Skip Ribbon Commands
Skip to main content
Sign In
The Institute of Internal Auditors North AmericaBreadcrumb SeparatorTraining and EventsBreadcrumb SeparatorCoursesBreadcrumb SeparatorSecuring Mobile Assets and Applications
IIARF Icon
Course Description Course Outline Bring Us On Site  

Securing Mobile Assets and Applications

Course Description

Print-friendly Course Description and Outline

The demand for production applications on laptops, tablets, computers, and smart phones has grown. Mobile devices are being used to process sensitive and mission-critical data in health care, sales, customer services, human resources, and even system administration.​

Employees are moving from the corporate offices to customer sites; working in trains, planes, and automobiles; and using smart phones and tablet computers to access every kind of sensitive corporate data. This is a revolution that is already happening and is likely to accelerate as mobile applications confer business advantages. ​

The benefits of mobile computing are clear — users can work when and where they need to. But, this comes at the price of moving sensitive data — both physically and logically — outside the organization’s physical and security boundaries. Unsurprisingly, malware is on the move, too, with new generations of viruses, Trojans, and worms targeting mobile devices as well as ubiquitous mobile services such as SMS messaging, and Bluetooth/WiFi connectivity.​

This course, which is appropriate for IT auditors, operational auditors, internal control professionals, information security professionals, and risk professionals, addresses the business advantages of mobile computing as well as the emerging issues of how to control mobile devices, protect corporate assets, and maintain compliance with relevant legislation and data privacy standards.

In this course, we will discuss:

  • Policies and governance necessary to control mobile assets.
  • Ensuring that mobile devices and applications meet the security triad of confidentiality, integrity, and availability.
  • Security issues related to mobile applications and their development.
  • Issues related to the major platforms: Apple, Blackberry, Android, Windows, and Bluetooth.
  • Authentication, encryption, and nonrepudiation.
  • Multi-platform mobile environments: the Mobile Enterprise Application Platform (MEAP).
  • Provisioning, patching, and back up in the mobile environment. 
Course Duration: 1 day(s)
CPE Hours Available: 7
Knowledge Level: Intermediate
Field of Study: Auditing
Prerequisites: 

Participants should have a general understanding of IT processes.​​

Advance Preparation: 
None
Delivery Format: On-site Training (Group-Live)

​The Status Quo — An Overview of Mobile Communications​​

  • The business case for mobile — current and future
  • Categories of mobile devices in the enterprise
  • Mobile applications — what could possibly go wrong?
  • Some major control security issues associated with mobile devices and applications

Technical Security and Control Aspects of Various Platforms

  • Apple, Blackberry, Android, Windows, Bluetooth, USB, and tablets
  • The big IT issues: provisioning, patching, and back up in the mobile environment
  • Data privacy in a mobile environment — an oxymoron?
  • Multi-platform mobile environments
  • All about mobile apps: iPhone, BlackBerry, Android, and Windows Mobile

Mobile Good Practices

  • Policies and governance
  • Geolocation and tracking — the good and the bad
  • Effective use of cryptography for authentication, nonrepudiation, and data protection
  • Ensuring confidentiality, integrity, and availability
  • User awareness and training​

​Most courses can be delivered through on-site training. You might be surprised that the organization leading the profession is just as committed to the delivery of affordable training.​​​​

Contact us by calling +1-407-937-1388 or send an e-mail to GetTraining@theiia.org.​