Www.adira.org Philippe LE TERTRE IS Governance Consultant Founder and managing partner of VADEGIS...
-
Upload
tyrone-lester -
Category
Documents
-
view
216 -
download
0
Transcript of Www.adira.org Philippe LE TERTRE IS Governance Consultant Founder and managing partner of VADEGIS...
www.adira.org
Philippe LE TERTRE IS Governance Consultant
Founder and managing partner of VADEGIS (company specialized in Information System Management and Governance)
IS governance consultant, certified by ISACA, (CGEIT)
Teacher at ……..
IS Auditor trained at IAE of Paris
Operational experience based on more than 20 years as CIO in international environment
www.adira.org
Governance & management rules 1/4
BYOD policy must be approved by executive management
Executive management receives regularly scheduled status reports on BYOD usage
Executive management receives on risk management status report on regular basis
Governance structureGoal : BYOD is subject to oversight and monitoring by management
PoliciesGoal : Policies supporting BYOD initiatives have been defined, documented, approved,
implemented and maintained
Employee BYOD Agreement / Mobile Acceptable Use Policy (MAUP)
BYOD processes are integrated into HR services, policies, and compliance.
Limited access for third parties when connecting to the enterprise networks and IT systems
Exemptions from BYOD policies
www.adira.org
Impact analysis must be carried out to identify potential impacts and risk on BYOD approach
BYOD procedures must be updated according to the legal requirements
LegalGoal : BYOD procedures comply with legal requirements and minimize the organization’s
exposure to legal actions
Identifying skills and competences needed for the BYOD environment
Setting up the process to support BYOD usage within the enterprise
Technical and users supportGoal : A support function, dedicated to BYOD area must be established to process
technical and user issues
Governance & management rules 2/4
www.adira.org
Governance & management rules 3/4
BYOD Initial Risk Assessment (prior to implementing the BYOD program)(data confidentiality, juridical, human, technical,..)
BYOD Ongoing Risk Assessment
Risk managementGoal : BYOD is subject to routine risk assessment processes
Initial Training : BYOD users are required to attend initial training on BYOD policy and procedures
Security and Awareness Training : Security awareness, at least annually
TrainingGoal : BYOD users attend initial orientation training and regular follow-up training
www.adira.org
Governance & management rules 4/4
Device Access Restrictions: BYOD users are required to restrict access to their devices.
Data Access / Encryption / Data Protection
Malware Protection: BYOD mobile devices are required to have standard anti-malware defenses.
…….
Mobile device layer securityGoal : BYOD users are required to maintain basic security procedures for the device
Central management of BYOD devices characteristics, configuration, owner,....
Central management of IT procedures / Monitoring of BYOD usage
Remote management
.......
Mobile device managementGoal : Enterprises has to use an Identification and Maintenance of Configuration Items
www.adira.org
PO6.3 IT Policies Management
PO7.4 Personnel Training
PO9.2 Establishment of Risk Context
PO9.4 Risk Assessment
DS5.3 Identity Management
DS5.4 User Account Management
DS5.5 Security Testing, Surveillance and Monitoring
DS5.9 Malicious Software Prevention, Detection and Correction
DS5.10 Network Security
DS5.11 Exchange of Sensitive Data
DS9.1 Configuration Repository and Baseline
DS9.2 Identification and Maintenance of Configuration Items
0
1
2
3
4
5
Assessment
Target
Maturity assessment, example and tools
This spider graph is an example of the assessment results and maturity target for a BYOD management assessment
Link to COBIT
process
www.adira.org
Going Further …Conclusion
Operational sales force toolsAttract talentsE-reputationUsers satisfaction / productivity……..
BYOD phenomenon is a risk but could be a value creation opportunity
Data governance encourages behavior in the valuation, creation, storage, use, archival and deletion of data and information. It includes the processes, roles, standards and metrics that ensure the effective
and efficient use of data and information in enabling an organization to achieve its goals.
Data policiesData classification and valuationData quality (accuracy, accessibility, consistency, completeness,…..)Data complianceData securityData management and ownership………..
BYOD reinforces the enterprise data management and governance needs
www.adira.org
Questions
Thanks for your attention