Security best practices for protecting sensitive data

TechStriker

I am researching security best practices for protecting sensitive data mobile employees using company laptops. I appreciate if you can point me to the right direction i.e. white papers, resources, websites etc....

Chris:/*

NIST suggestions:
http://csrc.nist.gov/publications/nistpubs/800-111/SP800-111.pdf

SANS Reading Room:
SANS InfoSec Reading Room - Best Practices

JDMurray

If you already have backup/restore and encryption on your laptops, and the company uses only BlackBerry and BES for mobile communications (including laptop's connection to the Internet), you are definitely doing the right things.

If you need official guidelines to convince your business owner to spend the $$$ for security, find out what organizations your employers respect (Microsoft, Symantec, DoD) and search for guidelines and white papers from them. Like Chris:/* said, the NIST docs are a good place to start:

http://csrc.nist.gov/publications/nistpubs/800-111/SP800-111.pdf
http://csrc.nist.gov/publications/nistpubs/800-114/SP800-114.pdf
http://csrc.nist.gov/publications/nistpubs/800-69/SP800-69.pdf

Chris:/*

As JD mentioned, full disk encryption is a must. If the Laptops are allowed to be used in wireless hotspots VPN solutions and EAP products should be looked into. Many companies are also looking into Laptop "lo-jack" type products in case a laptop is stolen or misplaced.

TechStriker

Thanks guys these are great read to get me going, we have deployed encryption but still looking into Backup/Restore on laptop environment. I have been tasked with to analyse threads data on mobile devices i.e. (data leakage, users transferring data to their home computers) and recommend best practice/guide line to mitigate this risks.

JDMurray

The backup/restore is the most important thing for disaster recovery. If an encrypted hard drive gets an unrecoverable sector error it won't be decryptable when it starts, and the only thing you will have are the incremental backups previously made from the disk.

If you are using BlackBerrys on a BES you can set policies about what devices they can/can't connect to. You can also auto-wipe any BB that is lost/stolen. Always require an access password on every mobile device. BBs have AES-256 encryption and are the most secure mobile phones; Apple iPhones are among the least secure.