Chapter 12 - 03 - Discuss Common Mobile Usage Policies in Enterprises - 02_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
Tags
Related
- Mobile Device Management Concepts PDF
- CYOD & COPE Policy Implementation - PDF
- Mobile Device Security Exam 212-82 PDF
- Mobile Device Security (Certified Cybersecurity Technician) Exam 212-82 PDF
- Chapter 12 - 05 - Enterprise Mobile Security Management Solutions PDF
- EC Council Certified Cybersecurity Technician (CCT) Module 12-L PDF
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Mobile Device Security CYOD Policy Implementation...
Certified Cybersecurity Technician Exam 212-82 Mobile Device Security CYOD Policy Implementation Define approved set of devices Allow employees to select a device from the approved set of devices and build a technology portfolio Develop policies Security Support Copyright © by EC L. All Rights Reserved. Reproduction is Strictly Prohibited CYOD Policy Implementation The key considerations before implementing a CYOD policy are Define an approved set of devices: Organizations must formulate a list of corporate- sanctioned devices and plans for their employees to access company data according to their access privileges. Allow employees to work with company-owned devices (including personal work) and build a technology portfolio: Allow employees to select devices (laptops, smartphones, and tablets) and plans from role-based corporate catalogs. Before delivery, set up the devices with apps, software, and settings required by each employee, thereby enabling them to operate the apps immediately. For example, set up devices with Outlook with the employee credentials. Develop policies and device security: Establish policies to ensure that the employees understand the responsibilities accompanying network access. The more granular the organizational policies are in terms of device types, different versions of OSes, and device model number, the more resources will need to be tested to support such devices. For example, allowing only a specific Android mobile model or a specific version of a mobile OS. Implement the following: o Virus protection o Encryption o Network access controls and authentication o Data wipes and remote locks in case devices are lost or stolen Module 12 Page 1503 Certified Cybersecurity Technician Copyright © by EG-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Mobile Device Security o Train the employees to inform them about their mobile responsibilities, including how data are accessed, used, and stored, and how to use apps and services. = Support: Deploy expertise solutions (dedicated helpdesk that knows the policies and needs of the organization) to speedily resolve any mobility issues. They should address o Device troubleshooting O Service troubleshooting Activating devices Deactivating devices Managing service requests Module 12 Page 1504 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Mobile Device Security Corporate Owned, Personally Enabled (COPE) Corporate Owned, Personally Enabled (COPE) ‘/ !} }f refers to a policy that allows employees to N.f use and manage the devices purchased by the organization COPE Benefits Greater control and Retains ownership Less expensive Prevents employee authority to the of the devices than BOYD from carrying multiple organization devices (phones) Copyright © by by EC-{ EC-Councll. cll. All Rights Rights Reserved. Reserved. Reproduction Reproduction Isis Strictly Prohibited Corporate Owned, Personally Enabled (COPE) Corporate Owned, Personally Enabled (COPE) refers to a policy that allows employees to use and manage the devices purchased by the organizations. The devices include laptops, notebooks, smartphones, tablets, and/or software services. Larger enterprises are more likely to employ the COPE model. COPE is a lesser expensive option than BYOD because the companies buy devices at a lower cost than the retail price. COPE reduces the risks associated with BYOD by implementing stringent policies and protecting devices. COPE Advantages = Work or life balance on a single device = Fewer security concerns than BYOD and CYOD = Personal apps = Enhanced control and authority over devices = Prevents employees from carrying two phones = Retains ownership of devices = Less expensive than BOYD = Enables organizations to freely install management software and/or integrate devices in MDM systems = Helps in solving regulatory and legal issues associated with deleting data on lost/stolen mobile devices Module 12 Page 1505 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Mobile Device Security = Economizes the resources (save and time) of the IT department because the employees are responsible for the condition of their devices. COPE Disadvantages = Need to purchase devices = Monitoring policies must be established = Business is completely responsible for keeping up with the latest technologies = Potential for productivity issues owing to less user freedom = Slowest deployment timeframe Module 12 Page 