SlideShare una empresa de Scribd logo

Compliance with SMS Regulations Using Smartphone Monitoring

TextGuard
TextGuard
Desarrollo personal
1 de 12
Descargar para leer sin conexión
textguard_white_paper:Layout 1 6/16/09 1:46 PM Page 1 Information Security Regulations in Critical Work Areas Compliance with SMS (Short Messaging Service) A White Paper May 18, 2009
textguard_white_paper:Layout 1 6/16/09 1:46 PM Page 2 Information Security Regulations in Critical Work Areas The crises witnessed in major financial institutions the world over in the recent past have forced such financial institutions to scrutinize the informational security environment in their organizations. There is a very real fear that critical information communicated out of a secured work area may generate a disastrous financial landslide. For this reason, regulatory agencies have set up stringent informational security regimens suitable to the industries and processes they watch over. It is now mandatory for institutions in the securities, banking, insurance, mortgage, health and similar economically-critical sectors to implement the security regimens prescribed by the competent regulatory agency. Ensuring compliance with the prescribed security regimen is extremely difficult in general and specially in the case of Smartphones, PDA’s and other handheld communication devices. The business that cannot ensure compliance with the prescribed security regimen may face demotion in its quality-of-service (QoS) rating. The same applies to its financial credit rating. This will adversely impact the credibility of the business in the eyes of its clients, customers, suppliers and associates. If the business cannot maintain customer confidence regarding its internal information security then there is a very real danger that it may lose its reputation overnight and that can be disastrous to the business! This must be avoided at all costs! Almost every business with informational security concerns has implemented a monitoring system to ensure compliance with the norms prescribed by the regulatory authority. Electronic communication media place a special burden on security-conscious institutions. Office computer networks are connected to the Internet as a rule rather than as an exception. Emails, file transfers and instant messaging services provide convenient means of communicating information out of the secured work area. PDAs and mobile phones with advanced features are functionally equivalent to computers when it comes to transferring information out of the secured work area. Such wireless communication devices are harder to supervise and control compared to wired computer networks. Regulatory agencies have noted this weakness and have addressed it very specifically. The problem is compounded by the fact that mobile communication devices (read 'Smartphone') are becoming ubiquitous in general and more specifically among the executives who are in high-risk security zones. One option is to ban the use of Smartphones in the high-risk security zones. This may require a physical check (frisking), which is both not very practical and hard to implement. The intelligent option is to install and implement a Smartphone monitoring application on company devices that need regulatory compliance. The objective of this white paper is to elaborate on the modalities of implementing a Smartphone monitoring solution on Mobile Devices, (Smartphones) which are used for company purposes.. We shall focus on the use of the TextGuard Smartphone Security Solution to guarantee compliance with regulatory requirements.
textguard_white_paper:Layout 1 6/16/09 1:46 PM Page 3 Monitoring Smartphone’s To Meet Regulatory Requirements Introduction Watchdog regulatory bodies operating in different sectors have set up industry-specific guidelines and compliance checklists to prevent sensitive information from leaving designated security zones. They are concerned that this sensitive information may be used by perpetrators to extract an unfair financial advantage. Regulatory compliance is rapidly becoming mandatory in a growing number of business sectors. Smartphone’s are advanced mobile devices that can be used to communicate sensitive information in a number of ways. Their mobility makes it difficult to implement simple regimens to monitor them. They are small enough to be carried around the premises undetected. The multiplicity of ways, the mobility and the lack of size combine to make Smartphones a security manager’s worst nightmare. Businesses must take steps to protect themselves from information leakage for their own sake. With the added burden of regulatory compliance, businesses cannot afford to ignore this vital issue anymore. However, the IT departments of most businesses are not technically equipped to secure the sensitive information, especially when dealing with Smartphones. It is imperative that businesses that require regulatory compliance upgrade their information security systems on a priority basis. They MUST choose a system that is durable – it is of little use to install and implement a Smartphone’s monitoring system that is dated and limited in technological foresightedness. Security Regulations and Communications Recognizing the fact that “knowledge is power”, and that information is the precursor of knowledge, authorities concerned with the welfare of the investing public have developed and defined regulatory procedures and checklists to prevent the misuse of privileged information. For example, FINRA (Financial Industry Regulatory Authority) regulates the SEC-traders. They have issued a Customer Information Protection notification which says: "Protection of financial and personal customer information is a key responsibility and obligation of FINRA member firms. Under the SEC’s Regulation S-P, firms are required to have policies and procedures addressing the protection of customer information and records. This includes protecting against any anticipated threats or hazards to the security or integrity of customer records and information and against unauthorized access to or use of customer records or information." Similar regulations have been issued by other regulatory agencies such as HIPAA (Health Insurance Portability & Accountability Act - for the healthcare sector), SOX (Sarbanes-Oxley Act - for public companies), and the FTC (Federal Trade Commission - the Fair and Accurate Credit Transactions Act, 2003, and the Red Flags Rule applicable across the board to all businesses and financial institutions). Compliance with the regulatory requirements of these supervisory authorities is mandatory for institutions and businesses operating in the ambit of the respective regulatory agency. The IT departments of such institutions must enforce suitable security regimens to ensure regulatory compliance.
textguard_white_paper:Layout 1 6/16/09 1:46 PM Page 4 As a first step in this direction, an organization must define the sensitivity of information – high, medium and low – according to its prospective adverse impact on the organization itself and on the people who have a vested interest in the organization. The second step is to identify the persons who have a valid reason to access and use the information; in other words, a person must be authorized to access and use the sensitive information. The third step is to define the areas where such information is generated and used; in other words, a 'security cage' must be defined for each type of sensitive information. The regulatory bodies require the organization to ensure that highly sensitive information remains restricted in access to authorized persons exclusively. As a corollary, sensitive information must remain within its security cage. Smartphones, unfortunately, present a very real and potent danger in maintaining informational security in the workplace. Hence, extreme caution must be exercised to make Smartphones acceptable in the workplace whilst maintaining compliance with industry- standard regulatory norms. An institution's information resource may be compromised in a number of ways. These are: External attacks: An external agency attempts to access the institution's sensitive information using trojans and similar malware, by using sophisticated radio communication equipment, or by hacking. A Wi-Fi access point (AP) in the institution's vicinity is a potential security risk. Internal events: The main types of internal events that may compromise sensitive information are: • unauthorized interaction between employees; • deliberate attempts to access sensitive information; • deliberate attempts to convey sensitive information to unauthorized persons; • unintentional transmission of sensitive information to unauthorized persons. Applying Security Regimens In A Smartphone Environment Smartphones pose a great danger to the informational security environment because: • they are mobile; • they are physically small and so, hard to detect; • they communicate over multiple paths; • they communicate using multiple protocols; • they have a multiplicity of advanced functions that may provide unknown communication pathways; • they are personal devices that are also used for business communications; • they are business devices that are also used for personal communications; • they are gaining popularity as the communication device of choice amongst executives; • they are gaining popularity as the personal decision support device of choice amongst executives; • they are prone to malware attacks; • they are (most often) connected to the business' information network. The BlackBerry is rightly considered the epitome of Smartphones. However, as a result of patent infringement, the US District Court for the Eastern District of Virginia issued an order effectively shutting down BlackBerry services and operation in the US. A stay on the injunction allowed BlackBerry to continue its US operations. In a surprise move, first the US Department of Justice and then a few months later, the US Department of Defense filed special briefs with the Court requesting it to vacate the injunction against BlackBerry operations. The reason cited by the DoJ was the large number of BlackBerry users in the US Federal Government. The reason cited by the DoD was even more spectacular. It stated that the BlackBerry was crucial for national security.
textguard_white_paper:Layout 1 6/16/09 1:46 PM Page 5 The "brute force" method to curb the problem of informational leaks due to Smartphones is to ban their presence within the security cage. Small firms may actually employ such a method where the number of Smartphones is low or zero. Such a method is impracticable in medium and large sized institutions where almost every executive carries a Smartphone and uses it as part of his personal decision support system. In such cases the institutions rely on special Smartphone monitoring software systems to maintain regulatory compliance. At a minimum the Smartphone monitoring solution must be able to monitor and report security regimen violations with respect to email correspondence, SMS, (Text Messaging), IM, and PIN (this is a BlackBerry-specific communication facility). Desirable features in such monitoring systems include a protocol management system to set user authorities, access levels, define authorized groups, and sundries like restricting or allowing access based on time of day and day of week. Using such a sophisticated Smartphone monitoring solution maintaining regulatory compliance is the intelligent solution to the problem of applying mandatory security regimens in a pragmatic way. Applying Security Controls at The Device Level The common objective of the various informational security regulatory systems vis-à-vis Smartphones is to control the information traffic through the Smartphone device. Smartphones are called that because they have many sophisticated features and facilities to manage and control the information flow originating from and terminating at the device. So if on the one hand Smartphones are a security and compliance challenge to information security managers entrusted with enforcing regulatory compliance in the workplace, then on the other hand they are extremely facility-rich in applying security regimens on individual devices. A Smartphone can be programmed to implement a security regimen by setting the various options that are built into the device's operating system. These settings can be programmed by the user via the device's keyboard. Alternatively, and more importantly, the settings can be programmed wirelessly from a remote location. This latter method is referred to as "Over-The-Air" or OTA programming. Similarly, software programs can be “pushed” OTA to the device and installed directly. Using this feature, a company's IT department can remotely install programs on Smartphones that are specially developed to enhance the device's native security features. The client program (the program that is installed on the Smartphone) becomes a cooperating component of the enterprise-wide information regulation compliance system. This is an invaluable feature indeed. Of course the enterprise-wide information monitoring system (and its client component) must be tamper-proof, reliable, and well-designed in itself to provide meaningful information protection so that the business can meet security regulations. Besides this, the monitoring software system must be sufficiently avant-garde to cater to the technological and regulatory developments in the foreseeable future. The development of such software systems is an ongoing process by necessity. So the software development firm must be ready, willing and able to produce upgrades as these become necessary due to developments in security regulations and Smartphone technology.
textguard_white_paper:Layout 1 6/16/09 1:46 PM Page 6 Securing the Smartphone Device A Smartphone poses a dual threat to an organization's information security environment in two key ways. Firstly a user can communicate with unauthorized persons and secondly, the user can access (not amounting to communicating) sensitive information in an unauthorized manner. Both these activities can jeopardize the company's regulation compliancy status. IT departments, information security managers and regulation compliance managers must ensure that any Smartphone monitoring system they acquire and implement possesses Behavior Blocking and Information Protection and Control features. The security feature that prevents unauthorized communication is termed 'Behavior Blocking'. The security feature that prevents unauthorized access to sensitive information is termed 'Information Protection and Control'. An executive can use a Smartphone to access sensitive information residing on the firm's computer network. This is possible by using the Smartphone’s Bluetooth capability or wireless network access capability. Behavior blocking is most often implemented using white lists (a list of authorized contacts) and black lists (a list of unauthorized contacts). These lists must be updated regularly for them to be effective in ensuring security regimens in compliance with regulatory requirements. The first step in securing a Smartphone device is to "register" it as part of the organization's information security environment. This is accomplished by a Smartphone management system running on the organization's computer network. The Smartphone management system may be supplied by the Smartphone vendor as part of the package, or it may be a separately procured package. Supervising the Information Flow for Regulatory Compliance Messages routed through a Smartphone must be reviewed by a competent executive to ensure that the security regulations have been adhered to. Hence a copy of every message must be stored someplace pending review. The security executive checks whether the message was sent to an authorized recipient or not. He must also check whether the message contained unauthorized information or not. The messages must be logged and stored away for future reference in a properly organized and maintained archive. The security executive reports cases of informational security regulatory violations to a competent authority within the organization. That competent authority then decides on a course of remedial action to be taken in accordance with the regulatory procedures. This is part and parcel of regulatory compliance. The person responsible for the regulatory violation may or may not be informed of his role in the violation depending on the organization's defined course of action and, of course, the regulatory requirement. Action against the offending person, again, depends on the organization's own regulations and the mandated regulatory requirement. Messages may be transferred between executives of the organization (internal messaging) or between a company executive and an outsider (external messaging).
