| | Re: Allow/Disallow - any major Corporates been through an exhaustive risk evaluation?
We went through a similar exercise with our devices when we went forward with our encryption policies.
What I did is go through the BES Policy Reference Guide and review each and every rule available. In my environment, I wanted to ensure the data on the device was secure, but not lock down the device to the point where users could not enjoy what the device can do. Each company needs to evaluate this balance.
For me, I took a first stab at identifying every policy I thought would help tighten up our security on devices. Once I had that, I further determined what items were user habits versus standard minimum security practices. For us, we determined to only enable a standard minimum practice and not go towards limiting user function. We then gathered together and talked about each policy.
Hope that helps.
I'm actually lost...