enforcing cyber security in mobile applications – public sector use case
DESCRIPTION
Enforcing Cyber security in Mobile Applications – Public Sector Use Case. SAPHINA MCHOME , VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION TECHNOLOGIES DEPARTMENT Email [email protected] : [email protected] ; . OUTLINE. Introduction Security risks and threats - PowerPoint PPT PresentationTRANSCRIPT
Enforcing Cyber security in Mobile Applications – Public Sector Use Case
SAPHINA MCHOME, VIOLA RUKIZATANZANIA REVENUE AUTHORITY
INFORMATION AND COMMUNICATION TECHNOLOGIES DEPARTMENT
Introduction Security risks and threats Security Enforcement Conclusion
OUTLINE
INTRODUCTION – PURPOSE
Mobile devices &
Applications
Risks & Threats
Secure Mobile
platforms
Essential Security
Mechanisms
Fastest growing sector Calls + SMS Fully fledged mobile
computing platform 1G Analogue cellular network 2G Digital
Cellular network 3G Broadband data services- 4G native IP networks
INTRODUCTION – MOBILE TECHNOLOGY
Smartphones, tablets, PDAs High Processing power High Storage Capacity Easy Usability - touch screens, voice,
QWERTY keyboards
INTRODUCTION – MOBILE TECHNOLOGY Cont.
High capabilities has led to fast & high penetration and adoptionMobile payments & banking
Income & Property Tax, Utility bills (LUKU, DSTV & Water)– MPESA, NMB mobile
Business operations - Complete Office Software
INTRODUCTION – MOBILE APPLICATION IN PUBLIC SECTOR
Information securityMainly focused in protecting Information and Information systems from threats and risks that may result in unauthorized disclosure, interruption, modification and destruction.
SECURITY RISKS AND THREATS
Security principle for ensuring non-disclosure of Information to unauthorized users Small size – Easily misplaced, left
unattended, stolen Vulnerabilities in mobile applications -
Malicious Code embedded in mobile apps Wireless Technology – Bluetooth & Wi-Fi
SECURITY RISKS AND THREATS - CONFIDENTIALITY
Data integrity refers to the accuracy and consistency of stored or data in transit, which is mainly indicated by the absence of data alteration in an unauthorized way or by unauthorized person Weak protection mechanisms Turning off security features Intentional hacking of the traffic through
sniffing and spoofing
SECURITY RISKS AND THREATS - INTEGRITY
Availability is a security attribute of ensuring that a system is operational and functional at a given moment of time Compromised devices causing downtime to
the connected infrastructure DOS attacks targeting mobile devices
battery
SECURITY RISKS AND THREATS - AVAILABILITY
Secure Information while optimizeKey requirements of security solution
ENFORCE SECURITY
Protection
ManagementSupport
Detection
Discover devices’ protection mechanisms availability of antivirus remote sanitization & encryption capabilities authentication strength
Block unprotected /compromised devices based on Security policy set
ENFORCE SECURITY - DETECTION MECHANISMS
Effective Authentication methods – avoid plain, weak passwords
Access Control - Limit what attacker can do Encryption
Protect stored information – even when device is lost Protect transmitted data
Block unused, vulnerable communication ports Disable wireless communication (Bluetooth, Wi-Fi)
while not in use
ENFORCE SECURITY – PROTECTION MECHANISMS
Centrally managing all devices Security Administration Control Audit Report
Security Policies - Digital Policy Certificate
ENFORCE SECURITY - MANAGEMENT
Support when devices are lost Remote Sanitization GPS Locator
Education and Security awareness Simple Steps to reduce risks Trusted sites for downloading applications Proper security settings Use of strong password Regular updating devices
ENFORCE SECURITY - SUPPORT
Ratings by Security Mechanisms CategoryEnterprise Readiness of Consumer mobile platforms by Cesare Garlati of Trend Micro
Security Mechanisms in Mobile Platforms
Usage of mobile applications is inevitable Organizations’ commitment Investment in security solutions - Means for
enforcing, monitoring and auditing protection mechanisms
Users Security Awareness
CONCLUSION
Q & A
THANK YOU