textguard_white_paper:Layout 1 6/16/09 1:46 PM Page 7 Supervising Internal and External Messaging Supervision of internal messaging is necessary in those organizations implementing security cages. This is to prevent "insider" information from being used in an unfair manner. Another reason is to prevent undesirable exertion of influence by one executive to another. This virtual segregation of communicants is referred to as a "Chinese wall" by information security professionals. When messages are sent to or received from an outsider, then the risk of a regulatory infringement increases. The security executive has to be extra vigilant when reviewing such messages compared to the vigilance required to review internal messaging. Additionally, some security regulations require the firm to keep a copy of messages sent to the firm's clients for a period stipulated by the regulatory authority. If the firm uses a Smartphone monitoring solution then the platform should be able to provide all the facilities required to supervise the messaging via the Smartphone registered as part of the firm's security environment. The facilities must be convenient to understand and use. Reportage should be flexible and useful rather than voluminous. The system must be able to archive messages efficiently. If there is a regulatory requirement to store a class of message for xx days, then the system must have a facility to automatically store the specified message class for xx days, and archive the messages that have passed the stipulated xx days. The system must provide a proper log of all messaging activity. The system must also have a search facility to help a reviewer search for messages by content or message type or recipient or sender or any other suitable parameter. In short, the software system must have features to assist in the review process associated with ensuring regulatory compliance. Message Review Modes Messages must be reviewed by a security executive to check for regulatory violations. Violations should be proceeded against according to established norms, both those of the organization and those of the regulatory authority. Every message transferred to and from a registered Smartphone must be copied to the security executive for review. Depending on the volume of message traffic the security executive may review each and every message that is copied to him (or her) for review. This is done if the message traffic is limited and well within the reviewer's capacity. If the information is extremely sensitive (national security, for example) then each and every message is reviewed, no matter how heavy the traffic. In most cases, however, a stringent scrutiny of each and every message is not called for. If practical statistics shows that an organization's executives mostly comply with the security norms then a fair sampling of messages, not all, are sent for review. Generally this fair sampling is selected in the following: Lexicon selection: Messages are processed by a computer program which checks the contents of all the messages for certain trigger words and phrases. Only those messages that contain the trigger words are reviewed by the security executive. These trigger words are contained in a compiled lexicon or word-list, maintained and updated by the organization's information security department.
textguard_white_paper:Layout 1 6/16/09 1:46 PM Page 8 Random selection: The informational security department sets a quantum (e.g. 100 messages a day) or a percentage (e.g. 20% of the daily message traffic) as a limit for messages selected to be reviewed. A computer program then selects the stated number of messages on a random basis and sends them to the security executive for review. The selection can be for incoming messages, outgoing messages, internal messages, external messages, department-wide messages, or any combination it sees fit. If the regulatory requirements require a particular selection criterion then that criterion is applied in the message selection process. Message Storage, Management and Retrieval Informational security regulations may, and usually do, specify that an organization keep a copy of messages for future reference. This is sometimes referred to as "cold storage" by information security professionals. The regulations may specify the types of messages to be kept, and the duration for each type. This is part of regulatory compliance. Hence an organization must implement a suitable message storage and retrieval system to ensure compliance. This system is referred to as an archival system. An archival system must be well-designed to facilitate message storage management and message retrieval. Messages which pass the regulatory "cold storage" period can be trashed (deleted completely) or they may be vaulted, a storage system where all messages are highly compressed to save storage space, and rarely accessed. The idea is that messages once placed in the vault will never be required; still, they are there just to be on the safe side. After a sufficiently long time (e.g. twenty years) the messages are permanently deleted from the vault. The message archival system must be capable of archiving all types of text messages that can be generated or received by a Smartphone. SMS is the general message format. BlackBerry Smartphone can communicate directly with other BlackBerry Smartphone using a PIN-based protocol. Other Smartphone are getting ready to follow suit in implementing this BlackBerry-PIN compatible messaging system or a variation thereof. The organization's message archival system must be capable of storing the BlackBerry-PIN messages and its variants when they appear in the Smartphone. It is always a good idea for an organization to acquire software that works in cooperation with existing software. That way the organization doesn't have to duplicate its efforts in performing data entry, searching for records, record modification, or generating reports. But this is not an over-riding technical feature and can be played down in the acquisition of information monitoring solutions. Organization's intending to implement software solutions to assist in maintaining regulatory compliance need to heed one piece of advice offered here: Don't wait too long to implement the security software solution! The communication field is wide open and expanding exponentially. Too often the security executives are taken in by trade announcements of impending releases - software or hardware - and wait for the release. Meantime the organization's sensitive information is left vulnerable and the organization open to scrutiny by regulatory authorities. Technical blogs and sites are good sources of information relating to informational security in high-risk, high-security arenas. But be warned that there are some unreliable sites that thrive alongside the reliable sites.
textguard_white_paper:Layout 1 6/16/09 1:46 PM Page 9 The TextGuard Security & Compliance Solution Preamble TextGuard is not a "Topsy" software offering that "just growed" over a mocha, nor is it a product of chance that resulted from a net entrepreneur bumping into a barely-bearded youth flogging his latest brainchild. At first glance, that statement might appear out of place in a white paper. But the fact is that this statement is more important than all the technical specs that follow. TextGuard was conceived with due diligence: technical analysis, market analysis, and feasibility analysis. The TextGuard product was designed in its totality with equal emphasis on technical excellence and market sustainability. Creating a technical gem is one thing, making sure that it stands its ground in the volatile IT marketplace is another thing. If a product is not sustainable then satisfactory client support is not maintainable either. And another "one-hit" wonder bites the dust! TextGuard was designed by a group of technical and entrepreneurial stalwarts to be the best available Information Security Solution for Mobile Communication Devices. Every aspect of the TextGuard product has been given careful consideration to ensure its living up to its designed level of excellence. TextGuard has been designed to become a technical and entrepreneurial success and is creating new benchmarks in the informational security arena. TextGuard is based on a future-ready design. Special features (many that have a patent-pending status) are being researched, designed and developed on a continuous basis. These features will enable TextGuard to operate in the ever- changing technological scenario for the years to come. Compliance Officers – (Intranet) TextGuard.com SAAS or On Premises Network Sign On • IIS 6.0 • SQL Server 2005 • SQL Server Reporting Services •SOA Web Services SAML Internet Single Sign On Redundant Web Tier Redundant Data Tier WEB • Mobile Messaging Service • Ad Hoc Reporting Services Secure Messaging • User & Group Configuration Continuous Data Backups Mobile Workforce – (Telecom Provider & BES)
textguard_white_paper:Layout 1 6/16/09 1:46 PM Page 10 Specific Technicalities • TextGuard is a binary product - it has two components: a server component, and a client component. The client component is installed on the individual smartphones, whereas the server program is either a hosted solution, (SAAS) or can be installed on the corporate computer network. • The TextGuard server component applies an overall enterprise-wide information security regimen to all the smartphones in the organization. • The TextGuard client component applies control to the smartphone device itself; this is also known as end-point security control. • Security managers can manage the enterprise-wide information security regimen conveniently. An intuitive and well- designed user-interface allows the corporate information security manager to set and reset security rules for individual smartphones and for all devices. • TextGuard is designed to work on ANY cellular mobile carrier. • TextGuard operates under various device operating systems. • TextGuard provides Layer A level of regulation-compliance for smartphones used in industries, businesses and organizations operating in a sensitive information environment. • TextGuard monitors and logs all communications in and out of the smartphone. It selectively blocks incoming and outgoing calls. • TextGuard selectively blocks access to web sites on select operating systems. • TextGuard filters text messages (SMS and email) for obscene and prohibited content on select operating systems. • TextGuard is rich in message archival management features. • TextGuard is the only mobile security product that maintains its logs and archives on a secured server. The archives are accessible by an authorized user from anywhere in the world via the Internet. • TextGuard facilitates legal discovery of information and data contained in text messages sent and received on registered smartphones. • TextGuard maintains and manages a secured message archive. The contents of the archive can be used as trusted evidence in the judicial process. • TextGuard archived messages are evidentiary, both unwriteable and unerasable. • TextGuard lets administrators monitor an employee's communications. All messages can be archived. This prevents loss of corporate data when a smartphone is lost or stolen. • TextGuard lets administrators lock a smartphone remotely. This is specifically useful in preventing unauthorized access to sensitive corporate data when a smartphone is lost or stolen. • TextGuard operates over standard and non-standard data communication channels. For example, TextGuard monitors PIN-based messages between BlackBerry phones. • TextGuard has all the features that an information security manager requires to establish a mandatory security regimen within the organization. • TextGuard is useful in electronic communication compliance regulated industries like securities, banking, pharmaceutical, healthcare, accounting and hedge funds. In fact, any Fortune 1000 company or small business will also benefit from the TextGuard Solution given its advanced functionality and low price point. • TextGuard recognizes the advanced features available in smartphones today and those that will become available in the future. It makes full use of these features to give the user complete control over the security of sensitive information passing through the smartphone. • TextGuard is the most comprehensive sensitive information security solution available at a very affordable price point.
textguard_white_paper:Layout 1 6/16/09 1:46 PM Page 11 Chinese Walls - TextGuard facilitates maintenance of white lists and black lists to control communication between the smartphone user and respondents. The control extends to all types of devices and communication modes: SMS/HTTP/PIN. Content filtering - TextGuard facilitates maintenance of lists of trigger words and phrases to help in filtering suspicious messages. The admin can include trigger words that recognize sexually aggressive messages aimed at women, sexually abusive messages aimed at children, coercive and threatening messages and racially offensive messages. PIN-recognition - TextGuard recognizes the PIN-feature of smartphones. It uses this feature to prevent message delivery to the wrong recipient. Advanced archive management: • TextGuard is the perfect solution to archive management issues. • The TextGuard archive manager is designed to facilitate e-discovery requirements and obligations. • The archive can be searched for keywords to maintain regulatory compliance. • The archive can be purged of time-ex messages. • The archive can be backed up for further safety. Advanced message control and management: • Messages can be categorized according to organizational requirements. Examples are OUTMSG, INMSG, SECLVL1 and CONFIDENTIAL. • Message actions can be defined by the administrator according to organizational Informatory and Cautionary Notice TextGuard is an original, innovative, and creative application of techniques and technology to secure requirements. Examples are routing of messages, information which is being transmitted OTA (over the air) to mobile wireless communication devices with an extended network of mobile wireless communication devices. blocking, deleting and copying. TextGuard is presented as a comprehensive SOLUTION system incorporating relevant processes to secure information from intentional and accidental misuse. The main body of the solution lies in a computer program • Specific actions can be defined according to software package comprising two distinctly identifiable primary components: a server component and a mobile device component. Secondary components providing necessary system sub-services are included in the combination of message categories. For example, definition and scope of the TextGuard solution. TextGuard is the intellectual property of the company TextGuard Inc. with its corporate office located in an INMSG with SECLVL1 will be routed to the Kenilworth, New Jersey, USA. TextGuard is duly and properly protected by the relevant laws and statutes in force regarding the protection of chief security reviewer. intellectual property. TextGuard's unique operational process is the subject of a US non-provisional patent application. The patent scrutiny is nearing completion. Advanced regimen management: TextGuard has a US federal trademark application pending for the TextGuard device in all its forms and styles. The source code including associated program components developed for TextGuard is protected by US • The administrator can select the rule-tolerance copyright law. The patent and copyright extend to all components of the TextGuard solution in regard to the security of level at the organization level as well as at the information residing on a computer network and an extended network of mobile communication devices. This patent includes the IP used to deliver rules from a web-based (SAAS) solution O.T.A. to the mobile device. individual level. This determines how strictly and severely the security regimen is implemented. • When a violation occurs, the admin can choose to inform or not to inform the offender of his offense. • When a violation occurs, the admin can choose to allow or not to allow the offender to rectify his error.
textguard_white_paper:Layout 1 6/16/09 1:46 PM Page 12 For more information please visit: WWW.TEXTGUARD.COM

