Question

CASE STUDY: Your CISO has asked you to lead a meeting to discuss the possibility of allowing users to bring their personal devices (phones, laptops, watches, tablets, etc) to work and join the network. Develop an agenda including a list of talking points and considerations to get the project started. Provide a basic agenda including a list of considerations.

Please use proper grammar, spelling and punctuation. Cite references.

write your own ideas

Answer 1

Bringing their personal devices to work may make it easy to stay in contact with the employees. It is usually known as BYOD(Bring-Your-Own-Device) policy. But generally it may cause many security problems. It will lead to some issues like opening up our business network to viruses, malwares and security breaches. IT departments should take the responsibility for educating employees about the risks and threats that comes with ignoring these policies.

Security issues include:

1. Hackers can easily pass through these gadgets: through hacking companies privacy will be lost

2. Data can be misused

3. Data theft going on

4. Entry of malwares: when we downloading something under the company network, may it has viruses and it will pass through the network and affects company’s confidential data.

5. Organization’s reputation may be inversely affected.

Each company has their own rules and policies. The guidelines include:

1. Some do not allow personal devices to their companies as a part of their cyber security.

2. Rules about which employee can use their own devices.

3. Type of device they can use.

4. In which applications and data they can use or save on their devices.

5. Use of removable devices like USB, Hard Disks can be restricted.

6. Provide awarness about the situation when these security issues happened.

Companies providing separate networks for separate users according to their responsibilities at that company. For eg., Jack has his own company mail id, which can be only accessed through the reputed company network and by some company allowed devices. When he wants to open the mail id in other device, he must confirm that it is him who trying to accessing the mail. It is a part of cyber security policy in a company.

Protecting our network will be a major concern that we can take as a defence. Because it’s more critical about to protect the network from the viruses such as some denial-of-services. As a part of this company should give rules like to install some form of anti-virus and anti-malware software.

Providing VPN(Virtual Private Network) facility is a way to protect our company. VPN connection is a two-step process. It involves authenticating an employee through a username and password and the device they are trying to connect with by way of an electronic certificate check. Similar policies can be implemented through the use of a Mobile Device Management platform in the case of using mobile phones. MDMs such as McAfee’s Enterprise Mobility Management and Symantec’s Mobile Management can also be deployed to automatically enable or disable various device settings, force employees to use passwords to unlock their devices, block access to app stores, and lock a device’s camera.

Giving employers the facility to use their own gadgets or not is a very risky business. Employers that choose to design a BYOD policy should consider whether to implement any limitations, such as allowing employees to view company information but not download it to their devices. In the conclusion, BYOD is not a right, it’s a privilege. If their employers allow employees to use their personal equipment, they need to understand that employees must follow certain procedures that they want. Otherwise it must be legally imposed.