The Smartphone Security Awareness Information Technology Essay

The Smart address Security Aw beness Information Technology EssayOver the former(prenominal) decade wide awake phones surrender become pervasive and get hold of evolved signifi tin fagtly from possess phones to smartphones to fit the increase take ups of the competitive market and to meet consumers wants and collects. The purpose of this look for paper is to provide insight and cosmetic surgery warrantor cognisantness into the risks posed by unsecured smart bustling widgets.Smartphones ar ubiquitous devices and atomic number 18 comparative to the privateisedised computer in terms of computational power, choice of operating systems, softw ar with the uniform extended features and the ability to support 3rd party parcel.Smartphones grow en subjectd production word of mouthes and their bleedforce the freedom to collaborate and gate organizational selective t all(prenominal)ing 24 hours a day, 365 days a year.What has been done to protect individuals and s ubscriber linees from the ever change magnitude threat of supple orientated attacks?Pervasive computing (also c whollyed ubiquitous computing)Endpoint warrantor antivirus/malwareattempt discipline infra twist peregrine certifyation security perspectivesecurity sensory faculty trainingtechnical solveics are outside the grasp of this research entranceThe purpose of this document is to expose a product line riddle from a technological viewpoint. The accede of the contrast problem I have selected is on smartphone security awareness. This subject give be analysed and critically evaluated, then expanded upon gain to reflect the range of possible solutions and create a comprehensive guide for the benefit of the sayer.1.1 MotivationThe motivation for this follow was mostly due to my vocational role as an IT consultant. During the course of my employment over the past decade within the IT industry, I have noniced a substantial gap within businesses for the need of greate r smartphone security and awareness.It was obvious to me that along with the evolution and improved capabilities of cellular devices, established a greater risk for organisations.This thesis is the result of blend in I have personally carried out in various roles throughout my technological career among October 2004 and December 2010.1.2 Aims and objectivesThe pursuance are my aims and objectives for this bewilderAimsCreate an authoritative document with recommendations to raise awareness and inform businesses for the need of greater mobile security within the business surround.Use insight to establish a research gap.Main objectivesAssess smart mobile devices currently characterd.Analyse security advantages and disadvantages of smart mobile devices.Establish what risks smart mobile devices are exposed to.Evaluate impact of risk exposed by unsecure mobile devices to businesses.Examine mobile security currently lendable.Investigate responsibilityEvaluate current business polici es and procedures for mobile devices and how these are enforced.Construct smartphone security guide with recommendations for businesses.1.3 Problem StatementThe problem is instruction and pecuniary loss due to breeding stealth or inaccessibility from vixenish computer software (malware), and the detrimental impact this has upon the business.There are many types of info that can be stored on smartphones for simulation, personally identifiable information in the form of contact details (phone, address), email, GPS coordinatesInformation security has gained significant value within the business do principal(prenominal) over the past decade however this value remains subjective. Users have been made aware of the risks posed by malicious software whilst victimization their personal computer on the net profit, now assistive engineering science like smart mobile devices are becoming increasingly much powerful, functional and ubiquitous.Where personal computers have at least sl ightly security software in send as standard, smartphones ordinarily have no security software installed and are susceptible to the same threats as personal computers.Businesses, professionals and personal exploiters now have a greater awareness for the need of personal computer security. This has been provided by media coverage, enterprise training or through personal experience. When using a personal computer or laptop computer for poser, it is common to find a firewall and antivirus software installed showing that internet safety has now become a social normalcy.Examplehttp//www.bloobble.com/broadband-presentations/presentations?itemid=3397Data loss or inaccessibility due to a virus, data theft due toSmartphones are high specification mobile personal computers, and are subject to the same risks personal computers are open to.There are four to five billion mobile phones and we are orgasm a billion smart phones. But remember that these devices are more powerful than supercomp uters were a few years ago, and we are putting them in the hands of stack whove never had anything like it before. Google CEO Eric SchmidtBusinesses need IT to function, IT adds value and to compete in todays economic climate.ITs purpose is to save time, time is money.Todays organisations rely heavily upon information technology in several(prenominal)ise to allow their business to function (Khosrowpour, 2001). This is fundamentally due to how intricate information technology systems are embedded into organisations. Enterprise architecture (EA) is a communication tool between IT and business (Zachman, 2004).EA is multifaceted (Wagter et al, 2005) and for the background signal of the project I pass on be examining how the Security Architecture (SA) facet can benefit organisations to secure the Information Technology within the business against the increasing threat that unsecured mobile devices pose.There are many unalike mobile operating systems for smart mobile devices requiri ng different security applications. I will analyse these systems and the risks associated. My intentions are to investigate what impacts smart mobile devices can have on businesses, why these problems affect the organisation, and how they are overcome.Finally I will gather insight and make recommendations that businesses can purpose to foresee and prevent future unnecessary costs and risk.2 Literature review2.1 primingThe subject I have proposed to use for this project is a very real-world business and information technology problem.Because smartphone security is still in its infancy, it is currently quite a challenge to source accurate and relevant information from authoritative sources such(prenominal) as Emerald without resorting to web based research. However, the more this project advances smartphone security in the media is becoming omnipresent.The freshman documented computer virus was designed over 25years ago by cardinal brothers named name 1 and name 2 in Pakistan, the virus was called the brain virusTimeline evolution of the mobile telephone (Malware)AnalogueCellularMobile History / Uses2.2 Current status/Development of theoriesInformation is all that needs to be secured. Malware is changing, smartphones are changing and businesses are changing.How far up the technological ladder are mobiles/feature phones/smartphones2.3 How this project fits in with the literature reviewI had elect the subject then chosen the literature review method, thus tailoring the literature review to fit the requirements of the project.3 Research methods3.1 Introduction hypothesisThroughout my employment, I recognised a gap and need for smartphone security within3.2 Epistemologyhttp//www.learnhigher.ac.uk/analysethis/main/quantitative1.htmlOne of the methods of analysis I will to use is the conceptual method, this has been described by Beaney as a focussing of breaking down or analysing concepts into their constituent parts in order to gain knowledge. abstract analysis consists primarily in breaking down or analysing concepts into their constituent parts in order to gain knowledge or a better understanding of a particular philosophical consequent in which the concept is involved (Beaney 2003). I have interpreted this to mean the compartmentalisation and analysis of data.The proposed project will be delivered using an analytical in-depth research structure. I have chosen this project structure as it will primarily be research based on the current business problem as previously stated. I intend to analyse this problem, propose possible solutions, test and implement a well-documented solution with recommendations.Critical and creative thinking skills such as Edward.De Bono six thinking hats will be used to examine the problem domain. A review will be effrontery on how the systems run for and compare them to how they should work. I will then analyse the solution domain by examining which options are available to improve the system security along with an optimal recommendation and the benefits it would provide.3.3 MethodologyFigure research methodFor my project I will implement a triangulated, positivistic methodological approach, I have chosen this particular technique as it will provide me a balanced view of the subject area. I will incorporate some(prenominal) quantitative and qualitative old research methods as recommended by Bryman (BRYMAN, 2006). However for the scope of this project I will be mostly using Quantitative based research as indicted in Fig 1 below..Bryman advises that quantitative data can be gathered by way of a slew and qualitative research collected from journals and interviews.Initially I will undertake primary research in the form of a mickle questionnaire, and furthermore I will interview professionals in the field of smartphones and security such as police personnel, security advisors and mobile phone shop staff.The pile will be available to respondents in paper form and electronically hosted so any user with internet access may access it. I will design the survey to be concise and simple to maximise the amount of respondents and gain quality information.My target survey participants are business managers, IT professionals and world-wide smartphone users. I have chosen to target these particular users as I am trying to ascertain non only the perception of smartphone security but also what policies and procedures are put in place and how aware users are of these. I have proposed to target these users by using a popular internet based technological social word website named Reddit.Reddit has a daily turnover of over 850.000 unique users (Alexa, 2010). consort to Alexa the average Redditor is male, between the age of 18 to 44, does not have children, is well educated and browses Reddit either from work or home, suggesting that the legal age of Redditors are working professionals and due to being a technological social news website the average user is technologically aware (Alexa, 2010). This confirms my premise and establishes that Reddit would suit my proposed target survey participant.There are many options available