Recomendados

IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust DesignationMurray Security Services
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template Demand Metric
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a SciencePankaj Rane
 
report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile securityJAYANT RAJURKAR
 
Compliance in Unified Communications & Collaboration- The Financial Sector (1)
Compliance in Unified Communications & Collaboration- The Financial Sector (1)Compliance in Unified Communications & Collaboration- The Financial Sector (1)
Compliance in Unified Communications & Collaboration- The Financial Sector (1)Steve Hood
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
Fitsum ristu lakew transaction security on e-commerce
Fitsum ristu lakew transaction security on e-commerceFitsum ristu lakew transaction security on e-commerce
Fitsum ristu lakew transaction security on e-commerceFITSUM RISTU LAKEW
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...SafeNet
 

Recomendados

IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust DesignationMurray Security Services
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template Demand Metric
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a SciencePankaj Rane
 
report on Mobile security
report on Mobile securityreport on Mobile security
report on Mobile securityJAYANT RAJURKAR
 
Compliance in Unified Communications & Collaboration- The Financial Sector (1)
Compliance in Unified Communications & Collaboration- The Financial Sector (1)Compliance in Unified Communications & Collaboration- The Financial Sector (1)
Compliance in Unified Communications & Collaboration- The Financial Sector (1)Steve Hood
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
Fitsum ristu lakew transaction security on e-commerce
Fitsum ristu lakew transaction security on e-commerceFitsum ristu lakew transaction security on e-commerce
Fitsum ristu lakew transaction security on e-commerceFITSUM RISTU LAKEW
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...SafeNet
 
Managing Mobile Menaces
Managing Mobile MenacesManaging Mobile Menaces
Managing Mobile MenacesNalneesh Gaur
 
Understanding and complying with RBI’s Cyber security guidelines for Email sy...
Understanding and complying with RBI’s Cyber security guidelines for Email sy...Understanding and complying with RBI’s Cyber security guidelines for Email sy...
Understanding and complying with RBI’s Cyber security guidelines for Email sy...Vaultastic
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security ProgramRaymond Cunningham
 
1. security management practices
1. security management practices1. security management practices
1. security management practices7wounders
 
Government-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefGovernment-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefJonathan Reyes
 
Dr K Subramanian
Dr K SubramanianDr K Subramanian
Dr K Subramanianeletseditorial
 
Print - Overlooked piece of the security puzzle whitepaper - DRAFT
Print - Overlooked piece of the security puzzle whitepaper - DRAFTPrint - Overlooked piece of the security puzzle whitepaper - DRAFT
Print - Overlooked piece of the security puzzle whitepaper - DRAFTGerry Skipwith
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...IJNSA Journal
 
M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06gbroadbent67
 
Security and personnel
Security and personnelSecurity and personnel
Security and personnelDhani Ahmad
 
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...Global Knowledge Training
 
ExecBriefFinal
ExecBriefFinalExecBriefFinal
ExecBriefFinalSteve Cochennet
 
RSM India publication - How Robust is your IT System
RSM India publication - How Robust is your IT SystemRSM India publication - How Robust is your IT System
RSM India publication - How Robust is your IT SystemRSM India
 
White Paper: Aligning application security and compliance
White Paper: Aligning application security and complianceWhite Paper: Aligning application security and compliance
White Paper: Aligning application security and complianceSecurity Innovation
 
Getting the social side of pervasive computing right
Getting the social side of pervasive computing rightGetting the social side of pervasive computing right
Getting the social side of pervasive computing rightblogzilla
 
Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis
 
1 s2.0-s0167404801002097-main
1 s2.0-s0167404801002097-main1 s2.0-s0167404801002097-main
1 s2.0-s0167404801002097-mainCaio Sanchez Christino
 
Privacy & security in heath care it
Privacy & security in heath care itPrivacy & security in heath care it
Privacy & security in heath care itDhani Ahmad
 
ImmaginAzione - svilupparla col metodo Woodys®
ImmaginAzione - svilupparla col metodo Woodys®ImmaginAzione - svilupparla col metodo Woodys®
ImmaginAzione - svilupparla col metodo Woodys®Diego Senziani
 
Clarkson joshua white - ids testing - spie 2013 presentation - jsw - d1
Clarkson joshua white - ids testing - spie 2013 presentation - jsw - d1Clarkson joshua white - ids testing - spie 2013 presentation - jsw - d1
Clarkson joshua white - ids testing - spie 2013 presentation - jsw - d1Joshua S. White, PhD josh@securemind.org
 
A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...
A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...
A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...ijsrd.com
 
Regular Expression Mining System for Information Extraction
Regular Expression Mining System for Information ExtractionRegular Expression Mining System for Information Extraction
Regular Expression Mining System for Information ExtractionDimuthu Samarasekara
 

Más contenido relacionado

La actualidad más candente

Managing Mobile Menaces
Managing Mobile MenacesManaging Mobile Menaces
Managing Mobile MenacesNalneesh Gaur
 
Understanding and complying with RBI’s Cyber security guidelines for Email sy...
Understanding and complying with RBI’s Cyber security guidelines for Email sy...Understanding and complying with RBI’s Cyber security guidelines for Email sy...
Understanding and complying with RBI’s Cyber security guidelines for Email sy...Vaultastic
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security ProgramRaymond Cunningham
 
1. security management practices
1. security management practices1. security management practices
1. security management practices7wounders
 
Government-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefGovernment-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefJonathan Reyes
 
Print - Overlooked piece of the security puzzle whitepaper - DRAFT
Print - Overlooked piece of the security puzzle whitepaper - DRAFTPrint - Overlooked piece of the security puzzle whitepaper - DRAFT
Print - Overlooked piece of the security puzzle whitepaper - DRAFTGerry Skipwith
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...IJNSA Journal
 
M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06gbroadbent67
 
Security and personnel
Security and personnelSecurity and personnel
Security and personnelDhani Ahmad
 
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...Global Knowledge Training
 
RSM India publication - How Robust is your IT System
RSM India publication - How Robust is your IT SystemRSM India publication - How Robust is your IT System
RSM India publication - How Robust is your IT SystemRSM India
 
White Paper: Aligning application security and compliance
White Paper: Aligning application security and complianceWhite Paper: Aligning application security and compliance
White Paper: Aligning application security and complianceSecurity Innovation
 
Getting the social side of pervasive computing right
Getting the social side of pervasive computing rightGetting the social side of pervasive computing right
Getting the social side of pervasive computing rightblogzilla
 
Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis
 
Privacy & security in heath care it
Privacy & security in heath care itPrivacy & security in heath care it
Privacy & security in heath care itDhani Ahmad
 

La actualidad más candente (18)

Managing Mobile Menaces
Managing Mobile MenacesManaging Mobile Menaces
Managing Mobile Menaces
 
Understanding and complying with RBI’s Cyber security guidelines for Email sy...
Understanding and complying with RBI’s Cyber security guidelines for Email sy...Understanding and complying with RBI’s Cyber security guidelines for Email sy...
Understanding and complying with RBI’s Cyber security guidelines for Email sy...
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security Program
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
 
Government-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefGovernment-ForeScout-Solution-Brief
Government-ForeScout-Solution-Brief
 
Dr K Subramanian
Dr K SubramanianDr K Subramanian
Dr K Subramanian
 
Print - Overlooked piece of the security puzzle whitepaper - DRAFT
Print - Overlooked piece of the security puzzle whitepaper - DRAFTPrint - Overlooked piece of the security puzzle whitepaper - DRAFT
Print - Overlooked piece of the security puzzle whitepaper - DRAFT
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
 
M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06
 
Security and personnel
Security and personnelSecurity and personnel
Security and personnel
 
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
 
ExecBriefFinal
ExecBriefFinalExecBriefFinal
ExecBriefFinal
 
RSM India publication - How Robust is your IT System
RSM India publication - How Robust is your IT SystemRSM India publication - How Robust is your IT System
RSM India publication - How Robust is your IT System
 
White Paper: Aligning application security and compliance
White Paper: Aligning application security and complianceWhite Paper: Aligning application security and compliance
White Paper: Aligning application security and compliance
 
Getting the social side of pervasive computing right
Getting the social side of pervasive computing rightGetting the social side of pervasive computing right
Getting the social side of pervasive computing right
 
Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective
 
1 s2.0-s0167404801002097-main
1 s2.0-s0167404801002097-main1 s2.0-s0167404801002097-main
1 s2.0-s0167404801002097-main
 
Privacy & security in heath care it
Privacy & security in heath care itPrivacy & security in heath care it
Privacy & security in heath care it
 

Destacado

ImmaginAzione - svilupparla col metodo Woodys®
ImmaginAzione - svilupparla col metodo Woodys®ImmaginAzione - svilupparla col metodo Woodys®
ImmaginAzione - svilupparla col metodo Woodys®Diego Senziani
 
A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...
A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...
A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...ijsrd.com
 
Regular Expression Mining System for Information Extraction
Regular Expression Mining System for Information ExtractionRegular Expression Mining System for Information Extraction
Regular Expression Mining System for Information ExtractionDimuthu Samarasekara
 
Lessons Learned from Teaching Intrusion Detection and Intrusion Prevention wi...
Lessons Learned from Teaching Intrusion Detection and Intrusion Prevention wi...Lessons Learned from Teaching Intrusion Detection and Intrusion Prevention wi...
Lessons Learned from Teaching Intrusion Detection and Intrusion Prevention wi...amiable_indian
 
All About Snort
All About SnortAll About Snort
All About Snort28pranjal
 
Industrial Training - Network Intrusion Detection System Using Snort
Industrial Training - Network Intrusion Detection System Using SnortIndustrial Training - Network Intrusion Detection System Using Snort
Industrial Training - Network Intrusion Detection System Using SnortDisha Bedi
 
Network Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortNetwork Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortDisha Bedi
 
Introduction to Snort Rule Writing
Introduction to Snort Rule WritingIntroduction to Snort Rule Writing
Introduction to Snort Rule WritingCisco DevNet
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 

Destacado (13)

ImmaginAzione - svilupparla col metodo Woodys®
ImmaginAzione - svilupparla col metodo Woodys®ImmaginAzione - svilupparla col metodo Woodys®
ImmaginAzione - svilupparla col metodo Woodys®
 
Clarkson joshua white - ids testing - spie 2013 presentation - jsw - d1
Clarkson joshua white - ids testing - spie 2013 presentation - jsw - d1Clarkson joshua white - ids testing - spie 2013 presentation - jsw - d1
Clarkson joshua white - ids testing - spie 2013 presentation - jsw - d1
 
A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...
A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...
A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...
 
Regular Expression Mining System for Information Extraction
Regular Expression Mining System for Information ExtractionRegular Expression Mining System for Information Extraction
Regular Expression Mining System for Information Extraction
 
Pcre introduciton
Pcre introducitonPcre introduciton
Pcre introduciton
 
Lessons Learned from Teaching Intrusion Detection and Intrusion Prevention wi...
Lessons Learned from Teaching Intrusion Detection and Intrusion Prevention wi...Lessons Learned from Teaching Intrusion Detection and Intrusion Prevention wi...
Lessons Learned from Teaching Intrusion Detection and Intrusion Prevention wi...
 
All About Snort
All About SnortAll About Snort
All About Snort
 
Snort IDS
Snort IDSSnort IDS
Snort IDS
 
Industrial Training - Network Intrusion Detection System Using Snort
Industrial Training - Network Intrusion Detection System Using SnortIndustrial Training - Network Intrusion Detection System Using Snort
Industrial Training - Network Intrusion Detection System Using Snort
 
Snort
SnortSnort
Snort
 
Network Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortNetwork Intrusion Detection System Using Snort
Network Intrusion Detection System Using Snort
 
Introduction to Snort Rule Writing
Introduction to Snort Rule WritingIntroduction to Snort Rule Writing
Introduction to Snort Rule Writing
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 

Similar a Compliance with SMS Regulations Using Smartphone Monitoring

Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
Information Security
Information SecurityInformation Security
Information Securitysteffiann88
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliancePeter Goldbrunner
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterpriseMbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterpriseSelectedPresentations
 
Importance of Cybersecurity in BFSI Sector in India.pdf
Importance of Cybersecurity in BFSI Sector in India.pdfImportance of Cybersecurity in BFSI Sector in India.pdf
Importance of Cybersecurity in BFSI Sector in India.pdfMobibizIndia1
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 
Paper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile worldPaper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile worldWTHS
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
Booz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen Hamilton
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...cyberprosocial
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devicesMarc Vael
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 
Information security
Information securityInformation security
Information securityOnkar Sule
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekkoDMI
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMChristopher Nanchengwa
 

Similar a Compliance with SMS Regulations Using Smartphone Monitoring (20)

Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
 
Information Security
Information SecurityInformation Security
Information Security
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliance
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterpriseMbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
 
Importance of Cybersecurity in BFSI Sector in India.pdf
Importance of Cybersecurity in BFSI Sector in India.pdfImportance of Cybersecurity in BFSI Sector in India.pdf
Importance of Cybersecurity in BFSI Sector in India.pdf
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Paper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile worldPaper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile world
 
IT Security Trends in 2012
IT Security Trends in 2012IT Security Trends in 2012
IT Security Trends in 2012
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and risk
 
Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)
 
Booz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of DirectorsBooz Allen's 10 Cyber Priorities for Boards of Directors
Booz Allen's 10 Cyber Priorities for Boards of Directors
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devices
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 
Information security
Information securityInformation security
Information security
 
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko5 steps-to-mobile-risk-management-whitepaper-golden-gekko
5 steps-to-mobile-risk-management-whitepaper-golden-gekko
 
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAMINFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
INFORMATION AND COMMUNICATIONS TECHNOLOGY PROGRAM
 

Último

$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...
$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...
$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...PsychicRuben LoveSpells
 
Lucknow 💋 High Class Call Girls Lucknow 10k @ I'm VIP Independent Escorts Gir...
Lucknow 💋 High Class Call Girls Lucknow 10k @ I'm VIP Independent Escorts Gir...Lucknow 💋 High Class Call Girls Lucknow 10k @ I'm VIP Independent Escorts Gir...
Lucknow 💋 High Class Call Girls Lucknow 10k @ I'm VIP Independent Escorts Gir...anilsa9823
 
Lilac Illustrated Social Psychology Presentation.pptx
Lilac Illustrated Social Psychology Presentation.pptxLilac Illustrated Social Psychology Presentation.pptx
Lilac Illustrated Social Psychology Presentation.pptxABMWeaklings
 
CALL ON ➥8923113531 🔝Call Girls Adil Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Adil Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Adil Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Adil Nagar Lucknow best Female serviceanilsa9823
 
CALL ON ➥8923113531 🔝Call Girls Aliganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Aliganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Aliganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Aliganj Lucknow best sexual serviceanilsa9823
 
CALL ON ➥8923113531 🔝Call Girls Mahanagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Mahanagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Mahanagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Mahanagar Lucknow best sexual serviceanilsa9823
 
9892124323, Call Girls in mumbai, Vashi Call Girls , Kurla Call girls
9892124323, Call Girls in mumbai, Vashi Call Girls , Kurla Call girls9892124323, Call Girls in mumbai, Vashi Call Girls , Kurla Call girls
9892124323, Call Girls in mumbai, Vashi Call Girls , Kurla Call girlsPooja Nehwal
 
CALL ON ➥8923113531 🔝Call Girls Rajajipuram Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Rajajipuram Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Rajajipuram Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Rajajipuram Lucknow best sexual serviceanilsa9823
 
Introducing to billionaire brain wave.pdf
Introducing to billionaire brain wave.pdfIntroducing to billionaire brain wave.pdf
Introducing to billionaire brain wave.pdfnoumannajam04
 
LC_YouSaidYes_NewBelieverBookletDone.pdf
LC_YouSaidYes_NewBelieverBookletDone.pdfLC_YouSaidYes_NewBelieverBookletDone.pdf
LC_YouSaidYes_NewBelieverBookletDone.pdfpastor83
 
Pokemon Go... Unraveling the Conspiracy Theory
Pokemon Go... Unraveling the Conspiracy TheoryPokemon Go... Unraveling the Conspiracy Theory
Pokemon Go... Unraveling the Conspiracy Theorydrae5
 
Call Girls Anjuna beach Mariott Resort ₰8588052666
Call Girls Anjuna beach Mariott Resort ₰8588052666Call Girls Anjuna beach Mariott Resort ₰8588052666
Call Girls Anjuna beach Mariott Resort ₰8588052666nishakur201
 
CALL ON ➥8923113531 🔝Call Girls Jankipuram Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Jankipuram Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Jankipuram Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Jankipuram Lucknow best sexual serviceanilsa9823
 
call girls in candolim beach 9870370636] NORTH GOA ..
call girls in candolim beach 9870370636] NORTH GOA ..call girls in candolim beach 9870370636] NORTH GOA ..
call girls in candolim beach 9870370636] NORTH GOA ..nishakur201
 
2k Shots ≽ 9205541914 ≼ Call Girls In Dashrath Puri (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Dashrath Puri (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Dashrath Puri (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Dashrath Puri (Delhi)Delhi Call girls
 
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)Delhi Call girls
 
The Selfspace Journal Preview by Mindbrush
The Selfspace Journal Preview by MindbrushThe Selfspace Journal Preview by Mindbrush
The Selfspace Journal Preview by MindbrushShivain97
 

Último (20)

$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...
$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...
$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...
 
Lucknow 💋 High Class Call Girls Lucknow 10k @ I'm VIP Independent Escorts Gir...
Lucknow 💋 High Class Call Girls Lucknow 10k @ I'm VIP Independent Escorts Gir...Lucknow 💋 High Class Call Girls Lucknow 10k @ I'm VIP Independent Escorts Gir...
Lucknow 💋 High Class Call Girls Lucknow 10k @ I'm VIP Independent Escorts Gir...
 
Lilac Illustrated Social Psychology Presentation.pptx
Lilac Illustrated Social Psychology Presentation.pptxLilac Illustrated Social Psychology Presentation.pptx
Lilac Illustrated Social Psychology Presentation.pptx
 
CALL ON ➥8923113531 🔝Call Girls Adil Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Adil Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Adil Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Adil Nagar Lucknow best Female service
 
CALL ON ➥8923113531 🔝Call Girls Aliganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Aliganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Aliganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Aliganj Lucknow best sexual service
 
CALL ON ➥8923113531 🔝Call Girls Mahanagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Mahanagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Mahanagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Mahanagar Lucknow best sexual service
 
(Aarini) Russian Call Girls Surat Call Now 8250077686 Surat Escorts 24x7
(Aarini) Russian Call Girls Surat Call Now 8250077686 Surat Escorts 24x7(Aarini) Russian Call Girls Surat Call Now 8250077686 Surat Escorts 24x7
(Aarini) Russian Call Girls Surat Call Now 8250077686 Surat Escorts 24x7
 
9892124323, Call Girls in mumbai, Vashi Call Girls , Kurla Call girls
9892124323, Call Girls in mumbai, Vashi Call Girls , Kurla Call girls9892124323, Call Girls in mumbai, Vashi Call Girls , Kurla Call girls
9892124323, Call Girls in mumbai, Vashi Call Girls , Kurla Call girls
 
CALL ON ➥8923113531 🔝Call Girls Rajajipuram Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Rajajipuram Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Rajajipuram Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Rajajipuram Lucknow best sexual service
 
Introducing to billionaire brain wave.pdf
Introducing to billionaire brain wave.pdfIntroducing to billionaire brain wave.pdf
Introducing to billionaire brain wave.pdf
 
LC_YouSaidYes_NewBelieverBookletDone.pdf
LC_YouSaidYes_NewBelieverBookletDone.pdfLC_YouSaidYes_NewBelieverBookletDone.pdf
LC_YouSaidYes_NewBelieverBookletDone.pdf
 
Pokemon Go... Unraveling the Conspiracy Theory
Pokemon Go... Unraveling the Conspiracy TheoryPokemon Go... Unraveling the Conspiracy Theory
Pokemon Go... Unraveling the Conspiracy Theory
 
Call Girls Anjuna beach Mariott Resort ₰8588052666
Call Girls Anjuna beach Mariott Resort ₰8588052666Call Girls Anjuna beach Mariott Resort ₰8588052666
Call Girls Anjuna beach Mariott Resort ₰8588052666
 
CALL ON ➥8923113531 🔝Call Girls Jankipuram Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Jankipuram Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Jankipuram Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Jankipuram Lucknow best sexual service
 
call girls in candolim beach 9870370636] NORTH GOA ..
call girls in candolim beach 9870370636] NORTH GOA ..call girls in candolim beach 9870370636] NORTH GOA ..
call girls in candolim beach 9870370636] NORTH GOA ..
 
2k Shots ≽ 9205541914 ≼ Call Girls In Dashrath Puri (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Dashrath Puri (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Dashrath Puri (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Dashrath Puri (Delhi)
 
(Anamika) VIP Call Girls Navi Mumbai Call Now 8250077686 Navi Mumbai Escorts ...
(Anamika) VIP Call Girls Navi Mumbai Call Now 8250077686 Navi Mumbai Escorts ...(Anamika) VIP Call Girls Navi Mumbai Call Now 8250077686 Navi Mumbai Escorts ...
(Anamika) VIP Call Girls Navi Mumbai Call Now 8250077686 Navi Mumbai Escorts ...
 
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)
 
The Selfspace Journal Preview by Mindbrush
The Selfspace Journal Preview by MindbrushThe Selfspace Journal Preview by Mindbrush
The Selfspace Journal Preview by Mindbrush
 

Compliance with SMS Regulations Using Smartphone Monitoring

  • 1. textguard_white_paper:Layout 1 6/16/09 1:46 PM Page 1 Information Security Regulations in Critical Work Areas Compliance with SMS (Short Messaging Service) A White Paper May 18, 2009
  • 2. textguard_white_paper:Layout 1 6/16/09 1:46 PM Page 2 Information Security Regulations in Critical Work Areas The crises witnessed in major financial institutions the world over in the recent past have forced such financial institutions to scrutinize the informational security environment in their organizations. There is a very real fear that critical information communicated out of a secured work area may generate a disastrous financial landslide. For this reason, regulatory agencies have set up stringent informational security regimens suitable to the industries and processes they watch over. It is now mandatory for institutions in the securities, banking, insurance, mortgage, health and similar economically-critical sectors to implement the security regimens prescribed by the competent regulatory agency. Ensuring compliance with the prescribed security regimen is extremely difficult in general and specially in the case of Smartphones, PDA’s and other handheld communication devices. The business that cannot ensure compliance with the prescribed security regimen may face demotion in its quality-of-service (QoS) rating. The same applies to its financial credit rating. This will adversely impact the credibility of the business in the eyes of its clients, customers, suppliers and associates. If the business cannot maintain customer confidence regarding its internal information security then there is a very real danger that it may lose its reputation overnight and that can be disastrous to the business! This must be avoided at all costs! Almost every business with informational security concerns has implemented a monitoring system to ensure compliance with the norms prescribed by the regulatory authority. Electronic communication media place a special burden on security-conscious institutions. Office computer networks are connected to the Internet as a rule rather than as an exception. Emails, file transfers and instant messaging services provide convenient means of communicating information out of the secured work area. PDAs and mobile phones with advanced features are functionally equivalent to computers when it comes to transferring information out of the secured work area. Such wireless communication devices are harder to supervise and control compared to wired computer networks. Regulatory agencies have noted this weakness and have addressed it very specifically. The problem is compounded by the fact that mobile communication devices (read 'Smartphone') are becoming ubiquitous in general and more specifically among the executives who are in high-risk security zones. One option is to ban the use of Smartphones in the high-risk security zones. This may require a physical check (frisking), which is both not very practical and hard to implement. The intelligent option is to install and implement a Smartphone monitoring application on company devices that need regulatory compliance. The objective of this white paper is to elaborate on the modalities of implementing a Smartphone monitoring solution on Mobile Devices, (Smartphones) which are used for company purposes.. We shall focus on the use of the TextGuard Smartphone Security Solution to guarantee compliance with regulatory requirements.
  • 3. textguard_white_paper:Layout 1 6/16/09 1:46 PM Page 3 Monitoring Smartphone’s To Meet Regulatory Requirements Introduction Watchdog regulatory bodies operating in different sectors have set up industry-specific guidelines and compliance checklists to prevent sensitive information from leaving designated security zones. They are concerned that this sensitive information may be used by perpetrators to extract an unfair financial advantage. Regulatory compliance is rapidly becoming mandatory in a growing number of business sectors. Smartphone’s are advanced mobile devices that can be used to communicate sensitive information in a number of ways. Their mobility makes it difficult to implement simple regimens to monitor them. They are small enough to be carried around the premises undetected. The multiplicity of ways, the mobility and the lack of size combine to make Smartphones a security manager’s worst nightmare. Businesses must take steps to protect themselves from information leakage for their own sake. With the added burden of regulatory compliance, businesses cannot afford to ignore this vital issue anymore. However, the IT departments of most businesses are not technically equipped to secure the sensitive information, especially when dealing with Smartphones. It is imperative that businesses that require regulatory compliance upgrade their information security systems on a priority basis. They MUST choose a system that is durable – it is of little use to install and implement a Smartphone’s monitoring system that is dated and limited in technological foresightedness. Security Regulations and Communications Recognizing the fact that “knowledge is power”, and that information is the precursor of knowledge, authorities concerned with the welfare of the investing public have developed and defined regulatory procedures and checklists to prevent the misuse of privileged information. For example, FINRA (Financial Industry Regulatory Authority) regulates the SEC-traders. They have issued a Customer Information Protection notification which says: "Protection of financial and personal customer information is a key responsibility and obligation of FINRA member firms. Under the SEC’s Regulation S-P, firms are required to have policies and procedures addressing the protection of customer information and records. This includes protecting against any anticipated threats or hazards to the security or integrity of customer records and information and against unauthorized access to or use of customer records or information." Similar regulations have been issued by other regulatory agencies such as HIPAA (Health Insurance Portability & Accountability Act - for the healthcare sector), SOX (Sarbanes-Oxley Act - for public companies), and the FTC (Federal Trade Commission - the Fair and Accurate Credit Transactions Act, 2003, and the Red Flags Rule applicable across the board to all businesses and financial institutions). Compliance with the regulatory requirements of these supervisory authorities is mandatory for institutions and businesses operating in the ambit of the respective regulatory agency. The IT departments of such institutions must enforce suitable security regimens to ensure regulatory compliance.
  • 4. textguard_white_paper:Layout 1 6/16/09 1:46 PM Page 4 As a first step in this direction, an organization must define the sensitivity of information – high, medium and low – according to its prospective adverse impact on the organization itself and on the people who have a vested interest in the organization. The second step is to identify the persons who have a valid reason to access and use the information; in other words, a person must be authorized to access and use the sensitive information. The third step is to define the areas where such information is generated and used; in other words, a 'security cage' must be defined for each type of sensitive information. The regulatory bodies require the organization to ensure that highly sensitive information remains restricted in access to authorized persons exclusively. As a corollary, sensitive information must remain within its security cage. Smartphones, unfortunately, present a very real and potent danger in maintaining informational security in the workplace. Hence, extreme caution must be exercised to make Smartphones acceptable in the workplace whilst maintaining compliance with industry- standard regulatory norms. An institution's information resource may be compromised in a number of ways. These are: External attacks: An external agency attempts to access the institution's sensitive information using trojans and similar malware, by using sophisticated radio communication equipment, or by hacking. A Wi-Fi access point (AP) in the institution's vicinity is a potential security risk. Internal events: The main types of internal events that may compromise sensitive information are: • unauthorized interaction between employees; • deliberate attempts to access sensitive information; • deliberate attempts to convey sensitive information to unauthorized persons; • unintentional transmission of sensitive information to unauthorized persons. Applying Security Regimens In A Smartphone Environment Smartphones pose a great danger to the informational security environment because: • they are mobile; • they are physically small and so, hard to detect; • they communicate over multiple paths; • they communicate using multiple protocols; • they have a multiplicity of advanced functions that may provide unknown communication pathways; • they are personal devices that are also used for business communications; • they are business devices that are also used for personal communications; • they are gaining popularity as the communication device of choice amongst executives; • they are gaining popularity as the personal decision support device of choice amongst executives; • they are prone to malware attacks; • they are (most often) connected to the business' information network. The BlackBerry is rightly considered the epitome of Smartphones. However, as a result of patent infringement, the US District Court for the Eastern District of Virginia issued an order effectively shutting down BlackBerry services and operation in the US. A stay on the injunction allowed BlackBerry to continue its US operations. In a surprise move, first the US Department of Justice and then a few months later, the US Department of Defense filed special briefs with the Court requesting it to vacate the injunction against BlackBerry operations. The reason cited by the DoJ was the large number of BlackBerry users in the US Federal Government. The reason cited by the DoD was even more spectacular. It stated that the BlackBerry was crucial for national security.
  • 5. textguard_white_paper:Layout 1 6/16/09 1:46 PM Page 5 The "brute force" method to curb the problem of informational leaks due to Smartphones is to ban their presence within the security cage. Small firms may actually employ such a method where the number of Smartphones is low or zero. Such a method is impracticable in medium and large sized institutions where almost every executive carries a Smartphone and uses it as part of his personal decision support system. In such cases the institutions rely on special Smartphone monitoring software systems to maintain regulatory compliance. At a minimum the Smartphone monitoring solution must be able to monitor and report security regimen violations with respect to email correspondence, SMS, (Text Messaging), IM, and PIN (this is a BlackBerry-specific communication facility). Desirable features in such monitoring systems include a protocol management system to set user authorities, access levels, define authorized groups, and sundries like restricting or allowing access based on time of day and day of week. Using such a sophisticated Smartphone monitoring solution maintaining regulatory compliance is the intelligent solution to the problem of applying mandatory security regimens in a pragmatic way. Applying Security Controls at The Device Level The common objective of the various informational security regulatory systems vis-à-vis Smartphones is to control the information traffic through the Smartphone device. Smartphones are called that because they have many sophisticated features and facilities to manage and control the information flow originating from and terminating at the device. So if on the one hand Smartphones are a security and compliance challenge to information security managers entrusted with enforcing regulatory compliance in the workplace, then on the other hand they are extremely facility-rich in applying security regimens on individual devices. A Smartphone can be programmed to implement a security regimen by setting the various options that are built into the device's operating system. These settings can be programmed by the user via the device's keyboard. Alternatively, and more importantly, the settings can be programmed wirelessly from a remote location. This latter method is referred to as "Over-The-Air" or OTA programming. Similarly, software programs can be “pushed” OTA to the device and installed directly. Using this feature, a company's IT department can remotely install programs on Smartphones that are specially developed to enhance the device's native security features. The client program (the program that is installed on the Smartphone) becomes a cooperating component of the enterprise-wide information regulation compliance system. This is an invaluable feature indeed. Of course the enterprise-wide information monitoring system (and its client component) must be tamper-proof, reliable, and well-designed in itself to provide meaningful information protection so that the business can meet security regulations. Besides this, the monitoring software system must be sufficiently avant-garde to cater to the technological and regulatory developments in the foreseeable future. The development of such software systems is an ongoing process by necessity. So the software development firm must be ready, willing and able to produce upgrades as these become necessary due to developments in security regulations and Smartphone technology.
  • 6. textguard_white_paper:Layout 1 6/16/09 1:46 PM Page 6 Securing the Smartphone Device A Smartphone poses a dual threat to an organization's information security environment in two key ways. Firstly a user can communicate with unauthorized persons and secondly, the user can access (not amounting to communicating) sensitive information in an unauthorized manner. Both these activities can jeopardize the company's regulation compliancy status. IT departments, information security managers and regulation compliance managers must ensure that any Smartphone monitoring system they acquire and implement possesses Behavior Blocking and Information Protection and Control features. The security feature that prevents unauthorized communication is termed 'Behavior Blocking'. The security feature that prevents unauthorized access to sensitive information is termed 'Information Protection and Control'. An executive can use a Smartphone to access sensitive information residing on the firm's computer network. This is possible by using the Smartphone’s Bluetooth capability or wireless network access capability. Behavior blocking is most often implemented using white lists (a list of authorized contacts) and black lists (a list of unauthorized contacts). These lists must be updated regularly for them to be effective in ensuring security regimens in compliance with regulatory requirements. The first step in securing a Smartphone device is to "register" it as part of the organization's information security environment. This is accomplished by a Smartphone management system running on the organization's computer network. The Smartphone management system may be supplied by the Smartphone vendor as part of the package, or it may be a separately procured package. Supervising the Information Flow for Regulatory Compliance Messages routed through a Smartphone must be reviewed by a competent executive to ensure that the security regulations have been adhered to. Hence a copy of every message must be stored someplace pending review. The security executive checks whether the message was sent to an authorized recipient or not. He must also check whether the message contained unauthorized information or not. The messages must be logged and stored away for future reference in a properly organized and maintained archive. The security executive reports cases of informational security regulatory violations to a competent authority within the organization. That competent authority then decides on a course of remedial action to be taken in accordance with the regulatory procedures. This is part and parcel of regulatory compliance. The person responsible for the regulatory violation may or may not be informed of his role in the violation depending on the organization's defined course of action and, of course, the regulatory requirement. Action against the offending person, again, depends on the organization's own regulations and the mandated regulatory requirement. Messages may be transferred between executives of the organization (internal messaging) or between a company executive and an outsider (external messaging).
  • 7. textguard_white_paper:Layout 1 6/16/09 1:46 PM Page 7 Supervising Internal and External Messaging Supervision of internal messaging is necessary in those organizations implementing security cages. This is to prevent "insider" information from being used in an unfair manner. Another reason is to prevent undesirable exertion of influence by one executive to another. This virtual segregation of communicants is referred to as a "Chinese wall" by information security professionals. When messages are sent to or received from an outsider, then the risk of a regulatory infringement increases. The security executive has to be extra vigilant when reviewing such messages compared to the vigilance required to review internal messaging. Additionally, some security regulations require the firm to keep a copy of messages sent to the firm's clients for a period stipulated by the regulatory authority. If the firm uses a Smartphone monitoring solution then the platform should be able to provide all the facilities required to supervise the messaging via the Smartphone registered as part of the firm's security environment. The facilities must be convenient to understand and use. Reportage should be flexible and useful rather than voluminous. The system must be able to archive messages efficiently. If there is a regulatory requirement to store a class of message for xx days, then the system must have a facility to automatically store the specified message class for xx days, and archive the messages that have passed the stipulated xx days. The system must provide a proper log of all messaging activity. The system must also have a search facility to help a reviewer search for messages by content or message type or recipient or sender or any other suitable parameter. In short, the software system must have features to assist in the review process associated with ensuring regulatory compliance. Message Review Modes Messages must be reviewed by a security executive to check for regulatory violations. Violations should be proceeded against according to established norms, both those of the organization and those of the regulatory authority. Every message transferred to and from a registered Smartphone must be copied to the security executive for review. Depending on the volume of message traffic the security executive may review each and every message that is copied to him (or her) for review. This is done if the message traffic is limited and well within the reviewer's capacity. If the information is extremely sensitive (national security, for example) then each and every message is reviewed, no matter how heavy the traffic. In most cases, however, a stringent scrutiny of each and every message is not called for. If practical statistics shows that an organization's executives mostly comply with the security norms then a fair sampling of messages, not all, are sent for review. Generally this fair sampling is selected in the following: Lexicon selection: Messages are processed by a computer program which checks the contents of all the messages for certain trigger words and phrases. Only those messages that contain the trigger words are reviewed by the security executive. These trigger words are contained in a compiled lexicon or word-list, maintained and updated by the organization's information security department.
  • 8. textguard_white_paper:Layout 1 6/16/09 1:46 PM Page 8 Random selection: The informational security department sets a quantum (e.g. 100 messages a day) or a percentage (e.g. 20% of the daily message traffic) as a limit for messages selected to be reviewed. A computer program then selects the stated number of messages on a random basis and sends them to the security executive for review. The selection can be for incoming messages, outgoing messages, internal messages, external messages, department-wide messages, or any combination it sees fit. If the regulatory requirements require a particular selection criterion then that criterion is applied in the message selection process. Message Storage, Management and Retrieval Informational security regulations may, and usually do, specify that an organization keep a copy of messages for future reference. This is sometimes referred to as "cold storage" by information security professionals. The regulations may specify the types of messages to be kept, and the duration for each type. This is part of regulatory compliance. Hence an organization must implement a suitable message storage and retrieval system to ensure compliance. This system is referred to as an archival system. An archival system must be well-designed to facilitate message storage management and message retrieval. Messages which pass the regulatory "cold storage" period can be trashed (deleted completely) or they may be vaulted, a storage system where all messages are highly compressed to save storage space, and rarely accessed. The idea is that messages once placed in the vault will never be required; still, they are there just to be on the safe side. After a sufficiently long time (e.g. twenty