Nov 01 2012

10 reasons to ponder before using your smartphone for banking

Category: Smart PhoneDISC @ 11:55 am


Ā 

Mobile Payment Security

01) There is no clear legislation that sets out your rights to receive a refund if your bank account is fraudulently emptied due to mobile bank app insecurity. The burden of proof seems to be on the user to protect their handset, operating system, software, mobile operator infrastructure and everything else in the ā€œchainā€ of the transaction.

02) Of course you want to be able to use WiFi hotspots, this means you are in most cases operating on an insecureĀ wireless network. Itā€™s so easy for ā€œbad guysā€ to sniff the air with a free utility and read your details.

03) Most users have not even set up a basic passcode on their devices (smartphones). Therefore if some gets access to the device, they have potentially access to their bank account.

04)Ā  Most app stores do not test the security of apps. It is very easy for the ā€œbad guysā€ to put Malware in the apps that can steal information from your device or other apps on your phone/device (e.g. banking app). Or it can happen when the app updates.

05) Most Smartphone device users have not installed security software on their device. Therefore they have less security than comparing to a laptop or PC with security software installed.

06) The average Smartphone users does not regularly perform OS (Operating System) updates. Many of these updates are critical security patches.

07) Due to performance issues, many of the lower cost handset manufacturers are disabling security features in order to improve performance of the device.

08) Malware on the Android platform smartphone alone has gone up over 400% in the last year

09) The technology that keeps apps separate on device does not separate them out into private sandboxes. This means that one app can read the details stored in another app without much difficulty.

10) )Ā If youĀ check the T&Cā€™s (terms and conditions) fromĀ Ā local Ā banking appĀ andĀ they may Ā wantĀ you to grant permission for the app to know your phoneĀ location (GeoIP).

Related articles

Tags: Android, Geolocation, Malware, Operating system, Personal computer, Security, Smartphone, Wi-Fi

May 06 2011

NSA publish list of recommendations for Keeping Networks Secure

Category: cyber securityDISC @ 10:27 am
National Security Agency seal

Image via Wikipedia

ā€˜Best Practices for Keeping Your Home Network Secureā€™ is a new guide published by the National Security Agency. This document provides home users directions for keeping their systems secure and protected.

Users are faceing lots of security issues now a days, and trying to apply all the required security measures is complicated due to the fast pace of changes in technology and new vulnerabilities that may leave them open to new attack. Thess controls are industry best practice and mitigate most risks to safeguard your information assets.

The document is divided in 4 parts:
ā–  Host-Based Recommendations:
ā–  Network Recommendations:
ā–  Operational Security (OPSEC)/Internet Behavior Recommendations:
ā–  Enhanced Protection Recommendations:

To be safe on the internet, use these recommendaions as a best practice to reasonably safeguard your information assets. These best practice information controls may also help you to invest wisely and justify cost on security.


Related articles

NSA titles for IAM and IEM implementation and certification

Tags: Best practice, Industry Standard Architecture, IPad, Microsoft, National Security Agency, Operating system, Security, United States

May 06 2009

Rise of cybercrime and management responsibility

Category: Information Security,Information WarfareDISC @ 5:08 pm

ITIL Security Management
Image via Wikipedia
According to SF Chronicle article by Deborah Gage (May 8, 2009, c2) consumer reports magazineā€™s annual ā€œState of the Netā€ survey finds that cybercrimes has held steady since 2004, with one out of five consumers becoming victims in last two years at a cost to economy of $8 billion. Consumer report can be found on at www.consumerreports.org

Uncertain economic time brings new threats and scams and most of the security experts agree that thereā€™s a possibility of increase in cybercrime for this year. Survey also found that around 1.7 million people were victims of identity theft and 1.2 million had replaced their computers because of infected software.

First why all the signs are showing uptick in cybercrimes and second what are we going to do about it.

Management should start considering security as total cost of ownership instead of wasting time on what is ROI of information security. If there is a security breach, somebody in the management should be held accountable not an IT or security personnel. Management will keep demonstrating lax attitude toward data protection and security in general unless there are serious consequences like spending time in jail for lack of security controls (basic due diligence) and not taking appropriate actions for the risks that posed a significant threat to the organization.

PCI, HIPAA and SOX compliance are a good start in a right direction for management to take information security into consideration, but these compliance initiatives donā€™t address the security of a whole organization. They address security risks of a business unit in an organization. If management is really serious about security then ISO 27002 code of practice is one of the option which should be considered to address the security of the whole organization and ultimately organization should achieve ISO 27001 certification which will build a comprehensive information security management system to manage ongoing risks.

[TABLE=2]

Related articles by Zemanta

Reblog this post [with Zemanta]

Tags: Information Security, International Organization for Standardization, isms, iso 27001, iso 27002, Operating system, Policy, Security