by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : September 15, 2015
For most agencies, the benefits of BYOD outweigh the risks, providing that certain technologies and policies are implemented and enforced. At the very least, these should include encrypting data in transit and at rest, enforcing access controls that prevent unauthorized devices from accessing government data, enforcing authentication and password protocols, and developing a list of approved apps that employees can download without worry. One of the best ways to do that is by implementing an approved MDM system, which helps organizations manage and push policies, applications and configurations, and keep track of devices, often by installing a software client on mobile devices. MDM allows agencies to do a “selective wipe”—removing only specific applications or data—in case the device is lost or compromised in any way. MAM is another important solution; it secures applications and data and provides access to apps for specific groups of users based on their needs or roles within the organization. Other important steps agencies should take include using the newest firewall technology to block users’ personal apps from accessing agency data; implementing Network Access Control solutions; and installing Security Information and Event Management systems, which enable IT staff to see security alerts generated by mobile threat detection solutions. Finally, agencies should strongly con- sider adding mobile authentication solu- tions, which help validate the identification of users before they can access sensitive resources. With this solution installed, the device remains secure even if lost or sto- len, because others who try to use it won’t be able to access critical information. focuSinG your Mobile device policy on SecuriTy There are many critical parts to an effective mobile device policy, and most of them are related to security in some way. To develop a comprehensive policy, start by reading NIST publica- tions 800-124 and 800-164. Here are some important issues to address in mobile device policies: Acceptable Use n Acceptable agency use n Acceptable personal use n Prohibited activities n Permitted access to agency resources n Backup and file sharing/ synchronization rules n Blacklisted applications Data Application/Ownership n Specify ownership of information and data n Consequences of unauthorized use, duplication or access Required Security Requirements n Device provisioning and configuration, including installation of MDM client n Password protection and policy n Device locking policy n Unacceptable device actions, such as jailbroken or “rooted” devices n Employee access limits n Conditions for remote wipe The cASe for hArdwAre- bASed Mobile SecuriTy Software-based mobile security tech- niques encryption, antitheft and antivirus apps, and MDM software have been around for a long time, and they can be quite effective. But when agencies require the highest levels of security such as FIPS 140-2 Level 3 or higher, or LOA 4—the OMB’s highest level of e-assurance—software techniques can’t measure up. That’s because even though these techniques provide protection, they can be hacked or compromised, and in rare cases, turned off by users. In addition, the mobile operating itself can be vulnerable to attacks. When top levels of authentication are required, experts recommend a hard- ware-based approach. Using a hard- ware-based security technique creates a protected environment for crypto- graphic functions that is never exposed and can’t be hacked. A hardware-based secure element isolates credentials from potential attacks. Because it is self- contained, it can’t be compromised. The National Institute of Standards and Technology agrees. In its latest guidance, NIST urges government organizations to use hardware-based mobile security when the highest level of mobile security is called for. NIST said in its guidance that a software- derived credential could reach “high confidence” but not “very high confi- dence”, according to the OMB identity assurance scale. With an eye toward making progress in the field, Google recently introduced Vault, a hardware device in the form factor of a MicroSD card. This device, still in development, will encrypt sensitive data rest and allow end-to-end protection of streaming data. It runs its own secure operating system, near- field communications and antenna, and provides 4 GB of isolated storage for the most sensitive data. Gamechanger Game ChanGinG TeChnoloGy To meeT aGenCy missions SponSored report MobilE SEcurity uSinG A hArdwAre-bASed SecuriTy Technique creATeS A proTecTed environMenT for crypToGrAphic funcTionS ThAT iS never expoSed And cAn’T be hAcked.
August 30, 2015
September 30, 2015