EXUS IT Security Procedures: Mobile Devices

Questions and Answers

What is a requirement for corporate laptops?

• They must be configured by the user.
• They must be encrypted. (correct)
• They must be pre-configured with personal email accounts.
• They must not have any security software.

What is a requirement for corporate smartphones?

• They must not be password or PIN protected.
• They must have EXUS approved apps only. (correct)
• They must have personal social media apps.
• They must have access to personal email accounts.

How often should passwords be changed?

• Every 365 days
• Every 180 days (correct)
• Only when required
• Every 90 days

What should users do if they suspect their password has been compromised?

Change their password immediately (C)

What is a requirement for access to IT systems?

Based on job position (B)

What should be done when a user's access needs to be revoked or changed?

Inform the IT Admin team (C)

What is a requirement for access to third-parties?

A contractual agreement (B)

What is a recommended security practice for mobile devices?

Enable the Find My Device feature (B)

What should be reviewed periodically for all users?

Users' access rights (A)

What should be used to encrypt files with confidential data before sending them?

7zip (D)

What should be contacted when a user wants to install an application not included in the baseline configuration?

IT Admin team (B)

What is the primary purpose of ESET Endpoint Protection?

To protect endpoints against malware (C)

What is the recommended storage location for corporate files?

Respective SharePoint document library (C)

What is the primary purpose of KeePass?

To manage system and application passwords (D)

What should be done when a user wants to uninstall or disable ESET Endpoint Protection?

Contact the IT Admin team (C)

What is the maximum storage capacity of a OneDrive account for personal files?

10GB (B)

What is the primary purpose of a firewall in a network?

To control the flow of incoming and outgoing network traffic (A)

What is the recommended method for sharing small data files (< 25MB) externally?

Using email with 7zip encryption (D)

What is the recommended approach to handle email attachments?

Open only email attachments from known sources (D)

What is the purpose of encrypting confidential data prior to sending it via email?

To protect the data from unauthorized access (D)

What is the recommended approach to sharing confidential data via the same channel of communication?

Share the minimum amount possible of confidential data (A)

What is the purpose of the IT Admin team authorizing devices that access the EXUS network?

To restrict access to unauthorized devices (C)

What is the recommended method for sharing big data files (> 25MB) externally?

Using SFTP (B)

What is the recommended approach to handling emails asking for personal information?

Verify the authenticity of the email before responding (D)

Study Notes

Mobile Devices

• Corporate laptops are encrypted and pre-configured, with no changes allowed without prior IT approval.
• Corporate smartphones are password or PIN protected, pre-configured with EXUS Mobiles account, and have EXUS approved apps only.
• Personal smartphones should be password or PIN protected and have access to EXUS approved apps.
• Immediately report loss or theft of mobile devices to the IT Admin team.

Passwords

• Use a mixture of lower and uppercase letters, numbers, and symbols in passwords.
• Passwords must be at least 12 characters long and not contain usernames.
• Change passwords every 180 days and store up to 6 passwords in history.
• Use strong authentication (MFA/2-Way) whenever possible.
• Never use the same password for different accounts.

Access Management

• Users access only what they need to access, based on job position.
• Team Leads/Managers inform the IT Admin team of access changes or revocations.
• Access to third-parties is provided only based on contractual agreements.
• Access management is monitored through the EXUS Internal Helpdesk.

Encryption and Keys Management

• Corporate laptops are encrypted with BitLocker.
• Users must not disable encryption without prior contact with the IT Admin team.
• Passwords of systems and applications are managed with KeePass.
• Encrypt files with confidential data using 7zip prior to sending.

Endpoint Protection

• Corporate and private workstations and specific smartphones run ESET Endpoint Protection.
• ESET Endpoint Protection protects endpoints against malware, blocks malicious sites, and scans corporate email.

Systems Configuration and Changes Management

• Corporate workstations are delivered with a baseline configuration that must not be altered.
• Contact the IT Admin team for installing applications not included in the baseline configuration.
• Changes on IT systems are registered and monitored through Jira.

Data Backup

• Use SharePoint document library to store corporate files.
• Use OneDrive for backing up local personal files (max storage capacity is 10GB).
• Backup of IT infrastructure is based on a schedule.

Networks

• Firewall controls flow of incoming and outgoing network traffic.
• Use VPN connection (with 2FA) to access EXUS network remotely.
• EXUS network is segmented into VLANs (VPN and Infrastructure).
• IT Admin team authorizes devices that access the EXUS network.

Files Secure Transfer

• Use email to share small data files (< 25MB), encrypting confidential data before sending.
• Use SFTP to share big data files (> 25MB).
• Use SharePoint or OneDrive to share files with sensitive or confidential information.

Email Security

• Never include confidential data in email bodies.
• Always encrypt confidential data prior to sending via email (using 7zip).
• Set built-in email permissions to “Do Not Forward” or “Encrypt-Only” to encrypt whole email messages.
• Beware of emails asking for personal information and handle email with care.

Description

This quiz covers the security procedures for mobile devices in the EXUS IT environment, including laptops and smartphones. It outlines the configuration and usage guidelines for corporate devices.