1506 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Mobile Device Security COPE Policy Implementation 1 2 3 Purchase computing Develop policies resources and Allow employees to work devices with the company-owned device (including personal work) and build a technology portfolio 4 5 |Emm—————— | ————--]| [=————————————] Security Support COPE Policy Implementation The considerations for the implementation of a COPE strategy include: = Purchase computing resources and devices: The organization purchases preapproved devices from vendors based on their centrally designed plan. = Allow employees to work with company-owned devices and build a technology portfolio: These organization-owned devices allow employees to have COBO’s conservatism and BYOD’s freedom. The devices are designed for both office and personal works. = Develop policies o Ensure that the employees completely understand and sign-off on the policy related to them leaving the company. o Decide whether the employees will be allowed to procure or retain the device after leaving the company and create a procedure for removing all corporate data and assets from the device. = Security: To ensure device security, organizations apply security controls, restrict certain features to secure from malware and data leaks, and monitor devices for data breaches or jailbreaking. = Support: Deploy expertise solutions (dedicated helpdesk that knows the policies and needs of the organization) to speedily resolve any mobility issues. They should address o Device troubleshooting o Deactivating devices o Service troubleshooting o Managing service requests o Activating devices Module 12 Page 1507 Certified Cybersecurity Technician Copyright © by EG-Council EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Mobile Device Security Owned, Bu Company Owned 3{5 Only (COBO) 4it %++ Company Owned, Business Only (COBO) refers to a policy that allows employees to use and manage the devices purchased by the organization but restrict their usage for ‘ g )> business purposes only )| / /. Full control and authority authority to Q Prevents data leakage O A Y the organization | Copyright ©© by Prohibited.. All Rights Reserved. Reproductionis Strictly Prohibited, ‘ Company Owned, Business Only (COBO) Company Owned, Business Only (COBO) refers to a policy that allows employees to use and manage the devices purchased by the organization but restrict the use of the device for business use only. COBO is used to describe a device that runs a single application. For example, = Aninventory system with an embedded barcode scanner. = Blackberry is the best example of devices used in a COBO environment. COBO Advantages = The company retains full control over all apps on the device and its data. = Auniform system landscape is adhered to because the organization purchases the device. = Prevents data leakage. COBO Disadvantages =* High purchase cost for devices. =* Employees do not really enjoy working with at least two devices in their pockets. Module 12 Page 1508 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Mobile Device Security COBO Policy Implementation Prohibit personal use of devices Allow employees to work with a device running a single application and build a technology portfolio Develop policies Security Support L. All Rights Rights Reserved. ReproductionIss Strictly Prohibited COBO Policy Implementation The considerations for the implementation of a COBO strategy are = Prohibit personal use of devices: Enterprises prohibit the use of mobile devices as a part of their designing policy based on the COBO approach. = Allow employees to work with devices running single application and build a technology portfolio: Enterprises allow employees to work with a device that runs a single application; for example, an inventory system with an embedded barcode scanner. Otherwise, they can allow the use of smartphones with prohibited personal use. Additionally, they should implement highly granular devices as well as app and data management to enable compliance. = Develop policies: Ensure that the mobile device management (MDM) and mobile application management (MAM) solutions fully meet the requirements of the company’s concept. = Security o Ensure fully locked down devices to maintain control over granular policies and control the device usage o Prevent app downloads = Support Support Deploy expertise systems (dedicated helpdesk that knows the policies and needs of the organization) to speedily resolve any mobility issues. They should address o Device troubleshooting Module 12 Page 1509 Certified Cybersecurity Technician Copyright © by EG-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Mobile Device Security o Service troubleshooting o Oo Activating devices o Deactivating devices O o Managing service requests O Module 12 Page Module Page 1510 Certified Cybersecurity Certified Cybersecurity Technician Technician Copyright ©© by EG-Gounecil EG-Gounell All Rights Reserved. Reproduction is Strictly Prohibited.