Applications Public Sector Use

jiggerbarnacleMobile - Wireless

Nov 24, 2013 (3 years and 9 months ago)

53 views

Enforcing Cyber security in Mobile
Applications


Public Sector Use
Case

SAPHINA
MCHOME
,
VIOLA RUKIZA

TANZANIA
REVENUE AUTHORITY

INFORMATION AND COMMUNICATION TECHNOLOGIES
DEPARTMENT

Email
smchome@tra.go.tz
:
vrukiza@tra.go.tz
;


Introduction


Security risks and threats


Security Enforcement


Conclusion



OUTLINE


INTRODUCTION


PURPOSE

Mobile
devices &
Applications

Risks &
Threats

Secure
Mobile
platforms

Essential
Security
Mechanisms


Fastest growing sector


Calls + SMS


Fully fledged mobile computing
platform


1G Analogue cellular network

2G Digital Cellular
network


3G Broadband data services
-



4G native
IP networks

INTRODUCTION


MOBILE
TECHNOLOGY


Smartphones, tablets, PDAs


High Processing
power


High Storage Capacity


Easy Usability
-

touch screens, voice, QWERTY
keyboards


INTRODUCTION


MOBILE
TECHNOLOGY
Cont.

High capabilities has led to fast & high penetration and
adoption

Mobile payments & banking



Income & Property Tax, Utility bills (LUKU, DSTV &
Water)


MPESA, NMB mobile

Business
operations

-

Complete Office Software



INTRODUCTION


MOBILE
APPLICATION IN PUBLIC SECTOR

Information
security

M
ainly
focused in protecting Information and Information systems from
threats and risks that may result in unauthorized
disclosure
,
interruption,
modification and
destruction.


SECURITY RISKS AND THREATS

S
ecurity
principle for ensuring non
-
disclosure of
Information to unauthorized
users


Small size


Easily misplaced, left unattended, stolen


Vulnerabilities in mobile applications
-

Malicious Code
embedded in mobile apps


Wireless Technology


Bluetooth & Wi
-
Fi


SECURITY RISKS AND
THREATS
-

CONFIDENTIALITY

Data integrity refers to the accuracy and consistency of
stored or data in transit, which is mainly indicated by
the absence of data alteration in an unauthorized way
or by unauthorized
person


Weak protection mechanisms


Turning off security features


Intentional hacking
of the traffic through sniffing and
spoofing


SECURITY RISKS AND THREATS
-

INTEGRITY

Availability is a security attribute of ensuring that a
system is operational and functional at a given moment
of
time


Compromised devices causing downtime to the
connected infrastructure


DOS attacks targeting
mobile devices battery

SECURITY RISKS AND THREATS
-

AVAILABILITY

Secure Information while optimize

Key requirements of security solution


ENFORCE SECURITY

Protection

Management

Support

Detection


Discover devices’ protection mechanisms


availability of
antivirus



remote
sanitization & encryption capabilities



authentication
strength



Block unprotected /compromised devices based on
Security policy set

ENFORCE SECURITY
-

DETECTION
MECHANISMS


Effective Authentication methods


avoid plain, weak
passwords


Access Control
-

Limit what attacker can do


Encryption


Protect stored information


even when device is lost


Protect transmitted data


Block unused, vulnerable communication ports


Disable wireless communication (Bluetooth, Wi
-
Fi)
while not in use

ENFORCE SECURITY


PROTECTION
MECHANISMS

Centrally managing all devices


Security Administration


Control


Audit


Report


Security Policies

-

Digital Policy Certificate

ENFORCE SECURITY
-

MANAGEMENT

Support when devices are lost


Remote Sanitization


GPS Locator


Education and Security awareness


Simple Steps to reduce risks


Trusted sites for downloading applications


Proper security settings


Use of strong password


Regular updating devices

ENFORCE SECURITY
-

SUPPORT












Ratings by Security Mechanisms Category

Enterprise Readiness of Consumer mobile platforms by
Cesare

Garlati

of Trend Micro

Security Mechanisms in Mobile
Platforms


U
sage
of mobile applications is
inevitable


Organizations
’ commitment


Investment
in security
solutions
-

Means
for
enforcing, monitoring and auditing protection
mechanisms


Users Security Awareness

CONCLUSION

Q & A

THANK YOU