SlideShare a Scribd company logo

Securing Mobile Devices with COBIT 5

Download as PPTX, PDF
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F

Discussion about ISACA's research publication "Securing Mobil Device using COBIT 5 for Security"

Education
1 of 57
Securing Mobile Devices Using COBIT® 5 for Information Security Dipresentasikan oleh: Sarwono Sutikno, Dr.Eng,CISA,CISSP,CISM ssarwono@gmail.com
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM • Dosen Sekolah Teknik Elektro dan Informatika ITB • Dosen Universitas Pertahanan RI m.k. Cyber Warfare Dynamics dan Cyber Security Policy and Strategy • ISACA Academy Advocate for ITB • (ISC)2 Information Security Leadership Award 2011 - Senior Information Security Professional • Sedang membuat kurikulum S2 Keamanan Informasi di ITB, akan mulai Agustus 2013 • Cyber Security Center ITB - KOICA
Outline • Guiding Principles for Mobile Device Security • What Is a Mobile Device? • Mobile Device Impact on Business and Society • Threats, Vulnerabilities and Associated Risk • Security Governance • Security Management for Mobile Devices • Hardening Mobile Devices • Mobile Device Security Assurance
Guiding Principles for Mobile Device Security 1. Know the business value and risk of mobile device use. 2. Clearly state the business case for mobile device use. 3. Establish systemic security for mobile devices. 4. Establish security governance over mobile devices. 5. Manage mobile device security using enablers. 6. Place security technology in context. 7. Know the assurance universe and objectives. 8. Provide reasonable assurance over mobile device security.
What Is a Mobile Device? Mobile Device Use—Past, Present and Future • Mobility and Flexibility • Patterns of Work • Organizational Perimeter • Other Impacts
Mobile Device Impact on Business and Society
Threats, Vulnerabilities and Associated Risk • Physical Risk • Organizational Risk • Technical Risk
Security Governance • The Business Case • Standardized Enterprise Solutions – Hardware (front and back end) – OS – Applications – Data and information – User administration – Systems management (direct and remote) • BYOD • Combined Scenario • Private Use of Mobile Devices • Defining the Business Case
Standardized Enterprise Sol.
BYOD
Combined Solution
Security Management for Mobile Devices • Mobile Device Categories and Classification • Existing Security Controls • Principles, Policies and Frameworks • Processes • Organizational Structures • Culture, Ethics and Behavior • Information • Services, Infrastructure and Applications • People, Skills and Competencies
COBIT Enterprise Enabler
Key Operating Procedures • Auditing mobile devices—Procedure to facilitate audit of mobile devices, alignedwith internal/external audit programs • Change management—Procedure describing how general change management (which is usually standardized) should be applied to mobile devices • Patch management—Procedure describing how patches for mobile devices are identified, acquired, tested, deployed • Malware protection—Procedure describing various technical steps and measures for protecting mobile devices against malware • Encryption, VPN, encapsulation—Procedure describing encryption for data at rest and data in flow, VPN tunnels and data encapsulation • Damage, loss, theft—Procedure describing user and organization steps in the event of device loss, damage or theft
Security Management Process
Security Monitoring Process
Organizational Structure
Culture, Ethics and Behavior
Information • Step 1: Categorize information. Identify information unique to the device as opposed to replicated information. • Step 2: Identify what is done with the information— storage, processing, creation, sharing. • Step 3: Determine information and transaction sensitivity. • Step 4: Analyze the protection provided by preapplied controls. • Step 5: Determine requirements for additional controls. • Step 6: Develop and implement an action plan for additional controls.
Protecting Personal Information • Remove/prohibit—This is available only in a centralized management scenario with mobile devices provided by the organization. • Segregate—Take technical steps to separate personal information on the device. • Anonymize—Separate the personal identity of the user from the technical identity of the mobile device. • Permit—Obtain end-user permission to store, process and use personal information.
Skill set
Hardening Mobile Devices • Device and SIM card (if applicable) • Permanent internal storage • Removable or external storage • Connectivity (all channels) • Remote functionality (lockdown, GPS, etc.)
Mobile Device Security Assurance • Auditing and Reviewing Mobile Devices • Investigation and Forensics for Mobile Devices
Investigative Requirements • Develop the proper capabilities to perform forensic and investigative analysis • Forensic and investigative policies and procedures should be established • Identify the multidisciplinary team that will likely be involved
Diskusi

Recommended

Security Awareness and Training
Security Awareness and TrainingSecurity Awareness and Training
Security Awareness and TrainingPriyank Hada
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about themBen Rothke
 
