Published June 16, 2010
Reference - 302 Pages - 9 B/W Illustrations
ISBN 9781439820162 - CAT# K11063
As each generation of portable electronic devices and storage media becomes smaller, higher in capacity, and easier to transport, it’s becoming increasingly difficult to protect the data on these devices while still enabling their productive use in the workplace. Explaining how mobile devices can create backdoor security threats, Mobile Device Security: A Comprehensive Guide to Securing Your Information in a Moving World specifies immediate actions you can take to defend against these threats. It begins by introducing and defining the concepts essential to understanding the security threats to contemporary mobile devices, and then takes readers through all the policy, process, and technology decisions that must be made to create an effective security strategy.
Highlighting the risks inherent when mobilizing data, the text supplies a proven methodology for identifying, analyzing, and evaluating these risks. It examines the various methods used to store and transport mobile data and illustrates how the security of that data changes as it moves from place to place. Addressing the technical, operational, and compliance issues relevant to a comprehensive mobile security policy, the text:
Securing your mobile data requires the proper balance between security, user acceptance, technology capabilities, and resource commitment. Supplying real-life examples and authoritative guidance, this complete resource walks you through the process of creating an effective mobile security program and provides the understanding required to develop a customized approach to securing your information.
How Did We Get Here?
The Beginning of the End
Where We Are Now
The Real Problems
What You'll Learn In This Book
A Note on Technology and Terminology
What Are You Trying to Protect?
Finding a Definition for Mobile Data
Mobile Data Scenarios
Other Factors to Consider
Defining a Mobile Device
Distinct, but Intertwined
Movable Data, Movable Risk
Following the Path
The Effect on Our Approach
It’s All About the Risk
Loss or Disclosure of Data to Inappropriate Persons
Loss of Money
Loss of Trust or Damage to Your Reputation
You are Not Immune
Risk, Threat, And Value
Evaluating Your Risks
How Valuable Is Your Data?
What about Countermeasures?
The Many Faces of Mobility
Following the Bits
Portable Storage Devices
Smartphones and Personal Digital Assistants
Optical Media (CD and DVD)
Instant Messaging and Text Messaging
Data at Rest, Data in Motion
It’s All a Matter of Physics
Protecting Data at Rest
Protecting Data in Motion
Mobile Data Security Models
A Device-Centric Model
A Data-Centric Model
Which Model Do You Choose?
The Importance of Standards
When to Use Encryption
Infrastructure and Work Flow Compatibility
Mobile Data Encryption Methods
Defense in Depth: Mobile Security Controls
Countermeasures as Controls
Directive and Administrative Controls
Defense in Depth: Specific Technology Controls
Portable Computer Controls
Dual Use Devices
Smartphones and PDAs
Instant Messaging (IM) and Text Messaging (SMS)
Creating a Mobile Security Policy
Setting the Goal Statement
Mobile Device Issues
Mobile Data Issues
Defining Technology Standards
Data Protection Standards
When are Protections Required?
Building the Business Case for Mobile Security
Identifying the Catalyst
Determining the Impact of the Problem
Describe the Current State of Controls
The Proposed Solution
Program Time Line
Each chapter includes a "Conclusion" and an "Action Plan"
Writing with organizations in mind, Fried, an information security professional who creates security programs for large companies, presents a guide to securing mobile data and devices against threats, and the policy, process, and technology decisions needed to create effective security strategy. He covers the risks involved in mobile data and identifying, analyzing, and evaluating them; methods used to store and transport data and how its security changes as it moves from place to place; the advantages and disadvantages of different security models; encryption; mobile security and specific technology controls; creating a policy; and the elements of a mobile security business case.
—In Research Book News, booknews.com, February 2011