410 likes | 626 Views
Incoming Call: Dad. Incoming Call: Justin. Incoming Mail: The Boss. Salford IT Internal Audit Services. A..B..C..D..E.......G YOD. Presentation to Housing Technology conference 27th Feb 2014 . Introductions. Gary (MAX) Marland Principal IT Auditor. Steve (PADDY) Clare
E N D
Salford IT Internal Audit Services A..B..C..D..E.......G YOD Presentation to Housing Technology conference 27th Feb 2014
Introductions • Gary (MAX) Marland • Principal IT Auditor • Steve (PADDY) Clare • Principal IT Auditor WE ARE THE AUDITORS FROM SALFORD
IT Audit Skills • Network and application security • Vulnerability Assessments/ethical hacking • Penetration testing • Windows Operating Systems/ UNIX • SAP/ ORACLE • Website application and development • Information Security Management • ITIL – IT Service Management • Prince2 - project management • IDEA - data analysis
Salford IT Internal Audit Services A..B..C..D..E.......G YOD Presentation to Housing Technology conference 27th Feb 2014
BYOD BUY YOUR OWN DRINK? Alphabet acronym What Why How
10 key risks area • Strategy/Policy/Etc • Ownership • Security • Anti-Virus • Standards • Data Loss • Social Media et al • Vulnerabilities • Licensing • Portable Media Devices
1. Bureaucratic claptrap • Strategy • Policy • Procedures • Risk appetite • Objectives • Responsibilities • Do’s and dont’s • Consequences • Techy understanding • Know your audience
2. Enthusiastic Amateur • Ownership • Device control • System Administrator • Root access
3. Max and Paddy Inc • Data security • Responsibilities • Access permissions • Monitoring • Current patch • Up to date Anti Virus • Network Access • Mobile device management software • Lost, stolen, remote wipe • Back up plan
4. MacAfee v Norton...fight, fight, fight • Anti – Virus software conflicts • Lazy staffing updates • Costs
5. My way or the highway • Standards • Device differences • Processing speeds • Private v Business use • Breach of standards • Costs • Legal issues • Monitoring, control....Policing
6. Piggy in the Middle • Man in the middle attacks • Data loss • Consequences • Unsecure connections
7. It’s sick this innit • Facebook - http://www.telegraph.co.uk/technology/facebook/10369934/Facebook-hacked-how-criminals-can-exploit-your-data.html • Twitter • Instagram - https://viaforensics.com/mobile-security/hacked-your-instagram-account.html • You Tube • Dropbox - http://www.computerweekly.com/news/2240204366/Dropbox-can-be-hacked-say-security-researchers • Hotmail • Linked policy
8. C3PO goes mental • Android vulnerabilities • Windows • Apple
9. FAST and Furious • Licensing • Ownership • Costs • Types of license • License monitoring and control • Breach • Consequences – illegal downloads
10. U Stupid Boy... • USB • Storage devices • Data Loss Prevention • SD card • CD’s
Conclusion • Get the strategy right • Know the take up • Manage the security • Agree ownership • Agree monitoring and control
Contact Details Steve Clare, Principal IT Auditor Telephone 0161 607 6976 steve.clare@salford.gvo.uk Gary Marland, Principal IT Auditor Telephone 0161 607 6974 Gary.marland@salford.gov.uk • Salford Internal Audit Services Salford City Council Unity House Swinton Manchester M27 5AW • www.salford.gov.uk/acs-audit
Any Questions Thoughts Observations Or Confessions