Achieving Secure BYOD in Government Agencies
Achieving Secure BYOD in Government AgenciesAchieving Secure BYOD in Government Agencies
Achieving Secure BYOD in Government AgenciesProofpoint
 
Mobile Device Security Training
Mobile Device Security TrainingMobile Device Security Training
Mobile Device Security TrainingBryan Len
 
Mobile Device Managment
Mobile Device Managment Mobile Device Managment
Mobile Device Managment InnoTech
 
Establishing Security and Trust in the Digital World
Establishing Security and Trust in the Digital WorldEstablishing Security and Trust in the Digital World
Establishing Security and Trust in the Digital WorldE Radar
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application SecurityLenin Aboagye
 
Mobile application securitry risks ISACA Silicon Valley 2012
Mobile application securitry risks ISACA Silicon Valley 2012Mobile application securitry risks ISACA Silicon Valley 2012
Mobile application securitry risks ISACA Silicon Valley 2012Symosis Security (Previously C-Level Security)
 

Recommended

Security Awareness and Training
Security Awareness and TrainingSecurity Awareness and Training
Security Awareness and TrainingPriyank Hada
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about themBen Rothke
 
Achieving Secure BYOD in Government Agencies
Achieving Secure BYOD in Government AgenciesAchieving Secure BYOD in Government Agencies
Achieving Secure BYOD in Government AgenciesProofpoint
 
Mobile Device Security Training
Mobile Device Security TrainingMobile Device Security Training
Mobile Device Security TrainingBryan Len
 
Mobile Device Managment
Mobile Device Managment Mobile Device Managment
Mobile Device Managment InnoTech
 
Establishing Security and Trust in the Digital World
Establishing Security and Trust in the Digital WorldEstablishing Security and Trust in the Digital World
Establishing Security and Trust in the Digital WorldE Radar
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application SecurityLenin Aboagye
 
Mobile application securitry risks ISACA Silicon Valley 2012
Mobile application securitry risks ISACA Silicon Valley 2012Mobile application securitry risks ISACA Silicon Valley 2012
Mobile application securitry risks ISACA Silicon Valley 2012Symosis Security (Previously C-Level Security)
 
Accellion - The European Information Security Summit, London
Accellion - The European Information Security Summit, LondonAccellion - The European Information Security Summit, London
Accellion - The European Information Security Summit, LondonProofpoint
 
The intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionThe intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionEnclaveSecurity
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
Webinar on Enterprise Security & android
Webinar on Enterprise Security & androidWebinar on Enterprise Security & android
Webinar on Enterprise Security & androidEndeavour Software Technologies
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Murray Security Services
 
ResearchProjectPPT
ResearchProjectPPTResearchProjectPPT
ResearchProjectPPTdannyboi17
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)k33a
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraIGN MANTRA
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityDhani Ahmad
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecuritySina Manavi
 
Cyber security issues
Cyber security issuesCyber security issues
Cyber security issuesNadhirah Kadir
 
BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)Michael W. Chitwa
 
Byod
ByodByod
ByodAsifulla Azad
 
IoT security
IoT securityIoT security
IoT securityYashKesharwani2
 
BYOD
BYODBYOD
BYODNeeraj Muduli
 
Bring your own device
Bring your own deviceBring your own device
Bring your own deviceC/D/H Technology Consultants
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust DesignationMurray Security Services
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slidesecommerce
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security EssentialsSkoda Minotti
 
E gov keamanan informasi 3 okt 2016 - kpk
E gov keamanan informasi 3 okt 2016 - kpkE gov keamanan informasi 3 okt 2016 - kpk
E gov keamanan informasi 3 okt 2016 - kpkSarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
IT governance in SMEs
IT governance in SMEsIT governance in SMEs
IT governance in SMEsChuong Mai
 

More Related Content

What's hot

Accellion - The European Information Security Summit, London
Accellion - The European Information Security Summit, LondonAccellion - The European Information Security Summit, London
Accellion - The European Information Security Summit, LondonProofpoint
 
The intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionThe intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionEnclaveSecurity
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
ResearchProjectPPT
ResearchProjectPPTResearchProjectPPT
ResearchProjectPPTdannyboi17
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)k33a
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraIGN MANTRA
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityDhani Ahmad
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecuritySina Manavi
 
BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)Michael W. Chitwa
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slidesecommerce
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security EssentialsSkoda Minotti
 

What's hot (20)

