SlideShare une entreprise Scribd logo

Compliance in the mobile enterprise: 5 tips to prepare for your next audit

NowSecure
NowSecure

Mobile workforces and apps have revolutionized a number of highly regulated industries. State and federal regulations, such as the Health Information Portability and Accountability Act (HIPAA) and Sarbanes-Oxley (SOX), and industry standards, such as the PCI Data Security Standard (PCI DSS) and OWASP Top 10, have evolved as a result. So how do you achieve compliance outcomes for mobile apps? *These slides accompany the webinar: https://youtu.be/mqIU5dDyHwM

Technologie
1  sur  25
Télécharger pour lire hors ligne
Compliance in the mobile enterprise: Five tips to prepare for your next mobile app audit
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Connect Twitter: @NowSecureMobile — Subscribe to #MobSec5, our weekly mobile security news digest http://mobsec5.nowsecure.com/ — Web: nowsecure.com (check out our new website!)
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Andrew Hoog CEO | NowSecure
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Contents ● Overview of key laws ● Consequences of non-compliance ● Five tips for breezing through your audit ● Achieving compliance outcomes with NowSecure ● Q & A
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Key laws and regulations that apply to mobile apps
© Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. http://www.arelaw.com/downloads/ARElaw_MobileDeviceApplications_KeyLawsChart_rev061815.pdf Laws, regulations, rules applicable to mobile apps GENERAL CONTENT FINANCIAL HEALTH/ MEDICAL MINORS OTHERS FTC Act Sarbanes-Oxley Electronic Communications Privacy Act (ECPA) Computer Fraud and Abuse Act (CFAA) NIAP (Common Criteria for app vetting) Digital Millennium Copyright Act (DMCA) Communications Decency Act (CDA) Restore Online Shoppers’ Confidence Act (ROSCA) Gramm-Leach-Bliley Act (GLBA) FFIEC compliance standards Payment card industry (PCI) standards Health Insurance Portability and Accountability Act (HIPAA) Health Information in Technology for Economic and Clinical Health Act (HITECH) Food and Drug Administration Act (mobile medical apps) FTC’s Health Breach Notification Rule Children’s Online Privacy Protection Act (COPPA) California Online Privacy and Protection Act (CalOPPA) State data-breach notification, data security, and records disposal statutes FCC’s Proprietary Network Information (CPNI) Breach Notification Rule
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Recent enforcement actions
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. FTC v. Wyndham “A company does not act equitably when it publishes a privacy policy to attract customers who are concerned about data privacy, fails to make good on that promise by investing inadequate resources in cybersecurity, exposes its unsuspecting customers to substantial financial injury, and retains the profits of their business.” Circuit Judge Thomas Ambro, United States Court of Appeals for the Third District
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Applying FTC v. Wyndham to mobile apps FTC has authority to bring data security cases Apple App Store and Google Play store require privacy policies Failure to invest in security of those apps (i.e., “do what you say”) puts you at risk
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Snapchat - Complaint filed with FTC and settled "If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises. Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action." —FTC Chairwoman Edith Ramirez https://epic.org/privacy/internet/ftc/snapchat/#response VIOLATION CONSEQUENCE Did not permanently delete files as claimed Changed extension to .NOMEDIA Merely hides files on user’s device Still recoverable from memory 20 years of privacy audits Prohibited from making false claims about privacy policies
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Dwolla - Consumer Financial Protection Bureau action http://www.consumerfinance.gov/about-us/newsroom/cfpb-takes-action-against-dwolla-for-misrepresenting-data-security-practices/ VIOLATION CONSEQUENCE Did not protect data from unauthorized access Did not encrypt all sensitive data Did not test security of released apps Ordered to stop misrepresenting security practices Required to train employees to protect data and fix mobile app security flaws Pay $100,000 penalty to CFPB
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. An ounce of prevention... Ace your auditProtect your customers Protect your business Make a painful, time-consuming process less so Deliver secure apps that protect user data Avoid data breach, brand damage, and enforcement actions
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Five tips for breezing through your audit
© Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. 1 2 3 4 5 Establish a framework Set internal requirements for mobile app security
© Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. 1 2 3 4 5 Establish a framework Set internal requirements for mobile app security Educate staff Teach developers how to code in compliance with the framework, and teach security auditors how to test apps against it
© Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. 1 2 3 4 5 Establish a framework Set internal requirements for mobile app security Educate staff Teach developers how to code in compliance with the framework, and teach security auditors how to test apps against it Audit yourself Audit your mobile apps against the framework
© Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. 1 2 3 4 5 Establish a framework Educate staff Audit yourself Audit your mobile apps against the framework Document diligently Document framework, education materials, and assessments (i.e., reports), and make sure it’s all organized and accessible Set internal requirements for mobile app security Teach developers how to code in compliance with the framework, and teach security auditors how to test apps against it
© Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. 1 2 3 4 5 Establish a framework Educate staff Audit yourself Document diligently Audit earlier Integrate audits into the SDLC as part of an on-going process to save time, money, and headaches Audit your mobile apps against the framework Set internal requirements for mobile app security Teach developers how to code in compliance with the framework, and teach security auditors how to test apps against it Document framework, education materials, and assessments (i.e., reports), and make sure it’s all organized and accessible
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. How NowSecure customers achieve compliance outcomes
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. An audit anecdote as told by a financial institution
Audit guidelines have evolved quickly to take mobile into account. We need to go into detail about the workflow and logistics of each product, and the FFIEC requires many of our clients to vet their products annually.” Travis Swinford, Product Manager “
© Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information.
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Customers use results mapped to industry standards for validation purposes Regulatory flags include: ● Common Vulnerability Scoring System (CVSS) ● OWASP top 10 mobile risks ● Common Weakness Enumeration (CWE) ● National Information Assurance Partnership (NIAP) requirements for mobile apps on sensitive networks
© Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. for developing secure mobile apps A starting point for a framework that also educates developers about security flaws and how to avoid them https://www.nowsecure.com/ebooks/secure-mobile-development-best-practices/ 50+ TIPS
Let’s talk NowSecure +1 312.878.1100 @NowSecureMobile www.nowsecure.com Subscribe to #MobSec5 - a collection of the week’s mobile news that matters - http://mobsec5.nowsecure.com/

Recommandé

Shifting left: Continuous testing for better app quality and security
Shifting left: Continuous testing for better app quality and securityShifting left: Continuous testing for better app quality and security
Shifting left: Continuous testing for better app quality and securityNowSecure
 
How to scale mobile application security testing
How to scale mobile application security testingHow to scale mobile application security testing
How to scale mobile application security testingNowSecure
 
5 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 20185 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 2018NowSecure
 
A Risk-Based Mobile App Security Testing Strategy
A Risk-Based Mobile App Security Testing StrategyA Risk-Based Mobile App Security Testing Strategy
A Risk-Based Mobile App Security Testing StrategyNowSecure
 
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference ArchitectureFrom Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference ArchitectureNowSecure
 
Android Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy EnhancementsAndroid Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy EnhancementsNowSecure
 
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDATop OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDANowSecure
 
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App RiskMobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App RiskNowSecure
 

Recommandé

Shifting left: Continuous testing for better app quality and security
Shifting left: Continuous testing for better app quality and securityShifting left: Continuous testing for better app quality and security
Shifting left: Continuous testing for better app quality and securityNowSecure
 
How to scale mobile application security testing
How to scale mobile application security testingHow to scale mobile application security testing
How to scale mobile application security testingNowSecure
 
5 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 20185 Mobile App Security MUST-DOs in 2018
5 Mobile App Security MUST-DOs in 2018NowSecure
 
A Risk-Based Mobile App Security Testing Strategy
A Risk-Based Mobile App Security Testing StrategyA Risk-Based Mobile App Security Testing Strategy
A Risk-Based Mobile App Security Testing StrategyNowSecure
 
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference ArchitectureFrom Tangled Mess to Organized Flow: A Mobile DevSecOps Reference Architecture
From Tangled Mess to Organized Flow: A Mobile DevSecOps Reference ArchitectureNowSecure
 
Android Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy EnhancementsAndroid Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy EnhancementsNowSecure
 
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDATop OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDANowSecure
 
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App RiskMobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App Risk
Mobile Apps & Connected Healthcare: Managing 3rd-Party Mobile App RiskNowSecure
 
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesCASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesNowSecure
 
Android P Security Updates: What You Need to Know
Android P Security Updates: What You Need to KnowAndroid P Security Updates: What You Need to Know
Android P Security Updates: What You Need to KnowNowSecure
 
What attackers know about your mobile apps that you don’t: Banking & FinTech
What attackers know about your mobile apps that you don’t: Banking & FinTechWhat attackers know about your mobile apps that you don’t: Banking & FinTech
What attackers know about your mobile apps that you don’t: Banking & FinTechNowSecure
 
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintBuilding a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintNowSecure
 
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...NowSecure
 
Debunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSecDebunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSecNowSecure
 
Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsNowSecure
 
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesNowSecure
 
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...NowSecure
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Seculert
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaOSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaNowSecure
 
Add Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineAdd Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineGene Gotimer
 
The New Economics of Cloud Security
The New Economics of Cloud SecurityThe New Economics of Cloud Security
The New Economics of Cloud SecurityAlert Logic
 
Cyber intro 2017_hebrew
Cyber intro 2017_hebrew Cyber intro 2017_hebrew
Cyber intro 2017_hebrew Moti Sagey מוטי שגיא
 
5 Common Myths that Stop People from Using an Antivirus
5 Common Myths that Stop People from Using an Antivirus5 Common Myths that Stop People from Using an Antivirus
5 Common Myths that Stop People from Using an AntivirusQuick Heal Technologies Ltd.
 
Splunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security SessionSplunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security SessionSplunk
 
CPX 2016 Moti Sagey Security Vendor Landscape
CPX 2016 Moti Sagey Security Vendor LandscapeCPX 2016 Moti Sagey Security Vendor Landscape
CPX 2016 Moti Sagey Security Vendor LandscapeMoti Sagey מוטי שגיא
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk
 
Why are Software Updates so Important for your Security
Why are Software Updates so Important for your SecurityWhy are Software Updates so Important for your Security
Why are Software Updates so Important for your SecurityQuick Heal Technologies Ltd.
 
Webinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityWebinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityGeorg Knon
 
SI Capital Company Brochure 2016
SI Capital Company Brochure 2016SI Capital Company Brochure 2016
SI Capital Company Brochure 2016Matthew Lambert
 
Ejempplos cuadros de sintesis
Ejempplos cuadros de sintesisEjempplos cuadros de sintesis
Ejempplos cuadros de sintesisjunior sanchez
 

Contenu connexe

Tendances

CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesCASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesNowSecure
 
Android P Security Updates: What You Need to Know
Android P Security Updates: What You Need to KnowAndroid P Security Updates: What You Need to Know
Android P Security Updates: What You Need to KnowNowSecure
 
What attackers know about your mobile apps that you don’t: Banking & FinTech
What attackers know about your mobile apps that you don’t: Banking & FinTechWhat attackers know about your mobile apps that you don’t: Banking & FinTech
What attackers know about your mobile apps that you don’t: Banking & FinTechNowSecure
 
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintBuilding a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintNowSecure
 
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...NowSecure
 
Debunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSecDebunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSecNowSecure
 
Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsNowSecure
 
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesNowSecure
 
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...NowSecure
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Seculert
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaOSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaNowSecure
 
Add Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineAdd Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineGene Gotimer
 
The New Economics of Cloud Security
The New Economics of Cloud SecurityThe New Economics of Cloud Security
The New Economics of Cloud SecurityAlert Logic
 
5 Common Myths that Stop People from Using an Antivirus
5 Common Myths that Stop People from Using an Antivirus5 Common Myths that Stop People from Using an Antivirus
5 Common Myths that Stop People from Using an AntivirusQuick Heal Technologies Ltd.
 
Splunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security SessionSplunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security SessionSplunk
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk
 
Why are Software Updates so Important for your Security
Why are Software Updates so Important for your SecurityWhy are Software Updates so Important for your Security
Why are Software Updates so Important for your SecurityQuick Heal Technologies Ltd.
 
Webinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityWebinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityGeorg Knon
 

Tendances (20)

CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated IndustriesCASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
CASE STUDY - Ironclad Messaging & Secure App Dev for Regulated Industries
 
Android P Security Updates: What You Need to Know
Android P Security Updates: What You Need to KnowAndroid P Security Updates: What You Need to Know
Android P Security Updates: What You Need to Know
 
What attackers know about your mobile apps that you don’t: Banking & FinTech
What attackers know about your mobile apps that you don’t: Banking & FinTechWhat attackers know about your mobile apps that you don’t: Banking & FinTech
What attackers know about your mobile apps that you don’t: Banking & FinTech
 
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintBuilding a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing Blueprint
 
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
 
Debunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSecDebunking the Top 5 Myths About Mobile AppSec
Debunking the Top 5 Myths About Mobile AppSec
 
Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar Associations
 
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial services
 
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
Mobile App Crashworthiness - Securing Vehicle-to-Device (V2D) Interfaces and ...
 
Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option Why Depending On Malware Prevention Alone Is No Longer An Option
Why Depending On Malware Prevention Alone Is No Longer An Option
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaOSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
 
Add Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineAdd Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery Pipeline
 
The New Economics of Cloud Security
The New Economics of Cloud SecurityThe New Economics of Cloud Security
The New Economics of Cloud Security
 
Cyber intro 2017_hebrew
Cyber intro 2017_hebrew Cyber intro 2017_hebrew
Cyber intro 2017_hebrew
 
5 Common Myths that Stop People from Using an Antivirus
5 Common Myths that Stop People from Using an Antivirus5 Common Myths that Stop People from Using an Antivirus
5 Common Myths that Stop People from Using an Antivirus
 
Splunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security SessionSplunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security Session
 
CPX 2016 Moti Sagey Security Vendor Landscape
CPX 2016 Moti Sagey Security Vendor LandscapeCPX 2016 Moti Sagey Security Vendor Landscape
CPX 2016 Moti Sagey Security Vendor Landscape
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security Keynote
 
Why are Software Updates so Important for your Security
Why are Software Updates so Important for your SecurityWhy are Software Updates so Important for your Security
Why are Software Updates so Important for your Security
 
Webinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityWebinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise Security
 

En vedette

SI Capital Company Brochure 2016
SI Capital Company Brochure 2016SI Capital Company Brochure 2016
SI Capital Company Brochure 2016Matthew Lambert
 
Ejempplos cuadros de sintesis
Ejempplos cuadros de sintesisEjempplos cuadros de sintesis
Ejempplos cuadros de sintesisjunior sanchez
 
Obesity: nutrients modulators of neuropeptides and neurotransmmitters
Obesity: nutrients modulators of neuropeptides and neurotransmmitters Obesity: nutrients modulators of neuropeptides and neurotransmmitters
Obesity: nutrients modulators of neuropeptides and neurotransmmitters Nutriline SRL
 
Security Policy: The Next Generation
Security Policy: The Next GenerationSecurity Policy: The Next Generation
Security Policy: The Next GenerationPeter Hesse
 
23 tweets for wesley kuhn
23 tweets for wesley kuhn23 tweets for wesley kuhn
23 tweets for wesley kuhnWesley Yuhn
 
Resume of Richard K Metzner-2016
Resume of Richard K Metzner-2016Resume of Richard K Metzner-2016
Resume of Richard K Metzner-2016Richard Metzner
 
PresentationMachine Learning, Linear and Bayesian Models for Logistic Regres...
PresentationMachine Learning, Linear and Bayesian Models for Logistic Regres...PresentationMachine Learning, Linear and Bayesian Models for Logistic Regres...
PresentationMachine Learning, Linear and Bayesian Models for Logistic Regres...Bohdan Pavlyshenko
 
Presentazione italia unita per la scienza
Presentazione italia unita per la scienzaPresentazione italia unita per la scienza
Presentazione italia unita per la scienzaKrizia Ferrini
 
Wi fi hotspot solutions coworking space
Wi fi hotspot solutions coworking spaceWi fi hotspot solutions coworking space
Wi fi hotspot solutions coworking spaceShailendra Jain
 
WiFi Hotspot solutions (co working space)
WiFi Hotspot solutions (co working space)WiFi Hotspot solutions (co working space)
WiFi Hotspot solutions (co working space)Shailendra Jain
 
Curso superior de naturopatia on line- dossier
Curso superior de naturopatia on line- dossierCurso superior de naturopatia on line- dossier
Curso superior de naturopatia on line- dossierAtma Escuela
 

En vedette (17)

SI Capital Company Brochure 2016
SI Capital Company Brochure 2016SI Capital Company Brochure 2016
SI Capital Company Brochure 2016
 
Ejempplos cuadros de sintesis
Ejempplos cuadros de sintesisEjempplos cuadros de sintesis
Ejempplos cuadros de sintesis
 
Obesity: nutrients modulators of neuropeptides and neurotransmmitters
Obesity: nutrients modulators of neuropeptides and neurotransmmitters Obesity: nutrients modulators of neuropeptides and neurotransmmitters
Obesity: nutrients modulators of neuropeptides and neurotransmmitters
 
Klantenbinding anno 2017
Klantenbinding anno 2017Klantenbinding anno 2017
Klantenbinding anno 2017
 
Security Policy: The Next Generation
Security Policy: The Next GenerationSecurity Policy: The Next Generation
Security Policy: The Next Generation
 
Crecimiento economico
Crecimiento economicoCrecimiento economico
Crecimiento economico
 
23 tweets for wesley kuhn
23 tweets for wesley kuhn23 tweets for wesley kuhn
23 tweets for wesley kuhn
 
Gebeurtenis
GebeurtenisGebeurtenis
Gebeurtenis
 
Resume of Richard K Metzner-2016
Resume of Richard K Metzner-2016Resume of Richard K Metzner-2016
Resume of Richard K Metzner-2016
 
PresentationMachine Learning, Linear and Bayesian Models for Logistic Regres...
PresentationMachine Learning, Linear and Bayesian Models for Logistic Regres...PresentationMachine Learning, Linear and Bayesian Models for Logistic Regres...
PresentationMachine Learning, Linear and Bayesian Models for Logistic Regres...
 
Presentazione italia unita per la scienza
Presentazione italia unita per la scienzaPresentazione italia unita per la scienza
Presentazione italia unita per la scienza
 
Dirty Secrets of Personal Branding (Advocaten)
Dirty Secrets of Personal Branding (Advocaten)Dirty Secrets of Personal Branding (Advocaten)
Dirty Secrets of Personal Branding (Advocaten)
 
Wi fi hotspot solutions coworking space
Wi fi hotspot solutions coworking spaceWi fi hotspot solutions coworking space
Wi fi hotspot solutions coworking space
 
WiFi Hotspot solutions (co working space)
WiFi Hotspot solutions (co working space)WiFi Hotspot solutions (co working space)
WiFi Hotspot solutions (co working space)
 
Curso superior de naturopatia on line- dossier
Curso superior de naturopatia on line- dossierCurso superior de naturopatia on line- dossier
Curso superior de naturopatia on line- dossier
 
Devops skills you got what it takes ?
Devops skills you got what it takes ?Devops skills you got what it takes ?
Devops skills you got what it takes ?
 
Export Marketing Planning for exporters from emerging markets
Export Marketing Planning for exporters from emerging marketsExport Marketing Planning for exporters from emerging markets
Export Marketing Planning for exporters from emerging markets
 

Similaire à Compliance in the mobile enterprise: 5 tips to prepare for your next audit

Web Application Security - Everything You Should Know
Web Application Security - Everything You Should KnowWeb Application Security - Everything You Should Know
Web Application Security - Everything You Should KnowNarola Infotech
 
Vetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security EssentialsVetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security EssentialsNowSecure
 
How to build a highly secure fin tech application
How to build a highly secure fin tech applicationHow to build a highly secure fin tech application
How to build a highly secure fin tech applicationnimbleappgenie
 
The Importance of Mobile App Security
The Importance of Mobile App SecurityThe Importance of Mobile App Security
The Importance of Mobile App SecurityOprim Solutions
 
application-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracodeapplication-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracodesciccone
 
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligenceDelivering secure mobile financial services (MFS) - "Frictionless" vs diligence
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligenceNowSecure
 
9 Hidden Challenges of Enterprise Mobility Application Development by Utah Te...
9 Hidden Challenges of Enterprise Mobility Application Development by Utah Te...9 Hidden Challenges of Enterprise Mobility Application Development by Utah Te...
9 Hidden Challenges of Enterprise Mobility Application Development by Utah Te...Utah Tech Labs
 
5 steps end to end security consumer apps
5 steps end to end security consumer apps5 steps end to end security consumer apps
5 steps end to end security consumer appsCA API Management
 
The ABCs of Mobile App Fraud
The ABCs of Mobile App FraudThe ABCs of Mobile App Fraud
The ABCs of Mobile App FraudJames Nichols
 
The ABCs of Mobile App Fraud
The ABCs of Mobile App FraudThe ABCs of Mobile App Fraud
The ABCs of Mobile App FraudJim Nichols
 
#EPICFAIL: The biggest mistakes with mobile initiatives and how to avoid them
#EPICFAIL: The biggest mistakes with mobile initiatives and how to avoid them #EPICFAIL: The biggest mistakes with mobile initiatives and how to avoid them
#EPICFAIL: The biggest mistakes with mobile initiatives and how to avoid them Chris Pepin
 
AppTrana SECaaS (Security as a Service)
AppTrana SECaaS (Security as a Service)AppTrana SECaaS (Security as a Service)
AppTrana SECaaS (Security as a Service)IndusfacePvtLtd
 
Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5Accenture Technology
 
Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5accenture
 
Mobile App Security Protecting Your App from Cyber Threats.edited.docx
Mobile App Security Protecting Your App from Cyber Threats.edited.docxMobile App Security Protecting Your App from Cyber Threats.edited.docx
Mobile App Security Protecting Your App from Cyber Threats.edited.docxmadhuri871014
 
Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfSolviosTechnology
 
Mobile Banking App Development A Complete Guide.pdf
Mobile Banking App Development A Complete Guide.pdfMobile Banking App Development A Complete Guide.pdf
Mobile Banking App Development A Complete Guide.pdfSuccessiveDigital
 
Why web application security is important in every step of web application de...
Why web application security is important in every step of web application de...Why web application security is important in every step of web application de...
Why web application security is important in every step of web application de...Alisha Henderson
 
Top Practices You Need To Develop Secure Mobile Apps.
Top Practices You Need To Develop Secure Mobile Apps.Top Practices You Need To Develop Secure Mobile Apps.
Top Practices You Need To Develop Secure Mobile Apps.Techugo
 
Tips To Protect Your Mobile App from Hackers.pdf
Tips To Protect Your Mobile App from Hackers.pdfTips To Protect Your Mobile App from Hackers.pdf
Tips To Protect Your Mobile App from Hackers.pdfFuGenx Technologies
 

Similaire à Compliance in the mobile enterprise: 5 tips to prepare for your next audit (20)

Web Application Security - Everything You Should Know
Web Application Security - Everything You Should KnowWeb Application Security - Everything You Should Know
Web Application Security - Everything You Should Know
 
Vetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security EssentialsVetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security Essentials
 
How to build a highly secure fin tech application
How to build a highly secure fin tech applicationHow to build a highly secure fin tech application
How to build a highly secure fin tech application
 
The Importance of Mobile App Security
The Importance of Mobile App SecurityThe Importance of Mobile App Security
The Importance of Mobile App Security
 
application-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracodeapplication-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracode
 
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligenceDelivering secure mobile financial services (MFS) - "Frictionless" vs diligence
Delivering secure mobile financial services (MFS) - "Frictionless" vs diligence
 
9 Hidden Challenges of Enterprise Mobility Application Development by Utah Te...
9 Hidden Challenges of Enterprise Mobility Application Development by Utah Te...9 Hidden Challenges of Enterprise Mobility Application Development by Utah Te...
9 Hidden Challenges of Enterprise Mobility Application Development by Utah Te...
 
5 steps end to end security consumer apps
5 steps end to end security consumer apps5 steps end to end security consumer apps
5 steps end to end security consumer apps
 
The ABCs of Mobile App Fraud
The ABCs of Mobile App FraudThe ABCs of Mobile App Fraud
The ABCs of Mobile App Fraud
 
The ABCs of Mobile App Fraud
The ABCs of Mobile App FraudThe ABCs of Mobile App Fraud
The ABCs of Mobile App Fraud
 
#EPICFAIL: The biggest mistakes with mobile initiatives and how to avoid them
#EPICFAIL: The biggest mistakes with mobile initiatives and how to avoid them #EPICFAIL: The biggest mistakes with mobile initiatives and how to avoid them
#EPICFAIL: The biggest mistakes with mobile initiatives and how to avoid them
 
AppTrana SECaaS (Security as a Service)
AppTrana SECaaS (Security as a Service)AppTrana SECaaS (Security as a Service)
AppTrana SECaaS (Security as a Service)
 
Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5
 
Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5
 
Mobile App Security Protecting Your App from Cyber Threats.edited.docx
Mobile App Security Protecting Your App from Cyber Threats.edited.docxMobile App Security Protecting Your App from Cyber Threats.edited.docx
Mobile App Security Protecting Your App from Cyber Threats.edited.docx
 
Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdf
 
Mobile Banking App Development A Complete Guide.pdf
Mobile Banking App Development A Complete Guide.pdfMobile Banking App Development A Complete Guide.pdf
Mobile Banking App Development A Complete Guide.pdf
 
Why web application security is important in every step of web application de...
Why web application security is important in every step of web application de...Why web application security is important in every step of web application de...
Why web application security is important in every step of web application de...
 
Top Practices You Need To Develop Secure Mobile Apps.
Top Practices You Need To Develop Secure Mobile Apps.Top Practices You Need To Develop Secure Mobile Apps.
Top Practices You Need To Develop Secure Mobile Apps.
 
Tips To Protect Your Mobile App from Hackers.pdf
Tips To Protect Your Mobile App from Hackers.pdfTips To Protect Your Mobile App from Hackers.pdf
Tips To Protect Your Mobile App from Hackers.pdf
 

Plus de NowSecure

iOS recon with Radare2
iOS recon with Radare2iOS recon with Radare2
iOS recon with Radare2NowSecure
 
Mobile App Security Predictions 2019
Mobile App Security Predictions 2019Mobile App Security Predictions 2019
Mobile App Security Predictions 2019NowSecure
 
Jeff's Journey: Best Practices for Securing Mobile App DevOps
Jeff's Journey: Best Practices for Securing Mobile App DevOpsJeff's Journey: Best Practices for Securing Mobile App DevOps
Jeff's Journey: Best Practices for Securing Mobile App DevOpsNowSecure
 
iOS 12 Preview - What You Need To Know
iOS 12 Preview - What You Need To KnowiOS 12 Preview - What You Need To Know
iOS 12 Preview - What You Need To KnowNowSecure
 
5 Tips for Agile Mobile App Security Testing
5 Tips for Agile Mobile App Security Testing5 Tips for Agile Mobile App Security Testing
5 Tips for Agile Mobile App Security TestingNowSecure
 
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?NowSecure
 
Leaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to KnowLeaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to KnowNowSecure
 
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNext-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNowSecure
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
 
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeMobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeNowSecure
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeNowSecure
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceNowSecure
 

Plus de NowSecure (12)

iOS recon with Radare2
iOS recon with Radare2iOS recon with Radare2
iOS recon with Radare2
 
Mobile App Security Predictions 2019
Mobile App Security Predictions 2019Mobile App Security Predictions 2019
Mobile App Security Predictions 2019
 
Jeff's Journey: Best Practices for Securing Mobile App DevOps
Jeff's Journey: Best Practices for Securing Mobile App DevOpsJeff's Journey: Best Practices for Securing Mobile App DevOps
Jeff's Journey: Best Practices for Securing Mobile App DevOps
 
iOS 12 Preview - What You Need To Know
iOS 12 Preview - What You Need To KnowiOS 12 Preview - What You Need To Know
iOS 12 Preview - What You Need To Know
 
5 Tips for Agile Mobile App Security Testing
5 Tips for Agile Mobile App Security Testing5 Tips for Agile Mobile App Security Testing
5 Tips for Agile Mobile App Security Testing
 
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
 
Leaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to KnowLeaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to Know
 
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNext-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approach
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat Detection
 
Mobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the CodeMobile Penetration Testing: Episode III - Attack of the Code
Mobile Penetration Testing: Episode III - Attack of the Code
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the Code
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic Menace
 

Dernier

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 

Dernier (20)

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 

Compliance in the mobile enterprise: 5 tips to prepare for your next audit

  • 1. Compliance in the mobile enterprise: Five tips to prepare for your next mobile app audit
  • 2. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Connect Twitter: @NowSecureMobile — Subscribe to #MobSec5, our weekly mobile security news digest http://mobsec5.nowsecure.com/ — Web: nowsecure.com (check out our new website!)
  • 3. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Andrew Hoog CEO | NowSecure
  • 4. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Contents ● Overview of key laws ● Consequences of non-compliance ● Five tips for breezing through your audit ● Achieving compliance outcomes with NowSecure ● Q & A
  • 5. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Key laws and regulations that apply to mobile apps
  • 6. © Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. http://www.arelaw.com/downloads/ARElaw_MobileDeviceApplications_KeyLawsChart_rev061815.pdf Laws, regulations, rules applicable to mobile apps GENERAL CONTENT FINANCIAL HEALTH/ MEDICAL MINORS OTHERS FTC Act Sarbanes-Oxley Electronic Communications Privacy Act (ECPA) Computer Fraud and Abuse Act (CFAA) NIAP (Common Criteria for app vetting) Digital Millennium Copyright Act (DMCA) Communications Decency Act (CDA) Restore Online Shoppers’ Confidence Act (ROSCA) Gramm-Leach-Bliley Act (GLBA) FFIEC compliance standards Payment card industry (PCI) standards Health Insurance Portability and Accountability Act (HIPAA) Health Information in Technology for Economic and Clinical Health Act (HITECH) Food and Drug Administration Act (mobile medical apps) FTC’s Health Breach Notification Rule Children’s Online Privacy Protection Act (COPPA) California Online Privacy and Protection Act (CalOPPA) State data-breach notification, data security, and records disposal statutes FCC’s Proprietary Network Information (CPNI) Breach Notification Rule
  • 7. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Recent enforcement actions
  • 8. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. FTC v. Wyndham “A company does not act equitably when it publishes a privacy policy to attract customers who are concerned about data privacy, fails to make good on that promise by investing inadequate resources in cybersecurity, exposes its unsuspecting customers to substantial financial injury, and retains the profits of their business.” Circuit Judge Thomas Ambro, United States Court of Appeals for the Third District
  • 9. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Applying FTC v. Wyndham to mobile apps FTC has authority to bring data security cases Apple App Store and Google Play store require privacy policies Failure to invest in security of those apps (i.e., “do what you say”) puts you at risk
  • 10. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Snapchat - Complaint filed with FTC and settled "If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises. Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action." —FTC Chairwoman Edith Ramirez https://epic.org/privacy/internet/ftc/snapchat/#response VIOLATION CONSEQUENCE Did not permanently delete files as claimed Changed extension to .NOMEDIA Merely hides files on user’s device Still recoverable from memory 20 years of privacy audits Prohibited from making false claims about privacy policies
  • 11. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Dwolla - Consumer Financial Protection Bureau action http://www.consumerfinance.gov/about-us/newsroom/cfpb-takes-action-against-dwolla-for-misrepresenting-data-security-practices/ VIOLATION CONSEQUENCE Did not protect data from unauthorized access Did not encrypt all sensitive data Did not test security of released apps Ordered to stop misrepresenting security practices Required to train employees to protect data and fix mobile app security flaws Pay $100,000 penalty to CFPB
  • 12. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. An ounce of prevention... Ace your auditProtect your customers Protect your business Make a painful, time-consuming process less so Deliver secure apps that protect user data Avoid data breach, brand damage, and enforcement actions
  • 13. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Five tips for breezing through your audit
  • 14. © Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. 1 2 3 4 5 Establish a framework Set internal requirements for mobile app security
  • 15. © Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. 1 2 3 4 5 Establish a framework Set internal requirements for mobile app security Educate staff Teach developers how to code in compliance with the framework, and teach security auditors how to test apps against it
  • 16. © Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. 1 2 3 4 5 Establish a framework Set internal requirements for mobile app security Educate staff Teach developers how to code in compliance with the framework, and teach security auditors how to test apps against it Audit yourself Audit your mobile apps against the framework
  • 17. © Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. 1 2 3 4 5 Establish a framework Educate staff Audit yourself Audit your mobile apps against the framework Document diligently Document framework, education materials, and assessments (i.e., reports), and make sure it’s all organized and accessible Set internal requirements for mobile app security Teach developers how to code in compliance with the framework, and teach security auditors how to test apps against it
  • 18. © Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information. 1 2 3 4 5 Establish a framework Educate staff Audit yourself Document diligently Audit earlier Integrate audits into the SDLC as part of an on-going process to save time, money, and headaches Audit your mobile apps against the framework Set internal requirements for mobile app security Teach developers how to code in compliance with the framework, and teach security auditors how to test apps against it Document framework, education materials, and assessments (i.e., reports), and make sure it’s all organized and accessible
  • 19. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. How NowSecure customers achieve compliance outcomes
  • 20. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. An audit anecdote as told by a financial institution
  • 21. Audit guidelines have evolved quickly to take mobile into account. We need to go into detail about the workflow and logistics of each product, and the FFIEC requires many of our clients to vet their products annually.” Travis Swinford, Product Manager “
  • 22. © Copyright 2015 NowSecure, Inc. All Rights Reserved. Proprietary information.
  • 23. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. Customers use results mapped to industry standards for validation purposes Regulatory flags include: ● Common Vulnerability Scoring System (CVSS) ● OWASP top 10 mobile risks ● Common Weakness Enumeration (CWE) ● National Information Assurance Partnership (NIAP) requirements for mobile apps on sensitive networks
  • 24. © Copyright 2016 NowSecure, Inc. All Rights Reserved. Proprietary information. for developing secure mobile apps A starting point for a framework that also educates developers about security flaws and how to avoid them https://www.nowsecure.com/ebooks/secure-mobile-development-best-practices/ 50+ TIPS
  • 25. Let’s talk NowSecure +1 312.878.1100 @NowSecureMobile www.nowsecure.com Subscribe to #MobSec5 - a collection of the week’s mobile news that matters - http://mobsec5.nowsecure.com/