nach oben

Erschienen in:

2017 | OriginalPaper | Buchkapitel

Security Framework for Adopting Mobile Applications in Small and Medium Enterprises

verfasst von : Basel Hasan, Jorge Marx Gómez

Erschienen in: E-Business and Telecommunications

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Nowadays, people increasingly rely on mobile devices (namely, smartphones and tablets) in their daily life. Beside their private use, mobile devices are also used for work. Hence, companies are motivated to integrate mobile devices into their business processes, and they demand mobility and flexibility of their employees. However, in spite of the advances in mobile technologies, security is still the primary concern that slows down the adoption of mobile applications within Small and Medium Enterprises (SMEs). Companies should first know the potential threats in the mobile environments and then the requirements and measures to mitigate the potential risks. Typically, the existing security tools such as frameworks, guidelines and threat catalogues target IT-professionals, but not business users who mostly lack the technical knowledge to navigate through these tools. This chapter presents a mobile security framework that mainly supports SMEs by adopting mobile applications. Potential threats have been included in a risk catalogue, which forms a main component of the presented framework. This catalogue will help business users in extending their awareness of possible mobile security risks. Moreover, this framework guides business users and helps them by mapping between security requirements, threats and measures when adopting mobile enterprise applications.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Towards Understanding the Role of Execution Context for Observing Malicious Behavior in Android Malware

Nächstes Kapitel BPMN4V for Modeling and Handling Versions of BPMN Collaborations and Choreographies

Abura’ed, N., Otrok, H., Mizouni, R., Bentahar, J.: Mobile phishing attack for Android platform. In: 10th International Conference on Innovations in Information Technology, Al Ain, United Arab Emirates, pp. 18–23 (2014)

Adeel, M., Tokarchuk, L.N.: Analysis of mobile P2P malware detection framework through cabir & commwarrior families. In: IEEE Third International Conference on Privacy, Security, Risk and Trust, Boston, MA, USA, pp. 1335–1343 (2011)

Andriole, S.J., Bojanova, I.: Optimizing operational and strategic IT. IT Prof. 16(5), 12–15 (2014). doi:10.1109/MITP.2014.74 CrossRef

Brown, C., Spike, D., Joshua, M.F., Neil, M., Sharon, V.-N., Michael, P., Bart, S.: Assessing threats to mobile devices & infrastructure. The Mobile Threat Catalogue. Draft NISTIR 8144. NIST (2016). http://csrc.nist.gov/publications/drafts/nistir-8144/nistir8144_draft.pdf

BSI: IT-Grundschutz-Catalogues (2013). https://www.bsi.bund.de/EN/Topics/ITGrundschutz/ITGrundschutzCatalogues/itgrundschutzcatalogues_node.html

Bundesministerium für Wirtschaft und Energie: Ergebnisse des SimoBIT-Arbeitsforums IT-Sicherheit in mobilen Geschäftsprozessen. Leitfaden IT-Sicherheit (2010). http://www.digitale-technologien.de/DT/Redaktion/DE/Downloads/leitfaden-it-sicherheit.pdf

CISCO: Cisco 2016 Annual Security Report (2016). http://www.cisco.com/c/en/us/products/security/annual_security_report.html

Common Criteria: Common Criteria for Information Technology Security Evaluation (2009). http://www.commoncriteriaportal.org/cc/

Damopoulos, D., Kambourakis, G., Anagnostopoulos, M., Gritzalis, S., Park, J.H.: User privacy and modern mobile services. Are they on the same path. Pers. Ubiquit. Comput. 17(7), 1437–1448 (2013). doi:10.1007/s00779-012-0579-1 CrossRef

10.

He, D., Chan, S., Guizani, M.: Mobile application security: malware threats and defenses. IEEE Wireless Commun. 22(1), 138–144 (2015). doi:10.1109/MWC.2015.7054729 CrossRef

11.

Euler, M., Hacke, M., Hartherz, C., Steiner, S., Verclas, S.: Herausforderungen bei der Mobilisierung von Business Applikationen und erste Lösungsansätze. In: Verclas, S., Linnhoff-Popien, C. (eds.) Smart Mobile Apps, pp. 107–121. Springer, Heidelberg (2012). doi:10.1007/978-3-642-22259-7_8 CrossRef

12.

Gartner: Gartner Says 75 Percent of Mobile Security Breaches Will Be the Result of Mobile Application Misconfiguration (2014). http://www.gartner.com/newsroom/id/2753017

13.

Gartner: Gartner Forecasts 59% Mobile Data Growth Worldwide in 2015 (2015). http://www.gartner.com/newsroom/id/3098617

14.

Gartner: Gartner Says Worldwide Smartphone Sales Grew 9.7% in Fourth Quarter of 2015 (2016). http://www.gartner.com/newsroom/id/3215217

15.

Gartner: Magic Quadrant for Enterprise Mobility Management Suites (2016). https://www.gartner.com/doc/reprints?id=1-390IMNG&ct=160608&st=sb

16.

Godber, A., Dasgupta, P.:Secure wireless gateway. In: Maughan, D., Vaidya, N.H. (eds.) The ACM Workshop, Atlanta, GA, USA, pp. 41–46 (2002)

17.

de Gramatica, M., Labunets, K., Massacci, F., Paci, F., Tedeschi, A.: The role of catalogues of threats and security controls in security risk assessment: an empirical study with ATM professionals. In: Fricker, S.A., Schneider, K. (eds.) REFSQ 2015. LNCS, vol. 9013, pp. 98–114. Springer, Cham (2015). doi:10.1007/978-3-319-16101-3_7

18.

Gröger, C., Silcher, S., Westkämper, E., Mitschang, B.: Leveraging apps in manufacturing. A framework for app technology in the enterprise. Procedia CIRP 7, 664–669 (2013). doi:10.1016/j.procir.2013.06.050 CrossRef

19.

Hasan, B., Dmitriyev, V., Marx Gómez, J., Kurzhöfer, J.: A framework along with guidelines for designing secure mobile enterprise applications. In: International Carnahan Conference on Security Technology (ICCST), pp. 1–6. IEEE, Rome (2014)

20.

Hasan, B., Rajski, E., Gómez, J.M., Kurzhöfer, J.: A proposed model for user acceptance of mobile security measures – business context. In: Kim, K.J., Wattanapongsakorn, N., Joukov, N. (eds.) Mobile and Wireless Technologies 2016. LNEE, vol. 391, pp. 97–108. Springer, Singapore (2016). doi:10.1007/978-981-10-1409-3_11

21.

Hasan, B., Schäfer, P., Marx Gómez, J., Kurzhöfer, J.: Risk catalogue for mobile business applications. In: Proceedings of the 13th International Joint Conference on e-Business and Telecommunications, pp. 43–53 (2016)

22.

Hoos, E., Gröger, C., Kramer, S., Mitschang, B.: ValueApping: an analysis method to identify value-adding mobile enterprise apps in business processes. In: Cordeiro, J., Hammoudi, S., Maciaszek, L., Camp, O., Filipe, J. (eds.) ICEIS 2014. LNBIP, vol. 227, pp. 222–243. Springer, Cham (2015). doi:10.1007/978-3-319-22348-3_13 CrossRef

23.

Howard, M., Lipner, S.: The Security Development Lifecycle. SDL: A Process for Developing Demonstrably More Secure Software. Microsoft Press, Redmond (2006)

24.

IDC: IDC Reveals Worldwide Mobile Enterprise Applications and Solutions Predictions for 2015 (2014). http://www.businesswire.com/news/home/20141218006258/en/IDC-Reveals-Worldwide-Mobile-Enterprise-Applications-Solutions

25.

ISO 31000:2009: Risk Management—Principles and Guidelines. Geneva: International Standards Organisation (2009)

26.

ISO/IEC: ISO/IEC 27002: Information technology – Security techniques – Code of practice for information security controls (2013)

27.

Jain, S.: Security threats in manets. A review. IJIT 3(2), 37–50 (2014). doi:10.5121/ijit.2014.3204 CrossRef

28.

