Defense-In-Depth (Case Study)

/ Miguel Bigueur

IC78017

Introduction:

Our current effort at implementing defense in depth needs to be overhauled and one of the areas of major concern is a mobile device. We recently paid out a total of $60 million in settlements as a result of stolen sensitive private information from our customer data centers located in two of our major markets, Mexico and the Philippines.

As a result of the negative press, our customer satisfaction has dropped to an all time low of 20%. According to our estimates, we can easily achieve a 90% reduction in incidences by initiating a small number of low cost countermeasures.

Proposal:

It is reported that 95% of our customer service centers have developed a culture of not adhering to corporate BYOD policies and as a result over 300,000 customer data records containing, home addresses, phone numbers, and credit card information, were illegally collected by means of mobile phone cameras. To address this problem, we propose the following:

  1. Overhaul our social engineering awareness programs to meet today’s new and emerging threats head on.
  2. Contract with third-party security vendors to perform regularly unscheduled and un-announced security penetration research tests.
  3. Update and overhaul our existing BYOD policies and enforcement.

Through continuing policy updates and enforcement, we estimate a drop in exfiltration of data collection of un-authorized data to drop below 5% by end of fiscal.

Risks:

Implementing an overhaul of this size and scope will require all of our customer services centers, located worldwide, to undergo retraining, which in the short term will impact customer resolution timeframes by an average of 20% each. However, we plan to reduce that probability 50% through the formation of highly customized training programs specific to each country we do business in. To minimize customer impact, we plan to broadly stagger rollouts to over 112 countries over the next 24 months.

Recommendation:

To complete this project within the 24 month allotted timeframe, we require immediate approval of a $2 million reallocation of corporate retraining funds for the IT budget next quarter. Although, the option to remove all mobile devices from our customer service centers may seem a viable option, below are three arguments to the contrary:

  • Workers are more productive using their own hardware; U.S. workers save an average of 81 minutes per week by using their own devices.
  • 49 percent of users say they are more productive using their own devices.
  • For mobile users, basic BYOD delivers an average annual value of $350 for companies. With a comprehensive, reactive BYOD program, which gain jumps to $1,300 per mobile user per year.

Works Cited

Daimon Geopfert, R. H. (2015, 4). Executive summary: Cybersecurity and data breach preparedness . Retrieved 9 2016, from rsmus.com: http://rsmus.com/what-we-do/services/risk-advisory/security-and-privacy/cybersecurity-and-data-breach-preparedness/executive-summary-cybersecurity-and-data-breach-preparedness.html

Ingram Macro Advisor. (2016). 23 BYOD Statistics You Should Be Familiar With. Retrieved 9 2016, from ingrammicroadvisor: http://www.ingrammicroadvisor.com/data-center/23-byod-statistics-you-should-be-familiar-with

Skidmore, S. (2015, 2). YOU NEED A BYOD POLICY! A FRAMEWORK TO GET STARTED. Retrieved 9 2016, from apperian.com: https://www.apperian.com/mam-blog/need-byod-policy-framework-get-started/

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.