You are the IT Manager/CIO/CISO of an organisation of your choice. You are required to design the organisation’s mobility policy present the report the company’s CEO.
The primary goal of the policy is end user enablement; at the same time, the policy must also be enforceable, manageable, user friendly (hence adoption and compliance), and secure.
Minimum Requirement You must
1. Define which company/organisation you are working form, real or fictitious are both acceptable. (Lockheed Martin/ Frank Underwood 2016 Campaign Team/SPECTRE/ABC Hospital/ Meadowbank TAFE/ The Anonymous /NSA/ Jiro’s Sushi Train etc.)
2. Describe the organisation’s nature (Defence, NFP, Government, Underground Revolutionaries, Finance, School etc.) and unique policy and/or security challenges. Minimum Users in your Organisation – 25
3. Define Mobility Use Case such as: a. Sushi Ordering Kiosk b. Mercedes-Benz Configurator Kiosk c. Westpac Branch Mobile Concierge d. Manual Delivery System for Pilots on A350s for QANTAS e. Peer-to-Peer/ Spoke-and-Hub duress button, see [login to view URL] f. Emergency Communication for your Underground Anti-Government Movement g. Augmented Reality Zombie Shooting Game h. Any other creative uses; note that most organisations will have multiple use cases for their devices
4. Define your likely opponent(s): a. Typical Opponent Profiles b. Likely attack vector c. Mode of operations
5. Detail the policy itself, and explain your rationale. You may want to consider: a. Is BYOD Allowed? b. Physical Security c. Do you have a standardised device type, what happened when they are end-of-life? d. Minimum OS Requirement e. Lost and Stolen Policy, Device Pool Replenishment f. Are users allowed to install their personal apps? g. Are personal use allowed? Limits on personal use? Can the organisation wipe personal data? h. Device passcode requirement/ Encryption requirement i. Is SD Cards on devices allowed j. Periodic Wipe? k. Compromise Device Policy (i.e. what would you constitute a compromised device that is consider unsafe?) l. Must the user bring their device to work? What if they didn’t? m. Can the organisation track the owner’s location? Do we tell them they are being tracked? n. Etc.
Assignment Format Minimum Deliverables
Please consider all of the following areas: • Policy • Standard • Baseline • Guideline • Draw the procedure/process of ONE of the following using Cross-Functional Flow Chart1: o Lost or Stolen o Security Breach o New Device/Breach o Device Troubleshooting o App Troubleshooting o New Device Procurement/Provisioning o Any other relevant procedure/process