Some oss offer a secure repository for enriched user

This preview shows page 153 - 155 out of 200 pages.

We have textbook solutions for you!
The document you are viewing contains questions related to this textbook.
Security Awareness: Applying Practical Security in Your World
The document you are viewing contains questions related to this textbook.
Chapter 1 / Exercise 16
Security Awareness: Applying Practical Security in Your World
Ciampa
Expert Verified
as an add-on to the existing user account. Some OSs offer a “secure” repository for enriched user data ranging from personal information to automated credit card storage and payment functionality. The risk of entrusting such sensitive data to a mobile device (“all in one place”) should not be neglected.M1–ImproperPlatform UsageM2–InsecureData StorageM3–InsecureCommunicationM4–InsecureAuthenticationM5–InsufficientCryptographyM6–InsecureAuthorizationM7–ClientCode QualityM9–ReverseEngineeringM10–ExtraneousFunctionalityM8–CodeTamperingPersonal Copy of: Mr. Zhongliang Deng
We have textbook solutions for you!
The document you are viewing contains questions related to this textbook.
Security Awareness: Applying Practical Security in Your World
The document you are viewing contains questions related to this textbook.
Chapter 1 / Exercise 16
Security Awareness: Applying Practical Security in Your World
Ciampa
Expert Verified
Section 6: Security Implications and Adoption of Evolving Technology148 Cybersecurity Fundamentals Study Guide, 2ndEditionISACA. All Rights Reserved.From a security management perspective, several attempts have been undertaken to prevent, or at least mitigate, the threat of device loss or theft:• Cell-based tracking and locating the device• Remote shutdown/wipe capabilities• Remote SIM card lock capabilitiesWhile these facilities do provide a degree of security, they still leave a window of exposure to attackers exploring the device, possibly using analytical tools that will circumvent the standard OS features. This threat is particularly significant because enforcing strong passwords and encryption on mobile devices may be restricted due to OS limitations.ORGANIZATIONAL RISKAs with many other technologies, mobile devices have rapidly pervaded enterprises at all levels. They are now available to most users, either through corporate provisioning or bring your own device (BYOD) programs. In terms of data, information and knowledge that exist across the enterprise, many users have privileged access that is often replicated on their mobile devices.Whereas corporate PC environments have been the target of hardening and protective measures for many years, mobile devices and their comparatively weak security mechanisms are more difficult to manage and control. As an example, C-suite and senior managers will often be heavy mobile users, and any successful compromise of their devices could certainly cause major damage.Another important organizational risk arises from the growing complexity and diversity of common mobile devices. Whereas early cell phones required no more than the most basic knowledge about how to use a keyboard, smartphones offer everything from simple telephony to highly complex applications. Even for experienced users, this level of complexity may be challenging, and many smartphones are thought to be conducive to human error and user-based security issues. Examples such as inadvertent data roaming or involuntary GPS tagging show how many users simply do not understand the extended features of their devices.At the same time, the rapid succession of new generations of hardware requires constant adaptation on the part of users and enterprises. The comparatively long systems management cycles found in larger enterprises may cause

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture