BlackBerry Forums Support Community

BlackBerry Forums Support Community (http://www.blackberryforums.com/)
-   BES Admin Corner (http://www.blackberryforums.com/bes-admin-corner/)
-   -   Allow/Disallow - any major Corporates been through an exhaustive risk evaluation? (http://www.blackberryforums.com/bes-admin-corner/248989-allow-disallow-any-major-corporates-been-through-exhaustive-risk-evaluation.html)

wistowg 05-17-2011 03:50 PM

Allow/Disallow - any major Corporates been through an exhaustive risk evaluation?
 
I'm being asked to undertake a review of what we allow & disallow our BB users to do on, with and from their devices. The list of options available within the IT Policy configs is, to say the least, comprehensive these days! Any Corporates out there already gone through such an exercise?

In a perfect world (yeah, I know) what I really need is a Risk-oriented assessment of the implications of the different policy settings. Security of Corporate and User data; protection of the device & environment; user protection etc., etc.

Any constructive advice will be most welcome.

x14 05-19-2011 12:16 PM

Re: Allow/Disallow - any major Corporates been through an exhaustive risk evaluation?
 
You need to look how locked down you corporate computers are and apply a similar policy to the BlackBerry.

If your company disable the USB port on the PC then you should disable Mass Storage on the BlackBerry.

cyclmpc 05-20-2011 08:15 AM

Re: Allow/Disallow - any major Corporates been through an exhaustive risk evaluation?
 
We went through a similar exercise with our devices when we went forward with our encryption policies.

What I did is go through the BES Policy Reference Guide and review each and every rule available. In my environment, I wanted to ensure the data on the device was secure, but not lock down the device to the point where users could not enjoy what the device can do. Each company needs to evaluate this balance.

For me, I took a first stab at identifying every policy I thought would help tighten up our security on devices. Once I had that, I further determined what items were user habits versus standard minimum security practices. For us, we determined to only enable a standard minimum practice and not go towards limiting user function. We then gathered together and talked about each policy.

Hope that helps.

pknaz 05-20-2011 11:43 AM

Re: Allow/Disallow - any major Corporates been through an exhaustive risk evaluation?
 
We're about to do a full review of all IT Policy settings. We're not on SP3 yet, but will be soon. We're going to restructure our policies based on the options available in SP3 - specifically around user data vs. company data.


All times are GMT -5. The time now is 01:28 PM.

Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.