FRAMEWORK FOR MOBILE APPLICATION INCIDENT RESPONSE
P2273379A
1. INTRODUCTION
Mobile technology has penetrated people’s daily lives. Mobile technology brings a lot of positive effects to human lives, ranging from education, research, entertainment, health sector, social media, shopping and banking. However, the development of mobile technology has also a negative effect. As an example, people can do mobile banking, checking balance, transferring money, purchasing online and the like. These are positive effects. But there are a lot of problems related to it like loss of money, unknown withdrawals, over debits and many other incidents.
These incidents can be brought about by bugs in applications, data security issues, …show more content…
OBJECTIVES
The framework ensures the bank to make the appropriate decisions and quick actions and support the ability to exercise guidance over incident activities.
The objective of having a Mobile incident response framework includes:
Analyzing the incidents and events. The goal here is to identify the incident, the scope of the incident, document the extent of the damage it may cause, and provide effective response or action plan. Incidents will be properly handled through thorough analysis of the incident, collection of evidence, track the origins (if possible), and immediate response support for the affected unit or victim.
Managing Vulnerability. Need to gather data about the running IOS/Android operating system and vulnerabilities of the applications installed. The easiest way to do this is scan the device to determine and verify the suspected vulnerabilities and apply patches or updates to prevent the exploitation. Then notify others the need to know basis to prevent more damage.
Evidence. It can be defined as any object found that could be the threat involved in attack not only on the device itself but to prevent the spread to other devices as well. . There are viruses that spread like ‘HummingBad’ as a living …show more content…
Timely updates should be incorporated in the procedures to be sure of the effectiveness of the solution. Reports of incidents, prevention and vaulting should be provided to evaluate the effectiveness of the solution in place and types of attacks being encountered.
b. Uniformity of software to be installed in end-user Smartphone based on what the equipment will be used for.
c. Antivirus solution must be part of the security setup and set to automatic scan/update.
d. Any files received either electronically sent or through removable media should be scanned for probable malicious software content. e. Electronic mail attachments and downloads should be checked for malicious software before use. The corporate email system should be protected against this and “SPAM”.
f. An incident response procedures and team should be established to deal with the outbreak of this malicious software.
g. User awareness and training should be periodically done to inform users of the risks associated with obtaining files and software either from non-trusted websites, or on any other medium, indicating what protective measures should be taken. Bulletins and other informational messages should be regularly released for this purpose.
h. Regular update of the operating system and applications should be done to avoid vulnerabilities to these malicious
P2273379A
1. INTRODUCTION
Mobile technology has penetrated people’s daily lives. Mobile technology brings a lot of positive effects to human lives, ranging from education, research, entertainment, health sector, social media, shopping and banking. However, the development of mobile technology has also a negative effect. As an example, people can do mobile banking, checking balance, transferring money, purchasing online and the like. These are positive effects. But there are a lot of problems related to it like loss of money, unknown withdrawals, over debits and many other incidents.
These incidents can be brought about by bugs in applications, data security issues, …show more content…
OBJECTIVES
The framework ensures the bank to make the appropriate decisions and quick actions and support the ability to exercise guidance over incident activities.
The objective of having a Mobile incident response framework includes:
Analyzing the incidents and events. The goal here is to identify the incident, the scope of the incident, document the extent of the damage it may cause, and provide effective response or action plan. Incidents will be properly handled through thorough analysis of the incident, collection of evidence, track the origins (if possible), and immediate response support for the affected unit or victim.
Managing Vulnerability. Need to gather data about the running IOS/Android operating system and vulnerabilities of the applications installed. The easiest way to do this is scan the device to determine and verify the suspected vulnerabilities and apply patches or updates to prevent the exploitation. Then notify others the need to know basis to prevent more damage.
Evidence. It can be defined as any object found that could be the threat involved in attack not only on the device itself but to prevent the spread to other devices as well. . There are viruses that spread like ‘HummingBad’ as a living …show more content…
Timely updates should be incorporated in the procedures to be sure of the effectiveness of the solution. Reports of incidents, prevention and vaulting should be provided to evaluate the effectiveness of the solution in place and types of attacks being encountered.
b. Uniformity of software to be installed in end-user Smartphone based on what the equipment will be used for.
c. Antivirus solution must be part of the security setup and set to automatic scan/update.
d. Any files received either electronically sent or through removable media should be scanned for probable malicious software content. e. Electronic mail attachments and downloads should be checked for malicious software before use. The corporate email system should be protected against this and “SPAM”.
f. An incident response procedures and team should be established to deal with the outbreak of this malicious software.
g. User awareness and training should be periodically done to inform users of the risks associated with obtaining files and software either from non-trusted websites, or on any other medium, indicating what protective measures should be taken. Bulletins and other informational messages should be regularly released for this purpose.
h. Regular update of the operating system and applications should be done to avoid vulnerabilities to these malicious