SlideShare une entreprise Scribd logo

Bring Your Own Policy: Internet Use/BYOD Policy by consensus

Michael Scheidell
Michael Scheidell

How to write (by consensus) Information Security, Internet use and privacy policies, come away with a policy written by the group. (and you will see why it’s hard to please everyone). We will start with a downloaded sample BYOD / smartphone policy, talk about the basics, what is BYOD, legal issues, security issues, safety issues and write a BYOD / mobile device policy. Takeaways include 15 most important policies, policy checklist, Sample BYOD / smartphone policy

1  sur  19
Michael Scheidell, CISO OWASP SF-ISSA BYOP(IF YOU DARE) Security Priva(eers™
© 2013 All Rights Reserved Security Priva(eers • Corporate InfoSec Consultant • Certified CISO for Hire, Contract or Retainer • Founded Three South Florida Tech Companies • Digital Privacy Expert • Member ISSA, IAPP, ISACA, IEEE, FBI InfraGard and SFTA • Finalist EE Times ACE Innovator of the year award Sub headline AGENDABring Your Own Policy Michael Scheidell, CISO Security Priva(eers @scheidell 561-948-1305 / michael@securityprivateers.com http://www.securityprivateers.com Additional Resources at: http://www.securityprivateers.com/owasp-issa-byop.html
© 2013 All Rights Reserved Security Priva(eers Sub headline AGENDA What is your policy? Do you allow smartphones or not?
Sample BYOD Policies • Do you allow external access? • Do you provide all employee equipment? • Do you allow ‘BYOD’? • Do you pay for CELL/Data access? If you answered YES to ANY of these above, you NEED A BYOD POLICY Even if the policy says NO!
Written by ISO He understands the 24/7 nature of his team, and understands the risks. Sample BYOD Policies Written by Dir IT They need access to everything, IT is KING! • Only Senior InfoSec executives can make external connections • NON InfoSec employees must use workstations at their desk • The CEO and CFO pay our checks, so they can do anything they want, with or without written policies
Sample BYOD Policies Written by Dir IT They need access to everything, IT is KING! Written by Legal We went to Harvard. We make almost as much as the plumber makes. We need to cross the I’s and dot the t’s. The policy must be large, multiple pages, and undecipherable, except by lawyers • We have the Exchange Admin Password • We can do anything we want • We can add you if you buy us toys • The CEO and CFO pay our checks, so they can do anything they want, with or without written policies
Sample BYOD Policies Written by Legal We went to Harvard. We make almost as much as the plumber makes. We need to cross the I’s and dot the t’s. The policy must be large, multiple pages, and undecipherable, except by lawyers Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut sodales porta lacus, non auctor enim adipiscing id. Mauris non urna venenatis, blandit mi aliquam, tristique quam. Suspendisse egestas ac libero id tincidunt. Proin malesuada dolor ultrices enim fermentum pharetra consequat ut sapien. Fusce scelerisque dignissim orci sit amet tincidunt. Aenean luctus sodales lobortis. Ut non auctor velit. Sed molestie arcu ac convallis consectetur. Integer sed laoreet velit. Donec eleifend turpis id tellus volutpat, eu ultricies augue sollicitudin. Donec a felis eget ante consectetur porttitor dignissim aliquet velit. Cras consectetur tortor ac enim sodales elementum. Nullam purus felis, dapibus eu viverra sodales, adipiscing et erat. Etiam rhoncus feugiat ullamcorper. Duis nisl urna, malesuada eget dolor imperdiet, viverra rutrum nisl. Sed consequat semper iaculis. Donec lorem mi, eleifend ullamcorper viverra eget, hendrerit in dolor. Quisque pellentesque tellus neque, ut eleifend quam volutpat ut. Nullam lorem ligula, ultrices a turpis et, viverra semper dolor. Donec nec tellus eget risus feugiat ultricies at et mi. Morbi fringilla ipsum odio, vitae convallis augue pretium tristique. Pellentesque consectetur nisl id metus imperdiet viverra. Nunc sodales pulvinar turpis non congue. Quisque odio nisl, tincidunt in lobortis tincidunt, mattis sit amet mi. Cras id vehicula lectus, non ultrices elit. Quisque lacinia laoreet lectus. In imperdiet, nibh sit amet tincidunt condimentum, mauris diam ultricies leo, vitae sollicitudin lacus risus eu justo. Duis ornare diam ut lorem tincidunt, id laoreet mauris molestie. Quisque dapibus, nibh non consectetur varius, sapien felis pretium libero, blandit molestie sem tellus ac leo. Morbi diam turpis, aliquam non ipsum id, convallis lobortis nisi. Aenean placerat purus quis leo ultrices, vitae gravida nunc sagittis. Donec ut venenatis sapien. Cras eget dui est. Donec commodo iaculis dictum. Morbi malesuada lacus sed condimentum eleifend. Donec mattis varius interdum. Curabitur sodales libero vel venenatis ullamcorper. Nam tempor nibh sit amet nisi pharetra, sed egestas eros auctor. In adipiscing sem ut vehicula scelerisque. Vestibulum tempor lorem eget sollicitudin iaculis. Morbi faucibus consequat dui ac egestas. Phasellus scelerisque ultricies neque eu suscipit. Etiam venenatis quam quis sapien gravida adipiscing. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Curabitur consequat nibh vel enim rutrum, eget elementum orci semper. Vestibulum quis adipiscing dui. Aliquam erat volutpat. Etiam at diam id ipsum ornare fringilla in vel elit. Praesent suscipit eros in erat luctus, sit amet consectetur purus pretium. Maecenas fringilla elit ipsum, porttitor ultrices sem luctus sit amet. Integer nec rhoncus justo, sit amet bibendum urna. Vivamus at tortor non ante molestie consequat ut in quam. Donec eget elit arcu. Pellentesque dictum massa nunc, sed venenatis eros elementum non. Fusce at justo purus. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut sodales porta lacus, non auctor enim adipiscing id. Mauris non urna venenatis, blandit mi aliquam, tristique quam. Suspendisse egestas ac libero id tincidunt. Proin malesuada dolor ultrices enim fermentum pharetra consequat ut sapien. Fusce scelerisque dignissim orci sit amet tincidunt. Aenean luctus sodales lobortis. Ut non auctor velit. Sed molestie arcu ac convallis consectetur. Integer sed laoreet velit. Donec eleifend turpis id tellus volutpat, eu ultricies augue sollicitudin. Donec a felis eget ante consectetur porttitor dignissim aliquet velit. Cras consectetur tortor ac enim sodales elementum. Nullam purus felis, dapibus eu viverra sodales, adipiscing et erat. Etiam rhoncus feugiat ullamcorper. Duis nisl urna, malesuada eget dolor imperdiet, viverra rutrum nisl. Sed consequat semper iaculis. Donec lorem mi, eleifend ullamcorper viverra eget, hendrerit in dolor. Quisque pellentesque tellus neque, ut eleifend quam volutpat ut. Nullam lorem ligula, ultrices a turpis et, viverra semper dolor. Donec nec tellus eget risus feugiat ultricies at et mi. Morbi fringilla ipsum odio, vitae convallis augue pretium tristique. Pellentesque consectetur nisl id metus imperdiet viverra. Nunc sodales pulvinar turpis non congue. Quisque odio nisl, tincidunt in lobortis tincidunt, mattis sit amet mi. Cras id vehicula lectus, non ultrices elit. Quisque lacinia laoreet lectus. In imperdiet, nibh sit amet tincidunt condimentum, mauris diam ultricies leo, vitae sollicitudin lacus risus eu justo. Duis ornare diam ut lorem tincidunt, id laoreet mauris molestie. Quisque dapibus, nibh non consectetur varius, sapien felis pretium libero, blandit molestie sem tellus ac leo. Morbi diam turpis, aliquam non ipsum id, convallis lobortis nisi. Aenean placerat purus quis leo ultrices, vitae gravida nunc sagittis. Donec ut venenatis sapien. Cras eget dui est. Donec commodo iaculis dictum. Morbi malesuada lacus sed condimentum eleifend. Donec mattis varius interdum. Curabitur sodales libero vel venenatis ullamcorper. Nam tempor nibh sit amet nisi pharetra, sed egestas eros auctor. In adipiscing sem ut vehicula scelerisque. Vestibulum tempor lorem eget sollicitudin iaculis. Morbi faucibus consequat dui ac egestas. Phasellus scelerisque ultricies neque eu suscipit. Etiam venenatis quam quis sapien gravida adipiscing. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Curabitur consequat nibh vel enim rutrum, eget elementum orci semper. Vestibulum quis adipiscing dui. Aliquam erat volutpat. Etiam at diam id ipsum ornare fringilla in vel elit. Praesent suscipit eros in erat luctus, sit amet consectetur purus pretium. Maecenas fringilla elit ipsum, porttitor ultrices sem luctus sit amet. Integer nec rhoncus justo, sit amet bibendum urna. Vivamus at tortor non ante molestie consequat ut in quam. Donec eget elit arcu. Pellentesque dictum massa nunc, sed venenatis eros elementum non. Fusce at justo purus. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut sodales porta lacus, non auctor enim adipiscing id. Mauris non urna venenatis, blandit mi aliquam, tristique quam. Suspendisse egestas ac libero id tincidunt. Proin malesuada dolor ultrices enim fermentum pharetra consequat ut sapien. Fusce scelerisque dignissim orci sit amet tincidunt. Aenean luctus sodales lobortis. Ut non auctor velit. Sed molestie arcu ac convallis consectetur. Integer sed laoreet velit. Donec eleifend turpis id tellus volutpat, eu ultricies augue sollicitudin. Donec a felis eget ante consectetur porttitor dignissim aliquet velit. Cras consectetur tortor ac enim sodales elementum. Nullam purus felis, dapibus eu viverra sodales, adipiscing et erat. Etiam rhoncus feugiat ullamcorper. Duis nisl urna, malesuada eget dolor imperdiet, viverra rutrum nisl. Sed consequat semper iaculis. Donec lorem mi, eleifend ullamcorper viverra eget, hendrerit in dolor. Quisque pellentesque tellus neque, ut eleifend quam volutpat ut. Nullam lorem ligula, ultrices a turpis et, viverra semper dolor. Donec nec tellus eget risus feugiat ultricies at et mi. Morbi fringilla ipsum odio, vitae convallis augue pretium tristique. Pellentesque consectetur nisl id metus imperdiet viverra. Nunc sodales pulvinar turpis non congue. Quisque odio nisl, tincidunt in lobortis tincidunt, mattis sit amet mi. Cras id vehicula lectus, non ultrices elit. Quisque lacinia laoreet lectus. In imperdiet, nibh sit amet tincidunt condimentum, mauris diam ultricies leo, vitae sollicitudin lacus risus eu justo. Duis ornare diam ut lorem tincidunt, id laoreet mauris molestie. Quisque dapibus, nibh non consectetur varius, sapien felis pretium libero, blandit molestie sem tellus ac leo. Morbi diam turpis, aliquam non ipsum id, convallis lobortis nisi. Aenean placerat purus quis leo ultrices, vitae gravida nunc sagittis. Donec ut venenatis sapien. Cras eget dui est. Donec commodo iaculis dictum. Morbi malesuada lacus sed condimentum eleifend. Donec mattis varius interdum. Curabitur sodales libero vel venenatis ullamcorper. Nam tempor nibh sit amet nisi pharetra, sed egestas eros auctor. In adipiscing sem ut vehicula scelerisque. Vestibulum tempor lorem eget sollicitudin iaculis. Morbi faucibus consequat dui ac egestas. Phasellus scelerisque ultricies neque eu suscipit. Etiam venenatis quam quis sapien gravida adipiscing.
Written by ISO He understands the 24/7 nature of his team, and understands the risks. Sample BYOD Policies Written by Dir IT They need access to everything, IT is KING! Written by Legal We went to Harvard. We make almost as much as the plumber makes. We need to cross the I’s and dot the t’s. The policy must be large, multiple pages, and undecipherable, exce pt by lawyers
© 2013 All Rights Reserved Security Priva(eers 1 Restrict Platform Apple, Blackberry, Android? Do you have MDM software that can control all three? Do you have pre-approved models? Sub headline AGENDASome Points BYOD 3 Policy Enforcement Unlock Code/Pin/Pattern/Print? Device Encryption? Restrict removable media? 2 BYOD Reimbusement Do you provide reimbursement for the phone, accessories? Do you pay for or have a plan allowance?
© 2013 All Rights Reserved Security Priva(eers 4 Share Status in Real Time Are you sharing your real time status? GPS, Twitter, Facebook, Latitudes? Sub headline AGENDASome Points BYOD 6 HR / Legal Policies Use of device by hourly employees, Use of device while driving 5 Unencrypted Wifi Prohibit Access to unencrypted Wifi/Free/ Starbucks/ Airports, etc.
© 2013 All Rights Reserved Security Priva(eers 7 Lost Device / Termination Report Lost device immediately, who replaces it? MDM Software, Wipe device upon loss or termination? Sub headline AGENDASome Points BYOD 9 Restrict Downloads/Programs / Rooting / Jailbreak Flashlight tracks GPS locations, Jailbroken phones can allow programs access to contacts, passwords, files 8 Employee Use only No Family, No Friends, Business Use only. Buy your 3 year old his own tablet to play angry birds
© 2013 All Rights Reserved Security Priva(eers 10 Support / Management What level of IT support does user get? Do we install MDM software and perform backups? Sub headline AGENDASome Points BYOD 12 Right to Audit Right to log calls, texts, list of installed software (FINRA, SOX, GLBA, FFIEC) 11 Access Rights Right to disable or restrict access for security or policy reasons.
© 2013 All Rights Reserved Security Priva(eers The Fine Print How do we get there? Articulate Clear Goals • Why a policy • Reduce Capex • Productivity • Satisfaction • Technology • Company Portal 1 Existing Policies • Internet Use • AUP • Password Policy • HR Policies • Security • Privacy • Regulations 2 Eligibility • Who • Job Function • Executive • Types of Jobs • External Users • Existing Devices • Rollout / Pilot 3
© 2013 All Rights Reserved Security Priva(eers The Fine Print How do we get there? Stakeholders • Executive • Finance • Legal • HR • IT • Telecom • Security • Compliance 4 Limit Device Tech • Platform • Devices • Upgrades • Versions • Software • Security Tools 5 Minimum Security • MDM / DLP • Remote Wipe • Encryption • Screen Passcode • Screen Timeout • AV Software • Logging 6
© 2013 All Rights Reserved Security Priva(eers The Fine Print How do we get there? Level of Support • Tier 1 / Tier 2 • Vendor Contact • Connectivity • Remote/Wifi • Bluetooth • Training • Candy Crush 7 Listen • Business Leaders • User Feedback • Too Strict • User Buy-In • Insider Threat • Trust/both ways • Awareness 8 Frequent Updates • Technology • Ipaq, Feature Phone, SmartPhone, Iphone, tablets, phablet, smart watch, google glasses, medically implanted bluetooth • Focus on data 9
Last Step, Not Official Policy Yet Draft Policy Finished Do you buy MDM software? Make an announcement? Block all the iPhones?, Pull up the drawbridge? 1 Executive Approval You can’t enforce a policy without Executive Approval. Formal Process, and be ready to explain all of your choices 2
Download Sample at https://db.tt/BRNrlcbH Lets start… Lets write a policy 1 Time to Vote on it2 Publish Draft and take it to management for approval. . 3
15 Must Have Policies © 2013 All Rights Reserved Security Priva(eers Sub headline AGENDABring Your Own Policy 1. Firewall Policy 2. Anti-Virus Policy 3. Downtime Policy 4. Password Policy 5. Purchasing Policy 6. Help Desk Triage Policy 7. Third-Party Access Policy 8. Server Configuration Policy 9. Software Development Policy 10.Internet Acceptable Use Policy 11.Hardware Asset Disposal Policy 12.Mobile Device Acceptable Use Policy 13.Remote Access Policy 14.Telephony Service Policy 15.Routine COTS Application Policy
© 2013 All Rights Reserved Security Priva(eers Policy Gap Analysis Review current policies, compare against best practices and current government regulations. Policy Updates / Presentation Sometimes the hardest part is getting Management Buy-in Call or email for a consultation Sub headline AGENDABring Your Own Policy Where to get Help Security Priva(eers @scheidell 561-948-1305 / michael@securityprivateers.com http://www.securityprivateers.com Additional resources for BYOP: http://www.securityprivateers.com/owasp-issa-byop.html

Recommandé

Techwards uploadfile updated changes
Techwards uploadfile updated changesTechwards uploadfile updated changes
Techwards uploadfile updated changeselastica 123
 
Horaris 1ª jornada lliga
Horaris 1ª jornada lliga Horaris 1ª jornada lliga
Horaris 1ª jornada lliga cfvmonistrol
 
1. ramos, andré luiz santa cruz direito empresarial
1. ramos, andré luiz santa cruz direito empresarial1. ramos, andré luiz santa cruz direito empresarial
1. ramos, andré luiz santa cruz direito empresarialMarcia Regina Mourao
 
Actividad 1 presentacion julián romero ante
Actividad 1 presentacion julián romero anteActividad 1 presentacion julián romero ante
Actividad 1 presentacion julián romero anteJulián Romero Ante
 
Presentación:Proyecto de AT-Asociaciones
Presentación:Proyecto de AT-AsociacionesPresentación:Proyecto de AT-Asociaciones
Presentación:Proyecto de AT-AsociacionesAna Arias
 
Presentación 3 taller Narraciones Digitales "Hagamos radio en la escuela"
Presentación 3 taller Narraciones Digitales "Hagamos radio en la escuela"Presentación 3 taller Narraciones Digitales "Hagamos radio en la escuela"
Presentación 3 taller Narraciones Digitales "Hagamos radio en la escuela"DGCYE (educación de la prov. Bs As)
 
Proyecto ciencias
Proyecto cienciasProyecto ciencias
Proyecto cienciasManuel Silva
 
A Healthcare Interpreter's Best Friend
A Healthcare Interpreter's Best FriendA Healthcare Interpreter's Best Friend
A Healthcare Interpreter's Best FriendNational Council on Interpreting in Health Care (NCIHC)
 

Recommandé

Techwards uploadfile updated changes
Techwards uploadfile updated changesTechwards uploadfile updated changes
Techwards uploadfile updated changeselastica 123
 
Horaris 1ª jornada lliga
Horaris 1ª jornada lliga Horaris 1ª jornada lliga
Horaris 1ª jornada lliga cfvmonistrol
 
1. ramos, andré luiz santa cruz direito empresarial
1. ramos, andré luiz santa cruz direito empresarial1. ramos, andré luiz santa cruz direito empresarial
1. ramos, andré luiz santa cruz direito empresarialMarcia Regina Mourao
 
Actividad 1 presentacion julián romero ante
Actividad 1 presentacion julián romero anteActividad 1 presentacion julián romero ante
Actividad 1 presentacion julián romero anteJulián Romero Ante
 
Presentación:Proyecto de AT-Asociaciones
Presentación:Proyecto de AT-AsociacionesPresentación:Proyecto de AT-Asociaciones
Presentación:Proyecto de AT-AsociacionesAna Arias
 
Presentación 3 taller Narraciones Digitales "Hagamos radio en la escuela"
Presentación 3 taller Narraciones Digitales "Hagamos radio en la escuela"Presentación 3 taller Narraciones Digitales "Hagamos radio en la escuela"
Presentación 3 taller Narraciones Digitales "Hagamos radio en la escuela"DGCYE (educación de la prov. Bs As)
 
Proyecto ciencias
Proyecto cienciasProyecto ciencias
Proyecto cienciasManuel Silva
 
A Healthcare Interpreter's Best Friend
A Healthcare Interpreter's Best FriendA Healthcare Interpreter's Best Friend
A Healthcare Interpreter's Best FriendNational Council on Interpreting in Health Care (NCIHC)
 
Diptico
DipticoDiptico
DipticoCarlos Jesus Lachira Zamora
 
Arendts: Sports betting licensing procedure in Germany
Arendts: Sports betting licensing procedure in Germany Arendts: Sports betting licensing procedure in Germany
Arendts: Sports betting licensing procedure in Germany Martin Arendts
 
Figuras retóricas. Textos literarios del siglo de oro. GRAdo arte. Uned
Figuras retóricas. Textos literarios del siglo de oro. GRAdo arte. UnedFiguras retóricas. Textos literarios del siglo de oro. GRAdo arte. Uned
Figuras retóricas. Textos literarios del siglo de oro. GRAdo arte. Uned--- ---
 
Indices financieros
Indices financierosIndices financieros
Indices financierosRicardo Pabón Martinez
 
Voce é diferente
Voce é diferenteVoce é diferente
Voce é diferenteClaudiaDemolin
 
Aula 6 fatp tipico direito penal
Aula 6 fatp tipico direito penalAula 6 fatp tipico direito penal
Aula 6 fatp tipico direito penalDanny de Campos
 
Nuevo bienestar animal
Nuevo bienestar animalNuevo bienestar animal
Nuevo bienestar animalAndres Gonzalez Camacho
 
Empowering users to reclaim their Privacy
Empowering users to reclaim their PrivacyEmpowering users to reclaim their Privacy
Empowering users to reclaim their PrivacyOperando Consortium
 
Running head KONY 2017 SAMPLE TEMPLATE .docx
Running head KONY 2017 SAMPLE TEMPLATE .docxRunning head KONY 2017 SAMPLE TEMPLATE .docx
Running head KONY 2017 SAMPLE TEMPLATE .docxcowinhelen
 
170424 isaca lux slides
170424 isaca lux slides170424 isaca lux slides
170424 isaca lux slidesHenri Kuiper
 
Sample Presentation
Sample PresentationSample Presentation
Sample Presentationcacurtis123
 
6Properly Formatted Formal ReportTHE TITLE OF YOUR REP.docx
6Properly Formatted Formal ReportTHE TITLE OF YOUR REP.docx6Properly Formatted Formal ReportTHE TITLE OF YOUR REP.docx
6Properly Formatted Formal ReportTHE TITLE OF YOUR REP.docxtroutmanboris
 
week3_garst_107357_mockupv1
week3_garst_107357_mockupv1week3_garst_107357_mockupv1
week3_garst_107357_mockupv1Ashley Garst
 
Social Media Basics & Application (for Indexers)
Social Media Basics & Application (for Indexers)Social Media Basics & Application (for Indexers)
Social Media Basics & Application (for Indexers)Sara Truscott
 
Newspaper
NewspaperNewspaper
NewspaperESA Fabrication
 
Pitch deck premium
Pitch deck premiumPitch deck premium
Pitch deck premiumenergiadeportugal2015
 
4.3 mixed scheme
4.3 mixed scheme4.3 mixed scheme
4.3 mixed schemehamza bekkali
 
4.3 mixed scheme dark version
4.3 mixed scheme dark version4.3 mixed scheme dark version
4.3 mixed scheme dark versionhamza bekkali
 
4.3 blue scheme
4.3 blue scheme4.3 blue scheme
4.3 blue schemehamza bekkali
 
4.3 red scheme
4.3 red scheme4.3 red scheme
4.3 red schemehamza bekkali
 
ITT 2014 - Max Seelemann - Hello TextKit!
ITT 2014 - Max Seelemann - Hello TextKit!ITT 2014 - Max Seelemann - Hello TextKit!
ITT 2014 - Max Seelemann - Hello TextKit!Istanbul Tech Talks
 
Talis Insight Asia-Pacific 2017: Rodney Tamblyn, Talis
Talis Insight Asia-Pacific 2017: Rodney Tamblyn, TalisTalis Insight Asia-Pacific 2017: Rodney Tamblyn, Talis
Talis Insight Asia-Pacific 2017: Rodney Tamblyn, TalisTalis
 

Contenu connexe

En vedette

Arendts: Sports betting licensing procedure in Germany
Arendts: Sports betting licensing procedure in Germany Arendts: Sports betting licensing procedure in Germany
Arendts: Sports betting licensing procedure in Germany Martin Arendts
 
Figuras retóricas. Textos literarios del siglo de oro. GRAdo arte. Uned
Figuras retóricas. Textos literarios del siglo de oro. GRAdo arte. UnedFiguras retóricas. Textos literarios del siglo de oro. GRAdo arte. Uned
Figuras retóricas. Textos literarios del siglo de oro. GRAdo arte. Uned--- ---
 
Aula 6 fatp tipico direito penal
Aula 6 fatp tipico direito penalAula 6 fatp tipico direito penal
Aula 6 fatp tipico direito penalDanny de Campos
 

En vedette (7)

Diptico
DipticoDiptico
Diptico
 
Arendts: Sports betting licensing procedure in Germany
Arendts: Sports betting licensing procedure in Germany Arendts: Sports betting licensing procedure in Germany
Arendts: Sports betting licensing procedure in Germany
 
Figuras retóricas. Textos literarios del siglo de oro. GRAdo arte. Uned
Figuras retóricas. Textos literarios del siglo de oro. GRAdo arte. UnedFiguras retóricas. Textos literarios del siglo de oro. GRAdo arte. Uned
Figuras retóricas. Textos literarios del siglo de oro. GRAdo arte. Uned
 
Indices financieros
Indices financierosIndices financieros
Indices financieros
 
Voce é diferente
Voce é diferenteVoce é diferente
Voce é diferente
 
Aula 6 fatp tipico direito penal
Aula 6 fatp tipico direito penalAula 6 fatp tipico direito penal
Aula 6 fatp tipico direito penal
 
Nuevo bienestar animal
Nuevo bienestar animalNuevo bienestar animal
Nuevo bienestar animal
 

Similaire à Bring Your Own Policy: Internet Use/BYOD Policy by consensus

Empowering users to reclaim their Privacy
Empowering users to reclaim their PrivacyEmpowering users to reclaim their Privacy
Empowering users to reclaim their PrivacyOperando Consortium
 
Running head KONY 2017 SAMPLE TEMPLATE .docx
Running head KONY 2017 SAMPLE TEMPLATE .docxRunning head KONY 2017 SAMPLE TEMPLATE .docx
Running head KONY 2017 SAMPLE TEMPLATE .docxcowinhelen
 
170424 isaca lux slides
170424 isaca lux slides170424 isaca lux slides
170424 isaca lux slidesHenri Kuiper
 
Sample Presentation
Sample PresentationSample Presentation
Sample Presentationcacurtis123
 
6Properly Formatted Formal ReportTHE TITLE OF YOUR REP.docx
6Properly Formatted Formal ReportTHE TITLE OF YOUR REP.docx6Properly Formatted Formal ReportTHE TITLE OF YOUR REP.docx
6Properly Formatted Formal ReportTHE TITLE OF YOUR REP.docxtroutmanboris
 
week3_garst_107357_mockupv1
week3_garst_107357_mockupv1week3_garst_107357_mockupv1
week3_garst_107357_mockupv1Ashley Garst
 
Social Media Basics & Application (for Indexers)
Social Media Basics & Application (for Indexers)Social Media Basics & Application (for Indexers)
Social Media Basics & Application (for Indexers)Sara Truscott
 
4.3 mixed scheme dark version
4.3 mixed scheme dark version4.3 mixed scheme dark version
4.3 mixed scheme dark versionhamza bekkali
 
ITT 2014 - Max Seelemann - Hello TextKit!
ITT 2014 - Max Seelemann - Hello TextKit!ITT 2014 - Max Seelemann - Hello TextKit!
ITT 2014 - Max Seelemann - Hello TextKit!Istanbul Tech Talks
 
Talis Insight Asia-Pacific 2017: Rodney Tamblyn, Talis
Talis Insight Asia-Pacific 2017: Rodney Tamblyn, TalisTalis Insight Asia-Pacific 2017: Rodney Tamblyn, Talis
Talis Insight Asia-Pacific 2017: Rodney Tamblyn, TalisTalis
 
Operando Presentation in Athens 2018
Operando Presentation in Athens 2018Operando Presentation in Athens 2018
Operando Presentation in Athens 2018Operando Consortium
 
Epsilon.pptx
Epsilon.pptxEpsilon.pptx
Epsilon.pptxOstoor
 
In Search Of: Integrating Site Search (PHP Barcelona)
In Search Of: Integrating Site Search (PHP Barcelona)In Search Of: Integrating Site Search (PHP Barcelona)
In Search Of: Integrating Site Search (PHP Barcelona)Ian Barber
 

Similaire à Bring Your Own Policy: Internet Use/BYOD Policy by consensus (20)

Empowering users to reclaim their Privacy
Empowering users to reclaim their PrivacyEmpowering users to reclaim their Privacy
Empowering users to reclaim their Privacy
 
Running head KONY 2017 SAMPLE TEMPLATE .docx
Running head KONY 2017 SAMPLE TEMPLATE .docxRunning head KONY 2017 SAMPLE TEMPLATE .docx
Running head KONY 2017 SAMPLE TEMPLATE .docx
 
170424 isaca lux slides
170424 isaca lux slides170424 isaca lux slides
170424 isaca lux slides
 
Sample Presentation
Sample PresentationSample Presentation
Sample Presentation
 
6Properly Formatted Formal ReportTHE TITLE OF YOUR REP.docx
6Properly Formatted Formal ReportTHE TITLE OF YOUR REP.docx6Properly Formatted Formal ReportTHE TITLE OF YOUR REP.docx
6Properly Formatted Formal ReportTHE TITLE OF YOUR REP.docx
 
week3_garst_107357_mockupv1
week3_garst_107357_mockupv1week3_garst_107357_mockupv1
week3_garst_107357_mockupv1
 
Social Media Basics & Application (for Indexers)
Social Media Basics & Application (for Indexers)Social Media Basics & Application (for Indexers)
Social Media Basics & Application (for Indexers)
 
Newspaper
NewspaperNewspaper
Newspaper
 
Pitch deck premium
Pitch deck premiumPitch deck premium
Pitch deck premium
 
4.3 mixed scheme
4.3 mixed scheme4.3 mixed scheme
4.3 mixed scheme
 
4.3 mixed scheme dark version
4.3 mixed scheme dark version4.3 mixed scheme dark version
4.3 mixed scheme dark version
 
4.3 blue scheme
4.3 blue scheme4.3 blue scheme
4.3 blue scheme
 
4.3 red scheme
4.3 red scheme4.3 red scheme
4.3 red scheme
 
ITT 2014 - Max Seelemann - Hello TextKit!
ITT 2014 - Max Seelemann - Hello TextKit!ITT 2014 - Max Seelemann - Hello TextKit!
ITT 2014 - Max Seelemann - Hello TextKit!
 
Talis Insight Asia-Pacific 2017: Rodney Tamblyn, Talis
Talis Insight Asia-Pacific 2017: Rodney Tamblyn, TalisTalis Insight Asia-Pacific 2017: Rodney Tamblyn, Talis
Talis Insight Asia-Pacific 2017: Rodney Tamblyn, Talis
 
SlidesDesigner's Portfolio
SlidesDesigner's PortfolioSlidesDesigner's Portfolio
SlidesDesigner's Portfolio
 
Operando Presentation in Athens 2018
Operando Presentation in Athens 2018Operando Presentation in Athens 2018
Operando Presentation in Athens 2018
 
Pitch Deck Premium Classic
Pitch Deck Premium ClassicPitch Deck Premium Classic
Pitch Deck Premium Classic
 
Epsilon.pptx
Epsilon.pptxEpsilon.pptx
Epsilon.pptx
 
In Search Of: Integrating Site Search (PHP Barcelona)
In Search Of: Integrating Site Search (PHP Barcelona)In Search Of: Integrating Site Search (PHP Barcelona)
In Search Of: Integrating Site Search (PHP Barcelona)
 

Plus de Michael Scheidell

Spy vs Spy: Protecting Secrets
Spy vs Spy: Protecting SecretsSpy vs Spy: Protecting Secrets
Spy vs Spy: Protecting SecretsMichael Scheidell
 
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...Michael Scheidell
 
Running with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsRunning with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsMichael Scheidell
 
Governance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsGovernance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsMichael Scheidell
 

Plus de Michael Scheidell (6)

Not IF, but WHEN
Not IF, but WHENNot IF, but WHEN
Not IF, but WHEN
 
Spy vs Spy: Protecting Secrets
Spy vs Spy: Protecting SecretsSpy vs Spy: Protecting Secrets
Spy vs Spy: Protecting Secrets
 
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
 
Risky Business
Risky BusinessRisky Business
Risky Business
 
Running with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsRunning with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needs
 
Governance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsGovernance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile Apps
 

Bring Your Own Policy: Internet Use/BYOD Policy by consensus

  • 1. Michael Scheidell, CISO OWASP SF-ISSA BYOP(IF YOU DARE) Security Priva(eers™
  • 2. © 2013 All Rights Reserved Security Priva(eers • Corporate InfoSec Consultant • Certified CISO for Hire, Contract or Retainer • Founded Three South Florida Tech Companies • Digital Privacy Expert • Member ISSA, IAPP, ISACA, IEEE, FBI InfraGard and SFTA • Finalist EE Times ACE Innovator of the year award Sub headline AGENDABring Your Own Policy Michael Scheidell, CISO Security Priva(eers @scheidell 561-948-1305 / michael@securityprivateers.com http://www.securityprivateers.com Additional Resources at: http://www.securityprivateers.com/owasp-issa-byop.html
  • 3. © 2013 All Rights Reserved Security Priva(eers Sub headline AGENDA What is your policy? Do you allow smartphones or not?
  • 4. Sample BYOD Policies • Do you allow external access? • Do you provide all employee equipment? • Do you allow ‘BYOD’? • Do you pay for CELL/Data access? If you answered YES to ANY of these above, you NEED A BYOD POLICY Even if the policy says NO!
  • 5. Written by ISO He understands the 24/7 nature of his team, and understands the risks. Sample BYOD Policies Written by Dir IT They need access to everything, IT is KING! • Only Senior InfoSec executives can make external connections • NON InfoSec employees must use workstations at their desk • The CEO and CFO pay our checks, so they can do anything they want, with or without written policies
  • 6. Sample BYOD Policies Written by Dir IT They need access to everything, IT is KING! Written by Legal We went to Harvard. We make almost as much as the plumber makes. We need to cross the I’s and dot the t’s. The policy must be large, multiple pages, and undecipherable, except by lawyers • We have the Exchange Admin Password • We can do anything we want • We can add you if you buy us toys • The CEO and CFO pay our checks, so they can do anything they want, with or without written policies
  • 7. Sample BYOD Policies Written by Legal We went to Harvard. We make almost as much as the plumber makes. We need to cross the I’s and dot the t’s. The policy must be large, multiple pages, and undecipherable, except by lawyers Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut sodales porta lacus, non auctor enim adipiscing id. Mauris non urna venenatis, blandit mi aliquam, tristique quam. Suspendisse egestas ac libero id tincidunt. Proin malesuada dolor ultrices enim fermentum pharetra consequat ut sapien. Fusce scelerisque dignissim orci sit amet tincidunt. Aenean luctus sodales lobortis. Ut non auctor velit. Sed molestie arcu ac convallis consectetur. Integer sed laoreet velit. Donec eleifend turpis id tellus volutpat, eu ultricies augue sollicitudin. Donec a felis eget ante consectetur porttitor dignissim aliquet velit. Cras consectetur tortor ac enim sodales elementum. Nullam purus felis, dapibus eu viverra sodales, adipiscing et erat. Etiam rhoncus feugiat ullamcorper. Duis nisl urna, malesuada eget dolor imperdiet, viverra rutrum nisl. Sed consequat semper iaculis. Donec lorem mi, eleifend ullamcorper viverra eget, hendrerit in dolor. Quisque pellentesque tellus neque, ut eleifend quam volutpat ut. Nullam lorem ligula, ultrices a turpis et, viverra semper dolor. Donec nec tellus eget risus feugiat ultricies at et mi. Morbi fringilla ipsum odio, vitae convallis augue pretium tristique. Pellentesque consectetur nisl id metus imperdiet viverra. Nunc sodales pulvinar turpis non congue. Quisque odio nisl, tincidunt in lobortis tincidunt, mattis sit amet mi. Cras id vehicula lectus, non ultrices elit. Quisque lacinia laoreet lectus. In imperdiet, nibh sit amet tincidunt condimentum, mauris diam ultricies leo, vitae sollicitudin lacus risus eu justo. Duis ornare diam ut lorem tincidunt, id laoreet mauris molestie. Quisque dapibus, nibh non consectetur varius, sapien felis pretium libero, blandit molestie sem tellus ac leo. Morbi diam turpis, aliquam non ipsum id, convallis lobortis nisi. Aenean placerat purus quis leo ultrices, vitae gravida nunc sagittis. Donec ut venenatis sapien. Cras eget dui est. Donec commodo iaculis dictum. Morbi malesuada lacus sed condimentum eleifend. Donec mattis varius interdum. Curabitur sodales libero vel venenatis ullamcorper. Nam tempor nibh sit amet nisi pharetra, sed egestas eros auctor. In adipiscing sem ut vehicula scelerisque. Vestibulum tempor lorem eget sollicitudin iaculis. Morbi faucibus consequat dui ac egestas. Phasellus scelerisque ultricies neque eu suscipit. Etiam venenatis quam quis sapien gravida adipiscing. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Curabitur consequat nibh vel enim rutrum, eget elementum orci semper. Vestibulum quis adipiscing dui. Aliquam erat volutpat. Etiam at diam id ipsum ornare fringilla in vel elit. Praesent suscipit eros in erat luctus, sit amet consectetur purus pretium. Maecenas fringilla elit ipsum, porttitor ultrices sem luctus sit amet. Integer nec rhoncus justo, sit amet bibendum urna. Vivamus at tortor non ante molestie consequat ut in quam. Donec eget elit arcu. Pellentesque dictum massa nunc, sed venenatis eros elementum non. Fusce at justo purus. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut sodales porta lacus, non auctor enim adipiscing id. Mauris non urna venenatis, blandit mi aliquam, tristique quam. Suspendisse egestas ac libero id tincidunt. Proin malesuada dolor ultrices enim fermentum pharetra consequat ut sapien. Fusce scelerisque dignissim orci sit amet tincidunt. Aenean luctus sodales lobortis. Ut non auctor velit. Sed molestie arcu ac convallis consectetur. Integer sed laoreet velit. Donec eleifend turpis id tellus volutpat, eu ultricies augue sollicitudin. Donec a felis eget ante consectetur porttitor dignissim aliquet velit. Cras consectetur tortor ac enim sodales elementum. Nullam purus felis, dapibus eu viverra sodales, adipiscing et erat. Etiam rhoncus feugiat ullamcorper. Duis nisl urna, malesuada eget dolor imperdiet, viverra rutrum nisl. Sed consequat semper iaculis. Donec lorem mi, eleifend ullamcorper viverra eget, hendrerit in dolor. Quisque pellentesque tellus neque, ut eleifend quam volutpat ut. Nullam lorem ligula, ultrices a turpis et, viverra semper dolor. Donec nec tellus eget risus feugiat ultricies at et mi. Morbi fringilla ipsum odio, vitae convallis augue pretium tristique. Pellentesque consectetur nisl id metus imperdiet viverra. Nunc sodales pulvinar turpis non congue. Quisque odio nisl, tincidunt in lobortis tincidunt, mattis sit amet mi. Cras id vehicula lectus, non ultrices elit. Quisque lacinia laoreet lectus. In imperdiet, nibh sit amet tincidunt condimentum, mauris diam ultricies leo, vitae sollicitudin lacus risus eu justo. Duis ornare diam ut lorem tincidunt, id laoreet mauris molestie. Quisque dapibus, nibh non consectetur varius, sapien felis pretium libero, blandit molestie sem tellus ac leo. Morbi diam turpis, aliquam non ipsum id, convallis lobortis nisi. Aenean placerat purus quis leo ultrices, vitae gravida nunc sagittis. Donec ut venenatis sapien. Cras eget dui est. Donec commodo iaculis dictum. Morbi malesuada lacus sed condimentum eleifend. Donec mattis varius interdum. Curabitur sodales libero vel venenatis ullamcorper. Nam tempor nibh sit amet nisi pharetra, sed egestas eros auctor. In adipiscing sem ut vehicula scelerisque. Vestibulum tempor lorem eget sollicitudin iaculis. Morbi faucibus consequat dui ac egestas. Phasellus scelerisque ultricies neque eu suscipit. Etiam venenatis quam quis sapien gravida adipiscing. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Curabitur consequat nibh vel enim rutrum, eget elementum orci semper. Vestibulum quis adipiscing dui. Aliquam erat volutpat. Etiam at diam id ipsum ornare fringilla in vel elit. Praesent suscipit eros in erat luctus, sit amet consectetur purus pretium. Maecenas fringilla elit ipsum, porttitor ultrices sem luctus sit amet. Integer nec rhoncus justo, sit amet bibendum urna. Vivamus at tortor non ante molestie consequat ut in quam. Donec eget elit arcu. Pellentesque dictum massa nunc, sed venenatis eros elementum non. Fusce at justo purus. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut sodales porta lacus, non auctor enim adipiscing id. Mauris non urna venenatis, blandit mi aliquam, tristique quam. Suspendisse egestas ac libero id tincidunt. Proin malesuada dolor ultrices enim fermentum pharetra consequat ut sapien. Fusce scelerisque dignissim orci sit amet tincidunt. Aenean luctus sodales lobortis. Ut non auctor velit. Sed molestie arcu ac convallis consectetur. Integer sed laoreet velit. Donec eleifend turpis id tellus volutpat, eu ultricies augue sollicitudin. Donec a felis eget ante consectetur porttitor dignissim aliquet velit. Cras consectetur tortor ac enim sodales elementum. Nullam purus felis, dapibus eu viverra sodales, adipiscing et erat. Etiam rhoncus feugiat ullamcorper. Duis nisl urna, malesuada eget dolor imperdiet, viverra rutrum nisl. Sed consequat semper iaculis. Donec lorem mi, eleifend ullamcorper viverra eget, hendrerit in dolor. Quisque pellentesque tellus neque, ut eleifend quam volutpat ut. Nullam lorem ligula, ultrices a turpis et, viverra semper dolor. Donec nec tellus eget risus feugiat ultricies at et mi. Morbi fringilla ipsum odio, vitae convallis augue pretium tristique. Pellentesque consectetur nisl id metus imperdiet viverra. Nunc sodales pulvinar turpis non congue. Quisque odio nisl, tincidunt in lobortis tincidunt, mattis sit amet mi. Cras id vehicula lectus, non ultrices elit. Quisque lacinia laoreet lectus. In imperdiet, nibh sit amet tincidunt condimentum, mauris diam ultricies leo, vitae sollicitudin lacus risus eu justo. Duis ornare diam ut lorem tincidunt, id laoreet mauris molestie. Quisque dapibus, nibh non consectetur varius, sapien felis pretium libero, blandit molestie sem tellus ac leo. Morbi diam turpis, aliquam non ipsum id, convallis lobortis nisi. Aenean placerat purus quis leo ultrices, vitae gravida nunc sagittis. Donec ut venenatis sapien. Cras eget dui est. Donec commodo iaculis dictum. Morbi malesuada lacus sed condimentum eleifend. Donec mattis varius interdum. Curabitur sodales libero vel venenatis ullamcorper. Nam tempor nibh sit amet nisi pharetra, sed egestas eros auctor. In adipiscing sem ut vehicula scelerisque. Vestibulum tempor lorem eget sollicitudin iaculis. Morbi faucibus consequat dui ac egestas. Phasellus scelerisque ultricies neque eu suscipit. Etiam venenatis quam quis sapien gravida adipiscing.
  • 8. Written by ISO He understands the 24/7 nature of his team, and understands the risks. Sample BYOD Policies Written by Dir IT They need access to everything, IT is KING! Written by Legal We went to Harvard. We make almost as much as the plumber makes. We need to cross the I’s and dot the t’s. The policy must be large, multiple pages, and undecipherable, exce pt by lawyers
  • 9. © 2013 All Rights Reserved Security Priva(eers 1 Restrict Platform Apple, Blackberry, Android? Do you have MDM software that can control all three? Do you have pre-approved models? Sub headline AGENDASome Points BYOD 3 Policy Enforcement Unlock Code/Pin/Pattern/Print? Device Encryption? Restrict removable media? 2 BYOD Reimbusement Do you provide reimbursement for the phone, accessories? Do you pay for or have a plan allowance?
  • 10. © 2013 All Rights Reserved Security Priva(eers 4 Share Status in Real Time Are you sharing your real time status? GPS, Twitter, Facebook, Latitudes? Sub headline AGENDASome Points BYOD 6 HR / Legal Policies Use of device by hourly employees, Use of device while driving 5 Unencrypted Wifi Prohibit Access to unencrypted Wifi/Free/ Starbucks/ Airports, etc.
  • 11. © 2013 All Rights Reserved Security Priva(eers 7 Lost Device / Termination Report Lost device immediately, who replaces it? MDM Software, Wipe device upon loss or termination? Sub headline AGENDASome Points BYOD 9 Restrict Downloads/Programs / Rooting / Jailbreak Flashlight tracks GPS locations, Jailbroken phones can allow programs access to contacts, passwords, files 8 Employee Use only No Family, No Friends, Business Use only. Buy your 3 year old his own tablet to play angry birds
  • 12. © 2013 All Rights Reserved Security Priva(eers 10 Support / Management What level of IT support does user get? Do we install MDM software and perform backups? Sub headline AGENDASome Points BYOD 12 Right to Audit Right to log calls, texts, list of installed software (FINRA, SOX, GLBA, FFIEC) 11 Access Rights Right to disable or restrict access for security or policy reasons.
  • 13. © 2013 All Rights Reserved Security Priva(eers The Fine Print How do we get there? Articulate Clear Goals • Why a policy • Reduce Capex • Productivity • Satisfaction • Technology • Company Portal 1 Existing Policies • Internet Use • AUP • Password Policy • HR Policies • Security • Privacy • Regulations 2 Eligibility • Who • Job Function • Executive • Types of Jobs • External Users • Existing Devices • Rollout / Pilot 3
  • 14. © 2013 All Rights Reserved Security Priva(eers The Fine Print How do we get there? Stakeholders • Executive • Finance • Legal • HR • IT • Telecom • Security • Compliance 4 Limit Device Tech • Platform • Devices • Upgrades • Versions • Software • Security Tools 5 Minimum Security • MDM / DLP • Remote Wipe • Encryption • Screen Passcode • Screen Timeout • AV Software • Logging 6
  • 15. © 2013 All Rights Reserved Security Priva(eers The Fine Print How do we get there? Level of Support • Tier 1 / Tier 2 • Vendor Contact • Connectivity • Remote/Wifi • Bluetooth • Training • Candy Crush 7 Listen • Business Leaders • User Feedback • Too Strict • User Buy-In • Insider Threat • Trust/both ways • Awareness 8 Frequent Updates • Technology • Ipaq, Feature Phone, SmartPhone, Iphone, tablets, phablet, smart watch, google glasses, medically implanted bluetooth • Focus on data 9
  • 16. Last Step, Not Official Policy Yet Draft Policy Finished Do you buy MDM software? Make an announcement? Block all the iPhones?, Pull up the drawbridge? 1 Executive Approval You can’t enforce a policy without Executive Approval. Formal Process, and be ready to explain all of your choices 2
  • 17. Download Sample at https://db.tt/BRNrlcbH Lets start… Lets write a policy 1 Time to Vote on it2 Publish Draft and take it to management for approval. . 3
  • 18. 15 Must Have Policies © 2013 All Rights Reserved Security Priva(eers Sub headline AGENDABring Your Own Policy 1. Firewall Policy 2. Anti-Virus Policy 3. Downtime Policy 4. Password Policy 5. Purchasing Policy 6. Help Desk Triage Policy 7. Third-Party Access Policy 8. Server Configuration Policy 9. Software Development Policy 10.Internet Acceptable Use Policy 11.Hardware Asset Disposal Policy 12.Mobile Device Acceptable Use Policy 13.Remote Access Policy 14.Telephony Service Policy 15.Routine COTS Application Policy
  • 19. © 2013 All Rights Reserved Security Priva(eers Policy Gap Analysis Review current policies, compare against best practices and current government regulations. Policy Updates / Presentation Sometimes the hardest part is getting Management Buy-in Call or email for a consultation Sub headline AGENDABring Your Own Policy Where to get Help Security Priva(eers @scheidell 561-948-1305 / michael@securityprivateers.com http://www.securityprivateers.com Additional resources for BYOP: http://www.securityprivateers.com/owasp-issa-byop.html