Accellion - The European Information Security Summit, London
Accellion - The European Information Security Summit, LondonAccellion - The European Information Security Summit, London
Accellion - The European Information Security Summit, London
 
The intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionThe intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protection
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
 
Webinar on Enterprise Security & android
Webinar on Enterprise Security & androidWebinar on Enterprise Security & android
Webinar on Enterprise Security & android
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
 
ResearchProjectPPT
ResearchProjectPPTResearchProjectPPT
ResearchProjectPPT
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile Security
 
Cyber security issues
Cyber security issuesCyber security issues
Cyber security issues
 
BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)BYOD (Bring Your Own Device)
BYOD (Bring Your Own Device)
 
Byod
ByodByod
Byod
 
IoT security
IoT securityIoT security
IoT security
 
BYOD
BYODBYOD
BYOD
 
Bring your own device
Bring your own deviceBring your own device
Bring your own device
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slides
 
IT Security Essentials
IT Security EssentialsIT Security Essentials
IT Security Essentials
 

Viewers also liked

IT governance in SMEs
IT governance in SMEsIT governance in SMEs
IT governance in SMEsChuong Mai
 
Web Security and Network Security
Web Security and Network SecurityWeb Security and Network Security
Web Security and Network Securitycrussell79
 
Cobit 5 used in an information security review
Cobit 5 used in an information security reviewCobit 5 used in an information security review
Cobit 5 used in an information security reviewJohnbarchie
 
Basic Security Requirements
Basic Security RequirementsBasic Security Requirements
Basic Security RequirementsSteven Cahill
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information securityElkanouni Mohamed
 
ITIL v3 Foundation Overview
ITIL v3 Foundation OverviewITIL v3 Foundation Overview
ITIL v3 Foundation Overviewadabbas
 

Viewers also liked (7)

E gov keamanan informasi 3 okt 2016 - kpk
E gov keamanan informasi 3 okt 2016 - kpkE gov keamanan informasi 3 okt 2016 - kpk
E gov keamanan informasi 3 okt 2016 - kpk
 
IT governance in SMEs
IT governance in SMEsIT governance in SMEs
IT governance in SMEs
 
Web Security and Network Security
Web Security and Network SecurityWeb Security and Network Security
Web Security and Network Security
 
Cobit 5 used in an information security review
Cobit 5 used in an information security reviewCobit 5 used in an information security review
Cobit 5 used in an information security review
 
Basic Security Requirements
Basic Security RequirementsBasic Security Requirements
Basic Security Requirements
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information security
 
ITIL v3 Foundation Overview
ITIL v3 Foundation OverviewITIL v3 Foundation Overview
ITIL v3 Foundation Overview
 

Similar to Securing Mobile Devices with COBIT 5

Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainEC-Council
 
Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020tmbainjr131
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestJay McLaughlin
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)Pace IT at Edmonds Community College
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesAugmentedWorldExpo
 
Building a Mobile Security Model
Building a Mobile Security Model Building a Mobile Security Model
Building a Mobile Security Model tmbainjr131
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityEnclaveSecurity
 
Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the EnterpriseWill Adams
 
SuprTEK Continuous Monitoring
SuprTEK Continuous MonitoringSuprTEK Continuous Monitoring
SuprTEK Continuous MonitoringTieu Luu
 
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyDevelop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyOracleIDM
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythSecurity Innovation
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devicesMarc Vael
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmtmadunix
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)Pace IT at Edmonds Community College
 
Kaseya Connect 2012 - TO ALLOW BYOD OR NOT, THAT IS THE QUESTION!
Kaseya Connect 2012 - TO ALLOW BYOD OR NOT, THAT IS THE QUESTION!Kaseya Connect 2012 - TO ALLOW BYOD OR NOT, THAT IS THE QUESTION!
Kaseya Connect 2012 - TO ALLOW BYOD OR NOT, THAT IS THE QUESTION!Kaseya
 
Risk Assessment
Risk AssessmentRisk Assessment
Risk Assessmentjenito21
 
Information security
Information securityInformation security
Information securityPraveen Minz
 

Similar to Securing Mobile Devices with COBIT 5 (20)

Why You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom BainWhy You’ll Care More About Mobile Security in 2020 - Tom Bain
Why You’ll Care More About Mobile Security in 2020 - Tom Bain
 
Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020Why You'll Care More About Mobile Security in 2020
Why You'll Care More About Mobile Security in 2020
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, West
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)
 
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart GlassesPete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
Pete Wassell (Augmate Corportation) Security in the Enterprise Smart Glasses
 
