ebook img

Security and Auditing of Smart Devices: Managing Proliferation of Confidential Data on Corporate and BYOD Devices PDF

221 Pages·2016·14.258 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Security and Auditing of Smart Devices: Managing Proliferation of Confidential Data on Corporate and BYOD Devices

Internal Audit and IT Audit Series Editor: Dan Swanson Cognitive Hack: The New Battleground in Internal Audit Practice from A to Z Cybersecurity ... the Human Mind Patrick Onwura Nzechukwu James Bone ISBN 978-1-4987-4205-4 ISBN 978-1-4987-4981-7 Leading the Internal Audit Function Lynn Fountain The Complete Guide to Cybersecurity ISBN 978-1-4987-3042-6 Risks and Controls Anne Kohnke, Dan Shoemaker, Mastering the Five Tiers and Ken E. Sigler of Audit Competency: ISBN 978-1-4987-4054-8 The Essence of Effective Auditing Ann Butera Corporate Defense and the Value ISBN 978-1-4987-3849-1 Preservation Imperative: Bulletproof Your Corporate Operational Assessment of IT Defense Program Steve Katzman Sean Lyons ISBN 978-1-4987-3768-5 ISBN 978-1-4987-4228-3 Operational Auditing: Principles and Techniques for Data Analytics for Internal Auditors a Changing World Richard E. Cascarino Hernan Murdock ISBN 978-1-4987-3714-2 ISBN 978-1-4987-4639-7 Ethics and the Internal Auditor’s Practitioner’s Guide to Business Impact Political Dilemma: Analysis Tools and Techniques to Evaluate Priti Sikdar a Company’s Ethical Culture ISBN 978-1-4987-5066-0 Lynn Fountain ISBN 978-1-4987-6780-4 Securing an IT Organization through Governance, Risk Management, A Guide to the National Initiative and Audit for Cybersecurity Education (NICE) Ken E. Sigler and James L. Rainey, III Cybersecurity Workforce ISBN 978-1-4987-3731-9 Framework (2.0) Security and Auditing of Smart Devices: Dan Shoemaker, Anne Kohnke, Managing Proliferation of Confidential Data and Ken Sigler on Corporate and BYOD Devices ISBN 978-1-4987-3996-2 Sajay Rai, Philip Chukwuma, and Richard Cozart Implementing Cybersecurity: ISBN 978-1-4987-3883-5 A Guide to the National Institute of Standards and Technology Risk Software Quality Assurance: Management Framework Integrating Testing, Security, and Audit Anne Kohnke, Ken Sigler, and Dan Shoemaker Abu Sayed Mahfuz ISBN 978-1-4987-8514-3 ISBN 978-1-4987-3553-7 CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2017 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Printed on acid-free paper Version Date: 20160923 International Standard Book Number-13: 978-1-4987-3883-5 (Hardback) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmit- ted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copyright. com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Library of Congress Cataloging‑in‑Publication Data Names: Rai, Sajay, author. | Chukwuma, Philip, author. | Cozart, Richard, author. Title: Security and auditing of smart devices : managing proliferation of confidential data on corporate and BYOD devices / by Sajay Rai, CPA, CISSP, CISM, Philip Chukwuma, CISSP, Richard Cozart. Description: Boca Raton, FL : Taylor & Francis Group, LLC, CRC Press is an imprint of Taylor & Francis Group, an Informa Business, [2017] Identifiers: LCCN 2016027167| ISBN 9781498738835 (acid-free paper) | ISBN 9781498738842 (acid-free paper) Subjects: LCSH: Mobile communication systems--Security measures. | Mobile computing--Security measures. | Confidential business information--Protection. | Cell phone systems--Security measures. | Pocket computers--Security measures. Classification: LCC TK5105.59 .R35 2017 | DDC 621.3845/6028558--dc23 LC record available at https://lccn.loc.gov/2016027167 Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com Contents Part I Benefits and risks of smart devices chaPter 1 definition of a smart device 3 1.1 Introduction 3 1.2 Characteristics of a Smart Device 4 1.3 Definition of a Smart Device 6 chaPter 2 ownershiP of devices 9 2.1 Corporate Owned versus Bring Your Own Device versus Company Owned, Personally Enabled 9 2.1.1 Corporate-Owned Devices 10 2.1.2 BYOD 13 2.1.3 COPE 17 chaPter 3 data tyPes 19 3.1 Introduction 19 3.2 Email-Driven Era 19 3.3 Data on Smart Device 20 3.3.1 Entertainment 20 3.3.2 Streaming 21 3.3.3 Office Work 21 3.3.4 Geolocation 22 3.3.5 Messages 24 3.3.6 Financial Information 24 3.4 The Age of the Internet of Things 25 3.4.1 Monitoring and Control 26 v vi Contents 3.5 The Age of