200 likes | 368 Views
Enforcing Cyber security in Mobile Applications – Public Sector Use Case. SAPHINA MCHOME , VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION TECHNOLOGIES DEPARTMENT Email smchome@tra.go.tz : vrukiza@tra.go.tz ; . OUTLINE. Introduction Security risks and threats
E N D
Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION TECHNOLOGIES DEPARTMENT Emailsmchome@tra.go.tz: vrukiza@tra.go.tz;
OUTLINE Introduction Security risks and threats Security Enforcement Conclusion
INTRODUCTION – PURPOSE Mobile devices & Applications Risks & Threats Essential Security Mechanisms Secure Mobile platforms
INTRODUCTION – MOBILE TECHNOLOGY Fastest growing sector Calls + SMS Fully fledged mobile computing platform 1G Analogue cellular network 2G Digital Cellular network 3G Broadband data services- 4G native IP networks
INTRODUCTION – MOBILE TECHNOLOGY Cont. Smartphones, tablets, PDAs High Processing power High Storage Capacity Easy Usability - touch screens, voice, QWERTY keyboards
INTRODUCTION – MOBILE APPLICATION IN PUBLIC SECTOR High capabilities has led to fast & high penetration and adoption Mobile payments & banking Income & Property Tax, Utility bills (LUKU, DSTV & Water)– MPESA, NMB mobile Business operations - Complete Office Software
SECURITY RISKS AND THREATS Information security Mainly focused in protecting Information and Information systems from threats and risks that may result in unauthorized disclosure, interruption, modification and destruction.
SECURITY RISKS AND THREATS - CONFIDENTIALITY Security principle for ensuring non-disclosure of Information to unauthorized users Small size – Easily misplaced, left unattended, stolen Vulnerabilities in mobile applications - Malicious Code embedded in mobile apps Wireless Technology – Bluetooth & Wi-Fi
SECURITY RISKS AND THREATS - INTEGRITY Data integrity refers to the accuracy and consistency of stored or data in transit, which is mainly indicated by the absence of data alteration in an unauthorized way or by unauthorized person Weak protection mechanisms Turning off security features Intentional hacking of the traffic through sniffing and spoofing
SECURITY RISKS AND THREATS - AVAILABILITY Availability is a security attribute of ensuring that a system is operational and functional at a given moment of time Compromised devices causing downtime to the connected infrastructure DOS attacks targeting mobile devices battery
ENFORCE SECURITY Secure Information while optimize Key requirements of security solution
ENFORCE SECURITY - DETECTION MECHANISMS • Discover devices’ protection mechanisms • availability of antivirus • remote sanitization & encryption capabilities • authentication strength • Block unprotected /compromised devices based on Security policy set
ENFORCE SECURITY – PROTECTION MECHANISMS • Effective Authentication methods – avoid plain, weak passwords • Access Control - Limit what attacker can do • Encryption • Protect stored information – even when device is lost • Protect transmitted data • Block unused, vulnerable communication ports • Disable wireless communication (Bluetooth, Wi-Fi) while not in use
ENFORCE SECURITY - MANAGEMENT Centrally managing all devices Security Administration Control Audit Report Security Policies - Digital Policy Certificate
ENFORCE SECURITY - SUPPORT Support when devices are lost • Remote Sanitization • GPS Locator Education and Security awareness • Simple Steps to reduce risks • Trusted sites for downloading applications • Proper security settings • Use of strong password • Regular updating devices
Security Mechanisms in Mobile Platforms Ratings by Security Mechanisms Category Enterprise Readiness of Consumer mobile platforms by CesareGarlati of Trend Micro
CONCLUSION Usage of mobile applications is inevitable Organizations’ commitment Investment in security solutions - Means for enforcing, monitoring and auditing protection mechanisms Users Security Awareness
THANK YOU Q & A