The demand grows for Production applications on laptops, tablets computers, and smartphones. Mobile devices are being used to process sensitive and mission-critical data in healthcare, sales and customer services, human resources, even system administration.
Employees are moving from the corporate offices to customer sites; working in trains, planes and automobiles, using smartphones and tablet computers to access every kind of sensitive corporate data. This is a revolution that is already happening and is likely to accelerate as mobile applications confer business advantages.
The benefits of mobile computing are clear – users can work when and where they need to, but this comes at the price of moving sensitive data – physically and logically – outside the Enterprise’s physical and security boundaries. Unsurprisingly, malware is on the move, too, with new generations of viruses, Trojans and worms targeting mobile devices as well as ubiquitous mobile services such as SMS messaging, and Bluetooth/WiFi connectivity.
This course addresses the business advantages of mobile computing as well as the emerging issues of how to control mobile devices, protect corporate assets and maintain compliance with relevant legislation and data privacy standards.
We will discuss:
- Policies and governance necessary to control mobile assets
- Ensuring that mobile devices and applications meet the security triad of Confidentiality, Integrity and Availability
- Security issues related to mobile applications and their development
- Issues related to the major platforms: Apple, Blackberry, Android, Windows, Bluetooth
- Authentication, encryption, and non-repudiation
- Multi-platform mobile environments: the Mobile Enterprise Application Platform (MEAP)
- Provisioning, patching and back up in the mobile environment Learning Objectives
- The business case for mobile applications
- The security and control issues related to mobile computing on the various platforms
- Industry good practices for secure mobile applications
- Privacy issues associated with mobile geolocation and mobile malware
- Testing security of mobile platforms and applications
- Using cryptography to protect mobile data and enhance authentication of remote users
- An approach to auditing and reviewing mobile security
Bonus: You will receive the ISACA Mobile Computing Security Audit/Assurance Program for COBIT 4.1
The status quo – an overview of mobile communications
- The business case for mobile – current and future
- Categories of mobile devices in the Enterprise
- Mobile applications – what could possibly go wrong?
- Some major control security issues associated with mobile devices and applications
Technical security and control aspects of various platforms
- Apple, Blackberry, Android, Windows, Bluetooth, USB, and tablets
- The big IT issues: provisioning, patching and back up in the mobile environment
- Data privacy in a mobile environment – an oxymoron?
- Multi-platform mobile environments
- All about mobile apps: iPhone, BlackBerry, Android, Windows Mobile
Mobile good practices
- Policies and governance
- Geolocation and tracking – the good and the bad
- Effective use of cryptography for authentication, non-repudiation, and data protection
- Ensuring Confidentiality, Integrity and Availability
- User awareness and training
Who Should Attend
- IT Auditors
- Operational Auditors
- Internal Control Professionals
- Information Security Professionals
- Risk Professionals
Group Live and Group Internet-Based
General understanding of IT processes
Online: Four 3-hour sessions
On Site: 2 days
CPE Credits: 16