Corporate Connectivity 26 3.5.1 Network Connectivity 27 3.5.2 Physical Access Key Code 28 3.5.3 Employee Information 28 3.5.4 Customer and Business Partner Information 28 3.5.5 Product Information 29 3.6 The Age of Repositories 30 3.7 The Age of the Cloud 30 chaPter 4 Uses and Benefits of smart devices 33 4.1 Introduction 33 4.2 Anywhere Communication 33 4.3 Entertainment 35 4.4 Financial Instrument 36 4.4.1 Apple Pay 37 4.4.2 Samsung Pay 38 4.4.3 Square Payment 39 4.5 New Education Format 41 4.6 Emergency Management 45 4.7 Mobile Healthcare 46 4.8 Location Information 49 chaPter 5 risks associated with the Use of smart devices 53 5.1 Introduction 53 5.2 Expansion of the Threat Surface 55 5.3 Data Loss due to Device Loss 56 5.4 Unintentional Disclosure of Data 58 5.5 Improper Disposal and Decommissioning of Device 58 5.6 Phishing Attacks 59 5.7 Spoofing Attacks 61 5.8 Malware Attacks 62 5.9 Spyware Attacks 62 5.10 Network Attacks 64 5.11 Encryption and Sensitive Data Protection 69 5.12 Litigation and Retention 69 5.13 Lack of User Awareness 70 Part II secUrity of smart devices chaPter 6 hardware featUres 75 6.1 Introduction 75 6.2 Secure Boot Process 75 6.3 Cryptography 76 6.3.1 Apple iOS 77 6.3.2 Android 78 6.4 Near-Field Communication 79 Contents vii 6.5 Authentication by Biometric Verification 81 6.5.1 Apple Biometrics 81 6.5.2 Android Biometrics 82 chaPter 7 oPerating system secUrity 85 7.1 Introduction 85 7.2 OS 85 7.2.1 Types of OS 87 7.3 Authentication 88 7.4 Application Security 90 7.5 Permissions 91 7.6 Application Sandbox 94 7.7 Network Services 95 7.7.1 iCloud 95 7.7.2 Android Device Manager 97 7.8 Jailbreaking/Rooting 97 chaPter 8 secUring smart devices 101 8.1 Recommended Methodology 101 8.2 Other Considerations 106 Part III managing smart devices chaPter 9 smart device Use Policy 109 9.1 Introduction 109 9.2 Smart Device Use Agreement 109 9.3 BYOD or Not? 111 9.4 Reimbursement of Smart Devices 111 9.5 Types of Supported OS 112 9.6 Other Considerations 112 chaPter 10 secUrity Policy 115 10.1 Introduction 115 10.2 Password Policy Control 116 10.3 Encryption 116 10.4 Port Control 117 10.5 Remote Lock/Unlock and Wipe 117 10.6 Asset Tracking 118 10.7 Device Configuration 118 10.8 Application Control and Proliferation 118 10.9 Blacklisting/Whitelisting 119 chaPter 11 moBile device management 121 11.1 Introduction 121 11.2 Containerize or Noncontainerize? 122 11.3 MDM Features 123 11.3.1 Remote Wipe 123 11.3.2 Password Enforcement 124 11.3.3 Application Control 124 viii Contents 11.3.4 Jailbreak or Root Detection 124 11.3.5 Encryption 125 11.3.6 Other MDM Features 125 11.4 Microsoft EAS 125 11.5 Full MDM Solutions 127 chaPter 12 registering smart devices 131 12.1 Introduction 131 12.2 Enabling iOS Management 132 12.3 Enabling Android 134 12.3.1 Device Enrollment 134 12.3.2 MDM Administrator Access Authority 140 12.3.3 MDM Administrator Authority 141 chaPter 13 Provisioning email, calendar, and contacts 143 13.1 Introduction 143 13.2 Email Access Using ActiveSync 144 13.3 Email Security Options within ActiveSync 145 chaPter 14 aPPlication develoPment and dePloyment 153 14.1 Introduction 153 14.2 Smart Device App Considerations 153 14.3 Smart Device Applications 155 14.4 Smart Device Website 156 14.5 Application Development 158 14.6 Application Distribution 158 chaPter 15 connecting to corPorate network 161 15.1 Introduction 161 15.2 Dangers of Smart Devices to the Corporate Network 161 15.3 Connecting a Smart Device to a VPN 162 15.4 Apple iOS VPN Support 163 15.5 Android VPN Support 164 15.6 Types of VPN Available to Smart Devices 165 15.6.1 Always-On VPN 165 15.6.2 Per-User/Per-Profile VPN 166 15.6.3 Per-App VPN 167 15.6.4 VPN on Demand 167 15.7 Importance of VPN to Smart Device Usage 168 Part IV comPliance chaPter 16 comPliance 171 16.1 Introduction 171 16.2 HIPAA 171 16.3 Payment Card Industry Data Security Standards 174 Contents ix 16.4 Off-the-Shelf Payment Acceptance Solution 175 16.5 Build Your Own Payment Acceptance Solution 176 16.6 e-Discovery 177 16.7 Litigation Hold 178 16.8 Export Regulations 178 16.9 Compliance Challenges 179 Part V rePorting, monitoring, and aUditing chaPter 17 rePorting, monitoring, and aUditing 183 17.1 Introduction 183 17.2 Dashboard 183 17.3 Auditing 184 chaPter 18 samPle aUdit Plan 185 Part VI samPles index 199

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.