Controls Over Information Contained in BlackBerry Devices Used Within DoD

Abstract

The overall objective of the audit was to determine whether the Military Services and other Defense agencies have controls in place to prevent unauthorized disclosure of information contained in wireless devices. Specifically, we reviewed controls to protect information contained in BlackBerry devices as these are the primary Personal Digital Assistant (PDA) devices used by the Military Services and other Defense agencies. See Appendix A for the scope and methodology and prior audit coverage. The overall objective of the audit was to determine whether the Military Services and other Defense agencies have controls in place to prevent unauthorized disclosure of information contained in wireless devices. Specifically, we reviewed controls to protect information contained in BlackBerry devices as these are the primary Personal Digital Assistant (PDA) devices used by the Military Services and other Defense agencies. See Appendix A for the scope and methodology and prior audit coverage. PDAs are small, portable electronic devices with similar functional use as a personal computer with the convenience of portability. However, with the convenience of portability comes the risk of loss, which could lead to the compromise of DoD information. Therefore, DoD Components must implement proper security controls to prevent unauthorized disclosure. A BlackBerry device incorporates features, such as an organizer (address book, calendar, and to-do lists) and instant messaging with wireless services, such as e-mail, mobile telephone, and web browsing. The use of BlackBerry devices is prevalent among highlevel officials such as senior management, personnel requiring access to DoD information technology resources during non duty hours, and personnel who are frequently separated from the office. Because BlackBerry devices can introduce security vulnerabilities exposing Government information systems to compromise, BlackBerry devices must be properly secured.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 25, 2009
Accession Number
ADA507097

Entities

Organizations

  • Office of the Inspector General, U.S. Department of Defense

Tags

DTIC Thesaurus Topics

  • Air Force
  • Air Force Facilities
  • Computer Access Control
  • Computers
  • Cybersecurity
  • Department Of Defense
  • Electronic Mail
  • Electronic Messaging
  • Information Assurance
  • Information Systems
  • Personal Computers
  • Personal Digital Assistants
  • Security
  • Two-Factor Authentication
  • Unauthorized Disclosure
  • Wireless Communications
  • Wireless Networks

Readers

  • Agent-Based Social Robotics and Mobile-Assisted Learning in Virtual Environments.
  • Computer Science/Computer Engineering/Data Science/Digital Signal Processing.
  • Defense Financial Management and Audit.

Technology Areas

  • Microelectronics