2 cissp ® Official Study Guide Eighth Edition

Chapter 9  ■ Security Vulnerabilities, Threats, and Countermeasures Antivirus Management

Download 19,3 Mb. Pdf ko'rish bet 354/881 Sana 08.04.2023 Hajmi 19,3 Mb. #925879

Bu sahifa navigatsiya:

• On-boarding/Off-boarding
• Adherence to Corporate Policies
• User Acceptance

374 Chapter 9  ■ Security Vulnerabilities, Threats, and Countermeasures Antivirus Management The mobile device policy should dictate whether antivirus, anti-malware, and antispyware  scanners are to be installed on mobile devices. The policy should indicate which products/ apps are recommended for use, as well as the settings for those solutions. Forensics The mobile device policy should address forensics and investigations as related to mobile  devices. Users need to be aware that in the event of a security violation or a criminal activ- ity, their devices might be involved. This would mandate gathering evidence from those  devices. Some processes of evidence gathering can be destructive, and some legal investiga- tions require the confiscation of devices. Privacy The mobile device policy should address privacy and monitoring. When a personal device is  used for business tasks, the user often loses some or all of the privacy they enjoyed prior to  using their mobile device at work. Workers may need to agree to be tracked and monitored  on their mobile device, even when not on company property and outside work hours. A  personal device in use under BYOD should be considered by the individual to be quasi- company property. On-boarding/Off-boarding The mobile device policy should address personal mobile device on-boarding and off- boarding procedures. Mobile device onboarding includes installing security, management,  and productivity apps along with implementing secure and productive configuration set- tings. Mobile device off-boarding includes a formal wipe of the business data along with  the removal of any business-specific applications. In some cases, a full device wipe and fac- tory reset may be prescribed. Adherence to Corporate Policies A mobile device policy should clearly indicate that using a personal mobile device for busi- ness activities doesn’t exclude a worker from adhering to corporate policies. A worker  should treat mobile device equipment as company property and thus stay in compliance  with all restrictions, even when off premises and off hours. User Acceptance A mobile device policy needs to be clear and specific about all the elements of using a  personal device at work. For many users, the restrictions, security settings, and MDM  tracking implemented under company policy will be much more onerous than they expect.  Thus, organizations should make the effort to fully explain the details of a mobile device  policy prior to allowing a personal device into the production environment. Only after an  employee has expressed consent and acceptance, typically through a signature, should their  device be on-boarded. Assess and Mitigate Vulnerabilities  Download 19,3 Mb. Do'stlaringiz bilan baham: