PDA Security: Chapter 4, When a Handheld Becomes Information Security's Problem

This excerpt is from Chapter 4, When a Handheld Becomes Information Security's Problem of PDA Security written by David Melnick, Mark Dinman, Alexander Muratov and Robert Elfanbaum and published by McGraw-Hill Professional. You can download Chapter 4 here for free.

What exactly is the risk that PDAs present to the Enterprise? Before you answer that question and start looking for solutions, you must go through a risk-management planning exercise. This exercise will help you assess what is at risk and what needs to be done to monitor and control the risk to your organization.

The following section examines assessing potential risks, discussing the following topics:

• Risk item identification.
• Risk analysis.
• Risk response planning, monitoring and control.

It seems intuitive that due to the portable nature of PDAs, they can easily be lost or stolen. However, without going through some risk management, one cannot entirely understand how a lost PDA can threaten the Enterprise or its customers.

Risk Item Identification

The first step is to identify who is potentially exposing the Enterprise to risk. In the case of PDAs, the organization should get a handle on how PDAs are entering, what types of employees or groups are using them, and how they are using them. Key questions to study include:

• How are handhelds getting into your Enterprise?
• Are they coming in as personal devices, or are they part of corporate purchases and application deployments?
• What types of employees are using them? What are their roles and responsibilities?

These initial questions should be studied as you formulate strategies to address the risk that handheld devices might pose to your organization.

Risk Analysis

Once your organization understands how handhelds are coming into the Enterprise and who is using them, you can begin studying which type of information is at risk. In most cases, this consists of understanding how the various employees are using handhelds in their ongoing business activities. Is it primarily individuals who have purchased their own PDAs and are using them primarily for PIM applications? Or are groups deploying vertical applications on handhelds for mobile workers?

At the core of your analysis will be a handheld risk classification document, which will be illustrated as we sum up how to assess overall vulnerability. The classification, similar to a data classification exercise, allows an organization to build a matrix including categories such as device types and information assets in order to understand the related risk factors determining an organization's overall vulnerability.

You can download Chapter 4 here for free.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Wireless Network Security: Setup and Tools,   Handheld and Mobile Device Security Best Practices,   Enterprise Network Security,   Smartphone and PDA Viruses and Threats,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Handheld and Mobile Device Security Best Practices Screencast: Find rogue wireless acess points with Vistumbler Secure your remote users in 2010 Researchers find thousands of flawed embedded devices Best Mobile Data Security Products Should Windows Mobile updates come from Microsoft? MMS messaging spoof hack could have global ramifications How to prevent mobile phone spying Unified communications: Securing a converged infrastructure RIM patches serious BlackBerry Attachment Service flaws How secure are iPhone App Store mobile applications? Handheld and Mobile Device Security Best Practices Research Smartphone and PDA Viruses and Threats How do hackers bypass a code signing procedure to inject malware iPhone worm Rickrolls jailbroken phones US-CERT warns of BlackBerry snooping software Mini guide: How to remove and prevent Trojans, malware and spyware SMS attacks against BlackBerry certificate flaw possible MMS messaging spoof hack could have global ramifications Unified communications: Securing a converged infrastructure RIM patches serious BlackBerry Attachment Service flaws Latest Apple iPhone features prompt security concerns SMS mobile worm attacks Symbian smartphones RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.