Tag: Mobile devices

  • BYOD Redux – The Policy Solution (Part 2)

    In the previous post, I suggested that because mobile devices (smart phones and PDA’s) were not that functionally different in how they process, transmit, and store information than other mobile computing devices like laptops, a separate policy wasn’t necessary.  Since data security, confidentiality and integrity concerns were the same as other devices, you should be…

  • BYOD Redux – The Policy Dilemma (Part 1)

    Employee-owned mobile devices are everywhere, and they’re being used for everything from email to document storage and editing.  Proper risk management procedures are defined in your policies, but do you need a separate mobile device policy, or can you simply mention them in the same policy sections that address other portable devices?  Or is there…

  • Risk Managing BYOD (bring your own device)

    Thanks in part to social media, users today often don’t differentiate between work and non-work activities, and they certainly don’t want to have to carry multiple work/non-work devices to keep them connected.    As a result, new multi-function, multi-purpose mobile devices are constantly being added to your secure financial institution network…and often in violation of your…

  • FDIC offers “Insight” on Mobile Banking

    Although not considered official supervisory guidance, the most recent FDIC Supervisory Insights newsletter offers an instructive early look into how the agency might examine this emerging electronic banking delivery method in the future.  (Before you tune out and decide to wait for the formal guidance, remember it was the Winter 2009 issue that first introduced…

  • Interpreting The New FFIEC Authentication Guidance – 5 Steps to Compliance

    We’ve all now had a couple of weeks to digest the new guidance, and what has emerged is a clearer understanding of what the guidance requires…and what it doesn’t.  But before we can begin to formulate the specific compliance requirements, we have to interpret what the guidance is actually saying…and what it isn’t.  And along…

  • Mobile devices and information security

    The key to addressing the risk of mobile devices is to think of them as functionally equivalent to a PC (with all the information security risks…