Homework answers / question archive / Your company is exploring the possibility of allowing employees to use their own mobile devices for their work and connect to the internal company network

Your company is exploring the possibility of allowing employees to use their own mobile devices for their work and connect to the internal company network

Computer Science

Share With

---

Your company is exploring the possibility of allowing employees to use their own mobile devices for their work and connect to the internal company network. In your role as the CSO, the CEO has asked you to brief her on what steps can be taken to implement a BYOD policy while reducing the overall risk to the organization as much as possible.

Write your talking points for the CEO, including the associated risks with BYOD, potential security countermeasures, and your initial thoughts on how you would test their implementation to assess the overall risk level. This can be in paragraph form or a bulleted list of your talking points.

.

.

.

reply a classmate

lasha may

Hello Professor & Class,

Security and privacy are risks faced by both organizations and employees in different ways. Organizations tend to be more concerned about the security of corporate data (and how user behavior threatens it). Employees are more concerned about the privacy and confidentiality of their personal data (and what rights their employers have to access it).

Security risks: Local exposure – Loss of control and visibility of the enterprise data which is being transmitted, stored, and processed on a personal device. One of the inherent downsides to BYOD.

Data leakage – Potential data leakage or disclosure of enterprise data from an unsecured device

Data loss – Physical loss or theft of a device (and thereby loss or compromise of sensitive data)

Public exposure – Susceptibility to man-in-the-middle attacks and eavesdropping at public wifi hotspots often used by remote workers. Connecting to personal area networks, e.g. using Bluetooth, poses similar security risks.

There are a number of measures organizations can take to mitigate BYOD risks: A comprehensive strategy is the best approach, albeit taking cognizance of your organization’s Who, What, When, and Where BYOD usage. Comprehensive should include pairing solutions that work best when implemented in tandem, like MDM and NAC. In addition, solutions should include practical rules that aren’t intrusive or petty. For instance, if your DLP tool identifies an outgoing email that contains the word “confidential” it may be overkill to wipe a user’s message outright. Instead, flag it for a follow-up investigation. (See Remote wipe below.)

Remote wipe- Is the facility to remotely delete data from a device. This includes overwriting stored data to prevent forensic recovery, and returning the device to its original factory settings so any data ever on it is inaccessible to anyone, ever. Risk profiling- Organizations need to understand their own requirements for data protection. This is especially true in regulated environments where there may be compliance requirements, and compile a risk profile. For instance, international deployment and compliance requirements are two scenarios where BYOD risk levels are particularly high.