Weak Spots Enterprise Mobility Management. Dr. Johannes Hoffmann
|
|
- Aldous Crawford
- 6 years ago
- Views:
Transcription
1 Weak Spots Enterprise Mobility Management Dr. Johannes Hoffmann
2 Personal details TÜV Informationstechnik GmbH TÜV NORD GROUP Dr. Johannes Hoffmann IT Security Business Security & Privacy Main focus: Mobile Security, Application Security, Network Security, Industrial Security, SE Security
3 Agenda 1. Why Mobile Security 2. Challenges 3. Case Study 4. How to securely integrate mobile devices? 5. How to verify correct integration?
4 1. Why Mobile Security
5 Mobile Security Overview
6 Mobile Security? Mobile Security is mostly about Smartphones, Tablets, and their integration into existing environments Key factors are Devices are always at our side, ready to be used always on always connected Functionality easy to extend with apps
7 Sample Mobile Use Cases
8 2. Challenges
9 Challenges Mobile devices are constant companions You can loose them They get stolen Prime target for attackers Vast amount of data, private and corporate Attackers can easily get monetary revenue (premium SMS etc.) Corporate vs private: BYOD, COPE, COBO? Who wants his private data to be corporate controlled? Who believes corporate data is safe on private devices? Who wants to carry two smartphones?
10 More challenges All problems from classic IT also apply How to administrate and manage? How to integrate into network? Users usually have no or low knowledge of internals & security It should just work No reading, just tapping Smartphones, tablets and mobile security in general is a complex topic
11 3. Case Study
12 Case Study The Client A global player checks its infrastructure. 10k employees, worldwide sites 200+ smartphones on tested site ios and Android, used throughout all staff hierarchies MDM with integrated MAM and sane policies Detected Jailbreak results in remote wipe Activated device encryption Devices are (automatically) locked with secure PIN MDM externally hosted and administrated (SAAS) so far so good!
13 Case Study First Security Problem Although multiple security measures were in place, some devices had an unlocked bootloader. We could boot our own kernel and ram disk We had full access to the phone We could eavesdrop the PIN or brute force it Impact: Full access to encrypted data (Credentials, Wi-Fi PSK, ) We could also disable MDM and other security features Use device on behalf of original user Access corporate data and even services Gather data for subsequent attacks (infrastructure accessed via corporate Wi-Fi)
14 Case Study Second Security Problem Although a mutual certificate-based authentication between the mail proxy and the mobile device is required, Active Directory passwords could be eavesdropped. Security policy allows self signed certificates User must accept them Man-in-the-Middle attack doable with minor effort Attacker cannot communicate with mail proxy (no certificate) But mobile devices sends credentials via HTTP POST after accepting attackers certificate Reuse AD credentials elsewhere, e.g. VPN or webmail
15 Case Study Summary Mobile devices are computers they are complex You have to find and close all vulnerabilities An attacker only has to find one vulnerability In this case one problem already occurred in the procurement process Even smartphones are complex devices, the integration into an existing network is complex. Users, many administrators and CISOs often do not recognize this complexity
16 4. How to securely integrate mobile devices?
17 Other Thoughts even more challenges Cloud Provider What data is sent there? Is it encrypted? Who actually reads the EULA? What happens if the provider suddenly stops his service? Messaging services and social media Which data is sent where? Corporate secrets? EULA? Device features Hello Siri? Try to gather information while device is locked! Speech-To-Text: Where does it end up? (EULA!) Manufacturer ID and mobile device, who owns what?
18 Enterprise Mobility Management Mobile Devices Mobile OS and OS Functions Secure Elements Apps Interfaces IT Infrastructure Security Architecture Business Applications Mobile Devices Internet Services Security Architecture Web Application Web Services Apps Mobile Solution Individual Solutions Hard und Software Components Apps und Services
19 Mobile Strategy Consider every aspect What should employees be able to do? Which business use cases should be covered? BYOD, COPE, COBO MDM, MAM, MCM (Containerization) Choose devices and operating systems (if not BYOD) Integrate into existing network with security in mind Develop emergency plans, e.g. for lost devices Brief staff on usage and security implications Next to technical guidelines, develop organizational ones
20 Mobile Strategy Find a fair balance between usability and security Employees should be able to use the devices Nobody likes to enter a long passphrase every 2 minutes Nobody wants to be monitored (at least when you ask them) Not every asset should be accessible on a mobile device If something should be kept top secret, treat it so! Some use-cases are not suited for mobile devices Find a fair balance between and security and comfort
21 Where do Problems Occur?
22 5. How to verify correct integration?