Building a Mobile Security Model
Building a Mobile Security Model Building a Mobile Security Model
Building a Mobile Security Model
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device security
 
Outside the Office: Mobile Security
Outside the Office: Mobile SecurityOutside the Office: Mobile Security
Outside the Office: Mobile Security
 
Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the Enterprise
 
SuprTEK Continuous Monitoring
SuprTEK Continuous MonitoringSuprTEK Continuous Monitoring
SuprTEK Continuous Monitoring
 
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyDevelop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devices
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmt
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
 
Kaseya Connect 2012 - TO ALLOW BYOD OR NOT, THAT IS THE QUESTION!
Kaseya Connect 2012 - TO ALLOW BYOD OR NOT, THAT IS THE QUESTION!Kaseya Connect 2012 - TO ALLOW BYOD OR NOT, THAT IS THE QUESTION!
Kaseya Connect 2012 - TO ALLOW BYOD OR NOT, THAT IS THE QUESTION!
 
R.a 1
R.a 1R.a 1
R.a 1
 
Risk Assessment
Risk AssessmentRisk Assessment
Risk Assessment
 
Information security
Information securityInformation security
Information security
 

More from Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F

More from Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F (20)

TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Keamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdf
Keamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdfKeamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdf
Keamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdf
 
Keamanan Informasi Metaverse - 18 Juni 2022.pdf
Keamanan Informasi Metaverse - 18 Juni 2022.pdfKeamanan Informasi Metaverse - 18 Juni 2022.pdf
Keamanan Informasi Metaverse - 18 Juni 2022.pdf
 
Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...
Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...
Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...
 
SMKI vs SMAP vs SMM vs SMOP v06
SMKI vs SMAP vs SMM vs SMOP v06SMKI vs SMAP vs SMM vs SMOP v06
SMKI vs SMAP vs SMM vs SMOP v06
 
Tata Kelola Informasi & Teknologi (I&T), dan Aset Informasi
Tata Kelola Informasi & Teknologi (I&T), dan Aset InformasiTata Kelola Informasi & Teknologi (I&T), dan Aset Informasi
Tata Kelola Informasi & Teknologi (I&T), dan Aset Informasi
 
Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021
 
Kuliah tamu itb 11 maret 2020
Kuliah tamu itb 11 maret 2020Kuliah tamu itb 11 maret 2020
Kuliah tamu itb 11 maret 2020
 
Keamanan Informasi - batasan
Keamanan Informasi - batasanKeamanan Informasi - batasan
Keamanan Informasi - batasan
 
Buku gratifikasi dalam perspektif agama - Desember 2019 - KPK
Buku gratifikasi dalam perspektif agama - Desember 2019 - KPKBuku gratifikasi dalam perspektif agama - Desember 2019 - KPK
Buku gratifikasi dalam perspektif agama - Desember 2019 - KPK
 
Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...
Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...
Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...
 
Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019
Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019 Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019
Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019
 
Indeks Presepsi Korupsi Indonesia 20 thn Reformasi - TII
Indeks Presepsi Korupsi Indonesia 20 thn Reformasi - TIIIndeks Presepsi Korupsi Indonesia 20 thn Reformasi - TII
Indeks Presepsi Korupsi Indonesia 20 thn Reformasi - TII
 
Materi wisuda untag 7 sep2019 won
Materi wisuda untag 7 sep2019 wonMateri wisuda untag 7 sep2019 won
Materi wisuda untag 7 sep2019 won
 
Materi caleg road show bus nganjuk - mod won
Materi caleg road show bus nganjuk - mod wonMateri caleg road show bus nganjuk - mod won
Materi caleg road show bus nganjuk - mod won
 
Antikorupsi mahasiswa
Antikorupsi mahasiswaAntikorupsi mahasiswa
Antikorupsi mahasiswa
 
Islam, pendidikan karakter & antikorupsi mod won v02
Islam, pendidikan karakter & antikorupsi mod won v02Islam, pendidikan karakter & antikorupsi mod won v02
Islam, pendidikan karakter & antikorupsi mod won v02
 
SMKI vs SMAP vs SMM vs SML v04
SMKI vs SMAP vs SMM vs SML v04SMKI vs SMAP vs SMM vs SML v04
SMKI vs SMAP vs SMM vs SML v04
 
Perguruan tinggi dan pencegahan korupsi mod won
Perguruan tinggi dan pencegahan korupsi mod wonPerguruan tinggi dan pencegahan korupsi mod won
Perguruan tinggi dan pencegahan korupsi mod won
 
Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019
Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019
Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019
 

Recently uploaded

Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxMaryGraceBautista27
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management SystemChristalin Nelson
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 

Recently uploaded (20)

Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptx
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management System
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 

Securing Mobile Devices with COBIT 5

  • 1. Securing Mobile Devices Using COBIT® 5 for Information Security Dipresentasikan oleh: Sarwono Sutikno, Dr.Eng,CISA,CISSP,CISM ssarwono@gmail.com
  • 2. Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM • Dosen Sekolah Teknik Elektro dan Informatika ITB • Dosen Universitas Pertahanan RI m.k. Cyber Warfare Dynamics dan Cyber Security Policy and Strategy • ISACA Academy Advocate for ITB • (ISC)2 Information Security Leadership Award 2011 - Senior Information Security Professional • Sedang membuat kurikulum S2 Keamanan Informasi di ITB, akan mulai Agustus 2013 • Cyber Security Center ITB - KOICA
  • 3. Outline • Guiding Principles for Mobile Device Security • What Is a Mobile Device? • Mobile Device Impact on Business and Society • Threats, Vulnerabilities and Associated Risk • Security Governance • Security Management for Mobile Devices • Hardening Mobile Devices • Mobile Device Security Assurance
  • 4. Guiding Principles for Mobile Device Security 1. Know the business value and risk of mobile device use. 2. Clearly state the business case for mobile device use. 3. Establish systemic security for mobile devices. 4. Establish security governance over mobile devices. 5. Manage mobile device security using enablers. 6. Place security technology in context. 7. Know the assurance universe and objectives. 8. Provide reasonable assurance over mobile device security.
  • 5. What Is a Mobile Device? Mobile Device Use—Past, Present and Future • Mobility and Flexibility • Patterns of Work • Organizational Perimeter • Other Impacts
  • 6.
  • 7.
  • 8. Mobile Device Impact on Business and Society
  • 9. Threats, Vulnerabilities and Associated Risk • Physical Risk • Organizational Risk • Technical Risk
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16. Security Governance • The Business Case • Standardized Enterprise Solutions – Hardware (front and back end) – OS – Applications – Data and information – User administration – Systems management (direct and remote) • BYOD • Combined Scenario • Private Use of Mobile Devices • Defining the Business Case
  • 18. BYOD
  • 20.
  • 21.
  • 22.
  • 23. Security Management for Mobile Devices • Mobile Device Categories and Classification • Existing Security Controls • Principles, Policies and Frameworks • Processes • Organizational Structures • Culture, Ethics and Behavior • Information • Services, Infrastructure and Applications • People, Skills and Competencies
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34. Key Operating Procedures • Auditing mobile devices—Procedure to facilitate audit of mobile devices, alignedwith internal/external audit programs • Change management—Procedure describing how general change management (which is usually standardized) should be applied to mobile devices • Patch management—Procedure describing how patches for mobile devices are identified, acquired, tested, deployed • Malware protection—Procedure describing various technical steps and measures for protecting mobile devices against malware • Encryption, VPN, encapsulation—Procedure describing encryption for data at rest and data in flow, VPN tunnels and data encapsulation • Damage, loss, theft—Procedure describing user and organization steps in the event of device loss, damage or theft
  • 36.
  • 39.
  • 40.
  • 42. Information • Step 1: Categorize information. Identify information unique to the device as opposed to replicated information. • Step 2: Identify what is done with the information— storage, processing, creation, sharing. • Step 3: Determine information and transaction sensitivity. • Step 4: Analyze the protection provided by preapplied controls. • Step 5: Determine requirements for additional controls. • Step 6: Develop and implement an action plan for additional controls.
  • 43. Protecting Personal Information • Remove/prohibit—This is available only in a centralized management scenario with mobile devices provided by the organization. • Segregate—Take technical steps to separate personal information on the device. • Anonymize—Separate the personal identity of the user from the technical identity of the mobile device. • Permit—Obtain end-user permission to store, process and use personal information.
  • 45. Hardening Mobile Devices • Device and SIM card (if applicable) • Permanent internal storage • Removable or external storage • Connectivity (all channels) • Remote functionality (lockdown, GPS, etc.)
  • 46. Mobile Device Security Assurance • Auditing and Reviewing Mobile Devices • Investigation and Forensics for Mobile Devices
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54. Investigative Requirements • Develop the proper capabilities to perform forensic and investigative analysis • Forensic and investigative policies and procedures should be established • Identify the multidisciplinary team that will likely be involved
  • 55.
  • 56.