Mobile Device Security: A Comprehensive Guide to Securing Your Information in a Moving World, 1st Edition (Hardback) book cover

Mobile Device Security

A Comprehensive Guide to Securing Your Information in a Moving World, 1st Edition

By Stephen Fried

Auerbach Publications

302 pages | 9 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9781439820162
pub: 2010-06-16
$82.95
x


FREE Standard Shipping!

Description

As each generation of portable electronic devices and storage media becomes smaller, higher in capacity, and easier to transport, it’s becoming increasingly difficult to protect the data on these devices while still enabling their productive use in the workplace. Explaining how mobile devices can create backdoor security threats, Mobile Device Security: A Comprehensive Guide to Securing Your Information in a Moving World specifies immediate actions you can take to defend against these threats. It begins by introducing and defining the concepts essential to understanding the security threats to contemporary mobile devices, and then takes readers through all the policy, process, and technology decisions that must be made to create an effective security strategy.

Highlighting the risks inherent when mobilizing data, the text supplies a proven methodology for identifying, analyzing, and evaluating these risks. It examines the various methods used to store and transport mobile data and illustrates how the security of that data changes as it moves from place to place. Addressing the technical, operational, and compliance issues relevant to a comprehensive mobile security policy, the text:

  • Provides methods for modeling the interaction between mobile data and mobile devices—detailing the advantages and disadvantages of each
  • Explains how to use encryption and access controls to protect your data
  • Describes how to layer different technologies to create a resilient mobile data protection program
  • Provides examples of effective mobile security policies and discusses the implications of different policy approaches
  • Highlights the essential elements of a mobile security business case and provides examples of the information such proposals should contain
  • Reviews the most common mobile device controls and discusses the options for implementing them in your mobile environment

Securing your mobile data requires the proper balance between security, user acceptance, technology capabilities, and resource commitment. Supplying real-life examples and authoritative guidance, this complete resource walks you through the process of creating an effective mobile security program and provides the understanding required to develop a customized approach to securing your information.

Reviews

Writing with organizations in mind, Fried, an information security professional who creates security programs for large companies, presents a guide to securing mobile data and devices against threats, and the policy, process, and technology decisions needed to create effective security strategy. He covers the risks involved in mobile data and identifying, analyzing, and evaluating them; methods used to store and transport data and how its security changes as it moves from place to place; the advantages and disadvantages of different security models; encryption; mobile security and specific technology controls; creating a policy; and the elements of a mobile security business case.

—In Research Book News, booknews.com, February 2011

Table of Contents

Introduction

How Did We Get Here?

The Beginning of the End

Where We Are Now

The Real Problems

What You'll Learn In This Book

A Note on Technology and Terminology

Final Thoughts

What Are You Trying to Protect?

Finding a Definition for Mobile Data

Mobile Data Scenarios

Other Factors to Consider

Defining a Mobile Device

Distinct, but Intertwined

Movable Data, Movable Risk

Following the Path

The Effect on Our Approach

It’s All About the Risk

Loss or Disclosure of Data to Inappropriate Persons

Loss of Money

Loss of Trust or Damage to Your Reputation

You are Not Immune

Risk, Threat, And Value

Evaluating Your Risks

How Valuable Is Your Data?

What about Countermeasures?

The Many Faces of Mobility

Following the Bits

Portable Storage Devices

Tape Storage

Dual-Use Devices

Smartphones and Personal Digital Assistants

Optical Media (CD and DVD)

Portable Computers

Electronic Mail

Instant Messaging and Text Messaging

Data at Rest, Data in Motion

It’s All a Matter of Physics

More Definitions

Protecting Data at Rest

Protecting Data in Motion

Mobile Data Security Models

A Device-Centric Model

A Data-Centric Model

Which Model Do You Choose?

Encryption

The Importance of Standards

Symmetric Encryption

Asymmetric Encryption

When to Use Encryption

Infrastructure and Work Flow Compatibility

Encryption Impediments

Mobile Data Encryption Methods

Defense in Depth: Mobile Security Controls

Countermeasures as Controls

Directive and Administrative Controls

Deterrent Controls

Preventative Controls

Detective Controls

Physical Security

Defense in Depth: Specific Technology Controls

Portable Computer Controls

Dual Use Devices

Smartphones and PDAs

Optical Media

Email

Instant Messaging (IM) and Text Messaging (SMS)

Creating a Mobile Security Policy

Setting the Goal Statement

Mobile Device Issues

Mobile Data Issues

Defining Technology Standards

Data Protection Standards

When are Protections Required?

Building the Business Case for Mobile Security

Identifying the Catalyst

Determining the Impact of the Problem

Describe the Current State of Controls

The Proposed Solution

Program Time Line

Financial Analysis

Each chapter includes a "Conclusion" and an "Action Plan"

About the Author

Stephen Fried is a seasoned information security professional with more than 25 years experience in information technology. For the past 14 years, Stephen has concentrated his efforts on providing effective information security leadership to large organizations. He has led the creation of security programs for Fortune 500 companies and has extensive background in such diverse security issues as risk assessment and management, security policy development, security architecture, infrastructure and perimeter security design, outsource relationship security, offshore development, intellectual property protection, security technology development, business continuity, secure e-business design, and information technology auditing. A frequent invited speaker at conferences, Stephen is also active in many security industry organizations. He is a contributing author to the Information Security Management Handbook and has also been quoted in Secure Enterprise and CIO Decisions.

Subject Categories

BISAC Subject Codes/Headings:
BUS073000
BUSINESS & ECONOMICS / Commerce
COM032000
COMPUTERS / Information Technology
COM053000
COMPUTERS / Security / General