ABSTRACT
Smart phones, their operating systems and security characteristics have rapidly evolved as has the reliance upon them by organizations to conduct business. The unusual mix of personal and business use for smart phones as well as their unique combination of capabilities creates a number of challenges to managing their risk. This paper explores the types and nature of threats to the organization from the use of smart phones along with controls, available security software and tools. The current state of corporate smart phone security programs and policies is examined. Smart phone security policy considerations are discussed and recommendations are made for building a smart phone security program.
- Banks, L. 2010, May 13. Mobile devices pose security dilemma for CIOs. CIO.com. Retreived June 7, 2010 from http://www.cio.com.au/article/346474/mobile_devices_pose_security_dilemma_cios/Google Scholar
- Bickford, J., O'Hare, R., Baliga, A., Ganapathy, V., and Iftode, L. 2010, Rootkits on Smart Phones: Attacks, Implications and Opportunities. In Proceedings of the Eleventh Workshop on Mobile Computing Systems and Applications (Annapolis, Maryland, Feb 22--23, 2010) Hotmobile '10. ACM, New York, NY, 49--54. DOI= http://doi.acm.org/10.1145/1734583.1734596. Google ScholarDigital Library
- Botha, R. A., Furnell, S. M., and Clarke, N. L. 2009. From desktop to mobile: Examining the security experience. Computers & Security, 28, 130--137.Google Scholar
- Cox, J. 2009, November 9. Smartphones on Wi-Fi vulnerable to security attack. NetworkWorld Asia. Retreived June 7, 2010 from http://www.networksasia.net/content/smartphones-wi-fi-vulnerable-security-attack?src=relatedGoogle Scholar
- Cox, J. 2009, March. Mobile browsers do security no favors. Network World, 26(10), 1,32.Google Scholar
- Davis, A. 2006. Information security can enable mobile working. Infosecurity Today, 3(4), 42.Google ScholarCross Ref
- Dreger, R., and Moerschel, G. 2008, October. Inside Smartphone Security. InformationWeek, (Oct. 6, 2008) 34, 37--39.Google Scholar
- Dunning, J. P. 2010. Taming the blue beast a survey of Bluetooth based threats. IEEE Security & Privacy, 8(2), 20--27. Google ScholarDigital Library
- Emm, D. 2006. Mobile malware -- new avenues. Network Security, 2006(11), 4--6. Google ScholarDigital Library
- Ernest-Jones, T. 2006 Pinning down a security policy for mobile data. Network Security, 2006(6), 8--12. Google ScholarDigital Library
- Friedman, J., and Hoffman, D. V. 2008. Protecting data on mobile devices: A taxonomy of security threats to mobile computing and review of applicable defenses. Information Knowledge Systems Management, 7, 159--180. Google ScholarDigital Library
- Fitzgerald, J. 2009. Managing mobile devices. Computer Fraud & Security, 2009(4), 18--19.Google Scholar
- Gold, S. 2010. Why WPA standards won't protect your network. Infosecurity, 7(1), 28--31. Google ScholarDigital Library
- Goodchild, J. 2009, July 15. Network managers beware: more infected devices are coming to connect. NetworkWorld Asia. Retreived June 7, 2010 from http://www.networksasia.net/content/network-managers-beware-more-infected-devices-are-coming-connect?src=relatedGoogle Scholar
- Goode, A. 2010. Managing mobile security: How are we doing? Network Security, 2010(2), 12--15. Google ScholarDigital Library
- Jacobsson, S. 2010, June 7. iPhone security flaw: Using a PIN won't help you. NetworkWorld Asia. Retreived June 7, 2010 from http://www.networksasia.net/content/iphone-security-flaw-using-pin-wont-help-you.Google Scholar
- Janson, W. and Scarfone, K. (2008). Guidelines on cellphone and PDA security: Recommendations of the National Institute of Standards and Technology NIST Special Publication 800-124. Gaithersburg, MD.Google Scholar
- Messmer, E. 2010, March. Cisco outlines new plan for securing mobile, cloud apps: Cisco AnyConnect promises advancements over current VPNs. Network World (Online), Retrieved June 19, 2010, from ProQuest Computing. (Document ID: 1978009891).Google Scholar
- Nemati, H. 2008. Information Security and Ethics: Concepts, Methodologies, Tools, and Applications. Information Science Reference, Hershey, PA. Google ScholarDigital Library
- Oberheide, J. and Farnam, J. 2010. When Mobile is Harder Than Fixed (and Vice Versa): Demystifying Security Challenges in Mobile Environments. In Proceedings of the Eleventh Workshop on Mobile Computing Systems and Application (Annapolis, Maryland, Feb 22--23, 2010). Hotmobile '10. ACM, New York, NY, 43--48. DOI= http://doi.acm.org/10.1145/1734583.1734595. Google ScholarDigital Library
- Potter, B. 2007. Mobile security risks: ever evolving. Network Security, 2007(8), 19--20. Google ScholarDigital Library
- Prince, B. 2010, June 7. Malware Hidden in Windows Mobile Applications. Eweek. Retrieved June 17, 2010 from http://www.eweek.com/c/a/Security/Malware-Hidden-in-Windows-Mobile-Applications-424076/Google Scholar
- Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., and Glezer, C. 2010. Google Android: A Comprehensive Security Assessment. IEEE Security & Privacy, 8(2), 35--44. Google ScholarDigital Library
- Tabourin, P. 2010. Security, control and management: Mobile data in a multi-agency/jurisdiction environment. Law Enforcement Technology, 37(2), 72, 74--76.Google Scholar
- Tarasewich, P., Gong, J., Fiona Fui-Hoon, N., and DeWester, D. 2008. Mobile interaction design: Integrating individual and organizational perspectives. Information Knowledge Systems Management, 7, 121--144. Google ScholarDigital Library
- Viega, J. and Michael, B. 2010. Guest Editors' introduction: Mobile device security. IEEE Security & Privacy, 8(2), 11--12. Google ScholarDigital Library
- Weippl, E. R. and Riedl, B. 2009. Security, Trust, and Privacy on Mobile Devices and Multimedia Applications. In I. K. Ibrahim (Ed.), Handbook of Research on Mobile Multimedia Second Edition, Information Science Reference, Hershey, PA, 115--131.Google Scholar
Index Terms
- Managing smart phone security risks
Recommendations
What's on Users' Minds? Toward a Usable Smart Phone Security Model
Smart phones pose new challenges to usable security. Current means of specifying security policies or preferences for resource sharing are either woefully inadequate or too hard to use. This article presents a policy model approach toward usable ...
The Smart Phone: A Ubiquitous Input Device
Smart phones provide a rich set of tools that let users control and interact with their environments. Because these feature-packed mobile phones are pervasive, they might become the default physical interface for ubiquitous computing applications, ...
Smart phone use by non-mobile business users
MobileHCI '11: Proceedings of the 13th International Conference on Human Computer Interaction with Mobile Devices and ServicesThe rapid increase in smart phone capabilities has introduced new opportunities for mobile information access and computing. However, smart phone use may still be constrained by both device affordances and work environments. To understand how current ...
Comments