Report Table of Contents

1. Executive Summary

2. Audience and Assumptions

2.1 Audience: The mobile evaluators and decision-makers

2.2 Assumptions: Mobile platforms

2.3 Assumptions: Risk assessment

3. Key Issues and Recommendations

3.1 Key issues

3.2 High-level recommendations

4. Common Questions

4.1 Is iOS secure enough for use in the enterprise?

4.2 Is Android secure enough for use in the enterprise?

4.3 How do iOS and Android compare to BlackBerry for security?

4.4 Does the device passcode prevent someone from accessing device data?

4.5 Does iOS encryption work, and does it protect all device data from being stolen?

4.6 How secure is the iOS keychain?

4.7 Which is more secure, iOS or Android?

4.8 Is it advisable to use iOS or Android for sensitive data?

4.9 If we are planning to deploy or already using iPhones, do we need an MDM system?

4.10 What is a strong enough passcode?

5. High-level Risk Overview

5.1 Risks to corporate data and network security

5.2 The mobile device as a target

5.3 The mobile device as a vector

5.4 Risk scenarios: What could go wrong?

5.5 Mobile risk map

6. Auditing Mobile Devices

6.1 Audit/Assurance Program

6.2 Targeted Device Auditing

7. Corporate Policies

7.1 Sensitive corporate data

7.2 Device encryption

7.3 Complex passcodes

7.4 Remote wipe

7.5 iOS Jailbreaking, Android Rooting

7.6 Tethering

7.7 USB mass storage

7.8 Data retention

7.9 Acceptable use

7.10 Asset tracking

7.11 Personal device restricted actions & disclosure

7.12 Privileged accounts & non-exempt staff

7.13 Mobile use while driving

7.14 End user training

7.15 Device Audits

8. Security Comparison: iOS, Android and Blackberry. 39

9. Device Security Control Profiles

9.1 iOS security control profile

9.2 Android security control profile

10. MDM/Secure Messaging

10.1 Mobile Device Management (MDM)

10.2 MDM Caveat

10.3 Leading providers

10.4 Secure Messaging

11. Technical Analysis – iOS

11.1 Passcode Protection

11.2 Data Recovery

11.3 ActiveSync Security Controls

11.4 Remote Wipe

11.5 App Isolation

11.6 Malware Protection

11.7 Data Encryption

12. Technical Analysis – Android

12.1 Passcode Protection

12.2 Data Recovery

12.3 ActiveSync Security Controls

12.4 Remote Wipe

12.5 App Isolation

12.6 Malware Protection

12.7 Data encryption

13. References.
 

About the report

viaForensics’ Mobile Security Risk Report is available now for purchase and immediate download for only $495 US.

Packed with recommendations and risk intelligence, backed by detailed technical and forensic security expertise, this report provides sought-after answers to common questions regarding mobile security.