31000:2009 - Management du risque -- Principes et lignes directrices.
Mobile Industry Facts. Les attaques contre les smartphones. 5 signs that you've lost control over your cloud apps. Network World - CIOs are waking up to the reality that they've lost control over access to data stored in software-as-a-service applications purchased by other departments. "By the time an organization buys its sixth or eighth SaaS application, it's in trouble," says Jackie Gilbert, vice president and cofounder of SailPoint, which sells software for bringing these applications back into compliance with company policy. "We're poised to see more auditor attention and more security directed at this problem. " Background: Identity management in the cloud emerges as hot-button issue for CIOs Gilbert says that IT departments are discovering that they can't manage or control access to popular cloud applications such as Salesforce, GoogleApps, Concur, ADP, Workday, Taleo or Box if provisioning and de-provisioning is handled by the department that purchased the application. 1. 2. 3. 4. 5.
IETF explores new working group on identity management in the cloud. Smartphones and Tablets in the Company. The Surprising Truth About Smartphone App Security | Identity Week. I recently shared my thoughts on a troubling topic covered in InfoSecurity Magazine, and many other publications. As you’re probably aware, research from a US university undergraduate professor, Dan Wallach, shows that several Android apps, including an approved Facebook application, are sending out all data except for passwords “in the clear”. Anyone who follows this blog knows that I write extensively about the importance of managing the security of user credentials, particularly privileged account credentials.
My response to Dan’s research, then, will come as no surprise. This situation with Android is absolutely typical of open source software, since there is little incentive for the software developer to use secure protocols unless the destination system requires it. And this is the biggest issue with open source software. Android apps are an interesting case. Carefully controlling what any user can do – or cannot do – is at the heart of a good security architecture. 7 Steps to Stronger Enterprise iPhone Security CIO. CIO — Think iPhone security stinks? A new Forrester Research report finds that the iPhone and iPad are secure enough for most enterprises, including highly regulated ones.
Only a couple of years ago, iPhones weren't considered secure enough for the enterprise, especially compared to the more secure RIM BlackBerry. Much of that changed with the encryption capabilities of the iPhone 3GS and, later, iOS 4. Today, 29 percent of North American and European enterprises support the iPhone, according to Forrester. That figure will continue to grow because Apple's (AAPL) improved security only lays the groundwork for iPhones and iPads to push even deeper into the enterprise. "By 2013, curating and managing the delivery of mobile applications, not securing the devices, will be the next frontier," writes Forrester analyst Andrew Jaquith in the report. [ Goodbye BlackBerry: the future belongs to the iPhone, writes CIO.com's Tom Kaneshige. ] Apple also received a blow recently when the U.S. 1.
IPhone Attack Reveals Passwords in Six Minutes. Researchers in Germany say they've been able to reveal passwords stored in a locked iPhone in just six minutes and they did it without cracking the phone's passcode. The attack, which requires possession of the phone, targets keychain, Apple's password management system.
Passwords for networks and corporate information systems can be revealed if an iPhone or iPad is lost or stolen, said the researchers at the state-sponsored Fraunhofer Institute Secure Information Technology (Fraunhofer SIT). It is based on existing exploits that provide access to large parts of the iOS file system even if a device is locked. In a video that demonstrates the attack, the researchers first jailbreak the phone using existing software tools. The third step is to copy a keychain access script to the phone. The attack works because the cryptographic key on current iOS devices is based on material available within the device and is independent of the passcode, the researchers said.
Mobility and Security by McAfee. Avast Mobile Security débarque sur le Market, mais un antivirus sur Android, est-ce vraiment utile ? Les problèmes de sécurité d'Android et son Android Market s'invitent régulièrement dans l'actualité. Il y a à peine deux semaines, nous vous rapportions que Google avait retiré 22 malwares déguisés en applications classiques sur sa boutique en ligne. À la mi-novembre, nous nous faisions également écho d'une hausse vertigineuse de 427% en l'espace de trois mois du nombre de virus, trojans et autres malwares sur l'OS mobile de Google. Et ce n'est pas près de s'arranger. D'une part du fait de la nature ouverte de cet OS. D'autre part en raison des ventes exponentielles de smartphones Android. Deux éléments qui rendent cette plateforme particulièrement attractive pour les hackers mal intentionnés. Un état de fait qui n'est pas sans nous rappeler les soucis du Windows de Microsoft.
Mêmes causes, mêmes conséquences... même solution ? C'est dans ce contexte qu'Avast Software sort sa solution avast! • Filtrage des appels et SMS avast! Kaspersky Endpoint Security for Smartphone. How To Encrypt Your Smartphone. Your smartphone is going to get stolen, and whether the culprits are a pack of well-meaning pranksters or police officers breaking up a peaceful protest, you'll want to ensure that your private data is safe. No kind of encryption is foolproof, but taking a few moments to implement these simple tips will go a long way towards making sure your personal data remains secure when the trouble starts. Encrypt Your Android Phone Most modern Android phones do not have data encryption built into the hardware, which means that you'll have to rely on third-party apps to secure your text messages, e-mail, and other critical communications.
Thankfully, you have plenty of options; one of the most promising is WhisperCore, a smartphone encryption app from Whisper Systems that can encrypt your phone’s flash memory and even create encrypted backups in case your phone falls into the wrong hands and you have to perform an emergency data wipe. Encrypt Your iPhone. Why Secure Your Mobile Devices? Smartphone Security Best Practices. Smartphones have done wonderful things for employee mobility, but they have also complicated the security picture at organizations large and small. Where most companies used to limit smartphone use to one platform, such as Research In Motion’s Blackberry, most now cope with multiple smartphone models, platforms, and operating systems, each with its own quirks and vulnerabilities.
