1st Edition
Mobile Device Security A Comprehensive Guide to Securing Your Information in a Moving World
As each generation of portable electronic devices and storage media becomes smaller, higher in capacity, and easier to transport, it’s becoming increasingly difficult to protect the data on these devices while still enabling their productive use in the workplace. Explaining how mobile devices can create backdoor security threats, Mobile Device Security: A Comprehensive Guide to Securing Your Information in a Moving World specifies immediate actions you can take to defend against these threats. It begins by introducing and defining the concepts essential to understanding the security threats to contemporary mobile devices, and then takes readers through all the policy, process, and technology decisions that must be made to create an effective security strategy.
Highlighting the risks inherent when mobilizing data, the text supplies a proven methodology for identifying, analyzing, and evaluating these risks. It examines the various methods used to store and transport mobile data and illustrates how the security of that data changes as it moves from place to place. Addressing the technical, operational, and compliance issues relevant to a comprehensive mobile security policy, the text:
- Provides methods for modeling the interaction between mobile data and mobile devices—detailing the advantages and disadvantages of each
- Explains how to use encryption and access controls to protect your data
- Describes how to layer different technologies to create a resilient mobile data protection program
- Provides examples of effective mobile security policies and discusses the implications of different policy approaches
- Highlights the essential elements of a mobile security business case and provides examples of the information such proposals should contain
- Reviews the most common mobile device controls and discusses the options for implementing them in your mobile environment
Securing your mobile data requires the proper balance between security, user acceptance, technology capabilities, and resource commitment. Supplying real-life examples and authoritative guidance, this complete resource walks you through the process of creating an effective mobile security program and provides the understanding required to develop a customized approach to securing your information.
Introduction
How Did We Get Here?
The Beginning of the End
Where We Are Now
The Real Problems
What You'll Learn In This Book
A Note on Technology and Terminology
Final Thoughts
What Are You Trying to Protect?
Finding a Definition for Mobile Data
Mobile Data Scenarios
Other Factors to Consider
Defining a Mobile Device
Distinct, but Intertwined
Movable Data, Movable Risk
Following the Path
The Effect on Our Approach
It’s All About the Risk
Loss or Disclosure of Data to Inappropriate Persons
Loss of Money
Loss of Trust or Damage to Your Reputation
You are Not Immune
Risk, Threat, And Value
Evaluating Your Risks
How Valuable Is Your Data?
What about Countermeasures?
The Many Faces of Mobility
Following the Bits
Portable Storage Devices
Tape Storage
Dual-Use Devices
Smartphones and Personal Digital Assistants
Optical Media (CD and DVD)
Portable Computers
Electronic Mail
Instant Messaging and Text Messaging
Data at Rest, Data in Motion
It’s All a Matter of Physics
More Definitions
Protecting Data at Rest
Protecting Data in Motion
Mobile Data Security Models
A Device-Centric Model
A Data-Centric Model
Which Model Do You Choose?
Encryption
The Importance of Standards
Symmetric Encryption
Asymmetric Encryption
When to Use Encryption
Infrastructure and Work Flow Compatibility
Encryption Impediments
Mobile Data Encryption Methods
Defense in Depth: Mobile Security Controls
Countermeasures as Controls
Directive and Administrative Controls
Deterrent Controls
Preventative Controls
Detective Controls
Physical Security
Defense in Depth: Specific Technology Controls
Portable Computer Controls
Dual Use Devices
Smartphones and PDAs
Optical Media
Email
Instant Messaging (IM) and Text Messaging (SMS)
Creating a Mobile Security Policy
Setting the Goal Statement
Mobile Device Issues
Mobile Data Issues
Defining Technology Standards
Data Protection Standards
When are Protections Required?
Building the Business Case for Mobile Security
Identifying the Catalyst
Determining the Impact of the Problem
Describe the Current State of Controls
The Proposed Solution
Program Time Line
Financial Analysis
Each chapter includes a "Conclusion" and an "Action Plan"
Biography
Stephen Fried is a seasoned information security professional with more than 25 years experience in information technology. For the past 14 years, Stephen has concentrated his efforts on providing effective information security leadership to large organizations. He has led the creation of security programs for Fortune 500 companies and has extensive background in such diverse security issues as risk assessment and management, security policy development, security architecture, infrastructure and perimeter security design, outsource relationship security, offshore development, intellectual property protection, security technology development, business continuity, secure e-business design, and information technology auditing. A frequent invited speaker at conferences, Stephen is also active in many security industry organizations. He is a contributing author to the Information Security Management Handbook and has also been quoted in Secure Enterprise and CIO Decisions.
Writing with organizations in mind, Fried, an information security professional who creates security programs for large companies, presents a guide to securing mobile data and devices against threats, and the policy, process, and technology decisions needed to create effective security strategy. He covers the risks involved in mobile data and identifying, analyzing, and evaluating them; methods used to store and transport data and how its security changes as it moves from place to place; the advantages and disadvantages of different security models; encryption; mobile security and specific technology controls; creating a policy; and the elements of a mobile security business case.
—In Research Book News, booknews.com, February 2011