23 Verify Secure Mobile Device Integration Set everything up, but do not roll it out yet Test the prototyped EMM integration Verify use cases are working Verify role and group policies Verify software setup and security measures Verify emergency scenarios are working as planned Verify staff knows what they are doing Test the prototype again, this time externally It s usually a fatal mistake to trust a system which you could not break but also built yourself! Fix everything (maybe test again), then roll it out
24 TÜViT accompanies your Organization on the Way to a Secure Mobile Business World TÜViT offers testing and advisory services for all mobile security and EMM scenarios Health Check (without seal of approval) Assessment (with seal of approval) Test procedures based on international standards und best practices (OWASP, WASC, CESG, BSI) Technical and organizational test procedures Continuous monitoring and retesting (managed services)
25 Penetration Tests Classification and Criteria Penetration test Information basis Black-Box Gray-Box White-Box Aggressivity Passively scanning Cautious Considering Aggressive Coverage Thorough Bounded Focused Approach Covered Obvious Access Network Physical Social Engineering Source Remote Local
26 OWASP Mobile Top 10 Risks 1. Weak Server Side Controls 2. Insecure Data Storage 3. Insufficient Transport Layer Protection 4. Unintended Data Leakage 5. Poor Authorization and Authentication 6. Broken Cryptography 7. Client Side Injections 8. Security Decisions via Untrusted Inputs 9. Improper Session Handling 10. Lack of Binary Protections
27 Thank you very much for your attention!
28 Contact Dr. Johannes Hoffmann Security Consultant IT Security
Mobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing
Mobile Malfeasance Exploring Dangerous Mobile Code Jason Haddix, Director of Penetration Testing Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to
More informationIBM Future of Work Forum
IBM Cognitive IBM Future of Work Forum The Engaged Enterprise Comes Alive Improving Organizational Collaboration and Efficiency While Enhancing Security on Mobile and Cloud Apps Chris Hockings IBM Master
More informationBring Your Own Device (BYOD) Best Practices & Technologies
Experience the Eide Bailly Difference Bring Your Own Device (BYOD) Best Practices & Technologies Ross McKnight Sr. Network Engineer 406.867.4160 rmcknight@eidebailly.com Agenda Best Practices for BYOD
More informationBank Infrastructure - Video - 1
Bank Infrastructure - 1 05/09/2017 Threats Threat Source Risk Status Date Created Account Footprinting Web Browser Targeted Malware Web Browser Man in the browser Web Browser Identity Spoofing - Impersonation
More informationMobile Devices prioritize User Experience
Mobile Security 1 Uniqueness of Mobile Mobile Devices are Shared More Often Mobile Devices are Used in More Locations Mobile Devices prioritize User Experience Mobile Devices have multiple personas Mobile
More informationThomas Lippert Principal Product Manager. Sophos Mobile. Spring 2017
Thomas Lippert Principal Product Manager Sophos Mobile Spring 2017 Market Overview Trends Security or data breaches involving mobile devices are on the rise More people use mobile devices for work than
More informationEthical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition
Ethical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition Chapter 7 Hacking Mobile Phones, PDAs, and Handheld Devices Objectives After completing this chapter,
More informationHow to Build a Culture of Security
How to Build a Culture of Security March 2016 Table of Contents You are the target... 3 Social Engineering & Phishing and Spear-Phishing... 4 Browsing the Internet & Social Networking... 5 Bringing Your
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationMobile Security using IBM Endpoint Manager Mobile Device Management
Mobile Security using IBM Endpoint Manager Mobile Device Management Mahendra Chopra Security Solution Architect @ IBM CIO Lab, Innovation mahendra.chopra@in.ibm.com Agenda Market Trends Mobile Security?