Jermyn, J., Salles-Loustau, G., Zonouz, S.: An analysis of DoS attack strategies against the LTE RAN. J. Cyber Secur. Mob. (JCSM) 3(2), 159–180 (2014). doi:10.13052/jcsm2245-1439.323 CrossRef

29.

Kaspersky: One in Every Six users suffer loss or theft of mobile devices (2013). http://www.kaspersky.com/au/about/news/press/2013/one-in-every-six-users-suffer-loss-or-theft-of-mobile-devices

30.

Kennedy, M., Sulaiman, R.: Following the Wi-Fi breadcrumbs: network based mobile application privacy threats. In: 2015 International Conference on Electrical Engineering and Informatics (ICEEI), Denpasar, Bali, Indonesia, pp 265–270 (2015)

31.

Kizza, J.M.: Mobile Systems and Corresponding Intractable Security Issues. In: Kizza, J.M. (ed.) Guide to Computer Network Security, pp. 491–507. Springer, London (2015)CrossRef

32.

Lacerda, A., Queiroz, R., Barbosa, M.: A systematic mapping on security threats in mobile devices. In: 2015 Internet Technologies and Applications (ITA), Wrexham, UK, pp. 286–291 (2015)

33.

Levinson, M.: 6 ways to defend against drive-by downloads (2012). http://www.cio.com/article/2448967/security0/6-ways-to-defend-against-drive-by-downloads.html

34.

Lookout: Enterprise Mobile Threat report. The State of iOS and Android Security Threats to Enterprise Mobility [Whitepaper] (2015). https://info.lookout.com/rs/051-ESQ-475/images/Enterprise_MTR.pdf

35.

Lookout: Lookout Mobile Threat report (2011). https://www.lookout.com/img/images/lookout-mobile-threat-report-2011.pdf

36.

Luenendonk: Mobile Enterprise Review. Mehr Strategie wagen (2014). http://www.luenendonk-shop.de/out/pictures/0/mc_mobileenterprisereview_studie_f210214_fl.pdf

37.

Maan, J.: Enterprise mobility – a future transformation strategy for organizations. In: Wyld, D.C., Zizka, J., Nagamalai, D. (eds.) Advances in Computer Science, Engineering & Applications, vol. 167, pp. 559–567. Springer, Heidelberg (2012)CrossRef

38.

Marble, J.L., Lawless, W.F., Mittu, R., Sibley, C.: The human factor in cybersecurity: robust & intelligent defense. In: Jajodia, S., Shakarian, P., Subrahmanian, V., Swarup, V., Wang, C. (eds.) Cyber Warfare, vol. 56, pp. 173–206. Springer, Cham (2015). doi:10.1007/978-3-319-14039-1_9

39.

Markelj, B., Bernik, I.: Safe use of mobile devices arises from knowing the threats. J. Inf. Secur. Appl. 20, 84–89 (2015). doi:10.1016/j.jisa.2014.11.001

40.

Martin, T., Hsiao, M., Ha, D., Krishnaswami, J.: Denial-of-service attacks on battery-powered mobile computers. In: Proceedings of the Second IEEE International Conference on Pervasive Computing and Communications (PerCom 2004), pp. 309–318. IEEE Computer Society, Washington, DC (2004)

41.

McAfee Labs: McAfee Labs Threats report (2014). http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q2-2014.pdf

42.

Michaelis, P.: Enterprise mobility – a balancing act between security and usability. In: Reimer, H., Pohlmann, N., Schneider, W. (eds.) ISSE 2012 Securing Electronic Business Processes, pp. 75–79. Springer Fachmedien Wiesbaden, Wiesbaden (2012)CrossRef

43.

Moonsamy, V., Batten, L.: Mitigating man-in-the-middle attacks on smartphones - a discussion of SSL pinning and DNSSec. In: The 12th Australian Information Security Management Conference, pp. 5–13. Edith Cowan University, Perth (2014)

44.

