Written by security industry analyst Phil Hochmuth of IDC, reviews BYOD trends and risks, the mobile security landscape, policy development and control options. The report presents a tiered service approach to enterprise mobile security while exploring how NAC and MDM as complementary controls can offer necessary network and device level defenses to enable IT organizations to realize mobility advantages and reduce security and compliance exposures.
The proliferation of smartphones, tablets, mobile apps and BYOD policies are revolutionizing the way we work, but are also exposing organizations to increased operational risk and a growing range of security threats. Read this white paper for a comprehensive approach to mobile security, risk management and compliance for the new era of mobile computing and BYOD in the workplace.
This technical white paper drills down on how IT organizations can use BoxTone's enterprise-grade capabilities in addition to IT GRC (Governance, Risk management and Compliance) and SIEM (Security Incident and Event Management) systems to mitigate security risks, prevent data breaches, and block unauthorized access to corporate networks via iPhone, iPad, Android and other mobile devices.
Risks and Options to Control Mobile, Wireless and Endpoint Devices
Written by distinguished security industry analyst Mike Rothman of Securosis
This executive presentation gives an overview on how to protect your devices, defend your data, maintain and prove regulatory compliance, and manage your risks while embracing a wide range of mobile devices and apps.
Focused on protecting corporate information as your workforce goes mobile, this CISO Handbook explains:
The Mobile Risk Insider newsletter is designed for Fixmo's customers and partners, as well as anyone in the industry that cares about mobile security, risk management and compliance. It will offer insights and editorial on the latest news and headlines from Fixmo as well as the worlds of mobile risk management and mobile security. Each issue will provide a snapshot of Fixmo's recent product announcements and updates, the top rated posts from our online blog, elevant industry news and more.
An increasingly common question is "How do I implement ISO 31000 with your Governance, Risk and Compliance (GRC) platform?" This white paper introduces in broad strokes the purpose and approach of ISO 31000.
Historically, one of the biggest problems with Payment Card Industry Data Security Standard (PCI DSS) compliance initiatives has been conducting it as a one-off security effort, treating the standard as a unique and independent set of requirements instead of integrating the requirements into a holistic GRC program.
Over the past few years, organizations are more focused on "being in control." They are increasingly—often forced by regulations—building and implementing processes that underpin the company's "In Control Statement". The inevitable extra costs and efforts are often seen as a burden, distracting people from what they should focus on: doing business!
In today's world of high uncertainty, rapid economic changes, and increasingly complex regulations, compliance has become a permanent part of doing business. Juggling the requirements of industry regulations, data privacy laws, and government mandates is no easy task, and maintaining ongoing compliance is complicated by constant changes, amendments, and overlaps. What's more, as regulations increase, the resources needed to comply with them increase as well – and so do the stakes.
Despite its growing maturity, simulation is still regarded by some as being complicated and impractical from a management perspective, even through the downfalls in static analysis of risk positions pertaining to business processes, projects, insurances or trading are well documented. Simulation is still perceived by some as an approach which involves too much data, too much expertise, and specialist skill sets to implement.
Businesses today have a multitude of security tools and technologies spread across the enterprise. As a result, most IT organizations must work with a security posture cobbled together from so many individual solutions that it is impossible to get a unified view at any given point in time. Given the amount of data generated by security tools, vulnerability tools, policy violations, highly privileged access reviews, and more, organizations need a structured way to understand their security posture.
In risk intensive businesses like the energy sector, a new risk analysis and description methodology has become more and more popular – Bow Tie diagrams. The success of this diagram lies in its clear structure and simplicity which is easy for the non-specialist to understand, but still has sufficient depth for an expert discussion.