More informationTrinity Multi Academy Trust
Trinity Multi Academy Trust Policy: Bring Your Own Device Date of review: October 2018 Date of next review: October 2020 Lead professional: Status: Director of ICT and Data Non-Statutory Page 1 of 5 Scope
More informationCh 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated
Ch 1: The Mobile Risk Ecosystem CNIT 128: Hacking Mobile Devices Updated 1-12-16 The Mobile Ecosystem Popularity of Mobile Devices Insecurity of Mobile Devices The Mobile Risk Model Mobile Network Architecture
More informationXenApp, XenDesktop and XenMobile Integration
XA, XD and XM Integration XenApp, XenDesktop and XenMobile Integration for a Comprehensive Mobility and Digital Workspace Solution Citrix.com 1 Desktop and application virtualization have enhanced mobility
More informationEffective Strategies for Managing Cybersecurity Risks
October 6, 2015 Effective Strategies for Managing Cybersecurity Risks Larry Hessney, CISA, PCI QSA, CIA 1 Everybody s Doing It! 2 Top 10 Cybersecurity Risks Storing, Processing or Transmitting Sensitive
More informationMobility best practice. Tiered Access at Google
Mobility best practice Tiered Access at Google How can IT leaders enable the productivity of employees while also protecting and securing corporate data? IT environments today pose many challenges - more
More informationتاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم
بنام خدا تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم امنیت بخشی به سیستمهای فناوری اطالعات Securing Information Systems 1 Learning Objectives Describe the business value of security and control.
More informationSix steps to control the uncontrollable
Six steps to control the uncontrollable Learn how to use Microsoft Enterprise Mobility Suite to protect cloud apps, manage devices, and guard against advanced threats today Introduction Employees today
More informationKODO for Samsung Knox Enterprise Data Protection & Secure Collaboration Platform
& Secure Collaboration Platform by Paweł Mączka, Storware CTO Table of Contents OVERVIEW 3 WHAT IS KODO? 4 HOW IT WORKS? 5 BACKUP & RESTORE 6 TABLE OF FEATURES 8 END-TO-END ENCRYPTION FOR ANDROID DEVICES
More informationSchedule of Services Cyber Security Services. Penetration Tests
Schedule of Services Cyber Security Services Penetration Tests Contents 1 Introduction 1 2 Competencies 3 2.1 Specification of Services 5 3 Penetration Test Process 7 3.1 Classification of penetration
More informationAdministrator Guide Samsung VPN Client on Galaxy Devices
Administrator Guide Samsung VPN Client on Galaxy Devices March 28, 2018 Version: 4.0 Copyright Notice Copyright 2018 Samsung Electronics Co. Ltd. All rights reserved. Samsung is a registered trademark
More informationManaging Devices and Corporate Data on ios
Managing Devices and Corporate Data on ios Overview Businesses everywhere are empowering their employees with iphone and ipad. Contents Overview Management Basics Separating Work and Personal Data Flexible
More informationPublishing Enterprise Web Applications to BYOD using a Granular. Trust Model. Shachaf Levi IT Client Security & Connectivity May 2013.
Publishing Enterprise Web Applications to BYOD using a Granular Trust Model Shachaf Levi IT Client Security & Connectivity May 2013 Public Legal Notices This presentation is for informational purposes
More informationUse EMS to protect your mobile data and mobile app
Use EMS to protect your mobile data and mobile app Peter Daalmans Senior Consultant, Enterprise Mobility MVP CTGlobal. pds@ctglobalservices.com PETER DAALMANS Enterprise Mobility MVP @ CTGlobal Blog: https://peterdaalmans.com
More informationSIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT
DATASHEET SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT Silver level EMM Enterprise Mobility Management for Corporate-owned and BYOD devices BlackBerry Enterprise Service 10 is a powerful device,
More informationExclusive Selling Mobility with Security
Exclusive Selling Mobility with Security Click to edit Master title style Selling Security with Mobility CompTIA IT Security Buying Guide Exclusive Executive Certificate in Security Sales Quick Start to
More informationMobile devices boon or curse
Mobile devices boon or curse Oliver Ng - Director of Training Kishor Sonawane - India Lead Security Compass Consulting & Training Consumerization According to Apple s chief operating officer, 65 percent
More informationIoT & SCADA Cyber Security Services
RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au
More informationTale of a mobile application ruining the security of global solution because of a broken API design. SIGS Geneva 21/09/2016 Jérémy MATOS
Tale of a mobile application ruining the security of global solution because of a broken API design SIGS Geneva 21/09/2016 Jérémy MATOS whois securingapps Developer background Spent last 10 years working
More informationGo mobile. Stay in control.
