Page 1153 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1153

significant amount of data. Data can include email with attachments,
               contacts, and scheduling information. Additionally, many devices

               include applications that allow users to read and manipulate different
               types of documents.

               Many organizations issue mobile devices to users or implement a
               choose your own device (CYOD) policy allowing employees to use
               certain devices in the organizational network. While some
               organizations still support a bring your own device (BYOD) policy

               allowing an employee to use any type of device, this has proven to be
               quite challenging, and organizations have often moved to a CYOD
               policy instead. Administrators register employee devices with a mobile
               device management (MDM) system. The MDM system monitors and
               manages the devices and ensures that they are kept up-to-date.

               Some of the common controls organizations enable on user phones are
               encryption, screen lock, Global Positioning System (GPS), and remote

               wipe. Encryption protects the data if the phone is lost or stolen, the
               screen lock slows down someone that may have stolen a phone, and
               GPS provides information on the location of the phone if it is lost or
               stolen. A remote wipe signal can be sent to a lost device to delete some
               or all data on the device if it has been lost. Many devices respond with
               a confirmation message when the remote wipe has succeeded.




                          Remote wipe doesn’t provide guaranteed protection.

                  Knowledgeable thieves who want data from a business smartphone
                  often remove the subscriber identity module (SIM) card

                  immediately. Additionally, they have used shielded rooms similar
                  to Faraday cages when putting the SIM back into the phone to get
                  the data. These techniques block the remote wipe signal. If a
                  confirmation message is not received indicating that the remote
                  wipe has succeeded, it’s very possible that the data has been
                  compromised.




               Managing Media Lifecycle

               All media has a useful, but finite, lifecycle. Reusable media is subject
   1148   1149   1150   1151   1152   1153   1154   1155   1156   1157   1158