Last but not least, a bit less technical but important aspect is the administration infrastructure: security administration becomes a huge issue when thousands of mobile devices are deployed. Policy enforcement, deployment, updates, help desk, key recovery and system logging are all vital components of an enterprise system that provides "provable" security to comply with data privacy regulations.
One more thing you can do, in order to protect your device in a rigorous way, is to use tools that reinforce the security of your system under a global perspective, like SELinux (“Security Enhanced Linux”: http://www.nsa.gov/research/selinux/index.shtml) or AppArmor (http://en.opensuse.org/AppArmor) for a Linux operating system, or TrustedBSD (http://www.trustedbsd.org) for FreeBSD and Mac OSX. This is about notebooks, where you can essentially install the same software you install on desktop computers, but there is something for smaller devices too, for example a specific adaptation of SELinux for mobile devices, MicroSELinux, is mentioned here:
A technical article on the subject is:
“Last but not least”, a bit less technical but important aspect is the administration infrastructure: security administration becomes a huge issue when thousands of mobile devices are deployed. Policy enforcement, deployment, updates, help desk, key recovery and system logging are all vital components of an enterprise system that provides "provable" security to comply with data privacy regulations.
Here is a list of some more little useful precautions a security policy should include:
Speaking in general, the article
is interesting too, as it mentions various technical approaches to mobile device security, like hardware approach and use of virtualization technology.
As a conclusion, here is a list of the main aspects you have to consider, as a memorandum (check list), considering that the importance and the applicability of some of them depend on the specific device you're using:
Dealing with all topics concerning mobile security would be very long, but this simple memorandum can be useful as a starting point for deeper analysis when required. Several “pointers” to specific subjects have been given.
Logical Security regularly publishes white papers on topics vital to the security industry. Visit our CISSP Education Resources section to obtain valuable information and perspective on security practices.
Part 5 of 5 extracted from an original article written by Shon Harris entitled:
Mobile Device Security
Read Part 1 - Mobile Devices - Definition And Security Issues
Read Part 2 - Mobile Devices - Security Implications And Countermeasures
Read Part 3 - Mobile Devices - Access Control, Wireless Network Risks And Security Implementations
Read Part 4 - Mobile Devices - Viruses, Malware And Various Threats To Mobile Devices
Take advantage of special member promotions, everyday discounts, quick access to saved content, and more! Join Today.
Cisco Firepower Threat Defense (FTD): Configuration and Troubleshooting Best Practices for the Next-Generation Firewall (NGFW), Next-Generation Intrusion Prevention System (NGIPS), and Advanced Malware Protection (AMP)