Myagmar, S., Lee, A.J., Yurcik, W.: Threat modeling as a basis for security requirements. In: Symposium on Requirements Engineering for Information Security (SREIS) (2005)

45.

Nikbakhsh, S., Manaf, A.B.A., Zamani, M., Janbeglou, M.: A novel approach for rogue access point detection on the client-side. In: 2012 IEEE Workshops of International Conference on Advanced Information Networking and Applications (WAINA), pp. 684–687. IEEE, Fukuoka (2012)

46.

NIST: Security and Privacy Controls for Federal Information Systems and Organizations (2013). http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf

47.

PCI DSS: PCI DSS Risk Assessment Guidelines (2012)

48.

Pu, S., Chen, Z., Huang, C., Liu, Y., Zen, B.: Threat analysis of smart mobile device. In: URSI General Assembly and Scientific Symposium (URSI GASS), pp. 1–3. IEEE, Beijing (2014)

49.

Ramu, S.: Mobile Malware Evolution, Detection and Defense. EECE 571B, Term Survey Paper (2012)

50.

Rao, U.H., Nayak, U.: Malicious software and anti-virus software. In: Rao, U.H., Nayak, U. (eds.) The InfoSec Handbook, pp. 141–161. Apress, Berkeley (2014)

51.

Rhee, K., Won, D., Jang, S.W., Chae, S., Park, S.: Threat modeling of a mobile device management system for secure smart work. Electron. Commer. Res. 13(3), 243–256 (2013). doi:10.1007/s10660-013-9121-4 CrossRef

52.

Eilts, S.: Technische Konzeption und prototypische Umsetzung eines Sicherheitsframeworks für mobile Unternehmensapplikationen. Master thesis, Carl von Ossietzky University of Oldenburg (2016)

53.

Souppaya, M., Scarfone, K.: Guidelines for managing the security of mobile devices in the enterprise. NIST SP- 800-124 (2013). http://dx.doi.org/10.6028/NIST.SP.800-124r1

54.

Srinivasan, A., Wu, J.: SafeCode – safeguarding security and privacy of user data on stolen iOS devices. In: Xiang, Y., Lopez, J., Kuo, C.-C.J., Zhou, W. (eds.) CSS 2012. LNCS, vol. 7672, pp. 11–20. Springer, Heidelberg (2012). doi:10.1007/978-3-642-35362-8_2 CrossRef

55.

Sun, Z., Yang, Y., Zhou, Y., Cruickshank, H.: Agent-based resource management for mobile cloud. In: Rodrigues, J.J., Lin, K., Lloret, J. (eds.) Mobile Networks and Cloud Computing Convergence for Progressive Services and Applications, pp. 118–134. IGI Global (2014)

56.

Symantec: Fraud Alert: Phishing — The Latest Fraud Alert: Phishing — The Latest Tactics and Potential Business Impacts – Phishing [White Paper] (2014). http://www.symantec.com/content/en/us/enterprise/white_papers/b-fraud-alert-phishing-wp.pdf

57.

Unhelkar, B., Murugesan, S.: The enterprise mobile applications development framework. IT Prof. 12(3), 33–39 (2010). doi:10.1109/MITP.2010.45 CrossRef

58.

v Do, T., Lyche, F.B., Lytskjold, J.H., van Thuan, D.: Threat assessment model for mobile malware. In: Kim, K.J. (ed.) Information Science and Applications. LNEE, vol. 339, pp. 467–474. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46578-3_55 CrossRef

59.

Venkatesan, D.: Android ransomware variants created directly on mobile devices (2016). http://www.symantec.com/connect/blogs/android-ransomware-variants-created-directly-mobile-devices

Titel: Security Framework for Adopting Mobile Applications in Small and Medium Enterprises
verfasst von: Basel Hasan
Jorge Marx Gómez
Verlag: Springer International Publishing
Buch: E-Business and Telecommunications
Print ISBN: 978-3-319-67875-7

Electronic ISBN: 978-3-319-67876-4

Copyright-Jahr: 2017
DOI: https://doi.org/10.1007/978-3-319-67876-4_4

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"