Wednesday, February 2, 2011

An ISACA Guide on Mobile Security

Few areas in the past few years have challenged security professionals more than the growth of mobile units and their relationship to corporate IT systems. Not only have mobile units become ubiquitous, they had become more powerful and more involved with corporate decision making. So integration and security issues have become significant and even critical.

A guide released by ISACA last year addresses this area. it is intended to help organizations to:

"Implement a systematic approach to security in mobile application development with help from this practical guide. Featuring case studies, code examples and best practices, Mobile Application Security details how to protect against vulberabilities in the latest smartphone and PDA platforms. Maximizie isolation, lockdown internal and removable storage, work with sandboxing and signing, and encrypt sensitive user information. Safeguards against viruses, worms, malware and buffer overflow exploits are also covered in this comprehensive resource.
  • Design highly isolated, secure and authenticated mobile applications
  • Use the Google Android emulator, debugger and third-party security tools
  • Configure Apple iPhone APIs to prevent overflow and SQL injection attacks
  • Employ private and public key cryptography on Windows Mobile devices
  • Enforce fine-grained security policies using the BlackBerry Enterprise Server
  • Plug holes in Java Mobile Edition, SymbianOS and WebOS applications
  • Test for XSS, CSRF, HTTP redirects and phishing attacks on WAP/Mobile HTML applications
  • Identify and eliminate threats from Bluetooth, SMS and GPS services"
The guide is an important one for security professionals and IT Auditors. 

No comments: