Establishing a Security Policy

When it comes to the security within your organization, you create a security
and a privacy policy to protect your networked resources; why is it
any different to develop a security policy to protect your PDA devices too?
All companies need to create a security policy that details the specific
requirements and methods needed by a secure mobile security infrastructure.
The wireless security policy you create is a set of rules for all
the wireless resources your PDA utilizes. It is important for your security
policy to define how PDAs are handled, what type of protection and
authentication should be offered, and a set of rules for enforcing those
standards at all times.
Your security policy also dictates exactly the type and how to configure
the authentication settings for your PDA. These settings will control how
each user is able to access the device. If a PIN is required to start the
device, your security policy will determine the length of the PIN, what
symbols are shown (instead of the actual letters or numbers) when typed
into the device, and how many minutes should elapse with no user input
or activity before the device automatically locks up to prevent someone
else from picking up the device and compromising its internal data.
Flexibility is an important element in any security policy because you
will undoubtedly need to change these settings later as your policy elements
change. Your environment will change with respect to the security
needs of the IT world around you. These changes will reflect methods
by which you can strengthen security to deal with new threats and
unforeseen vulnerabilities (Figure 17.4). Any wireless network is vulnerable,
by definition. Your signals are in open “air space” and can be compromised,
given enough time and interest on the part of a hacker.