Going Mobile
Earlier today, Symantec released a security advisory detailing a vulnerability in how Palm OS Treo smartphones allow users to access data. Users with physical access to the device are able to use the Find feature to locate data, even when the device is locked. As a fix has not yet been released, Symantec advises to notify users so they are aware of this weakness and can take other actions to prevent disclosure of sensitive data.
Virtually all of your organizations are currently supporting the use of mobile devices in one way, shape or form. That these may impact the organization's security posture has been proven by new threats such as cell phone viruses (Commwarrior, Cabir) and Bluetooth hacking. These examples show that an understanding of wireless technology needs to be built into all security capabilities within the organisation; not just into policy statements, but also in their respective translation into procedures, guidelines and the supporting awareness programs.
If you're looking for inspiration, have a look here:
Australia's DSD government policy on Blackberry security
DRAFT NIST Guidelines on Cell Phone Forensics
DOD Security Technical Implementation Guide on Wireless Devices (tnx Del!)
Any other good examples you know of ? Drop us a message.
--
Maarten Van Horenbeeck
Comments