BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 05-17-2011, 04:50 PM   #1 (permalink)
Thumbs Must Hurt
 
wistowg's Avatar
 
Join Date: Apr 2006
Location: Leeds, UK
Model: 9900
Carrier: O2
Posts: 50
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Allow/Disallow - any major Corporates been through an exhaustive risk evaluation?

Please Login to Remove!

I'm being asked to undertake a review of what we allow & disallow our BB users to do on, with and from their devices. The list of options available within the IT Policy configs is, to say the least, comprehensive these days! Any Corporates out there already gone through such an exercise?

In a perfect world (yeah, I know) what I really need is a Risk-oriented assessment of the implications of the different policy settings. Security of Corporate and User data; protection of the device & environment; user protection etc., etc.

Any constructive advice will be most welcome.
Offline  
Old 05-19-2011, 01:16 PM   #2 (permalink)
x14
BlackBerry Extraordinaire
 
Join Date: Jul 2005
Location: NYC
Model: 9800
OS: 6.0.0.546
Carrier: AT&T
Posts: 2,344
Post Thanks: 0
Thanked 17 Times in 16 Posts
Default Re: Allow/Disallow - any major Corporates been through an exhaustive risk evaluation?

You need to look how locked down you corporate computers are and apply a similar policy to the BlackBerry.

If your company disable the USB port on the PC then you should disable Mass Storage on the BlackBerry.
__________________
Exchange 2007/BES 5.0.2 MR2
Offline  
Old 05-20-2011, 09:15 AM   #3 (permalink)
Talking BlackBerry Encyclopedia
 
cyclmpc's Avatar
 
Join Date: Nov 2008
Location: DC
Model: 9800
OS: 6.0.0.141
PIN: N/A
Carrier: ATT
Posts: 217
Post Thanks: 2
Thanked 2 Times in 2 Posts
Default Re: Allow/Disallow - any major Corporates been through an exhaustive risk evaluation?

We went through a similar exercise with our devices when we went forward with our encryption policies.

What I did is go through the BES Policy Reference Guide and review each and every rule available. In my environment, I wanted to ensure the data on the device was secure, but not lock down the device to the point where users could not enjoy what the device can do. Each company needs to evaluate this balance.

For me, I took a first stab at identifying every policy I thought would help tighten up our security on devices. Once I had that, I further determined what items were user habits versus standard minimum security practices. For us, we determined to only enable a standard minimum practice and not go towards limiting user function. We then gathered together and talked about each policy.

Hope that helps.
__________________
I'm actually lost...
Offline  
Old 05-20-2011, 12:43 PM   #4 (permalink)
New Member
 
Join Date: May 2011
Model: 8200
PIN: N/A
Carrier: T-Mobile
Posts: 5
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Allow/Disallow - any major Corporates been through an exhaustive risk evaluation?

We're about to do a full review of all IT Policy settings. We're not on SP3 yet, but will be soon. We're going to restructure our policies based on the options available in SP3 - specifically around user data vs. company data.
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.