Tip

PDA Security: Chapter 4, When a Handheld Becomes Information Security's Problem

Written by David Melnick, Mark Dinman, Alexander Muratov and Robert Elfanbaum; Published by McGraw-H

This excerpt is from Chapter 4, When a Handheld Becomes Information Security's Problem of PDA Security written by David Melnick, Mark Dinman, Alexander Muratov and Robert Elfanbaum and published by McGraw-Hill Professional. You can download Chapter 4 here for free.

    Requires Free Membership to View


What exactly is the risk that PDAs present to the Enterprise? Before you answer that question and start looking for solutions, you must go through a risk-management planning exercise. This exercise will help you assess what is at risk and what needs to be done to monitor and control the risk to your organization.

The following section examines assessing potential risks, discussing the following topics:

  • Risk item identification.
  • Risk analysis.
  • Risk response planning, monitoring and control.

It seems intuitive that due to the portable nature of PDAs, they can easily be lost or stolen. However, without going through some risk management, one cannot entirely understand how a lost PDA can threaten the Enterprise or its customers.

Risk Item Identification

The first step is to identify who is potentially exposing the Enterprise to risk. In the case of PDAs, the organization should get a handle on how PDAs are entering, what types of employees or groups are using them, and how they are using them. Key questions to study include:

  • How are handhelds getting into your Enterprise?
  • Are they coming in as personal devices, or are they part of corporate purchases and application deployments?
  • What types of employees are using them? What are their roles and responsibilities?

These initial questions should be studied as you formulate strategies to address the risk that handheld devices might pose to your organization.

Risk Analysis

Once your organization understands how handhelds are coming into the Enterprise and who is using them, you can begin studying which type of information is at risk. In most cases, this consists of understanding how the various employees are using handhelds in their ongoing business activities. Is it primarily individuals who have purchased their own PDAs and are using them primarily for PIM applications? Or are groups deploying vertical applications on handhelds for mobile workers?

At the core of your analysis will be a handheld risk classification document, which will be illustrated as we sum up how to assess overall vulnerability. The classification, similar to a data classification exercise, allows an organization to build a matrix including categories such as device types and information assets in order to understand the related risk factors determining an organization's overall vulnerability.

You can download Chapter 4 here for free.

This was first published in January 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.