Question

The Chief Information Officer (CIO) of the company has asked you to find a way to use mobile devices, in a secure way, to prevent data leakage.

For this Assignment, based on your readings and through additional research, prepare a 4- to 6-page proposal that describes and evaluates applicable security management solutions for the company. Include the following points:

• Explain the security threats the employees’ mobile devices may be subjected to. For threats pertaining to electronic transactions, explain countermeasures.
• Based on the best practices for mobile security, describe which of these countermeasures you believe would be most effective. Justify your choices.
• Propose a security management solution that meets the business requirements. Include tools, processes, and policies required to implement the solution.

Answer 1

Here's the report for the above question,

(A) Some security theatres the employees mobile devices may be subjected to. Regarding threats to electronic transactions.

1) Data Leakage. Mobile apps are often the cause of unintentional data leakage.

2) Unsecured Wi-Fi.

3) Network Spoofing.

4) Phishing Attacks.

5) Spyware.

6) Broken Cryptography.

7) Improper Session Handling.

Here are some of the Counter measures which we can apply

• Default passwords and ideally default usernames to be changed during initial setup
• Ensuring password recovery mechanisms are robust and do not supply an attacker with information indicating a valid account
• Ensuring web interface is not susceptible to XSS, SQLi or CSRF
• Ensuring credentials are not exposed in internal or external network traffic
• Ensuring weak passwords are not allowed
• Ensuring account lockout after 3 -5 failed login attempts.
• Ensuring that the strong passwords are required
• Ensuring granular access control is in place when necessary
• Ensuring credentials are properly protected
• Implement two factor authentication where possible
• Ensuring that password recovery mechanisms are secure
• Ensuring re-authentication is required for sensitive features
• Ensuring options are available for configuring password controls.

Coming to part (B) Here are some of the ways which I believe would be most effective, These are the easy and classic ways which anyone can do easily.

• PIN or Password enforcement
• Encryption
• Containerization of enterprise data
• OS Compromise detections (Jailbreak and Root detections) and Quarantine
• Online selective wipe
• Offline selective wipe
• Out-of-compliance device triggers the network gateway to block access

Coming to the part (C) I would recommend you to go for the IBM Security Solutions as it meets your business requirements and it also includes tools, processes, and policies required to implement the solution.

Here are some of the features it offers:-

1. Stopping threats :-

• Detect and stop advanced threats
• Automate threat detection and response across the enterprise.
• Orchestrate incident response
• Respond proactively, with intelligent orchestration and automation.
• Master threat hunting
• Take down even the most persistent threats with the art and science of threat hunting.

2. Grow your business :-

• Secure hybrid cloud
• Harness the benefits of hybrid cloud and accelerate digital transformation securely.
• Protect critical assets
• Ensure secure flow of data through apps and endpoints.
• Deliver digital trust
• Establish digital trust to welcome in the right customers and keep fraudsters out.