Go mobile. Stay in control. Enterprise Mobility + Security Jeff Alexander Sr. Technical Evangelist http://about.me/jeffa36 Mobile-first, cloud-first reality 63% 80% 0.6% Data breaches Shadow IT IT Budget
More informationUsing Sensitive Information on Android Based Smartphone. Romke van Dijk
Using Sensitive Information on Android Based Smartphone Romke van Dijk Android 6: To what extent is sensitive information protected? RQ1 Requirements RQ2 & RQ3 Android s security features RQ4 Sensitive
More informationSecuring Enterprise or User Brought mobile devices
Securing Enterprise or User Brought mobile devices Wilfried Baeten Business Line Director Projects&Consulting Econocom Managed Services 20/09/2013 WWW.ECONOCOM.COM Agenda Introduction The mobile security
More informationIndustrial Control System Security white paper
Industrial Control System Security white paper The top 10 threats to automation and process control systems and their countermeasures with INSYS routers Introduction With the advent of M2M (machine to
More informationHow Next Generation Trusted Identities Can Help Transform Your Business
SESSION ID: SPO-W09B How Next Generation Trusted Identities Can Help Transform Your Business Chris Taylor Senior Product Manager Entrust Datacard @Ctaylor_Entrust Identity underpins our PERSONAL life 2
More informationCitrix XenMobile and Windows 10
White Paper Citrix XenMobile and Windows 10 Citrix XenMobile and Windows 10 With version 10, Windows has moved the once desktop operating system firmly into the era of the mobility and the cloud. Windows
More informationBring Your Own Device. Peter Silva Technical Marketing Manager
Bring Your Own Device Peter Silva Technical Marketing Manager Bring-Your-Own-Device (BYOD) Personal devices for business apps Why implement BYOD? Increase employee satisfaction, productivity Reduce mobile
More informationMOBILE THREAT PREVENTION
MOBILE THREAT PREVENTION BEHAVIORAL RISK ANALYSIS AN ADVANCED APPROACH TO COMPREHENSIVE MOBILE SECURITY Accurate threat detection and efficient response are critical components of preventing advanced attacks
More informationJuniper Vendor Security Requirements
Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks
More informationWHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365
WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365 Airwatch Support for Office 365 One of the most common questions being asked by many customers recently is How does AirWatch support Office 365? Customers often
More informationCYBERSECURITY. Recent OCR Actions & Cyber Awareness Newsletters. Claire C. Rosston
CYBERSECURITY Recent OCR Actions & Cyber Awareness Newsletters Claire C. Rosston DISCLAIMER This presentation is similar to any other legal education materials designed to provide general information on
More informationConsolidated Edition. 5th Annual State of Application Security Report Perception vs. Reality
Consolidated Edition 5th Annual State of Application Security Report Perception vs. Reality January 2016 State of Application Security Report Consolidated Edition 2 Table of Contents Executive Summary...
More informationA Mobile Security Checklist: The Top Ten Threats to Your Enterprise Today. White Paper
A Mobile Security Checklist: The Top Ten Threats to Your Enterprise Today White Paper As enterprises mobilize business processes, more and more sensitive data passes through and resides on mobile devices.
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationME?
