enforcing cyber security in mobile applications – public sector use case
DESCRIPTION
Enforcing Cyber security in Mobile Applications – Public Sector Use Case. SAPHINA MCHOME , VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION TECHNOLOGIES DEPARTMENT Email [email protected] : [email protected] ; . OUTLINE. Introduction Security risks and threats - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Enforcing Cyber security in Mobile Applications – Public Sector Use Case](https://reader030.vdocument.in/reader030/viewer/2022033103/56816398550346895dd49116/html5/thumbnails/1.jpg)
Enforcing Cyber security in Mobile Applications – Public Sector Use Case
SAPHINA MCHOME, VIOLA RUKIZATANZANIA REVENUE AUTHORITY
INFORMATION AND COMMUNICATION TECHNOLOGIES DEPARTMENT
![Page 2: Enforcing Cyber security in Mobile Applications – Public Sector Use Case](https://reader030.vdocument.in/reader030/viewer/2022033103/56816398550346895dd49116/html5/thumbnails/2.jpg)
Introduction Security risks and threats Security Enforcement Conclusion
OUTLINE
![Page 3: Enforcing Cyber security in Mobile Applications – Public Sector Use Case](https://reader030.vdocument.in/reader030/viewer/2022033103/56816398550346895dd49116/html5/thumbnails/3.jpg)
INTRODUCTION – PURPOSE
Mobile devices &
Applications
Risks & Threats
Secure Mobile
platforms
Essential Security
Mechanisms
![Page 4: Enforcing Cyber security in Mobile Applications – Public Sector Use Case](https://reader030.vdocument.in/reader030/viewer/2022033103/56816398550346895dd49116/html5/thumbnails/4.jpg)
Fastest growing sector Calls + SMS Fully fledged mobile
computing platform 1G Analogue cellular network 2G Digital
Cellular network 3G Broadband data services- 4G native IP networks
INTRODUCTION – MOBILE TECHNOLOGY
![Page 5: Enforcing Cyber security in Mobile Applications – Public Sector Use Case](https://reader030.vdocument.in/reader030/viewer/2022033103/56816398550346895dd49116/html5/thumbnails/5.jpg)
Smartphones, tablets, PDAs High Processing power High Storage Capacity Easy Usability - touch screens, voice,
QWERTY keyboards
INTRODUCTION – MOBILE TECHNOLOGY Cont.
![Page 6: Enforcing Cyber security in Mobile Applications – Public Sector Use Case](https://reader030.vdocument.in/reader030/viewer/2022033103/56816398550346895dd49116/html5/thumbnails/6.jpg)
High capabilities has led to fast & high penetration and adoptionMobile payments & banking
Income & Property Tax, Utility bills (LUKU, DSTV & Water)– MPESA, NMB mobile
Business operations - Complete Office Software
INTRODUCTION – MOBILE APPLICATION IN PUBLIC SECTOR
![Page 7: Enforcing Cyber security in Mobile Applications – Public Sector Use Case](https://reader030.vdocument.in/reader030/viewer/2022033103/56816398550346895dd49116/html5/thumbnails/7.jpg)
Information securityMainly focused in protecting Information and Information systems from threats and risks that may result in unauthorized disclosure, interruption, modification and destruction.
