Chapter 12 - 03 - Discuss Common Mobile Usage Policies in Enterprises - 02_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Mobile Device Security Exam 212-82 CYOD Policy Implementation Define approved set of devices Allow employees to select a device from the approved set of devices and build a technology portfolio Develop policies Security Support Copyright © by EC L. All Rights Reserved. Reproduction is Strictly Prohibited CYOD Policy Implementation The key considerations before implementing a CYOD policy are Define an approved set of devices: Organizations must formulate a list of corporatesanctioned devices and plans for their employees to access company data according to their access privileges. Allow employees to work with company-owned devices (including personal work) and build a technology portfolio: Allow employees to select devices (laptops, smartphones, and tablets) and plans from role-based corporate catalogs. Before delivery, set up the devices with apps, software, and settings required by each employee, thereby enabling them to operate the apps immediately. For example, set up devices with Outlook with the employee credentials. Develop policies and device security: Establish policies to ensure that the employees understand the responsibilities accompanying network access. The more granular the organizational policies are in terms of device types, different versions of OSes, and device model number, the more resources will need to be tested to support such devices. For example, allowing only a specific Android mobile model or a specific version of a mobile OS. Implement the following: o Virus protection o Encryption o Network access controls and authentication o Data wipes and remote locks in case devices are lost or stolen Module 12 Page 1503 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Mobile Device Security o = Exam 212-82 Train the employees to inform them about their mobile responsibilities, including how data are accessed, used, and stored, and how to use apps and services. Support: Deploy expertise solutions (dedicated helpdesk that knows the policies and needs of the organization) to speedily resolve any mobility issues. They should address o Device troubleshooting O Service troubleshooting Activating devices Deactivating devices Managing service requests Module 12 Page 1504 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Mobile Device Security Corporate Owned, Personally Enabled (COPE) Corporate Owned, Personally Enabled (COPE) refers to a policy that allows employees to use and manage the devices purchased by the organization COPE Greater control and authority to the organization / }f N. Benefits Retains ownership of the devices Less expensive than BOYD Prevents employee from carrying multiple devices (phones) Copyright © by EC-{ cll. All Rights Reserved. Reproduction is Strictly Prohibited Corporate Owned, Personally Enabled (COPE) Corporate Owned, Personally Enabled (COPE) refers to a policy that allows employees to use and manage the devices purchased by the organizations. The devices include laptops, notebooks, smartphones, tablets, and/or software services. Larger enterprises are more likely to employ the COPE model. COPE is a lesser expensive option than BYOD cost than the retail price. COPE because the companies reduces the risks associated with buy devices at a lower BYOD by implementing stringent policies and protecting devices. COPE Advantages = Work or life balance on a single device = Fewer security concerns than BYOD and CYOD = Personal apps = Enhanced control and authority over devices = Prevents employees from carrying two phones = Retains ownership of devices = Less expensive than BOYD = Enables organizations to freely install management software and/or integrate devices in MDM systems = Helps in solving regulatory and legal issues associated with deleting data on lost/stolen mobile devices Module 12 Page 1505 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Mobile Device Security = Economizes the resources (save and time) of the IT department because the employees are responsible for the condition of their devices. COPE Disadvantages = Need to purchase devices = Monitoring policies must be established = Business is completely responsible for keeping up with the latest technologies = Potential for productivity issues owing to less user freedom = Slowest deployment timeframe Module 12 Page 1506 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Mobile Device Security COPE Policy Implementation 1 2 Purchase computing 3 resources and Allow employees to work devices with the company-owned device (including personal work) and build a Develop policies technology portfolio 4 5 Emm—————— [=————————————] Security Support COPE Policy Implementation The considerations for the implementation of a COPE strategy include: = Purchase computing = Allow employees portfolio: These to work with company-owned devices and build organization-owned devices allow employees to conservatism BYOD’s devices from vendors based on their centrally designed plan. and personal works. = resources and devices: The organization freedom. The devices purchases are designed preapproved a technology have COBO’s for both office and Develop policies o Ensure that the employees completely related to them leaving the company. o Decide whether the employees will be allowed to procure or retain the device after leaving the company assets from the device. understand and sign-off on the policy and create a procedure for removing all corporate data and = Security: To ensure device security, organizations apply security controls, restrict certain features to secure from malware and data leaks, and monitor devices for data breaches or jailbreaking. = Support: Deploy expertise solutions (dedicated helpdesk that knows the policies and needs of the organization) to speedily resolve any mobility issues. They should address o Device troubleshooting o Deactivating devices o Service troubleshooting o Managing service requests o Activating devices Module 12 Page 1507 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Mobile Device Security Exam 212-82 Company Owned, 3{5 Only (COBO) + 4it Company Owned, Business Only (COBO) refers to a policy that allows employees to use and manage the devices purchased by the organization but restrict their usage for business purposes only /. Q Prevents data leakage | )> g / )| O Copyright © by Full control and authority to Y the organization. All Rights Reserved. Reproductionis Strictly Prohibited. ‘ Company Owned, Business Only (COBO) Company Owned, Business Only (COBO) refers to a policy that allows employees to use and manage the devices purchased by the organization but restrict the use of the device for business use only. COBO is used to describe a device that runs a single application. For example, = Aninventory system with an embedded barcode scanner. = Blackberry is the best example of devices used in a COBO environment. COBO Advantages = The company retains full control over all apps on the device and its data. = Auniform system landscape is adhered to because the organization purchases the = Prevents data leakage. device. COBO Disadvantages = High purchase cost for devices. = Employees do not really enjoy working with at least two devices in their pockets. Module 12 Page 1508 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Mobile Device Security COBO Policy Implementation Prohibit personal use of devices Allow employees to work with a device running a single application and build a technology portfolio Develop policies Security Support L. All Rights Reserved. ReproductionIs Strictly Prohibited COBO Policy Implementation The considerations for the implementation of a COBO strategy are = Prohibit personal use of devices: Enterprises prohibit the use of mobile devices as a part of their designing policy based on the COBO approach. = Allow employees to work with devices running single application and build a technology portfolio: Enterprises allow employees to work with a device that runs a single application; for example, an inventory system with an embedded barcode scanner. Otherwise, they can allow the use of smartphones with prohibited personal use. Additionally, they should implement highly granular devices as well as app and data management to enable compliance. = = Develop policies: Ensure application management company’s concept. that the (MAM) mobile solutions device fully management meet the (MDM) and requirements mobile of the Security o Ensure fully locked down devices to maintain control over granular policies and control the device usage o Prevent app downloads = Support Deploy expertise systems (dedicated helpdesk that knows the policies and needs of the organization) to speedily resolve any mobility issues. They should address o Device troubleshooting Module 12 Page 1509 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Mobile Device Security o Service troubleshooting o Activating devices o Deactivating devices o Managing service requests Module 12 Page 1510 Exam 212-82 Certified Cybersecurity Technician Copyright © by EG-Gounecil All Rights Reserved. Reproduction is Strictly Prohibited.