 "Mobile Devices Pose Greatest Threat To Confidential Information")
ISACA released a white paper detailing how the increasing popularity of mobile devices poses a significant threat of leaking confidential enterprise information and intellectual property.
In a complimentary new white paper titled “Securing Mobile Devices,” ISACA noted that the use of wireless networks, typically less secure than wired networks, leaves information at greater risk for interception. From smartphones to USB sticks, many devices also store data that are unencrypted, which can result in sensitive information being compromised through interception and device theft or loss. Mobile devices can also be the targets of malware attacks as employees carry them beyond the protection of their company’s network.
According to the Ponemon Institute’s Global 2009 Annual Study on Cost of a Data Breach, 32 percent of all data breach cases in the study involved lost or stolen laptop computers or other mobile data-bearing devices. While the average organisational cost of a data breach was US $3.4 million, all countries in the study reported noticeably higher data breach costs associated with mobile incidents.
“Ironically, many of the risks associated with mobile devices exist because of their biggest benefit: portability,” said Mark Lobel, White Paper Project Development Team Member, CISA, CISM, CISSP, and Principal, PricewaterhouseCoopers, ISACA. “To help their company meet its goals of protecting intellectual property and sustaining competitive advantage, information security managers need to create an easily understood and executable policy that protects against risks related to leaking confidential data and malware.”
ISACA advocates that the following issues be considered when designing a mobile device strategy:
- Define allowable device types (enterprise-issued only vs. personal devices).
- Define the nature of services accessible through the devices.
- Identify the way employees use the devices, taking into account the organisation’s corporate culture, as well as human factors
- Integrate all enterprise-issued devices into an asset management program.
- Describe the type of authentication and encryption that must be present on devices.
- Clarify how data should be securely stored and transmitted.
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
