Mobile Device Security

Mobile Device Security

  • Company Confidential Data should be stored in an encrypted container.
  • The mobile device should only retain minimal data required to support business processes and functionalities.  Data should be transferred to the server for permanent storage using secure protocols.
  • Application cache should be purged once the application exits or after a fixed period of inactivity.
  • Application backgrounding should result in the presentation of a screen which do not display any sensitive information.
  • A Mobile Device Management (MDM) solution such as Blackberry GOOD should be used to manage applications deployed to company staff.
  • MDM should support remote wipe of the application data container and processes and policies for remote wipe should be set.
  • Company deployed applications should be password protected based on the company’s Password Policy.
  • Application should be locked after a specific period of inactivity.
  • Application data container should be wiped off after a certain number of successive unsuccessful login attempts.
  • Use of company applications should be supported by the Company’s Mobile Device Security Policy.  Consent of the users to the policy should be captured and recorded.
Mobile Device Security

Business Owner vs IT Manager (Application Management Responsibilities)

The roles of Application Business Owner and Application IT Manager are often not clearly defined within an Organizational setup or not well understood.  The definition of these two roles are quintessential to ensure that responsibilities and accountabilities are appropriately placed for the Management of an IT Application.

Application Business Owner Accountabilities

  • Determine Business Criticality, Recovery Time Objective (RTO) and Recovery Point Objective (RPO).
  • Data Ownership – Identify, Classify and Protect Data.
  • Application Access Control Ownership – Ensure that access to the application, on both the Business and IT side, are as per the Need-To-Have Principle.
  • Responsible for the Application’s Information Security Governance and Control and Regulatory Compliance.

Application IT Manager Responsibilities

  • Implement IT controls to Protect Data.
  • Ensure that access to the application , on the IT side, are as per Need-To-Have Principle.
  • Support the Application Business Owner by providing oversight of IT implementation and processes.

 

Business Owner vs IT Manager (Application Management Responsibilities)