years) the messages are permanently deleted from the vault. The message archival system must be capable of archiving all types of text messages that can be generated or received by a Smartphone. SMS is the general message format. BlackBerry Smartphone can communicate directly with other BlackBerry Smartphone using a PIN-based protocol. Other Smartphone are getting ready to follow suit in implementing this BlackBerry-PIN compatible messaging system or a variation thereof. The organization's message archival system must be capable of storing the BlackBerry-PIN messages and its variants when they appear in the Smartphone. It is always a good idea for an organization to acquire software that works in cooperation with existing software. That way the organization doesn't have to duplicate its efforts in performing data entry, searching for records, record modification, or generating reports. But this is not an over-riding technical feature and can be played down in the acquisition of information monitoring solutions. Organization's intending to implement software solutions to assist in maintaining regulatory compliance need to heed one piece of advice offered here: Don't wait too long to implement the security software solution! The communication field is wide open and expanding exponentially. Too often the security executives are taken in by trade announcements of impending releases - software or hardware - and wait for the release. Meantime the organization's sensitive information is left vulnerable and the organization open to scrutiny by regulatory authorities. Technical blogs and sites are good sources of information relating to informational security in high-risk, high-security arenas. But be warned that there are some unreliable sites that thrive alongside the reliable sites.
  • 9. textguard_white_paper:Layout 1 6/16/09 1:46 PM Page 9 The TextGuard Security & Compliance Solution Preamble TextGuard is not a "Topsy" software offering that "just growed" over a mocha, nor is it a product of chance that resulted from a net entrepreneur bumping into a barely-bearded youth flogging his latest brainchild. At first glance, that statement might appear out of place in a white paper. But the fact is that this statement is more important than all the technical specs that follow. TextGuard was conceived with due diligence: technical analysis, market analysis, and feasibility analysis. The TextGuard product was designed in its totality with equal emphasis on technical excellence and market sustainability. Creating a technical gem is one thing, making sure that it stands its ground in the volatile IT marketplace is another thing. If a product is not sustainable then satisfactory client support is not maintainable either. And another "one-hit" wonder bites the dust! TextGuard was designed by a group of technical and entrepreneurial stalwarts to be the best available Information Security Solution for Mobile Communication Devices. Every aspect of the TextGuard product has been given careful consideration to ensure its living up to its designed level of excellence. TextGuard has been designed to become a technical and entrepreneurial success and is creating new benchmarks in the informational security arena. TextGuard is based on a future-ready design. Special features (many that have a patent-pending status) are being researched, designed and developed on a continuous basis. These features will enable TextGuard to operate in the ever- changing technological scenario for the years to come. Compliance Officers – (Intranet) TextGuard.com SAAS or On Premises Network Sign On • IIS 6.0 • SQL Server 2005 • SQL Server Reporting Services •SOA Web Services SAML Internet Single Sign On Redundant Web Tier Redundant Data Tier WEB • Mobile Messaging Service • Ad Hoc Reporting Services Secure Messaging • User & Group Configuration Continuous Data Backups Mobile Workforce – (Telecom Provider & BES)
  • 10. textguard_white_paper:Layout 1 6/16/09 1:46 PM Page 10 Specific Technicalities • TextGuard is a binary product - it has two components: a server component, and a client component. The client component is installed on the individual smartphones, whereas the server program is either a hosted solution, (SAAS) or can be installed on the corporate computer network. • The TextGuard server component applies an overall enterprise-wide information security regimen to all the smartphones in the organization. • The TextGuard client component applies control to the smartphone device itself; this is also known as end-point security control. • Security managers can manage the enterprise-wide information security regimen conveniently. An intuitive and well- designed user-interface allows the corporate information security manager to set and reset security rules for individual smartphones and for all devices. • TextGuard is designed to work on ANY cellular mobile carrier. • TextGuard operates under various device operating systems. • TextGuard provides Layer A level of regulation-compliance for smartphones used in industries, businesses and organizations operating in a sensitive information environment. • TextGuard monitors and logs all communications in and out of the smartphone. It selectively blocks incoming and outgoing calls. • TextGuard selectively blocks access to web sites on select operating systems. • TextGuard filters text messages (SMS and email) for obscene and prohibited content on select operating systems. • TextGuard is rich in message archival management features. • TextGuard is the only mobile security product that maintains its logs and archives on a secured server. The archives are accessible by an authorized user from anywhere in the world via the Internet. • TextGuard facilitates legal discovery of information and data contained in text messages sent and received on registered smartphones. • TextGuard maintains and manages a secured message archive. The contents of the archive can be used as trusted evidence in the judicial process. • TextGuard archived messages are evidentiary, both unwriteable and unerasable. • TextGuard lets administrators monitor an employee's communications. All messages can be archived. This prevents loss of corporate data when a smartphone is lost or stolen. • TextGuard lets administrators lock a smartphone remotely. This is specifically useful in preventing unauthorized access to sensitive corporate data when a smartphone is lost or stolen. • TextGuard operates over standard and non-standard data communication channels. For example, TextGuard monitors PIN-based messages between BlackBerry phones. • TextGuard has all the features that an information security manager requires to establish a mandatory security regimen within the organization. • TextGuard is useful in electronic communication compliance regulated industries like securities, banking, pharmaceutical, healthcare, accounting and hedge funds. In fact, any Fortune 1000 company or small business will also benefit from the TextGuard Solution given its advanced functionality and low price point. • TextGuard recognizes the advanced features available in smartphones today and those that will become available in the future. It makes full use of these features to give the user complete control over the security of sensitive information passing through the smartphone. • TextGuard is the most comprehensive sensitive information security solution available at a very affordable price point.
  • 11. textguard_white_paper:Layout 1 6/16/09 1:46 PM Page 11 Chinese Walls - TextGuard facilitates maintenance of white lists and black lists to control communication between the smartphone user and respondents. The control extends to all types of devices and communication modes: SMS/HTTP/PIN. Content filtering - TextGuard facilitates maintenance of lists of trigger words and phrases to help in filtering suspicious messages. The admin can include trigger words that recognize sexually aggressive messages aimed at women, sexually abusive messages aimed at children, coercive and threatening messages and racially offensive messages. PIN-recognition - TextGuard recognizes the PIN-feature of smartphones. It uses this feature to prevent message delivery to the wrong recipient. Advanced archive management: • TextGuard is the perfect solution to archive management issues. • The TextGuard archive manager is designed to facilitate e-discovery requirements and obligations. • The archive can be searched for keywords to maintain regulatory compliance. • The archive can be purged of time-ex messages. • The archive can be backed up for further safety. Advanced message control and management: • Messages can be categorized according to organizational requirements. Examples are OUTMSG, INMSG, SECLVL1 and CONFIDENTIAL. • Message actions can be defined by the administrator according to organizational Informatory and Cautionary Notice TextGuard is an original, innovative, and creative application of techniques and technology to secure requirements. Examples are routing of messages, information which is being transmitted OTA (over the air) to mobile wireless communication devices with an extended network of mobile wireless communication devices. blocking, deleting and copying. TextGuard is presented as a comprehensive SOLUTION system incorporating relevant processes to secure information from intentional and accidental misuse. The main body of the solution lies in a computer program • Specific actions can be defined according to software package comprising two distinctly identifiable primary components: a server component and a mobile device component. Secondary components providing necessary system sub-services are included in the combination of message categories. For example, definition and scope of the TextGuard solution. TextGuard is the intellectual property of the company TextGuard Inc. with its corporate office located in an INMSG with SECLVL1 will be routed to the Kenilworth, New Jersey, USA. TextGuard is duly and properly protected by the relevant laws and statutes in force regarding the protection of chief security reviewer. intellectual property. TextGuard's unique operational process is the subject of a US non-provisional patent application. The patent scrutiny is nearing completion. Advanced regimen management: TextGuard has a US federal trademark application pending for the TextGuard device in all its forms and styles. The source code including associated program components developed for TextGuard is protected by US • The administrator can select the rule-tolerance copyright law. The patent and copyright extend to all components of the TextGuard solution in regard to the security of level at the organization level as well as at the information residing on a computer network and an extended network of mobile communication devices. This patent includes the IP used to deliver rules from a web-based (SAAS) solution O.T.A. to the mobile device. individual level. This determines how strictly and severely the security regimen is implemented. • When a violation occurs, the admin can choose to inform or not to inform the offender of his offense. • When a violation occurs, the admin can choose to allow or not to allow the offender to rectify his error.
  • 12. textguard_white_paper:Layout 1 6/16/09 1:46 PM Page 12 For more information please visit: WWW.TEXTGUARD.COM