Pub. 8 2013-2014 Issue 2

July | August 2013 21 Extraordinary Service for Extraordinary Members. • Who will be allowed to use their device for company data? • Who will support personally owned mobile devices? Will your internal IT department support them? • What kind of Mobile Device Management (MDM) solution will you use? • Will you limit use of applications, browsing, camera, etc. on the device? • Will you have a policy regarding access or use of a device by non-company individuals (i.e., letting a family member or friend borrow the device)? • Should you audit the devices and if so, how? • What is your plan for decommissioning a device? • What should happen if a user violates a policy or circum- vents security controls? As with defining other new processes, agreements, or policies, it is wise to include multiple areas within your orga- nization such as human resources, IT, legal, compliance, and operations in the risk assessment and policy creation phase. Also, ensure your legal counsel reviews and approves the final user agreements or bank policies regardingmobile devices.  Russ Horn is the president of CoNetrix. CoNetrix is a provider of information security consulting, IT/GLBA audits and security testing, Aspire cloud hosting, and the developer of tandem, a security and compliance software suite designed to help financial institutions create and maintain their Information Security Program. Visit CoNetrix at www.conetrix.com .