The growth of wireless technology has been explosive—so fast that most audit teams and IT departments have fallen behind in making it a part of the scope of their annual risk assessments. Unfortunately, there are numerous potential abuses of wireless technologies and very few rock-solid control mechanisms available to mitigate the associated risks.
Likewise, as wireless security has rapidly grown and evolved, the underground community has continued to discover new ways to circumvent the available controls. When referring to “wireless” here, we refer primarily to the issues identified regarding the 802.11 a/b/g standards (a.k.a. Wi-Fi), and do not necessarily address additional layers of insecurity introduced by the growing prevalence of Bluetooth or other “personal area network” technologies. We’ll save that for a later issue.
Internal auditors, security managers and IT departments face a number of unique challenges regarding wireless. Corporate executives and members of the board of directors and audit committees are right to be concerned about how to protect the integrity, confidentiality and availability of critical business information on wireless systems.Read Full Story