Mobile Device Management
I did a video with Joe McCafferty of MISTI last month. I am interested in whether you share my views. I also have some questions for you—after you watch the video.
Biometric authentication is becoming increasingly common. Smartphones and computers use it, banks have started to use it, and recently MasterCard began rolling out “selfie pay” allowing users to authenticate online payments by using their face at the point of sale. Biometric authentication refers to the validation of a user’s identity by measuring physical or behavioral characteristics. Biometric samples may include fingerprints, retinal scans, palm scans, face and voice recognition.
I believe software is essential in managing user access risk, not only for SOX but also for other business risks. In fact, the potential harm from inappropriate access is typically greater for other business risk (such as the possibility of disruption of activities such as revenue generation or manufacturing, reputation risk, and the protection of valuable intellectual property) than it is for SOX.
James Lam has an impressive resume: Chief Risk Officer for major financial institutions, author of a respected book on ERM, consultant, and board member. Recently, he wrote a white paper that is available through RIMS or Workiva, Next Frontier: Performance-Based Continuous ERM. I think it is fair to say that James and I agree on many points but disagree on others.
Some of the most significant concerns with connected vehicles are cybersecurity and privacy protection. These concerns were the main impetus behind the creation in the US of the Auto Information Sharing and Analysis Centre (ISAC) by a group of US automakers in July of 2014. The group allows its members to share information about threats and vulnerabilities, conduct analysis and develop industry solutions. The Auto ISAC has now released its “Automotive Cybersecurity Best Practices”.
The Accessibility Advisory Council’s (AAC) is inviting interested stakeholders to provide their views to its initial proposal for accessible employment standards. Therefore, employment is the second of five accessibility standards being developed under the Accessibility for Manitobans Act (AMA).
On November 2, 2016, the government proposed Nova Scotia accessibility legislation to promote equality of opportunity and increase the inclusion and participation of Nova Scotians who have disabilities or functional limitations in all areas of everyday life by promoting and encouraging the prevention, reduction and removal of barriers.
Given the popularity and prevalence of mobile devices such as smart phones and tablets in today’s world, it is no surprise that Bring Your Own Device (“BYOD”) programs have become an increasingly common arrangement for organizations. BYOD programs allow employees to use their own mobile devices for both personal and business purposes, blurring the traditional line between work and play. A recent report indicates that more than 75% of Canadian businesses support employee–purchased smartphones and tablets in the workplace.
Clearly, the great majority base their audit plan on some combination of (macro) enterprise-level risks and (micro) risks at a lower level of the organization. Somewhat more have weighted their plan towards the micro level than the macro level. So what does this all mean?