How IT can prepare for mobile forensic investigations

By Thor Olavsrud , CIO |  Security, Forensics

This is especially true of organizations subject to compliance with regulations like PCI-DSS or HIPAA, but any organization could find itself in trouble if it can't get its hands on emails and SMS messages during an ediscovery process.

"If a company faces litigation or some other incident, do they have the capabilities to get the answers that these devices potentially hold inside them, whether through insourcing or outsourcing? That preparation is often an afterthought," says David Nardoni, director of mobile device investigations with Pricewaterhousecooper. "It has to be part of the implementation of your mobile policy."

[ Related: BlackBerry CIO on Mobile Security, BYOD and the Modern CIO Role ]

"Mobile devices really are a whole different world for investigations," he adds. "You could have guys that just spend all their time keeping up with the nuances of mobile devices, just like you have specialists in PCs that focus on network intrusions, etc."

Your Policy Needs to Give You the Right to Examine Employee Devices

Nardoni notes first and foremost that organizations should include a stipulation in their mobile policy that gives the security organization the right to examine an employee's mobile device whether the device is corporate-owned or brought from home.

"Companies need to ensure they have the right authority to be able to examine any device that is brought into their environment," he says. "People are using these devices in a different way than they use their PC. They consider these devices much more personal. Even if it's a corporate-owned device, they still communicate in much more intimate ways than they would if they were on a computer."

Embrace BYOD But Still Limit Authorized Devices

Mobile forensics provide many challenges beyond privacy considerations. The sheer number of devices and mobile operating systems present another key difficulty. There are now more than 800 Android devices alone, running many versions of the operating system. Forensic tools that work on one device or operating system may not work on another. Worse, the tools may be incompatible with new versions of devices or operating systems.

[ Related: For BYOD Best Practices, Secure Data, Not Devices ]


Originally published on CIO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.

     

    Learn more

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness