1 / 18

Enforcing Cyber security in Mobile Applications – Public Sector Use Case

Enforcing Cyber security in Mobile Applications – Public Sector Use Case. SAPHINA MCHOME , VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION TECHNOLOGIES DEPARTMENT Email smchome@tra.go.tz : vrukiza@tra.go.tz ; . OUTLINE. Introduction Security risks and threats

krikor
Download Presentation

Enforcing Cyber security in Mobile Applications – Public Sector Use Case

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION TECHNOLOGIES DEPARTMENT Emailsmchome@tra.go.tz: vrukiza@tra.go.tz;

  2. OUTLINE Introduction Security risks and threats Security Enforcement Conclusion

  3. INTRODUCTION – PURPOSE Mobile devices & Applications Risks & Threats Essential Security Mechanisms Secure Mobile platforms

  4. INTRODUCTION – MOBILE TECHNOLOGY Fastest growing sector Calls + SMS  Fully fledged mobile computing platform 1G Analogue cellular network 2G Digital Cellular network  3G Broadband data services-  4G native IP networks

  5. INTRODUCTION – MOBILE TECHNOLOGY Cont. Smartphones, tablets, PDAs High Processing power High Storage Capacity Easy Usability - touch screens, voice, QWERTY keyboards

  6. INTRODUCTION – MOBILE APPLICATION IN PUBLIC SECTOR High capabilities has led to fast & high penetration and adoption Mobile payments & banking Income & Property Tax, Utility bills (LUKU, DSTV & Water)– MPESA, NMB mobile Business operations - Complete Office Software

  7. SECURITY RISKS AND THREATS Information security Mainly focused in protecting Information and Information systems from threats and risks that may result in unauthorized disclosure, interruption, modification and destruction.

  8. SECURITY RISKS AND THREATS - CONFIDENTIALITY Security principle for ensuring non-disclosure of Information to unauthorized users Small size – Easily misplaced, left unattended, stolen Vulnerabilities in mobile applications - Malicious Code embedded in mobile apps Wireless Technology – Bluetooth & Wi-Fi

  9. SECURITY RISKS AND THREATS - INTEGRITY Data integrity refers to the accuracy and consistency of stored or data in transit, which is mainly indicated by the absence of data alteration in an unauthorized way or by unauthorized person Weak protection mechanisms Turning off security features Intentional hacking of the traffic through sniffing and spoofing

  10. SECURITY RISKS AND THREATS - AVAILABILITY Availability is a security attribute of ensuring that a system is operational and functional at a given moment of time Compromised devices causing downtime to the connected infrastructure DOS attacks targeting mobile devices battery

  11. ENFORCE SECURITY Secure Information while optimize Key requirements of security solution

  12. ENFORCE SECURITY - DETECTION MECHANISMS • Discover devices’ protection mechanisms • availability of antivirus • remote sanitization & encryption capabilities • authentication strength • Block unprotected /compromised devices based on Security policy set

  13. ENFORCE SECURITY – PROTECTION MECHANISMS • Effective Authentication methods – avoid plain, weak passwords • Access Control - Limit what attacker can do • Encryption • Protect stored information – even when device is lost • Protect transmitted data • Block unused, vulnerable communication ports • Disable wireless communication (Bluetooth, Wi-Fi) while not in use

  14. ENFORCE SECURITY - MANAGEMENT Centrally managing all devices Security Administration Control Audit Report Security Policies - Digital Policy Certificate

  15. ENFORCE SECURITY - SUPPORT Support when devices are lost • Remote Sanitization • GPS Locator Education and Security awareness • Simple Steps to reduce risks • Trusted sites for downloading applications • Proper security settings • Use of strong password • Regular updating devices

  16. Security Mechanisms in Mobile Platforms Ratings by Security Mechanisms Category Enterprise Readiness of Consumer mobile platforms by CesareGarlati of Trend Micro

  17. CONCLUSION Usage of mobile applications is inevitable Organizations’ commitment Investment in security solutions - Means for enforcing, monitoring and auditing protection mechanisms Users Security Awareness

  18. THANK YOU Q & A

More Related