FierceWirelessFierceWirelessEuropeFierceDeveloperFierceMobileContentFierceBroadbandWirelessFierceEnterpriseCommunicationsFierceIPTVFierceTelecomFierceOnlineVideoFierceCable
Related Topics >> Google | Mobile Device | Facebook | google maps

ISACA: Take Action to Avoid Mobile Device Geolocation Risk

Tools

Posted September 27, 2011

Global Association Suggests Five-step ROUTE

ROLLING MEADOWS, Ill.--(BUSINESS WIRE)-- Twenty-eight percent of U.S. adults use location-based applications like Facebook and Google Maps, and that number will grow. A new ISACA white paper cautions that regulating geolocation data is in progress, so individuals and enterprises must be aware of the information they provide, collect and use.

Geolocation uses data to identify a physical location. It offers consumers convenience, discounts and easy sharing, and enables enterprises to deliver personalized services. But this increases the need for data management and controls.

As ISACA’s white paper, “Geolocation: Risk, Issues and Strategies,” notes, malicious use of geolocation data can increase risk. When information (gender, race, occupation, financial history) is combined with a GPS and geolocation tags, criminals can identify a location, increasing the potential of espionage, burglary, theft, stalking and kidnapping.

“As mobile device and geolocation use grows, more information becomes available to hackers and unauthorized users,” said Marios Damianides, CISM, CISA, CA, CPA, past international president, ISACA, and partner, Advisory Services, Ernst & Young.

Proposed U.S. legislation restricts whether companies can store location data from mobile devices, and a proposed amendment to the Children’s Online Privacy Protection Act (COPPA) addresses the collection of geolocation data from children under 13.

Collecting and using geolocation data pose risk to enterprises, including:

  • Privacy: Multiple entities have access to geo-tagging data, including service providers and wireless access developers. Users can’t always identify the source or owner of their location data.
  • Reputation: Enterprises risk their brand/reputation, when breaches occur.
  • Compromise: Secret locations and remote facilities/prototypes can be identified.

“We live in a mobile world and geolocation is here to stay. It has benefits for individuals and enterprises, but if not managed properly, the risk is substantial,” said Ramsés Gallego, member of ISACA’s Guidance and Practices Committee and security strategist and evangelist, Quest Software.

Enterprise Tips

  • Implement safeguards, leverage COBIT for policy development.
  • Update the security of device operating systems and software.
  • Make sensitive data (personal, financial, confidential) unreadable or inaccessible.
  • Respect differing global privacy regulations.
  • Implement a risk management policy that identifies where geolocation services add value and where they should be disabled.

Consumer and Employee Tips

ISACA advises people to follow a five-step “ROUTE” for informed use of geolocation:

  • Read mobile app agreements, know what information you share.
  • Only enable geolocation when benefits outweigh risk.
  • Understand that others can track your current and past locations.
  • Think before posting tagged photos to social media sites.
  • Embrace the technology, and educate yourself and others.

“There are great consumer advantages of geolocation, such as photo tagging and directions,” said Robert Stroud, past international vice president, ISACA, and vice president, Strategy and Innovation, CA Technologies. “However, many consumers are unaware of the risk and need to educate themselves.”

Download the free ISACA white paper at www.isaca.org/geolocation.

About COBIT

ISACA’s COBIT is a comprehensive framework of practices and analytical tools that maximize an enterprise’s return on investment in information and technology. Its 15 years of real-world application is guided by senior IT and business leaders worldwide. www.isaca.org/cobit5.

About ISACA

With 95,000 constituents in 160 countries, ISACA® provides knowledge, certifications, community and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards.

Twitter: http://twitter.com/ISACANews

LinkedIn: ISACA (Official)

Facebook: www.facebook.com/ISACAHQ



CONTACT:

ISACA
Kristen Kessinger, +1.847.660.5512
Joanne Duffer, +1.847.660.5564
news@isaca.org

KEYWORDS:   United States  North America  Illinois

INDUSTRY KEYWORDS:   Technology  Consumer Electronics  Data Management  Internet  Security  Mobile/Wireless  Professional Services  Consulting

MEDIA:

Logo
Logo

More stories about Google   Mobile Device   Facebook   google maps