Tech600: Audit and Control of Mobile Technology

Description: This one or two day workshop starts with review of the various business uses of mobile devices and wireless standards in use today. The numerous device types are then looked at in more detail while determining the specific risks involved when these are used within the business environment. Attendees learn that each type of business use adds risk and increases the need for key controls to help mitigate and manage that risk. The session ensures that for every risk mentioned, a corresponding control is discussed to ensure that all attendees leave with a clear understanding of how they can mitigate the risks. From access to inventory to automated tools we analyze best practices and effective implementation. A large portion of the seminar concerns reviewing key controls for each type of device and how you might use those controls in your organization. Finally, we review how you might use the ISO 27002 standard to perform an effective review of your mobile security, ensuring that all key areas are effectively and appropriately managed and controlled.

Audience: This seminar is intended for IT Management, internal and external audit professionals, security staff as well as security consultants who wish to learn more about audit and control over Mobile technology.

Prerequisites: There is no prerequisite for this seminar.

Objectives: After completing this seminar, participants will be able to:

·         Recognize the myriad of devices swarming our businesses

·         Describe how devices are used in business and understand how to assess that use

·         Recognize the risks involved in mobile technology

·         Understand the numerous controls that can mitigate the risks

·         Recognize the various types of software that offer mobile control capabilities

·         Understand the technical controls available for those without the benefit of commercial solutions

·         Conduct a technical assessment of their organization's mobile technology

Course Outline:

Understanding the different technologies in use

Key risks in business use of mobile technology

An epidemic of lost data

Laws and legal controls

Software tools and techniques for ensuring security

Understanding and Implementing Best Practices

Implementing appropriate controls

·         Phones

·         Laptops

·         USB and Firewire

·         Bluetooth

·         RFID

·         Operating Systems (Windows Mobile5/6, Symbian etc)

·         SIM cards

Using ISO 27002 as an audit process

Mr. Lewis’ seminar will draw upon the experience gained over his almost 30 years of experience in the areas of IT operations and information security in both industry and consulting.