1st Edition

Mobile Device Security A Comprehensive Guide to Securing Your Information in a Moving World

By Stephen Fried Copyright 2010
    302 Pages 9 B/W Illustrations
    by Auerbach Publications

    As each generation of portable electronic devices and storage media becomes smaller, higher in capacity, and easier to transport, it’s becoming increasingly difficult to protect the data on these devices while still enabling their productive use in the workplace. Explaining how mobile devices can create backdoor security threats, Mobile Device Security: A Comprehensive Guide to Securing Your Information in a Moving World specifies immediate actions you can take to defend against these threats. It begins by introducing and defining the concepts essential to understanding the security threats to contemporary mobile devices, and then takes readers through all the policy, process, and technology decisions that must be made to create an effective security strategy.

    Highlighting the risks inherent when mobilizing data, the text supplies a proven methodology for identifying, analyzing, and evaluating these risks. It examines the various methods used to store and transport mobile data and illustrates how the security of that data changes as it moves from place to place. Addressing the technical, operational, and compliance issues relevant to a comprehensive mobile security policy, the text:

    • Provides methods for modeling the interaction between mobile data and mobile devices—detailing the advantages and disadvantages of each
    • Explains how to use encryption and access controls to protect your data
    • Describes how to layer different technologies to create a resilient mobile data protection program
    • Provides examples of effective mobile security policies and discusses the implications of different policy approaches
    • Highlights the essential elements of a mobile security business case and provides examples of the information such proposals should contain
    • Reviews the most common mobile device controls and discusses the options for implementing them in your mobile environment

    Securing your mobile data requires the proper balance between security, user acceptance, technology capabilities, and resource commitment. Supplying real-life examples and authoritative guidance, this complete resource walks you through the process of creating an effective mobile security program and provides the understanding required to develop a customized approach to securing your information.

    Introduction
    How Did We Get Here?
    The Beginning of the End
    Where We Are Now
    The Real Problems
    What You'll Learn In This Book
    A Note on Technology and Terminology
    Final Thoughts

    What Are You Trying to Protect?
    Finding a Definition for Mobile Data
    Mobile Data Scenarios
    Other Factors to Consider
    Defining a Mobile Device
    Distinct, but Intertwined
    Movable Data, Movable Risk
    Following the Path
    The Effect on Our Approach

    It’s All About the Risk
    Loss or Disclosure of Data to Inappropriate Persons
    Loss of Money
    Loss of Trust or Damage to Your Reputation
    You are Not Immune
    Risk, Threat, And Value
    Evaluating Your Risks
    How Valuable Is Your Data?
    What about Countermeasures?

    The Many Faces of Mobility
    Following the Bits
    Portable Storage Devices
    Tape Storage
    Dual-Use Devices
    Smartphones and Personal Digital Assistants
    Optical Media (CD and DVD)
    Portable Computers
    Electronic Mail
    Instant Messaging and Text Messaging

    Data at Rest, Data in Motion
    It’s All a Matter of Physics
    More Definitions
    Protecting Data at Rest
    Protecting Data in Motion

    Mobile Data Security Models
    A Device-Centric Model
    A Data-Centric Model
    Which Model Do You Choose?

    Encryption
    The Importance of Standards
    Symmetric Encryption
    Asymmetric Encryption
    When to Use Encryption
    Infrastructure and Work Flow Compatibility
    Encryption Impediments
    Mobile Data Encryption Methods

    Defense in Depth: Mobile Security Controls
    Countermeasures as Controls
    Directive and Administrative Controls
    Deterrent Controls
    Preventative Controls
    Detective Controls
    Physical Security
    Defense in Depth: Specific Technology Controls
    Portable Computer Controls
    Dual Use Devices
    Smartphones and PDAs
    Optical Media
    Email
    Instant Messaging (IM) and Text Messaging (SMS)

    Creating a Mobile Security Policy
    Setting the Goal Statement
    Mobile Device Issues
    Mobile Data Issues
    Defining Technology Standards
    Data Protection Standards
    When are Protections Required?

    Building the Business Case for Mobile Security
    Identifying the Catalyst
    Determining the Impact of the Problem
    Describe the Current State of Controls
    The Proposed Solution
    Program Time Line
    Financial Analysis

    Each chapter includes a "Conclusion" and an "Action Plan"

    Biography

    Stephen Fried is a seasoned information security professional with more than 25 years experience in information technology. For the past 14 years, Stephen has concentrated his efforts on providing effective information security leadership to large organizations. He has led the creation of security programs for Fortune 500 companies and has extensive background in such diverse security issues as risk assessment and management, security policy development, security architecture, infrastructure and perimeter security design, outsource relationship security, offshore development, intellectual property protection, security technology development, business continuity, secure e-business design, and information technology auditing. A frequent invited speaker at conferences, Stephen is also active in many security industry organizations. He is a contributing author to the Information Security Management Handbook and has also been quoted in Secure Enterprise and CIO Decisions.

    Writing with organizations in mind, Fried, an information security professional who creates security programs for large companies, presents a guide to securing mobile data and devices against threats, and the policy, process, and technology decisions needed to create effective security strategy. He covers the risks involved in mobile data and identifying, analyzing, and evaluating them; methods used to store and transport data and how its security changes as it moves from place to place; the advantages and disadvantages of different security models; encryption; mobile security and specific technology controls; creating a policy; and the elements of a mobile security business case.
    —In Research Book News, booknews.com, February 2011