Add the growing number of employees expecting to use the same device at home and work and things get even dicier. However, there are steps you can take to secure smartphone use. As usual, they involve education, policy, and technology. If you allow multiple smartphone platforms, such as iOS, Android, and Windows 7, it’s important to educate users on the security challenges these devices bring to the organization and the proper measures users must take to address them. Policy is the second obvious defense. When it comes to malware, things get a bit more complicated.
10 Best IT Practises for Smartphone. Treat all smartphones as uncontrolled endpoints. Smartphone users' identities can be stolen, hacked or inappropriately shared. Smartphones can get lost, stolen or borrowed. Device identification technology uses serial number information to allow organizations to associate a specific smartphone to a specific user. This provides a watermark for the device, and allows IT to remotely disable it and erase all sensitive data.
Webinar: The New PCI 3.0 Standard Learn the steps to take to get your company ready for PCI DSS 3.0 changes coming January 2015. The use of smartphones as business tools has reached a tipping point. The issue is that consumer smartphone platforms are inherently insecure, as mobile network endpoint devices are exposed to the threats of the Web. A smartphone that can access the network via a wireless access point represents the same kind of threat as any other endpoint. Greater Vulnerability 10 Best Practices 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Humans, Not Systems, New Targets of Hack Attacks Requiring New Security Methods. Regulators are more vigilant than ever before, and firms are struggling to keep up with new, sophisticated attacks. Firms are struggling and failing to stay ahead of rapidly increasing cyber attacks, different types of attacks and new technologies to prevent them. A new report by Ernst & Young found that new Advanced Persistent Threats (APTs) are particularly resistant to firms' traditional security methods.
Protecting against these attacks requires several layers of defense, knowledge of the threat and specific skills to detect and react to ongoing attacks. "The human being is the perimeter today, not systems," says Jose Granado, principal and America's Practice Leader for information security services at Ernst & Young, who co-authored the 2011 Global Information Security Survey. "APT attacks target specific behaviors, not systems," he said. To prevent, firms need to look at technology that detects behavioral anomalies, Granado said as he presented the survey's findings. More Insights. iPhone - iPhone en entreprise. Understanding passcodes. Languages Learn about using passcodes and fingerprints with iOS devices.
You can use a passcode on your iPhone, iPad, or iPod touch to protect your data. Each time you turn on or wake up the device, it will ask you for the passcode before you can access the device. With iPhone 5s, which has Touch ID, you can also use your fingerprint to unlock the device. You can configure a passcode for your iPhone, iPad, or iPod touch using Settings > Passcode Lock. iPhone 5s only: To add a fingerprint, tap Settings > Touch ID & Passcode > Add a Fingerprint… Learn more about Touch ID and fingerprints.
After it's enabled, you will be asked for the passcode whenever you: Turn on or restart the device Wake the device Unlock the screen You can specify the amount of time the screen must be locked before requiring a passcode. Tips for using passcodes Additional Information If you are unable to modify certain passcode settings, there may be a configuration profile that requires these passcode options. EyeD® Biometric Password Manager for iPhone 4 and iPhone 4S on the iTunes App Store. Génération Y et sécurité: quels risques, quelles opportunités? IDC: Mobile Workers Will Pass 1 Billion in 2010. By Rob Garretson The number of mobile workers accessing enterprise systems worldwide will top the 1 billion mark this year on the way to 1.2 billion by 2013, or more than a third of the world’s workforce, according to a new forecast from research firm IDC.
Although the most significant gains will be in the emerging economies of Asia-Pacific, and growth in the U.S. and Japan has nearly peaked, the U.S. will remain the most highly mobile workforce in the world, IDC says, with the proportion of mobile workers in its workforce predicted to surpass 75 percent, or 119.7 million people, in 2013. The ongoing economic recovery and new interest in unified communications will drive growth in mobility spending overseas, where mobile workforce penetration is not as saturated.
The new IDC study provides analysis across three core worker categories: office-based mobile workers, non-office-based mobile workers, and home-based mobile workers. Among the key findings of the IDC report: Debate - Should Enterprises Get Tablet-Ready? | CIO.in. Enterprises need to realize that tablets have a cool-factor attached to them. They are slim, easy to carry, and also make it easy for employees to work while on the move. It’s true that it is difficult to measure the improvement in productivity that it brings, but it definitely makes organizations customer-ready by providing their staff with better accessibility to information. Sure, technology is constantly evolving and it doesn’t make sense to provide every end user with a tablet.
But it is up to the CIO to equip employees who are constantly on the move, and are business drivers with tablets. As far as its features are concerned, I think that the processing power of the device is not so much of an issue, as vendors today are coming up with Web-based applications for ERP and CRM, that can work with appropriate bandwidth.I also feel that enterprises need to look at tablets not as laptop killers but as smartphone killers.
Docs.blackberry.com/en/admin/deliverables/40468/BlackBerry_Bridge_App_2.0_and_BlackBerry_Playbook_Tablet_2.0.1-Security_Technical_Overview-1329934937453-2.0.1-en.pdf. Information Security in the Age of BYOD. By Brian Contos, CISSP, Customer Security Strategist and Senior Director, Vertical & Emerging Market Solutions, McAfee Bring your own device or BYOD is becoming the global norm. Prices for consumer electronics decrease while capabilities increase. People are discovering devices purchased for personal use outperform those provided by IT. The pervasiveness of these devices is allowing employees to stay more connected, work with greater agility, and be more effective. There is an expectation that a user should be able to have the same tools and capabilities between work and home.
The upcoming generation already views traditional websites like cave paintings, email like hand-written letters sealed with wax, and any communication over 140 characters as self-indulgent. The two fundamental areas of concern are access and protecting data on these application-ready devices that are integrated with cloud services and social media. SmartphonesTablets, laptops and desktopsVirtual desktops.