of Wisconsin Madison Securing Institutional Data in a Mobile World July 13, 2017 Securing Institutional Data in a Mobile World / Agenda 01 What is a mobile device? 02 Protecting institutional
More informationTrustlook Insights Q BYOD Trends & Practices
Trustlook Insights Q4 2016 BYOD Trends & Practices Overview BYOD is the practice of allowing employees to use personal devices at work. It gives employees freedom over where (and how) they work, and allows
More informationShielding the Organization from Data Risk & E- Discovery Failures
Shielding the Organization from Data Risk & E- Discovery Failures Ignatius Grande, Senior Discovery Attorney, Hughes Hubbard Jordan Razza, Senior Counsel and Director of U.S. Litigation, Diageo North America,
More informationOpenText Buys Guidance Software
OpenText Buys Guidance Software September 14, 2017 NASDAQ: OTEX TSX: OTEX Safe Harbor Statement Certain statements in this presentation, including statements regarding OpenText's plans, objectives, expectations
More information