Join today and have your say! It’s FREE!

Become a member today, It's free!

We will not release or resell your information to third parties without your permission.
Please Try Again
{{ error }}
By providing my email, I consent to receiving investment related electronic messages from Stockhouse.

or

Sign In

Please Try Again
{{ error }}
Password Hint : {{passwordHint}}
Forgot Password?

or

Please Try Again {{ error }}

Send my password

SUCCESS
An email was sent with password retrieval instructions. Please go to the link in the email message to retrieve your password.

Become a member today, It's free!

We will not release or resell your information to third parties without your permission.
Quote  |  Bullboard  |  News  |  Opinion  |  Profile  |  Peers  |  Filings  |  Financials  |  Options  |  Price History  |  Ratios  |  Ownership  |  Insiders  |  Valuation

BlackBerry Ltd T.BB

Alternate Symbol(s):  BB

BlackBerry Limited is a Canada-based company, which provides intelligent security software and services to enterprises and governments worldwide. The Company leverages artificial intelligence (AI) and machine learning to deliver solutions in the areas of cybersecurity, safety, and data privacy and specializes in the areas of endpoint management, endpoint security, encryption, and embedded systems. It operates in three segments: Cybersecurity, IoT, and Licensing and Other. Cybersecurity consists of BlackBerry UEM and Cylance cybersecurity solutions (collectively, BlackBerry Spark), BlackBerry AtHo, and BlackBerry SecuSUITE. The Company’s endpoint management platform includes BlackBerry UEM, BlackBerry Dynamics, and BlackBerry Workspaces solutions. The IoT consists of BlackBerry QNX, BlackBerry Certicom, BlackBerry Radar, BlackBerry IVY and other Internet of things (IoT) applications. Licensing and Other consists of the Company’s intellectual property arrangements and settlement award.


TSX:BB - Post by User

Bullboard Posts
Post by raydar44on Apr 24, 2013 7:42am
235 Views
Post# 21297902

DOD- final comments due Apr 25

DOD- final comments due Apr 25

Army lax when it comes to mobile security, says Defense Department

Cover of report about Army and mobile security

Department of Defense

 

The U.S. Army does not have an "effective" cybersecurity program for mobile devices, says the Department of Defense's Inspector General, with some phones not appropriately configured to protect stored information or able to remotely wipe data if the phones are lost, stolen or damaged.

"The Army did not develop clear and comprehensive policy for CMDs (commercial mobile devices) purchased under pilot and non-pilot programs," wrote Alice F. Carey, assistant Inspector General, Readiness, Operations and Support, in an introduction to the report, released March 26.

"If devices remain unsecure, malicious activities could disrupt Army networks and compromise sensitive DoD information."

The Inspector General's office conducted an audit from April 2012 through February 2013 at two sites, the United States Military Academy at West Point, N.Y., and the Army Corps of Engineers Engineer Research and Development Center in Vicksburg, Miss.

More than 14,000 mobile devices — including "BYOD" (bring your own device) Android, Apple and Windows phones — had not received the "appropriate authorizations" needed to secure them, the Inspector General found.

"Our objective was to determine whether the Department of the Army had an effective cybersecurity program that identified and mitigated risks surrounding commercial mobile devices (CMDs) and removable media," the Inspector General's report says.

"Specifically, at the sites visited, we verified whether Army officials appropriately tracked, configured and sanitized CMDs."

The Army's chief information officer "did not implement an effective cybersecurity program" for mobile devices, the Inspector General's report said. "Specifically, the Army CIO did not appropriately track CMDs and was unaware of more than 14,000 CMDs used throughout the Army."

The Inspector General said the Army's CIO:

  • Did not "ensure that Commands configured CMDs to protect stored information." Chief information officers at both locations "did not use a mobile device management application to configure all CMDs to protect stored information."
  • Did not require mobile devices to be "properly sanitized." At the military academy and engineer research and development center, chief information officers "did not have the capability to remotely wipe data stored on CMDs that were transferred, lost, stolen or damaged."
  • Did not control mobile devices "used as removable media," including SD cards. The chief information officers at both locations "allowed users to store sensitive data on CMDs that acted as removable media."
  • Did not require training and use agreements that were specifically for commercial mobile devices.

"These actions occurred because the Army CIO did not develop clear and comprehensive policy for CMDs purchased under pilot and non-pilot programs," said the Inspector General's report. "In addition, the Army CIO inappropriately concluded that CMDs were not connecting to Army networks and storing sensitive information. As a result, critical information assurance controls were not appropriately applied, which left the Army networks more vulnerable to cybersecurity attacks and leakage of sensitive data."

 

 

The partial response so far — final comment is due by April 25 — from the Chief Information Office Cybersecurity Directorate says that appropriate security steps have been taken, including setting up a SharePoint portal to register and "document senior approval" of each device.

Beth Jones, senior threat researcher for Sophos Labs in the U.S., wrote on the company's Naked Security blog that "if the United States Army, with all the endless policies, is having a difficult time with BYOD, how is a small or medium-sized business going to cope?"

The Army, she said, has a good policy about geotagging, "realizing the risk that came with soldiers taking pictures that automatically had location information embedded in metadata."

But, she noted, "given the lack of management of the devices, how would the military know for sure that the geotagging has been disabled?"

 

 

 

Bullboard Posts