byod roadshow policy&compliance peru julio2013

7/28/2019 BYOD RoadShow Policy&Compliance Peru Julio2013

1/15

2011 Cisco and/or its affiliates. All rights reserved.

Julio 2013

Mauricio Ramirez, Solutions Architect


2/15


Compliance and Policy are differe

Verticals

Regulations based on location

Compliance and Policy are boring!!

Necessary evil Or Wild West!!

Starting BYOD without Policy and Compliance

addressed!!!


3/15


All groups need to be involved in

Human Resources

Legal, IT, Executives

Policies need updating often

Publish lists of recommendations

The recommended devices provide a better user exp


4/15


BYOD programs are more than just IT initiatives. Cisco IT brought togerepresentatives from IT, Security, Legal, HR, Sales, Services, EngineeOperations to create their program. The Cisco Mobility Services team employees to work their own way using multiple devices all across the Belding, senior manager of IT Mobility Services at Cisco explained the Device choice is a reflection of your entire corporate culture.

Source Article published by Littler & Little Law Firm published 12/20/2012

http://mashable.com/2012/12/20/byod/
http://mashable.com/2012/12/20/byod/http://mashable.com/2012/12/20/byod/http://mashable.com/2012/12/20/byod/


5/15 2011 Cisco and/or its affiliates. All rights reserved.

Read the Littler & Littler white paper published

http://www.littler.com/files/press/pdf/TheLittlerReport-TheBringYourOwnDeviceToWorkM

Warns of owing overtime to non-exempt employees

A Chicago Police officer is suing for overtime pay for answer

while not at work. Source http://abcnews.go.com/Business/chicago-police-officer-sues-hoping-overti

blackberry/story?id=18432865
http://abcnews.go.com/Business/chicago-police-officer-sues-hoping-overtime-pay-blackberry/story?id=18432865http://abcnews.go.com/Business/chicago-police-officer-sues-hoping-overtime-pay-blackberry/story?id=18432865http://abcnews.go.com/Business/chicago-police-officer-sues-hoping-overtime-pay-blackberry/story?id=18432865http://abcnews.go.com/Business/chicago-police-officer-sues-hoping-overtime-pay-blackberry/story?id=18432865http://abcnews.go.com/Business/chicago-police-officer-sues-hoping-overtime-pay-blackberry/story?id=18432865http://abcnews.go.com/Business/chicago-police-officer-sues-hoping-overtime-pay-blackberry/story?id=18432865http://abcnews.go.com/Business/chicago-police-officer-sues-hoping-overtime-pay-blackberry/story?id=18432865http://abcnews.go.com/Business/chicago-police-officer-sues-hoping-overtime-pay-blackberry/story?id=18432865http://abcnews.go.com/Business/chicago-police-officer-sues-hoping-overtime-pay-blackberry/story?id=18432865http://abcnews.go.com/Business/chicago-police-officer-sues-hoping-overtime-pay-blackberry/story?id=18432865http://abcnews.go.com/Business/chicago-police-officer-sues-hoping-overtime-pay-blackberry/story?id=18432865http://abcnews.go.com/Business/chicago-police-officer-sues-hoping-overtime-pay-blackberry/story?id=18432865http://abcnews.go.com/Business/chicago-police-officer-sues-hoping-overtime-pay-blackberry/story?id=18432865http://abcnews.go.com/Business/chicago-police-officer-sues-hoping-overtime-pay-blackberry/story?id=18432865http://abcnews.go.com/Business/chicago-police-officer-sues-hoping-overtime-pay-blackberry/story?id=18432865



SoX Public companies must comply

HIPPA Has complicat

PCI Annual or more frequent Audits



EPA regulations

OSHA Most manufactures a

And many more

Most of these regulations change for different Countries



Continue the education regularly

Is this WiFi safe to use?

What do I do if my phone is stolen?


9/15


Enforce you policies

Use tools like ISE for identity management

Use an MDM to help enforce polices on devices

Build out or use and outside PKI to put certificates on the deknow who is on your network

Secure wireless


10/15


Automating your BYOD will ensure that each part of the provprocess is followed

Your IT department does not become overwhelmed with pro

The employee can sign the policies during the provisioning p

Test devices extensively. Some Android devices do not wipewhen the command is sent to wipe the phone

Heard from a customer, We feel the iOS devices are the mobut our developers prefer to develop forthe Android


11/15



12/15


Objective

Cisco's IT Governance, Risk, and Compliance (IT GRC) Services

provide customers with expert advice on how to manage theirsecurity strategies, measure security effectiveness, assess risk,and prepare for a variety of compliance situations includingcompliance with multiple regulatory and industry requirements.

Challenge Solution

Customer has no corporate

policy for BYOD

Needed expertise indeveloping BYOD policies

and standards appropriate to

the technical solution as well

as best practices

Desired policies andstandards that would pass

internal legal and HR review

Researched policies and bestpractices for BYOD

Reviewed existing customerinformation technology security

policies

Interviewed customer management

to gain insight on security and riskfactors

Created matrix for risk factors and

mitigations


13/15



14/15


Network Access Policy draft accepted by management and implement

Network Access Policy Standard adopted that provides details on BYOimplementation

Customer provided detailed recommendations for modifying overarchinpolicies to support BYOD and address security and privacy issues


15/15

Thank you.

byod roadshow policy&compliance peru julio2013

Documents