A legal guide to enterprise mobile device management : managing bring your own device (BYOD) and employer-issued device programs

cover image

Where to find it

Law Library — 2nd Floor Collection (2nd floor)

Call Number
KF390.5.C6 W87 2013
Status
Available

Summary

As workers use smart phones, tablets, and laptops for both their work and their personal lives, chief information officers face the complex challenges of managing mobile devices in the business setting. This book examines key concepts, considerations, and issues in mobile device management-from business, legal, and technical perspectives, with background information on business drivers and technology. A sample motion device policy is included as a starting point for a business' mobile device program documentation. Because the guide is written for a wide audience, it will serve as a helpful reference for business and technology professionals as well as attorneys.

Contents

  • About the Author p. ix
  • Foreword p. xi
  • Preface p. xiii
  • Chapter 1 Introduction p. 1
  • A The Mobile Transformation p. 1
  • B Purposes of This Book p. 2
  • C Mobile Computing as Part of a Larger Picture of Technology Changes p. 4
  • Chapter 2 The Impact of the Consumerization of Information Technology p. 9
  • Chapter 3 Managing a Mobile Device Program p. 15
  • A Risk Analysis and Management p. 15
  • 1 The Risk Management Process p. 15
  • 2 Applying Risk Management Principles to Mobile Devices p. 18
  • B BYOD or Employer-Issued Devices? p. 19
  • C Establishing Policies and Supporting Documentation p. 20
  • 1 Types of Documentation p. 20
  • 2 Documentation Supporting Mobile Device Management p. 22
  • D Procuring Technology to Support a Mobile Device Program p. 25
  • E Implementing the Mobile Device Program p. 25
  • Chapter 4 Discovery and Records Management Issues p. 27
  • A The Discovery Process p. 27
  • B Discoverability of Information on Mobile Devices p. 29
  • C Preservation Obligations and Spoliation p. 30
  • 1 Preservation Obligations p. 30
  • 2 Spoliation of Evidence p. 31
  • 3 Preservation and Spoliation of Evidence on Mobile Devices p. 33
  • 4 Challenges in Collecting Information p. 34
  • D Records Management Issues p. 36
  • Chapter 5 Information Security Issues p. 39
  • A The Importance of Information Security p. 39
  • B Different Types of Information Security Legal Issues p. 40
  • C Compliance with Security Laws p. 43
  • 1 Sarbanes-Oxley Act p. 43
  • 2 Gramm-Leach-Bliley Act p. 44
  • 3 Federal Information Security Management Act p. 44
  • 4 Fair and Accurate Credit Transactions Act/Red Flags Rule p. 44
  • 5 Health Insurance Portability and Accountability Act p. 44
  • 6 State Medical Information Privacy Laws p. 45
  • 7 State Breach Notification and Data Security Laws p. 46
  • 8 State Consumer Protection Laws p. 49
  • 9 Cybercrime Laws p. 49
  • 10 Compliance Requirements Regarding Mobile Devices p. 50
  • D Information Security Controls p. 50
  • 1 Administrative Controls p. 51
  • a Risk Analysis and Management p. 51
  • b Asset Identification and Valuation p. 51
  • c Threat Identification p. 52
  • d Vulnerability Identification p. 52
  • e Risk Identification p. 54
  • f Security Management p. 54
  • g Hiring, Supervising, and Terminating Workers p. 55
  • h Access Management p. 55
  • i Security Awareness and Training p. 56
  • j Incident Response and Handling p. 58
  • k Backup Planning p. 59
  • l Assessment p. 60
  • m Third-Party Supervision p. 60
  • 2 Physical Safeguards p. 61
  • a Physical Safeguards and Facility Planning p. 61
  • b Computing Device Use Policies and Procedures p. 62
  • c Physical Safeguards Around Workstations p. 62
  • d Inventory and Media Control and Disposal p. 63
  • 3 Technical Safeguards p. 64
  • a Mobile Device Management Systems p. 64
  • b Access Control Technology and Authentication p. 65
  • c Automatic Locking or Logoff after Inactivity p. 66
  • d Patching and Updates p. 66
  • e Logging p. 66
  • f Integrity Controls p. 66
  • g Transmission Security/Wireless Security p. 67
  • h Encryption p. 67
  • 4 Robust Policies, Procedures, Standards, and Documentation p. 68
  • E Information Security Liability p. 68
  • F Incident Response p. 69
  • G Mobile Devices and Secure E-Commerce Systems p. 73
  • Chapter 6 Privacy Issues p. 75
  • A Privacy Liability and Rights p. 75
  • B Managing Workplace Privacy p. 76
  • C Social Media Privacy Laws p. 80
  • Chapter 7 Protecting Trade Secrets and Confidential Information p. 83
  • A Trade Secrets and Confidential Information p. 84
  • B How to Obtain and Maintain Trade Secret Protection p. 85
  • C Duration of Trade Secret Protection p. 86
  • D Enforcement of Trade Secrets p. 86
  • E Protecting Secrecy Before the Mobile Era p. 88
  • F Protecting Secrecy in the Age of the Internet and Mobile Devices p. 89
  • G Loss of Trade Secret Protection p. 91
  • H Enforcing Confidentiality Rights p. 93
  • I Raising the Standard p. 94
  • Chapter 8 Insurance Issues p. 95
  • A Examples of Policy Coverages p. 95
  • B Potential Gaps in Coverage p. 96
  • Chapter 9 Employment Law Issues p. 99
  • A Employment Discrimination p. 99
  • B Compensation Issues p. 101
  • C Workplace Safety Issues p. 103
  • D Workplace Privacy Issues p. 104
  • E Working with Unions and Works Councils p. 104
  • 1 Collective Bargaining with Unions on Mobile Policies p. 105
  • 2 Working with European Works Councils p. 106
  • Chapter 10 Future Challenges p. 107
  • Appendix 1 Sample Electronic Device Policy p. 111
  • Appendix 2 Additional Resources p. 127
  • Index p. 133

Other details