for online survey software, each option has its benefits and weaknesses, I have carefully analysed these options personally and have chosen to utilise the cloud based option watch Monkey to host my survey. The default limitations of Survey Monkey arethe survey itself has been designed to be logical with closed questioning andQualitative data has been sourced from reliable and authoritative resources. I have chosen journals from EmeraldPrimary research methods usedInterviewing mobile phone shop staff, police, business ownersI will critically analyse the results of my survey by comparing the answers given to a risk register.4 Results4.1 Presentation and description of resultsWho took part?A survey was conducted to establish the awareness for the need of smartphone security. Users were openly invited from technological backgrounds to partake in the survey and assured of anonymity. A total of 758 people responded to the online survey from a possible 854,998 potential participants. The survey itself was open for one month during February and March 2011.The results indicated that majority share with 82% of survey responders being male as contrasted to the 18% that were female twain averaging at 26 years of age, this confirms part of my original hypothesis as an average smartphone user.When asked, 53% of respondents account that they had used their smartphone solely for personal use as opposed to the 45% of partakers that reported they used their smartphone for both business and personal use, with skilful 2% reporting to use a smartphone solely for business use only as shown in Fig 2 combining a total of 47%.CUsersLeeDesktopUniUniversity 2010_11MikeDissertationDocumentsDissertationSurveySurvey meddle charts8 FeaturesSM_Features_Line.pngFigure Smartphone use25% of respondents had only been using smartphone s for the past six months, 17% were aware they had been using them for at least a year and a majority percentage of 59% had been using smartphones for more than one year.Only 12% of respondents opted to use the pay as you go payment facilities as opposed to the greater majority of 88% that have contracts.SMARTPHONE34% of respondents used an Apple IPhone, 58% reported to use Android smartphones, 13% used Blackberries and 6% (46) of respondents had Nokia smartphones.(GRAPHIC)87% of respondents had used calendar functions, 94% of respondents used email, 86% of used games, 87% of respondents used GPS features, 74% of respondents used instant messaging, 52 % of respondents used internet banking facilities, 66% of respondents used multimedia messaging service (MMS), 94% of respondents used the short messaging service (SMS) feature and 78% of respondents admitted to using social lucreing sites on their smartphone. A total of 756 participants responded and 2 participators chose not to answ er the question.From a total of 758 respondents, 63% (476) valued the physical smartphone above the 37% (282) whom valued the information more.Applications93% of survey partakers used 3G for mobile data communication, 59% of respondents used Bluetooth technology, only 4% of had used infrared line of sight technology, 75% of respondents admitted to connecting via universal serial bus (USB), 94% of participators had used wireless for mobile data communication. Total of 757 participators answered this question and 1 partaker chose to skip the question.SecuritySurvey respondents contracted smartphone security as honorable but not essential as the majority answer with 64% (485), 21% (159) didnt not consider there to be a need currently for smartphone security software as opposed to 15% (114) whom considered smartphone security software as absolutely essential. A total of 758 of 758 responded to this question.87%Of participants stated that they do not use any smartphone security softwar e.87% of participants reported that they did not use any form of smartphone security software such as antivirus as opposed to 13% that did.A majority of 92% (699) had not been advised of any security methods to protect them or their information from fraud, theft or malicious software. 8% (59) respondents agreed they had received adequate security advice. Everyone answered this.Malware95% (694) of respondents were aware of Adware, 27% had known about Badware, 25% (181) of respondents were aware of Crimeware, 69% (504) had previous knowledge of Rootkits, Trojans(95%, 696), Spyware (95%, 697), and Worm (90%, 656)were the most commonly aware terms of malware from the malicious software list, the majority being Virus (711) with 97% of respondents being aware of this type of malware. 731 respondents answered this question.62% of survey participants reported that they did not pay attention to licence agreements and permissions when installing applications on their smartphones 34% reported they did read the licence agreements and permissions. 4% of respondents believed that this question was not applicable to them for their smartphone use.Personal Computer81% of responders were aware for the need of security software for personal computers and 19% were not aware. on the whole survey partakers responded to this question.94% (713) participants have committed their smartphone to a personal computer (PC), 6% (46) stated they had not ever connected to a PC. All 758 respondents answered this question.96% (728) respondents stated that they owned the smartphone, only 4% (30) of respondents had employer owned smartphones. All partakers responded to this question.ResponsibilityOut of the 758 respondents, 15% (115) were aware of policies within their place of business, with the majority of respondents 41% (309) unaware of any workplace policies or procedures in particular orientated toward smartphones. 