BYOD An Interpretive Dance

Similar documents
Auditing Bring Your Own Devices (BYOD) Risks. Shannon Buckley

S T A N D A R D : M O B I L E D E V I C E S

Changing face of endpoint security

Mobile Device policy Frequently Asked Questions April 2016

Securing Institutional Data in a Mobile World

Securing Today s Mobile Workforce

Internet of Things Toolkit for Small and Medium Businesses

Steps to Eradicate Text Messaging Risk

GM Information Security Controls

Run the business. Not the risks.

BYOD (Bring Your Own Device): Employee-owned Technology in the Workplace

How To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation

BYOD Policy. Table of Contents

Choosing the Right Security Assessment

A Mobile Security Checklist: The Top Ten Threats to Your Enterprise Today. White Paper

Agenda. BYOD, Texting & Social Media How to Keep BYODFrom Becoming OMG! Introduction BYOD Defined Trends By the Numbers

User-to-Data-Center Access Control Using TrustSec Design Guide

BRING YOUR OWN DEVICE: POLICY CONSIDERATIONS

INFORMATION ASSET MANAGEMENT POLICY

Cybersecurity Auditing in an Unsecure World

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

BlackBerry WorkLife Persona. The Challenge. The Solution. Datasheet

Cyber Security Program

An ICS Whitepaper Choosing the Right Security Assessment

COMPLIANCE BRIEF: HOW VARONIS HELPS WITH PCI DSS 3.1

Building YOUR Privacy Program: One Size Does Not Fit All. IBM Security Services

Five Tips to Mastering Enterprise Mobility

Recommendations on How to Tackle the D in GDPR. White Paper

Session ID: CISO-W22 Session Classification: General Interest

Frameworks and Standards

Avoiding the Pitfalls of Bring Your Own Device Policies

Sage Canadian SMB Survey on Mobile Devices March 2013

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

BYOD in the Workplace. A Webanywhere Free Guide

Webinar: Mitigating the risks of uncontrolled content access from mobile devices. Presented By: Brian Ulmer, Product Management Director

Mobility best practice. Tiered Access at Google

Securing BYOD With Network Access Control, a Case Study

BYOD WORK THE NUTS AND BOLTS OF MAKING. Brent Gatewood, CRM

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

Transforming Security Part 2: From the Device to the Data Center

Mobile Device Management: A Real Need for the Mobile World

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL. June 14, 2018

Enabling Your Business through Mobile Risk Management

2014 SCCE Compliance & Ethics Institute. Session 506 Bring Your Own Device(BYOD)

Jim Donaldson, M.S., MPA, CHC, CIPP/US, CISSP. Director of Compliance, Chief Privacy and Information Security Officer. Pensacola, Florida

Data Security and Privacy at Handshake

RSA Data Loss Prevention: Policy to Remediation

Protecting Health Information

Seven Requirements for Successfully Implementing Information Security Policies and Standards

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

THE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY :

Demystifying Microsoft Desktop Licensing

THREE-PART GUIDE TO DEVELOPING A BYOD STRATEGY WHITE PAPER FEBRUARY 2017

Interactive Remote Access FERC Remote Access Study Compliance Workshop October 27, Eric Weston Compliance Auditor Cyber Security.

CYBERSECURITY. Recent OCR Actions & Cyber Awareness Newsletters. Claire C. Rosston

Virtual Machine Encryption Security & Compliance in the Cloud

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

2013 InterWorks, Page 1

Oracle Data Cloud ( ODC ) Inbound Security Policies

Mobility, Security Concerns, and Avoidance

Security Issues and Best Practices for Water Facilities

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

BYOD: BRING YOUR OWN DEVICE.

THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY:

Data Security and Privacy Principles IBM Cloud Services

Apple ios Enterprise Mobility Management (cloud based)

Data Governance Quick Start

encrypted, and that all portable devices (laptops, phones, thumb drives, etc.) be encrypted while in use and while at rest?

The CERT Top 10 List for Winning the Battle Against Insider Threats

Mobile Devices prioritize User Experience

The McGill University Health Centre (MUHC)

EU GDPR & ISO Integrated Documentation Toolkit integrated-documentation-toolkit

Privacy By Design: Privacy smart from the start. Agenda. 1. About Deloitte. 2. Privacy Incidents Around the World. 3. Privacy Smart from the Start

Mitigating Cybersecurity Risk with Hyper-Segmentation

Internet, , Social Networking, Mobile Device, and Electronic Communication Policy

Utopia Leisure Ltd. Privacy Policy Author: Utopia Leisure Ltd. Revision Date: 13/02/2018 Version: V1.4

3-Part Guide to Developing a BYOD Strategy

General Data Protection Regulation (GDPR) The impact of doing business in Asia

TSC Business Continuity & Disaster Recovery Session

In(sta)Security: Managing the BYOD Risk. Davi Ottenheimer flyingpenguin

SOARING THROUGH THE CLOUDS IT S A BREEZE

Protecting your data. EY s approach to data privacy and information security

FortisBC Energy Utilities

Technology Security Failures Common security parameters neglected. Presented by: Tod Ferran

PII Policies and Procedures

The Mobile Risk Management Company. Overview of Fixmo and Mobile Risk Management (MRM) Solutions

Mobile Security Trends in the Workplace

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

Juniper Vendor Security Requirements

BYOD Business year of decision!