ME? VULNEX: Blog: Twitter: www.vulnex.com www.simonroses.com @simonroses TALK OBJECTIVES Apps are the new Web Peek into current state of Apps security on Markets Bugs will be revealed but not the victims
More informationSECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi
SECURITY ON PUBLIC WI-FI New Zealand A guide to help you stay safe online while using public Wi-Fi WHAT S YOUR WI-FI PASSWORD? Enter password for the COFFEE_TIME Wi-Fi network An all too common question
More informationMBFuzzer - MITM Fuzzing for Mobile Applications
MBFuzzer - MITM Fuzzing for Mobile Applications Fatih Özavcı Mentor of MBFuzer @ yakindanegitim.org fatih.ozavci at gamasec.net gamasec.net/fozavci Scope Yakindan Egitim Project Security Vulnerabilities
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationWeb Application Penetration Testing
Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate
More informationCourse 834 EC-Council Certified Secure Programmer Java (ECSP)
Course 834 EC-Council Certified Secure Programmer Java (ECSP) Duration: 3 days You Will Learn How To Apply Java security principles and secure coding practices Java Security Platform, Sandbox, JVM, Class
More informationBYOD: BRING YOUR OWN DEVICE.
white paper BYOD: BRING YOUR OWN DEVICE. On-BOaRDING and Securing DEVICES IN YOUR Corporate NetWORk PrepaRING YOUR NetWORk to MEEt DEVICE DEMaND The proliferation of smartphones and tablets brings increased
More information2013 InterWorks, Page 1
2013 InterWorks, Page 1 The BYOD Phenomenon 68% of devices used by information workers to access business applications are ones they own themselves, including laptops, smartphones, and tablets. IT organizations
More informationAndroid security enforcements
Android security enforcements Hello DroidCon! Javier Cuesta Gómez Android Engineer manager @Grab Android 2017 security 450 reports $1.1 payout The most difficult OWASP security risks: Unintended data leakage
More informationSafety and Security. April 2015
Safety and Security April 2015 Protecting your smartphone and your data 2 Set a passcode on your smartphone For some smartphone models: 1. Go to Settings. 2. Tap ID & Passcode. 3. Set a 4-digit passcode.
More information2016 BITGLASS, INC. mobile. solution brief
mobile solution brief BYOD Security has been a constant challenge for many enterprises. Stories of failed MDM deployments are rampant, with firms struggling achieve meaningful adoption. According to the
More informationAchieving End-to-End Security in the Internet of Things (IoT)
Achieving End-to-End Security in the Internet of Things (IoT) Optimize Your IoT Services with Carrier-Grade Cellular IoT June 2016 Achieving End-to-End Security in the Internet of Things (IoT) Table of
More informationSECURE, CENTRALIZED, SIMPLE
1 SECURE, CENTRALIZED, SIMPLE Multi-platform Enterprise Mobility Management Whitepaper 2 Controlling it all from one place BlackBerry Enterprise Service 10 (BES10) is an end-to-end, multi-platform, device,
More informationCisco Desktop Collaboration Experience DX650 Security Overview
White Paper Cisco Desktop Collaboration Experience DX650 Security Overview Cisco Desktop Collaboration Experience DX650 Security Overview The Cisco Desktop Collaboration Experience DX650 (Cisco DX650)
More informationPulseway Security White Paper
Pulseway Security White Paper Table of Contents 1. Introduction 2. Encryption 2.1 Transport Encryption 2.2 Message Encryption 3. Brute-Force Protection 4. DigiCert Code Signing Certificate 5. Datacenter
More informationFive Tips to Mastering Enterprise Mobility
Five Tips to Mastering Enterprise Mobility Table of Contents Introduction Tip 1: Assess Your Environment Tip 2: Review Security Protocols Tip 3: Be Smart About BYOD Tip 4: Consider Customized Mobility
More informationSecuring Today s Mobile Workforce
WHITE PAPER Securing Today s Mobile Workforce Secure and Manage Mobile Devices and Users with Total Defense Mobile Security Table of Contents Executive Summary..................................................................................
