Security and Auditing of Smart Devices Managing Proliferation of Confidential Data on Corporate and BYOD Devices

Most organizations have been caught off-guard with the proliferation of smart devices. The IT organization was comfortable supporting the Blackberry due to its ease of implementation and maintenance. But the use of Android and iOS smart devices have created a maintenance nightmare not only for the IT organization but for the IT auditors as well. This book will serve as a guide to IT and Audit professionals on how to manage, secure and audit smart device. It provides guidance on the handling of corporate devices and the Bring Your Own Devices (BYOD) smart devices.

Part I: Benefits and Risks of Smart Devices, 1. Definition of a Smart Device, 2. Ownership of Devices, 3. Data Types, 4. Uses and Benefits of Smart Devices, 5. The Risks Associated with the Use of Smart Devices, Part II: Security of Smart Devices, 6. Hardware Features, 7. Operating System Security, 8. Securing Smart Devices, Part III: Managing Smart Devices, 9. Smart Devices Use Policy, 10. Security Policy, 11. Mobile Device Management, 12. Registering Smart Devices, 13. Provisional Email, Calendar and Contact, 14. Application Development and Deployment, 15. Connecting to Corporate Network, Part IV: Compliance, Reporting and Monitoring, 16. Compliance, Part V: Reporting, Monitoring and Auditing, 17. Reporting, Monitoring and Auditing, 18. Sample Audit Plan, Part VI: Samples, Sample I. Smart Device Use and Security Policy, Sample II. Smart Device Use Policy Form, Sample III. Minimum Smart Device Configuration Security Standard

Sajay Rai has more than 30 years of experience in information technology, specializing in information technology processes, IT architecture, security, business continuity, disaster recovery, privacy, IT audit and information risk. Mr. Rai is the Founder and CEO of Securely Yours LLC, which is focused on delivering innovative solutions through delivery channels like Software-as-a-Service, Managed Services and traditional IT consulting. Prior to starting Securely Yours LLC, Mr. Rai was a Partner with Ernst & Young LLP for 10 years and was responsible for the information advisory practice in the Detroit Metro area. He also served as the national leader of EY’s Information Security and Business Continuity practices. Mr. Rai’s clients included General Motors, Blue Cross Blue Shield of Michigan, Yazaki North America, Tecumseh and Federal Mogul. He also served as a member of his firm’s Partners Advisory Council. Mr. Rai also worked with IBM for 13 years, most recently serving as an executive of the national Business Continuity and Contingency consulting practice. He was instrumental in starting the company’s Information Security consulting practice and managing its information technology consulting practice in Latin America. Mr. Rai co-authored Defending the Digital Frontier: A Security Agenda, which guides business and IT executives on how to develop an effective and efficient information security program within their enterprise. He also co-authored Institute of Internal Auditors’ publications of "Sawyer’s Internal Audit Handbook 6th Edition" and the publication of IIA’s Global Technology Audit Guide (GTAG) No. 9 on the topic of Identity and Access Management. Mr. Rai is a member of IIA’s Professional Issues Committee (PIC). He also serves on the board of ISACA Detroit Chapter, IIA’s Detroit Chapter, Society of Information Management (SIM) Detroit Chapter and as a member of Walsh College’s Accounting Advisory and Technology Committees. Mr. Rai is a regular speaker at industry conferences on information security, business continuity, disaster recovery, technology strategy and is frequently quoted in magazines and newspapers. He has also served as expert witness in litigation cases in the area of information technology and information security. He holds a Master’s degree in Information Management from Washington University of St. Louis, and a Bachelors degree in Computer Science from Fontbonne College of St. Louis.

Most organizations have been caught off-guard with the proliferation of smart devices. The IT organization was comfortable supporting the Blackberry due to its ease of implementation and maintenance. But the use of Android and iOS smart devices have created a maintenance nightmare not only for the IT organization but for the IT auditors as well. This book will serve as a guide to IT and Audit professionals on how to manage, secure and audit smart device. It provides guidance on the handling of corporate devices and the Bring Your Own Devices (BYOD) smart devices.