Means
Aiding and Abetting
Asset Control
Bluetooth
Bring Your Own Device (BYOD)
Clipboard
FTP Servers
Installed Software
Intellectual Property Theft
Media Capture
Network Attached Storage
Physical Disk Access
Printing
Privileged Access
Removable Media
Screenshots
SMB File Sharing
SSH Servers
System Startup Firmware Access
Unrestricted Software Installation
Unrevoked Access
Web Access
- ID: ME022
- Created: 13th September 2024
- Updated: 13th December 2024
- Contributor: Ismael Briones-Vilar
Bring Your Own Device (BYOD)
An organization has a Bring Your Own Device (BYOD) policy, where a subject is authorized to connect personally owned devices—such as smartphones, tablets, or laptops—to organizational resources. These resources include corporate networks, cloud applications, and on-premises systems that may handle confidential and/or sensitive information.
The use of personal devices in a corporate environment introduces several risks, as these devices may lack the same level of security controls and monitoring as organization-owned equipment.
Prevention
| ID | Name | Description |
|---|---|---|
| PV040 | Network Access Control (NAC) | Network Access Control (NAC) manages and regulates devices accessing a organization's network(s), including personal devices under a Bring Your Own Device (BYOD) policy. NAC systems ensure that only authorized and compliant devices can connect to the network, reducing security risks. NAC performs the following functions:
NAC functionality can be provided by dedicated NAC appliances, next-generation firewalls, unified threat management devices, and some network switches and routers. |
| PV009 | Prohibition of Devices On-site | Certain infringements can be prevented by prohibiting certain devices from being brought on-site. |