44% (334) responded that the question was not applicable to them. All parti cipants answered this question.4.2 Discussion and interpretation of the resultsAwareness and strikeCompare phones and age to security awarenessBb were the most security aware group profits banking is authoritative by smartphone antivirus is false and user is aware of computer antivirus need.Harris Interactive Tablet users more likely to enchant sensitive data than smartphone usersSerendipity, sagacity5 SmartphonesA mobile phone is a portable electronic device used to make and receive telephone calls. The mobile phone was first revealed by Dr Martin cooper from the company Motorola in 1973, it was not until ten years after Dr Coopers demonstration that Motorola released its flagship mobile phone the DynaTAC, this was the worlds first commercially viable mobile phone (Motorola, 2009).Originally these devices were commercially targeted at businesses and upper class individuals as the cost of the device was very high and the actual usage was severely restricted, due to the technolog y limitations at this time battery weight was 2kg (Motorola, 2009) and the battery duration would last a maximum of 30 minutes thus making the device impractical and available only to businesses and professional consumers.According to Moores Law, the number of transistors on a chip roughly doubles every two years. (Intel, 2005)As Moore stated over 30 five years ago, due to the advancement of processors, battery technologies and overall reduced power consumption, mobile phones have become lighter, diminutiveer, more powerful and longer lasting. Due to these fundamental technological advancements mobile phones have been able to incorporate additional existing technologies such as camera units, sensors, speakers and often take advantage of deep brown based applications and features, thus coining the term Feature phone. Feature phones are more advanced technologically than mobile phones.SmartphoneThe term smartphone is ambiguous and many experts fail to agree on a suitable definitio n. about smartphone features are not exclusive to a particular category, this project does not intend to make that definition, however for the scope of this project I have listed combined definitions and compared current smartphone features as listed in Figure 3 below.Most vendors type moreGartner, a world leading authority in information technology research define smartphones as A large-screen, voice-centric handheld device designed to offer complete phone functions tour simultaneously functioning as a personal digital assistant.(Gartner, 2010)Feature phones can have several of the characteristics as listed below in figure 3, however smartphones have the capability of providing all the capabilities. As a result, any mobile device meeting all conditions of each function in figure 3 can be considered a smartphone under this definition.Figure Smartphone characteristicsFunctionCharacteristicPhone size construction is compact and easily transported.Operating SystemOperating system tha t allows third party applications.ConnectivityDevice provides quintuple methods (wired and wireless) of connecting to both the internet and other devices and networks.InputThe device contains keyboard, or touchscreen keyboard.Storage capacityThe device has a large and expandable memory board facility.Office functionalityThe device provides the ability to perform basic office tasks such as email, take notes and word processing.CalendarThe device includes a digital organiser and calendar.SynchronisationThe device supports synchronisation of information with fixed desktop or laptop devices, or online web services.Phone FeaturesThe mobile device executes voice, text and multimedia message functions.SensorsAcceloratormeter, light, sound and movement sensors.A model to measure the maturity date of smartphone security at softwareUnder this definition of smartphones or Smart Mobile Device (SMD) the following mobile platforms were includedApple iOSBlackberryGoogle AndroidSymbianWindows Mo bileThese mobile platforms were reported to be the top 5 mobile platforms used in 2010Figure (?) Storage expansion cardsSmartphones currently watch in the top tier of mobile communication technology.Third party operating systemAs previously stated there are many smartphone platforms available, each platform and brand bringing different benefits and functionality. These platforms or operating systems create opportunities for both businesses and personal users. For businesses this increased functionality provides the facility for added employee productivity.These opportunities exist not just for business and personal users as the opportunity extends to the bad guys too, I will continue to explain further in the document.Smartphone DefinitionA smartphone is defined as A cellular telephone with construct-in applications and Internet access (PCMAG, 2010)describes a smartphone as a and describes it asI have interpreted these descriptions and define smartphones as not feature phones bas ically.All smartphones have generalised functionality, such as input devices (keys, touchscreen) I will go into greater detail regarding the operating featuresBotha, et al (2009) point out that early generations of cell phones and PDAs had relatively little storage capability. Johnson (2009) indicates that todays generation of devices can be quickly and easily upgraded by adding additional storage cards.http//mobileopportunity.blogspot.com/2007/01/shape-of-smartphone-and-mobile-data.html5.1 AppleThe Apple Iphone was the original smartphone (), first released in June 2007.Popular, perceived security (apple store, scans for malware?)Simplistic designLimitations NO support for flash5.2 AndroidOpen source, will be biggest5.3 Blackberry (RIM)Security architecture built upon military specification, perceived most secure as email encryption (tunnelled) through CanadaBanned in UAE5.4 SymbianOwned by Finnish giant Nokiaopen sourcing the software opens up the availability of the Source ciph er to programmers, who can then develop, modify and distribute as they see fit meaning a richer and hopefully what becomes a considerably improved OS very quickly thanks to developer input. http//blog.mobiles.co.uk/mobile-news/symbian-os-goes-open-source/http//blog.mobiles.co.uk/wp-content/uploads/2010/02/symbian.jpgMost popular globally, acquired by Microsoft?5.5 Windows mobileNewest player, least perceived secure device6 Smartphone role within business environment6.1 Email7 Malware definedContinuously evolving, changing creativeVirologyMalware encompassesDefine Malware (Family)Malware, short formalicious software http//en.wikipedia.org/wiki/Malware Grimes (2001) defines malware as any software program designed to move from computer to computer and network to network to intentionally modify computer systems without the consent of the owner or operator. Etsebeth, V. (2007)Sensory malware soundminer, a stealthly Trojan with harmless permissions that can sense the context of its a udible surroundings to target and extract a very small amount of HIGH-VALUE DATA.Give example7.1 BadwareGive example7.2 CrimewareCollecting company secrets for profitCrimeware is malicious software that is covertly installed on computers. Most crimeware progams are in fact Trojans. There are many types of Trojans designed to do different things. For example, some are used to log every key you type (keyloggers), some capture screenshots when you are using banking websites, some download other malicious code, and others let a remote hacker access your system. What they each have in common is the ability to steal your confidential information such as passwords and PINs and send it back to the criminal. Armed with this information, the cybercriminal is then able to steal your money. http//www.kaspersky.com/crimewareGive example7.3 GreywareAdwarespywareGive example7.4 lay on the linewareGive example7.5 RootkitsiPad and smartphone rootkits demod by boffins http//www.theregister.co.uk/2 010/02/23/smartphone_rootkits_demoed/Give example7.4 ScarewareGive example7.5 TrojanGive example7.6 VirusGive example8 Define Risk to business or individualMobile banking8.1 Define Legal implicationshttp//www.oucs.ox.ac.uk/its3/seminar-notes/2005-05-18-DataSecurityLaw.pdfComputer related crimeDishonestly obtaining electronic communication serviceSection 125 of the Communications Act 2003 creates an crime in relation to dishonestly obtaining use of an electronic communication service with intent to avoid payment of the charge applicable to that service. This offence reflects the continual advancement of technology, thus covering all the diverse types of services availableTheft of informationOxford v Moss (1979)Unauthorised use of a computer theft of servicesTheft Act 1968, s. 13 dishonestly uses without due authority, or dishonestly causes to be wasted or diverted, any electricity vile damage Intangible (Computer Misuse Act 1990, s.3) unauthorised modification to impair the operati on,prevent or kibosh access or reliability denial of service The Caffrey problem Case law insiders Whitaker (1993) Lindesay (2000) virus writers e.g. bay window (1995), Vallor (2003)8.2 ResponsibilityExamine who is responsibleDefine SolutionsEffects and results of infected device on company with each malware type9 SecuritySecurity doesnt exist in products and verbiage alone it requires a process, people, policies, education, and technologies working together. http//www.informationweek.com/news/showArticle.jhtml?articleID=65029979.1 ISO270029.2 COBIT 5Schedule to release in 2011, COBIT 5 will consolidate and integrate theCOBIT 4.1, Val IT 2.0 and Risk IT frameworks and also draw significantly from the Business Model for Information Security (BMIS) and ITAF. http//www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspxSecurity updates?9.3 Smartphone security solutionshttp//www.networkworld.com/news/2011/020911-ibm-juniper-mobile-security.html10 ConclusionsMoores Lawhttp//venturebe at.com/2010/08/13/moore%E2%80%99s-law-hits-a-wall-trouble-for-mobile-growth/disqus_thread10.1 Summary10.2 Future workMobile wallets customers will be able to transfer funds from their bank account/paypal using their phones via text message (http//www.cs.virginia.edu/robins/Malware_Goes_Mobile.pdf)http//en.wikipedia.org/wiki/NirvanaPhone future smartphonesymbiant acquisitioned by Microsoft (biggest os for pcs) newest player to smartphone market.As Sensor-rich smartphones become more ubiquitous, sensory malware has the potential to breach the privacy of individuals at mass scales. https//www.cs.indiana.edu/kapadia/papers/soundminer-ndss11.pdf11 GlossaryPC Personal computerPDA Personal digital assistantProsumer Professional + consumer = advanced consumer (Cisco, 2008)http//www.cisco.com/web/about/ac79/docs/wp/Prosumer_VS2_POV_0404_FINAL.pdf