In September, the Information Security Forum (ISF) released a report, “Managing BYOD Risk: Staying Ahead of Your Mobile Workforce,” which found that many companies, in their rush to institute some kind of BYOD security policy, often neglected or rushed risk management. Incomplete or ineffective policies in effect leave the company open to threats against its network. Instead, ISF encourages organizations to take an “info-centric” approach to BYOD policy.
I had the chance to speak with Steve Durbin, global vice president of ISF about the report.
Poremba: When talking about risk management in terms of BYOD, what exactly do you mean? Is it just good security practices or something more?