From the course: Certified Information Security Manager (CISM) Cert Prep (2022): 3 Information Security Program
Mobile device security
From the course: Certified Information Security Manager (CISM) Cert Prep (2022): 3 Information Security Program
Mobile device security
- Mobile devices are a common part of our daily lives. We rely upon our smartphones and tablets for everything from routine checking of our email to online banking and business applications. They're are no longer convenience. They're a gateway to very sensitive information, and we must protect them with strong security controls. Let's take a look at some of the basic mobile device security controls that you can put in place to protect your sensitive information. First, every mobile device should be protected with one or more access control mechanisms. The most common of these is the use of a passcode. Now many devices default to a four-digit passcode, but this does not provide very strong security. You should protect your mobile devices with strong passwords, just like you would a computer or online account. Both iOS and Android allow you to change from a default four-digit pin to using a strong password. Now, of course, passwords are inconvenient, especially when you make them complex. It's difficult to enter an alphanumeric password on a mobile device. For this reason, iOS devices offer Apple's Touch ID technology that lets you use biometric fingerprint authentication to access your device without entering a password. They also offer Face ID technology that allows you to use facial recognition as a biometric authentication mechanism. It's important to encrypt the data stored on mobile devices in case the is lost or stolen. Both Apple and Android devices now automatically encrypt the contents of your device when you enable password protection. This full device encryption feature became the default on Android devices, beginning with the Gingerbread operating system, and on Apple devices beginning with iOS 8. You'll also want the ability to remove the contents of your device over the network if you lose it, and it falls into the wrong hands. This technology known as remote wiping is available for both Android and iOS devices. Here's a screenshot of the remote wiping option built into Apple's Find my iPhone website. It's important to remember that you'll only be able to wipe a device if it's actually connected to a network. So this isn't a foolproof technology. Mobile devices should also be set to lock the screen automatically after a period of inactivity, and to lock out users who attempt to enter an incorrect passcode too many times. Push notification technology allows application to alert users to important events. This technology is also widely used by two-factor authentication systems to facilitate something-you-have authentication. Now there are some more exotic mobile security controls available as well. You might not come across these very often in the real world, but they are covered on the exam. The first is hardware security modules, or HSMs that are available in a microSD card format. These HSMs are able to provide highly secured management of encryption keys for use with mobile devices. The second is SE Android, a specialized operating system designed to lock down Android devices. This operating system, designed for use in highly secure applications, brings mandatory access control to the Android platform.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.