SECURITY RISKS AND THREATS
![Page 8: Enforcing Cyber security in Mobile Applications – Public Sector Use Case](https://reader030.vdocument.in/reader030/viewer/2022033103/56816398550346895dd49116/html5/thumbnails/8.jpg)
Security principle for ensuring non-disclosure of Information to unauthorized users Small size – Easily misplaced, left
unattended, stolen Vulnerabilities in mobile applications -
Malicious Code embedded in mobile apps Wireless Technology – Bluetooth & Wi-Fi
SECURITY RISKS AND THREATS - CONFIDENTIALITY
![Page 9: Enforcing Cyber security in Mobile Applications – Public Sector Use Case](https://reader030.vdocument.in/reader030/viewer/2022033103/56816398550346895dd49116/html5/thumbnails/9.jpg)
Data integrity refers to the accuracy and consistency of stored or data in transit, which is mainly indicated by the absence of data alteration in an unauthorized way or by unauthorized person Weak protection mechanisms Turning off security features Intentional hacking of the traffic through
sniffing and spoofing
SECURITY RISKS AND THREATS - INTEGRITY
![Page 10: Enforcing Cyber security in Mobile Applications – Public Sector Use Case](https://reader030.vdocument.in/reader030/viewer/2022033103/56816398550346895dd49116/html5/thumbnails/10.jpg)
Availability is a security attribute of ensuring that a system is operational and functional at a given moment of time Compromised devices causing downtime to
the connected infrastructure DOS attacks targeting mobile devices
battery
SECURITY RISKS AND THREATS - AVAILABILITY
![Page 11: Enforcing Cyber security in Mobile Applications – Public Sector Use Case](https://reader030.vdocument.in/reader030/viewer/2022033103/56816398550346895dd49116/html5/thumbnails/11.jpg)
Secure Information while optimizeKey requirements of security solution
ENFORCE SECURITY
Protection
ManagementSupport
Detection
![Page 12: Enforcing Cyber security in Mobile Applications – Public Sector Use Case](https://reader030.vdocument.in/reader030/viewer/2022033103/56816398550346895dd49116/html5/thumbnails/12.jpg)
Discover devices’ protection mechanisms availability of antivirus remote sanitization & encryption capabilities authentication strength
Block unprotected /compromised devices based on Security policy set
ENFORCE SECURITY - DETECTION MECHANISMS
![Page 13: Enforcing Cyber security in Mobile Applications – Public Sector Use Case](https://reader030.vdocument.in/reader030/viewer/2022033103/56816398550346895dd49116/html5/thumbnails/13.jpg)
Effective Authentication methods – avoid plain, weak passwords
Access Control - Limit what attacker can do Encryption
Protect stored information – even when device is lost Protect transmitted data
Block unused, vulnerable communication ports Disable wireless communication (Bluetooth, Wi-Fi)
while not in use
ENFORCE SECURITY – PROTECTION MECHANISMS
![Page 14: Enforcing Cyber security in Mobile Applications – Public Sector Use Case](https://reader030.vdocument.in/reader030/viewer/2022033103/56816398550346895dd49116/html5/thumbnails/14.jpg)
Centrally managing all devices Security Administration Control Audit Report
Security Policies - Digital Policy Certificate
ENFORCE SECURITY - MANAGEMENT
![Page 15: Enforcing Cyber security in Mobile Applications – Public Sector Use Case](https://reader030.vdocument.in/reader030/viewer/2022033103/56816398550346895dd49116/html5/thumbnails/15.jpg)
Support when devices are lost Remote Sanitization GPS Locator
Education and Security awareness Simple Steps to reduce risks Trusted sites for downloading applications Proper security settings Use of strong password Regular updating devices
ENFORCE SECURITY - SUPPORT
![Page 16: Enforcing Cyber security in Mobile Applications – Public Sector Use Case](https://reader030.vdocument.in/reader030/viewer/2022033103/56816398550346895dd49116/html5/thumbnails/16.jpg)
Ratings by Security Mechanisms CategoryEnterprise Readiness of Consumer mobile platforms by Cesare Garlati of Trend Micro
Security Mechanisms in Mobile Platforms
![Page 17: Enforcing Cyber security in Mobile Applications – Public Sector Use Case](https://reader030.vdocument.in/reader030/viewer/2022033103/56816398550346895dd49116/html5/thumbnails/17.jpg)
Usage of mobile applications is inevitable Organizations’ commitment Investment in security solutions - Means for
enforcing, monitoring and auditing protection mechanisms
Users Security Awareness
CONCLUSION
![Page 18: Enforcing Cyber security in Mobile Applications – Public Sector Use Case](https://reader030.vdocument.in/reader030/viewer/2022033103/56816398550346895dd49116/html5/thumbnails/18.jpg)
Q & A
THANK YOU