Scribd Logo
Upload

Welcome to Scribd!

  • Policy Document: Blackberry Internet Services

    Uploaded by

    study_hard
    24 views6 pages
    This document outlines the security policies for Blackberry Internet Services (BIS) on a Blackberry smartphone. It details 10 specific policies around encryption, email, instant messaging, secure browsing, firewalls, passwords, privacy, downloads, virus/anti-spyware protection, and data destruction. The goal is to enhance security for personal Blackberry devices using BIS by laying out directives for implementing encryption, access controls, regular updates, and secure configuration of the device and services. Compliance with the policies is the responsibility of individual BIS subscribers.

    Original Description:

    Original Title

    BIS Policy

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document outlines the security policies for Blackberry Internet Services (BIS) on a Blackberry smartphone. It details 10 specific policies around encryption, email, instant messaging, secure browsing, firewalls, passwords, privacy, downloads, virus/anti-spyware protection, and data destruction. The goal is to enhance security for personal Blackberry devices using BIS by laying out directives for implementing encryption, access controls, regular updates, and secure configuration of the device and services. Compliance with the policies is the responsibility of individual BIS subscribers.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    24 views6 pages

    Policy Document: Blackberry Internet Services

    Uploaded by

    study_hard
    This document outlines the security policies for Blackberry Internet Services (BIS) on a Blackberry smartphone. It details 10 specific policies around encryption, email, instant messaging, secure browsing, firewalls, passwords, privacy, downloads, virus/anti-spyware protection, and data destruction. The goal is to enhance security for personal Blackberry devices using BIS by laying out directives for implementing encryption, access controls, regular updates, and secure configuration of the device and services. Compliance with the policies is the responsibility of individual BIS subscribers.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    ABC LTD.

    Policy Document
    BlackBerry Internet Services
    Neha Chandra

    BIS Policy Page 1


    Contents
    Blackberry Internet Services (BIS) Policy.....................................................................................................3
    Purpose:..............................................................................................................................................3
    Scope:..................................................................................................................................................3
    Roles & Responsibilities:......................................................................................................................3
    Audience:.............................................................................................................................................3
    Related policies:..................................................................................................................................3
    Validity:................................................................................................................................................3
    Policy Summary:..................................................................................................................................3
    1. Encryption Policy.............................................................................................................................4
    2. E-mail Policy.....................................................................................................................................4
    3. Instant Messaging Policy.................................................................................................................4
    4. Secure Browsing Policy....................................................................................................................4
    5. Firewall Policy..................................................................................................................................5
    6. Password Policy...............................................................................................................................5
    7. Privacy Policy...................................................................................................................................5
    8. Download Policy..............................................................................................................................5
    9. Virus & Anti-spyware Policy.............................................................................................................6
    10. Data Destruction Policy................................................................................................................6
    Enforcement: ......................................................................................................................................6
    Acronyms:............................................................................................................................................6

    BIS Policy Page 2


    Blackberry Internet Services (BIS) Policy

    Purpose: This document intends to lay out the security requirements of Blackberry Internet Services on
    a Blackberry smartphone and high level directives for implementing the same.

    Scope: This policy applies to all subscribers of Blackberry Internet Services and related
    services/applications.

    Roles & Responsibilities: The responsibility of usage and compliance with these policies rests entirely
    with the BIS user.

    Audience: Blackberry Internet Services subscribers.

    Related policies: None

    Validity: This policy remains in effect unless and until succeeded by a newer version.

    Policy Summary: There are mainly two BlackBerry mobile connectivity options. One of them is the
    BlackBerry Internet Service (BIS). Here in, the mobile service provider acts as an intermediary between
    the user’s email server and his/her BlackBerry device. The BIS service hence caters to personal usage
    and doesn’t have huge security concerns from organizational perspective. This policy outlines the
    security policies which must be abided by the BIS user in order to enhance the security of blackberry
    device owned.

    BIS Policy Page 3


    1. Encryption Policy
     Any communication between the messaging server and the device must be encrypted using SSL.
     SSL encryption must be enabled in BlackBerry browser.
     All transactions between the browser and e-commerce websites must use secure SSL
    connection, the absence of which must terminate the transaction.
     Device password must be set up to prevent leakage of data directly from the device’s hardware.
     Content Protection strength level must be set according to the need of usage.
     All data on the media card of the device must be encrypted using the Encrypt Media Files
    functionality of BIS.

    2. E-mail Policy
     The device must be configured to automatically encrypt all e-mails sent by the mail server to the
    BIS.
     All attachments must be protected using the Content Protection feature i.e. it must be turned
    ON at all the times.
     BIS must be configured to scan all attachments before opening them and block all such functions
    in the attachment which might raise a security issue.
     Anti-spam features of BIS must be turned ON to ward off unsolicited mails and messages.

    3. Instant Messaging Policy


     Messages between the messaging server and BIS must be encrypted.
     All messaging communication travelling between BIS and the device uses the security settings of
    the wireless network; hence the network must be appropriately secured.

    4. Secure Browsing Policy


     The BlackBerry browser must be configured to accept only secure connections via SSL for critical
    messages, transactions and logins.
     Images and javascript must be disabled from being displayed in the browser if security
    requirements mandate so.

    BIS Policy Page 4


    5. Firewall Policy
     Device firewall must be enabled in the Security Settings option.
     The firewall must be configured as to not accept any unencrypted data from an untrusted
    source i.e. unencrypted SMS text messages & PIN messages must be blocked if security
    requirements are high.
     The firewall must be configured to reject any incoming SMS, MMS or PIN messages if at all
    required.
     In order to provide proper communication between BIS and the email servers, a particular set of
    IP ranges (as specified in the technical manual) must be allowed to communicate with the
    BlackBerry Infrastructure. Firewall ACL must be configured for the same.

    6. Password Policy
     A device password must be setup to prevent un-authorized users from accessing the device.
     If the Password Keeper utility of the device is being used to manage different passwords of the
    user then the master password of that utility must be chosen such that it’s strong enough to
    prevent password attacks.
     If the Content Protection Strength is set to ‘Stronger’ then a minimum of 12 digit device
    password must be used.
     If the Content Protection Strength is set to ‘Strongest’ then the password length must be a
    minimum of 21 characters.

    7. Privacy Policy
     GPS Service provided by the device if not required must either be turned off or permanently
    deleted as per the privacy requirements of the user.
     Third party applications accessing GPS data without permission must be blocked or deleted.

    BIS Policy Page 5


    8. Download Policy
     Access attempts to device resources by 3rd party applications must be controlled.
     Connection attempts made by 3rd party applications must also be monitored & controlled.

    9. Virus & Anti-spyware Policy


     The built-in anti-virus and anti-spyware functions of the device must be turned ON always.
     They must be regularly updated and patched.

    10. Data Destruction Policy


     Automatic cleaning performed by the device must be configured as per user requirements.
     All conditions under which the device cleans/overwrites memory must be reviewed and changes
    must be made to the configuration accordingly.
     All personal information must be deleted from the device before disposing off the device. This
    must be accomplished using the Wipe Handheld feature of BIS.

    Enforcement: The enforcement of this policy is to be carried out on a personal/individual level.

    Acronyms:
    SSL Secure Sockets Layer
    GPS Global Positioning System
    BIS Blackberry Internet Services
    BES Blackberry Enterprise Services
    ACL Access Control List

    BIS Policy Page 6

    You might also like