More informationInternet of Things Toolkit for Small and Medium Businesses
Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors
More informationSecuring Digital Applications
Securing Digital Applications Chris Lewis: Certification Director Agenda The problem and solution The Kitemark and how it works ISO/IEC 27001 (Information Security Management Standard) OWASP ASVS v2 CVSS
More informationProcedure: Bring your own device
Procedure: Bring your own device Purpose This procedure defines the obligations for all authorised users who choose to connect a personally owned device to the University s network or who use their personal
More informationPLATFORM CONVERGENCE JOURNEY
Windows 10 Client PLATFORM CONVERGENCE JOURNEY Converged OS kernel Converged app model Windows 10 DEPLOYMENT CHOICES Wipe-and-Load In-Place Provisioning Traditional process Capture data and settings
More informationSophos Mobile Control startup guide. Product version: 7
Sophos Mobile Control startup guide Product version: 7 Contents 1 About this guide...4 2 About Sophos Mobile Control...5 3 Sophos Mobile Control licenses...7 3.1 Trial licenses...7 3.2 Upgrade trial licenses
More informationCompTIA Security+ Study Guide (SY0-501)
CompTIA Security+ Study Guide (SY0-501) Syllabus Session 1 At the end of this session, students will understand what risk is and the basics of what it means to have security in an organization. This includes
More informationOWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
More informationCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,
More informationGoogle Identity Services for work
INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new
More informationDrone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created
Drone - 2 04/12/2018 Threat Model Description Threats Threat Source Risk Status Date Created Mobile Phone: Sensitive Data Leakage Smart Devices Mobile Phone: Session Hijacking Smart Devices Mobile Phone:
More informationInformation Security in Corporation
Information Security in Corporation System Vulnerability and Abuse Software Vulnerability Commercial software contains flaws that create security vulnerabilities. Hidden bugs (program code defects) Zero
More informationSECURITY TESTING. Towards a safer web world
SECURITY TESTING Towards a safer web world AGENDA 1. 3 W S OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS ate: 2013-14 Few Security Breaches September
More informationWindows 10. Tech Note. Open the Window to Endless Possibilities. Windows for the Enterprise. Universal App Experience
Windows 10 ENTERPRISE MOBILITY MANAGEMENT Tech Note Open the Window to Endless Possibilities Windows 10 shows a renewed focus on the Enterprise. It successfully harmonizes user experience and device management
More information01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED
01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED Contents 1. Introduction 3 2. Security Testing Methodologies 3 2.1 Internet Footprint Assessment 4 2.2 Infrastructure Assessments
More informationAuditing Bring Your Own Devices (BYOD) Risks. Shannon Buckley
Auditing Bring Your Own Devices (BYOD) Risks Shannon Buckley Agenda 1. Understanding the trend towards BYOD. 2. Weighing up the cost benefit vs. the risks. 3. Identifying and mitigating the risks. 4. Tips
More informationWHAT S NEW IN SECURITY+ SY0-401?
WHAT S NEW IN SECURITY+ SY0-401? PRESENTED BY NETCOM LEARNING PRESENTER BRAD PARKER, MCT WHY SHOULD I TAKE SYO-401? CompTIA has increased the coverage of the Security+ exam Demonstrates a better understanding
More informationTHE ULTIMATE SOLUTION TO SECURE MOBILE COMMUNICATIONS AND DEVICES
THE ULTIMATE SOLUTION TO SECURE MOBILE COMMUNICATIONS AND DEVICES Mobility and cybersecurity concerns Why is it important? + 38% worldwide annual growth in enterprise cyber-attacks in 2015. Source : PwC
More informationKen Agress, Senior Consultant PlanNet Consulting, LLC.
Elements of a Vulnerability Assessment Ken Agress, Senior Consultant PlanNet Consulting, LLC. Defining a Vulnerability Assessment Agenda Types of Vulnerability Assessments Are You Ready for an Assessment?
More informationProtecting Health Information
Agenda Protecting Health Information BRONSON HEALTHCARE GROUP INFORMATION TECHNOLOGY SECURITY ENGINEERING MICHAEL SMITH Personal device usage with sensitive data Mobile devices and BYOD Secure messaging
More informationMOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner
MOBILE SECURITY 2017 SPOTLIGHT REPORT Group Partner Information Security PRESENTED BY OVERVIEW Security and privacy risks are on the rise with the proliferation of mobile devices and their increasing use
More informationEnterprise Mobile Management (EMM) Policies
Enterprise Mobile Management (EMM) Policies Best Practices Guide Copyright 2016 Fiberlink, an IBM Company. All rights reserved. Information in this document is subject to change without notice. The software
More informationMOBILE SECURITY OVERVIEW. Tim LeMaster
MOBILE SECURITY OVERVIEW Tim LeMaster tim.lemaster@lookout.com Your data center is in the cloud. Your users and customers have gone mobile. Starbucks is your fall-back Network. Your mobile device is a
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationTopics. Ensuring Security on Mobile Devices
Ensuring Security on Mobile Devices It is possible right? Topics About viaforensics Why mobile security matters Types of security breaches and fraud Anticipated evolution of attacks Common mistakes that
More informationC and C++ Secure Coding 4-day course. Syllabus
C and C++ Secure Coding 4-day course Syllabus C and C++ Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted toward our systems. This course
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationAdvanced Ethical Hacking & Penetration Testing. Ethical Hacking
Summer Training Internship Program 2017 (STIP - 2017) is a practical oriented & industrial level training program for all students who have aspiration to work in the core technical industry domain. This
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationStudents should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:
Secure Java Web Application Development Lifecycle - SDL (TT8325-J) Day(s): 5 Course Code: GK1107 Overview Secure Java Web Application Development Lifecycle (SDL) is a lab-intensive, hands-on Java / JEE
More informationAdaptacyjny dostęp do aplikacji wszędzie i z każdego urządzenia
Adaptacyjny dostęp do aplikacji wszędzie i z każdego urządzenia F5 EMEA Webinar Listopad 2014 Andrzej Kroczek Field Systems Engineer Today s Network and App Access: So Many Variables! LOCATIONS USERS DEVICES
More informationOWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati
OWASP TOP 10 2017 Release Andy Willingham June 12, 2018 OWASP Cincinnati Agenda A quick history lesson The Top 10(s) Web Mobile Privacy Protective Controls Why have a Top 10? Software runs the world (infrastructure,
More informationSECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA
SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA CTO Office www.digi.me another Engineering Briefing digi.me keeping your data secure at all times ALL YOUR DATA IN ONE PLACE TO SHARE WITH PEOPLE WHO
More informationTRAINING CURRICULUM 2017 Q2
TRAINING CURRICULUM 2017 Q2 Index 3 Why Security Compass? 4 Discover Role Based Training 6 SSP Suites 7 CSSLP Training 8 Course Catalogue 14 What Can We Do For You? Why Security Compass? Role-Based Training
More informationSecuring Institutional Data in a Mobile World
University of Wisconsin Madison Securing Institutional Data in a Mobile World July 13, 2017 Securing Institutional Data in a Mobile World / Agenda 01 What is a mobile device? 02 Protecting institutional
More informationCertificate Enrollment for the Atlas Platform
Certificate Enrollment for the Atlas Platform Certificate Distribution Challenges Digital certificates can provide a secure second factor for authenticating connections from MAP-wrapped enterprise apps
More informationOctober 2016 Issue 07/16
IPPF: NEW IMPLEMENTATION GUIDES - IG 1100, IG 1110, IG 1111, IG 1120 and IG 1130 The IIA has released new Implementation Guides (IG) addressing the following standards: Standard 1100: Independence and
More informationNow? Ron LaPedis, CISSP-ISSAP, ISSMP, MBCP, MBCI SPYRUS, Inc. Michael F. Angelo, CSA NetIQ Corporation
Bring Your Own Computer To Title Work of - Presentation What Now? Ron LaPedis, CISSP-ISSAP, ISSMP, MBCP, MBCI SPYRUS, Inc Michael F. Angelo, CSA NetIQ Corporation Bring your own computer BYOC is Consumerization
More informationSecurity Challenges: Integrating Apple Computers into Windows Environments
Integrating Apple Computers into Windows Environments White Paper Parallels Mac Management for Microsoft SCCM 2018 Presented By: Table of Contents Environments... 3 Requirements for Managing Mac Natively
More informationDate Approved: Board of Directors on 7 July 2016
Policy: Bring Your Own Device Person(s) responsible for updating the policy: Chief Executive Officer Date Approved: Board of Directors on 7 July 2016 Date of Review: Status: Every 3 years Non statutory
More information