BYOD. Transformation. Joe Leonard Director, Secure Networks. April 3, 2013

Implementing Your BYOD Mobility Strategy An IT Checklist and Guide

Sample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.

Trinity Multi Academy Trust

Advent IM Ltd ISO/IEC 27001:2013 vs

The Device Has Left the Building

Operationalize Security To Secure Your Data Perimeter

Incident Response and Cybersecurity: A View from the Boardroom

Transcription:

BYOD An Interpretive Dance SESSION ID: DSP-F02 Constantine Karbaliotis Americas Privacy Leader Mercer Ellen Marie Giblin Privacy and Data Protection Group Leader Ashcroft Law Firm

BYOD An Interpretive Dance Security and Privacy engage in a dance with the Users Whose toes will get stepped on?

BYOD An Interpretive Dance! Agenda BYOD A New Interpretation BYOD Redefined - A New Dance BYOD Privacy vs. Security Risks BYOD Mechanisms to Address Risk

BYOD A New Interpretation! It is a no longer about keeping executives with ipads or Generation X/Y/Z happy that is so.. 2010 It is about the Company Two-Step Expect to Bring It The company laptop will go the way of the Company Car Promised cost savings to companies will be staggering Choice and flexibility Your choice and we can be flexible! Costs/Benefits/Risks Shifting the risk to the user, then shifts the cost as well, and that is the benefit Or, is there an encore to this dance

BYOD Redefined A New Dance! Employee-owned mobile devices in the workplace paid by the end user, the organization, or through shared payment Explicitly requires the relaxation of the standard that only organizational devices can be used for work-related purposes However, your dance moves and your partner s (your device) will be defined and monitored by the enterprise Risk Assessment vs. Cost Benefit Analysis

Security Risks v. Privacy Risks Security Risks Exposure of organizational infrastructure, data Ownership risks Undisciplined use apps, usage, malware Management of multiple O/S, carriers, configurations, proliferation Privacy Risks Regulatory exposure for data lost from BYOD Commingling of personal data belonging to the end user and organizational data Exposure of end user information to the organization Management of end user and organizational data

BYOD An Interpretive Dance Address the Risk BYOD Mechanisms to Address Risks Basic Elements of a Compliance Program Policies & Procedures Technology Solutions Privacy Risk Assessment Security Risk Assessment Data Minimization through Data Mapping

Mechanisms to Address Risk: Basic Elements of a Compliance Program Risk Assessment: Know what data you have through data mapping Know where your data resides Risk Response (Risk Appetite) Understand internal company policy toward Privacy risk Control Activities: Know your System of Internal Controls Information & Communication Define mechanisms to identify, inform and communicate requirements and performance against those requirements Monitoring: Measure compliance *COSO Risk Model

Mechanisms to Address Risk: Policies & Procedures Privacy Policy Who gets to BYOD Employees, contractors, interns? Acceptable Use Requires explicit recognition of what uses are prohibited Information Classification What class of data and level of sensitivity is permitted on devices Information Security Examples: role-based requirements; camera usage; security requirements for Android devices; location use

Mechanisms to Address Risk: Technology Solutions Selection of acceptable devices Avoid proliferation while offering choice Last year s model challenge Requirements include: Compartmentalization of data Encryption Remote wipe of organization data Records management

Mechanisms to Address Risk: Privacy Risk Assessment Development of appropriate policies and technology choices follows an understanding of risks for your organization The purposes of a privacy risk assessment are: To identify and weigh privacy risks for an initiative or project To mitigate the risks as far as reasonably possible To ensure there is an accountable person taking responsibility for accepting the residual risks And to document that you have done all these things! With a privacy risk assessment, organizations consciously accept risk.

Mechanisms to Address Risk: Security Risk Assessment Conduct a Security Risk Assessment along with your Privacy Risk Assessment Consideration needs to be given to what is/needs to be different: Asset & identity management Network access levels and permissions Corporate versus personal apps Protection of end-user data Monitoring & surveillance Ensuring appropriate security controls on end-user devices Theft/loss handling/protocols

Mechanisms to Address Risk: : Data Minimization & Data Mapping Data minimization means minimizing opportunities to collect personal data about others, minimizing the amount of personal data being collected, and minimizing how long personal data is retained Data mapping is an effective way to chart the flow of information into and out of an organization through entities, systems and jurisdictions - and identify key risks, guiding risk mitigation strategies

Let s Dance

Thank You! Please contact: Ellen M. Giblin, Privacy Counsel, CIPP/C/G 617.245.2939 Phone 617.933.7607 Fax 617.543.2421 Mobile egiblin@ashcroftlawfirm.com Email

Thank You! Please contact: Constantine Karbaliotis Mercer 161 Bay St., PO Box 501 Toronto, Ontario M5J 2S5, Canada +1 416.868.2215 Fax +1 416 868 7555 Mobile +1 416 402 9873 constantine.karbaliotis@mercer.com www.mercer.com Mercer

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback