Interactive Session and Technology BYOD
Order ID:89JHGSJE83839 Style:APA/MLA/Harvard/Chicago Pages:5-10 Instructions:
5 Interactive Session and Technology BYOD
Case study 4 chapter 8
1.Interactive Session
- Answer the Case Study Questions (found at the end of each case study) in 500-750 words total (not including reference list).
- Include at least one additional, external reference to sources such as an article or video. Cite the reference(s) in your study.
Your case study will be graded on the following:
Grading: 20 points
Content 80% (how thoroughly and logically you answer the questions, how well you incorporate your reference(s), how well you make arguments and state facts to support your answers).
Spelling/Grammar/Punctuation 20%
Interactive Session: Technology BYOD: A Security Nightmare?
Interactive Session
Bring your own device has become a huge trend, with half of employees with mobile computing tools at workplaces worldwide using their own devices. This figure is expected to increase even more
in the years to come. But while use of the iPhone, iPad, and other mobile computing devices in the workplace is growing, so are security problems. Quite a few security experts believe that
smartphones and other mobile devices now pose one of the most serious security threats for organizations today.
Whether mobile devices are company-assigned or employee-owned, they are opening up new avenues for accessing corporate data that need to be closely monitored and protected. Sensitive data
on mobile devices travel, both physically and electronically, from the office to home and possibly other off-site locations. According to a February 2016 Ponemon Institute study of 588 U.S. IT and
security professionals, 67 percent of those surveyed reported that it was certain or likely that an employee’s mobile access to confidential corporate data had resulted in a data breach.
Unfortunately, only 41 percent of respondents said their companies had policies for accessing corporate data from mobile devices.
More than half of security breaches occur when devices are lost or stolen. That puts all of the personal and corporate data stored on the device, as well as access to corporate data on remote
servers, at risk. Physical access to mobile devices may be a greater threat than hacking into a network because less effort is required to gain entry. Experienced attackers can easily circumvent
passwords or locks on mobile devices or access encrypted data. Moreover, many smartphone users leave their phones totally unprotected to begin with or fail to keep the security features of their
devices up-to-date. In the Websense and the Ponemon Institute’s Global Study on Mobility Risks, 59 percent of respondents reported that employees circumvented or disabled security features such
as passwords and key locks.
Another worry today is large-scale data leakage caused by use of cloud computing services. Employees are increasingly using public cloud services such as Google Drive or Dropbox for file sharing
and collaboration. Valiant Entertainment, Cenoric Projects, Vita Coco, and BCBGMAXAZRIAGROUP are among the companies allowing employees and freelance contractors to use Dropbox for
Business to post and share files. There are also many instances where employees are using Dropbox to store and exchange files without their employers’ approval. In early 2015 Dropbox had to
patch a security flaw that allowed cyberattackers to steal new information uploaded to accounts through compromised third-party apps that work with Dropbox services on Android devices. There’s
very little a company can do to prevent employees who are allowed to use their smartphones from downloading corporate data so they can work on those data remotely.
Text messaging and other mobile messaging technologies are being used to deliver all kinds of scam campaigns, such as adult content and rogue pharmacy, phishing, and banking scams, and text
messages have been a propagation medium for Trojan horses and worms. A malicious source is now able to send a text message that will open in a mobile browser by default, which can be readily
utilized to exploit the recipient.
To date, deliberate hacker attacks on mobile devices have been limited in scope and impact, but this situation is worsening. Android is now the world’s most popular operating system for mobile
devices with 81 percent of the global market, and most mobile malware is targeted at the Android platform. When corporate and personal data are stored on the same device, mobile malware
unknowingly installed by the user could find its way onto the corporate network.
Apple uses a closed “walled garden” model for managing its apps and reviews each one before releasing it on its App Store. Android application security has been weaker than that for Apple
devices, but it is improving. Android application security uses sandboxing, which confines apps, minimizing their ability to affect one another or manipulate device features without user permission.
Google removes any apps that break its rules against malicious activity from Google Play, its digital distribution platform that serves as the official app store for the Android operating system.
Google also vets the backgrounds of developers. Recent Android security enhancements include assigning varying levels of trust to each app, dictating what kind of data an app can access inside
its confined domain, and providing a more robust way to store cryptographic credentials used to access sensitive information and resources.
Google Play now provides security scanning of all applications before they are available to download, ongoing security checks for as long as the application is available, and a Verify Apps service for
mobile device protection for apps installed outside of Google Play. However, these Android improvements are largely only for people who use a phone or tablet running a newer version of Android
and restrict their app downloads to Google’s own Play store.
Companies need to develop mobile security strategies that strike the right balance between improving worker productivity and effective information security. Aetna’s Chief Security Officer (CSO) Jim
Routh says there is a certain minimum level of mobile security he requires regardless of whether a device is company- or personally owned. Aetna has about 6,000 users equipped with mobile
devices that are either personally owned or issued by the company. Each device has mandatory protection that provides an encrypted channel to use in unsecured Wi-Fi networks and alerts the user
and the company if a malicious app is about to be installed on the device.
Colin Minihan, director of security and best practices at VMWare AirWatch, believes that understanding users and their needs helps a mobile security strategy progress further. VmAirWatch
categorizes similar groups of users and devises a specific plan of action for each group, choosing the right tools for the job.
According to Patrick Hevesi, Nordstrom’s former director of security, if users need access to critical corporate data that must be protected, the firm should probably allow only fully managed, fully
controlled, approved types of devices. Users who only want mobile tools for e-mail and contacts can more easily bring their own devices. The key questions to ask are called the “three Ws”: Who
needs access? What do they need to access? What is the security posture of the device?
Sources: Michael Heller, “Mobile Security Strategy Matures with BYOD,” and Kathleen Richards, “CISOs Battle to Control Mobile Risk in the Workplace,” Information Security Magazine, June 1, 2016;
Nathan Olivarez-Giles, “Android’s Security Improves—for the Few,” Wall Street Journal, April 21, 2016; Ponemon Institute, “The Economic Risk of Confidential Data on Mobile Devices in the
Workplace,” February, 2016; McAfee Inc., “Mobile Threat Report: What’s on the Horizon for 2016,” 2016; Charlie Osborne, “Dropbox Patches Android Security Flaw,” Zero Day, March 11, 2015; Edel
Creely, “5 BYOD Security Implications and How to Overcome Them,” Trilogy Technologies, May 26, 2015; Tony Kontzer, “Most of Your Mobile Apps Have Been Hacked,” Baseline, January 16, 2015;
and Ponemon Institute, Global Study on Mobility Risks (February 2012).
Case Study Questions
- It has been said that a smartphone is a computer in your hand. Discuss the security implications of this statement.
- What kinds of security problems do mobile computing devices pose?
- What management, organizational, and technology issues must be addressed by smartphone security?
- What steps can individuals and businesses take to make their smartphones more secure?
Interac
tive Session
RUBRIC
Excellent Quality
95-100%
Introduction 45-41 points
The background and significance of the problem and a clear statement of the research purpose is provided. The search history is mentioned.
Literature
Support
91-84 points
The background and significance of the problem and a clear statement of the research purpose is provided. The search history is mentioned.
Methodology
58-53 points
Content is well-organized with headings for each slide and bulleted lists to group related material as needed. Use of font, color, graphics, effects, etc. to enhance readability and presentation content is excellent. Length requirements of 10 slides/pages or less is met.
Average Score
50-85%
40-38 points
More depth/detail for the background and significance is needed, or the research detail is not clear. No search history information is provided.
83-76 points
Review of relevant theoretical literature is evident, but there is little integration of studies into concepts related to problem. Review is partially focused and organized. Supporting and opposing research are included. Summary of information presented is included. Conclusion may not contain a biblical integration.
52-49 points
Content is somewhat organized, but no structure is apparent. The use of font, color, graphics, effects, etc. is occasionally detracting to the presentation content. Length requirements may not be met.
Poor Quality
0-45%
37-1 points
The background and/or significance are missing. No search history information is provided.
75-1 points
Review of relevant theoretical literature is evident, but there is no integration of studies into concepts related to problem. Review is partially focused and organized. Supporting and opposing research are not included in the summary of information presented. Conclusion does not contain a biblical integration.
48-1 points
There is no clear or logical organizational structure. No logical sequence is apparent. The use of font, color, graphics, effects etc. is often detracting to the presentation content. Length requirements may not be met
You Can Also Place the Order at www.collegepaper.us/orders/ordernow or www.crucialessay.com/orders/ordernow Interactive Session