The additional security risks do mobile devices pose
compared to traditional PCs and laptops are:
* Mobile devices are more vulnerable to being stolen (physical
robbery).
* They are more vulnerable to be affected by wireless or Wi-Fi
networks (public networks) that are not at all secure or are less
secure, i.e., unsecured Wi-Fi.
* Most of the Android OS based mobile devices run on the
open-source Android software with less support, hence they are
prone to attacks when compared to most of the Apple mobile devices
that run on iOS OS on them that are more secure due to the OS'
proprietorship and as it has been commercialized, hence the support
will also be better.
* There are many other generic and specific mobile security
threats.
* There is a data leakage problem.
* The devices are attacked through network spoofing.
* The devices come under the phishing attacks influence.
* They are attacked by many spyware.
* The devices, the software running on them, and the applications
used by the users on them would have security with broken
cryptography.
* The devices come across many improper session handling
issues.
* In general, these mobile devices lack physical security.
* These devices are used for multiple users logging into
them.
* There are issues users come across through mobile browsing.
* There are application isolation issues.
* Users do not carry out system updates on the device. They forget
to do so or are simply lazy to do so, or even think it is not
important.
* There are mobile device coding issues with many mobile devices as
they come in varied models and OS.
* Mobile devices see many Bluetooth attacks.
* Users' lack of awareness about the security for mobile
devices.
* Cybercriminals could impersonate users or employees to loot and
hack their accounts.
* They can implement face and voice biometrics as credentials for
users to authenticate and log in to their systems and
accounts.
* Authentication through an SMS code sent to the employees' mobile
device can be a stronger security process than the password
mechanism.
The administrative and technical means IT departments
can use to mitigate these risks are:
* IT departments can use Mobile Device Management (MDM) systems,
services, software, and applications to better administer, monitor,
manage, and control the mobile devices of their organization's
users or employees.
* There are wipe clean feature that can be enabled in all mobile
devices in case of theft so all the confidential and critical data
of the organization can be deleted without any thief, attacker, or
hacker getting hold of the data and misuse it.
* IT departments should mandate the company's users and employees
to use cloud services, save, and store all their and company's data
on the cloud, so the data is always available and accessible even
if the mobile devices are damaged, lost, or stolen.
* IT departments could force the users and employees to update all
the mobile device OS software, other software, and applications
with any and all feature updates, patches, and critical security
updates.
* IT departments should let users download, install, run, and use
only relevant and secure applications and software on their mobile
devices, the applications, and software available only on the
trusted, strongly secured, and legitimate app stores, software
download websites and centers online.
* There are many other generic and specific measures, steps, and
solutions that IT departments can implement and deploy so users
have a secured experience of using their mobile devices.
* IT departments should implement stronger authentication beyond
passwords using Multi-Factor Authentication (MFA).
The trade-offs for users or employees on convenience
compared to security are:
* In general, the more the security set up on mobile devices, the
less convenient, comfortable, available, and accessible the mobile
devices would be for the users or employees.
* The more the convenience the less the secure the mobile devices
would be making them vulnerable for attacks in every
direction.
* Ideally, users should concentrate more on security than
convenience. Hence, they should set up an optimum solution with
equal levels of security and convenience on their mobile
devices.
* Security should be at every level and step of the usage of the
mobile devices.
* Convenience is good, but it comes at a cost of security. Hence,
every step of convenience should be backed by a step of security.
After all, the very purpose of the mobile device and its usage is
to provide convenience, availability, and accessibility.
* The users when they use MFA bringing in security, but they lose
convenience as it consumes time, effort with an additional step of
the security process for them to go through.
* When the users use Virtual Private Network (VPN) on their mobile
device, it does give them security, however, users lose convenience
in terms of performance and time it takes to access services,
applications, and data on the Internet.
* Passcode key fobs, complex passwords, passphrases, and challenge
security questions provide security, however, on the other hand,
they also block legitimate users from accessing their own
accounts.
* Users save the passwords, passphrases, save and store their
device details, their demographics, personal details, etc on their
mobile devices. However, when they access their accounts, data, and
services from a different place and mobile or other devices, all
their configured security settings would not work and are required
to go through all the steps which are difficult and most of them do
not remember many of their security and other details. Hence, they
get locked out of their own accounts.
What additional security risks do mobile devices pose vs. traditional PCs and laptops? What means (both...
The discussion: 150 -200 words. Auditing We know that computer security audits are important in business. However, let’s think about the types of audits that need to be performed and the frequency of these audits. Create a timeline that occurs during the fiscal year of audits that should occur and “who” should conduct the audits? Are they internal individuals, system administrators, internal accountants, external accountants, or others? Let me start you: (my timeline is wrong but you should use some...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...
TASK Read the Regional gardens case study document before attempting this assignment. Background: You have been employed by Regional Gardens as their first Chief Information Officer (CIO). You have been tasked by the Board to conduct a review of the company’s risks and start to deploy security policies to protect their data and resources. You are concerned that the company has no existing contingency plans in case of a disaster. The Board indicated that some of their basic requirements for...
How can we assess whether a project is a success or a failure? This case presents two phases of a large business transformation project involving the implementation of an ERP system with the aim of creating an integrated company. The case illustrates some of the challenges associated with integration. It also presents the obstacles facing companies that undertake projects involving large information technology projects. Bombardier and Its Environment Joseph-Armand Bombardier was 15 years old when he built his first snowmobile...
Please use own words. Thank you. CASE QUESTIONS AND DISCUSSION > Analyze and discuss the questions listed below in specific detail. A minimum of 4 pages is required; ensure that you answer all questions completely Case Questions Who are the main players (name and position)? What business (es) and industry or industries is the company in? What are the issues and problems facing the company? (Sort them by importance and urgency.) What are the characteristics of the environment in which...
Compensation sessionABC International: Solving the Rural BarrierSource: Thunderbird School of Global Management, A unit of the Arizona State University Knowledge Enterprise. 2015. This case was prepared by Erin Bell under the guidance and supervision of Dr. Amanda Bullough, and revised and updated by Drew Helm for the purpose of classroom discussion only, and not to indicate either effective or ineffective managementSiham sat with her family and childhood friend, Leila, in their rural village of Qabatiya, Palestine. Leila had recently returned from...