Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Mobile device

advertisement 
Mobile Security
Objectives
Identify risks with mobile devices:
 Portable data storage
 Wireless connections
 3rd party applications
 Data integrity
 Data availability
2
Threats
3
Glossary

Mobile device:
Electronic computing or storage device
› Smart phone
› USB drive
› Tablet
› CD, DVD

PHI: Protected Health Information
4
Assumptions
Mobile devices are necessary in health
care
 PHI will migrate to mobile devices
 Mobile technology will evolve
 Devices will be stolen or lost

5
Wireless Connections
Types of connections:
 Cellular
 WIFI
 Bluetooth
 Radio (RFID)
 With more to come…
› TransferJet
6
Wireless Connections

The risks:
› Device is hacked
› User sends data to wrong destination

The solutions:
› Trusted connections only
› Secure connections
♦
♦
SSL for web traffic
WPA2 for WIFI
› Data encryption
7
Portable Data Storage

The risks:
› Device is lost or stolen
› Device is hacked

The solutions:
›
›
›
›
Encryption, encryption, encryption!
Minimum necessary
Remote wipe capability
Password policy
8
rd
3

Party Applications
The risks:
› Device is hacked
› Device is rendered inoperable/unreliable

The solutions:
› Trusted applications only
› Minimum necessary
› Security application (scans for malware)
9
Data Availability

The risks:
› Device is unavailable
› App compromises data

The solutions:
› Secure connections, anti-malware, trusted
applications
› Update the OS and apps
10
Data Integrity

The risks:
› Device is hacked
› App compromises data

The solutions:
› Secure connections, anti-malware, trusted
applications, update the OS and apps
› Reset the OS (locally or remotely)
11
Key Strategies
Minimum Necessary Data
 Secure Connection
 Password Policy
 Malware Protection
Can
be
 Data Encryption
managed with
 Trusted Applications
software
 OS Management
 Remote Wipe

12
Bringing it All Together
Identify the benefits of mobility
 Quantify the risks
 Weigh the risks and benefits
 Find a solution that mitigates the risks
 Write your operator’s manual

› Policies and procedures
Keep track of things
 Keep your staff educated

13
Conclusion

HIPAA compliance is possible if you
have a plan

Achieve the right balance of
technology and security
14
QUESTIONS?
Lauri Scharf
lscharf@vitl.net
Related documents
Description
Description
Issue 73 Encryption Algorithm
Issue 73 Encryption Algorithm
University of Wisconsin - Stout Hacked! Now What?
University of Wisconsin - Stout Hacked! Now What?
CH 8 – Review - WordPress.com
CH 8 – Review - WordPress.com
CPSC 6126 Computer Security
CPSC 6126 Computer Security
Opportunistic_Encryption_A_Trade
Opportunistic_Encryption_A_Trade
2_23
2_23
TMX7051
TMX7051
Please Click Here
Please Click Here
Here are the PowerPoint slides with links - Auto
Here are the PowerPoint slides with links - Auto
Total Contact Hours
Total Contact Hours
Comparison CryptoDisk and its analogues
Comparison CryptoDisk and its analogues
Data Encryption with SQL Server
Data Encryption with SQL Server
Yahoo!NEWS - Boise State University
Yahoo!NEWS - Boise State University
Encryption assignment
Encryption assignment
Portable Device Acceptable Encryption
Portable Device Acceptable Encryption
Document
Document
NUS: Top Shareholders
NUS: Top Shareholders
Features list
Features list
TrustedDB A Trusted Hardware based Database with Privacy and
TrustedDB A Trusted Hardware based Database with Privacy and
ITS Exemption from Encryption Form - University of Texas
ITS Exemption from Encryption Form - University of Texas
Security at the Operating System Level (Microsoft)
Security at the Operating System Level (Microsoft)
Download
advertisement