Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.

Published byArthur Simpson Modified over 9 years ago

Similar presentations

Presentation on theme: "Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION."— Presentation transcript:

1 Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION TECHNOLOGIES DEPARTMENT Emailsmchome@tra.go.tz: vrukiza@tra.go.tz;smchome@tra.go.tzvrukiza@tra.go.tz

2  Introduction  Security risks and threats  Security Enforcement  Conclusion OUTLINE

3 INTRODUCTION – PURPOSE Mobile devices & Applications Risks & Threats Secure Mobile platforms Essential Security Mechanisms

4  Fastest growing sector  Calls + SMS  Fully fledged mobile computing platform  1G Analogue cellular network  2G Digital Cellular network  3G Broadband data services-  4G native IP networks INTRODUCTION – MOBILE TECHNOLOGY

5  Smartphones, tablets, PDAs  High Processing power  High Storage Capacity  Easy Usability - touch screens, voice, QWERTY keyboards INTRODUCTION – MOBILE TECHNOLOGY Cont.

6 High capabilities has led to fast & high penetration and adoption Mobile payments & banking  Income & Property Tax, Utility bills (LUKU, DSTV & Water)– MPESA, NMB mobile Business operations - Complete Office Software INTRODUCTION – MOBILE APPLICATION IN PUBLIC SECTOR

7 Information security Mainly focused in protecting Information and Information systems from threats and risks that may result in unauthorized disclosure, interruption, modification and destruction. SECURITY RISKS AND THREATS

8 Security principle for ensuring non-disclosure of Information to unauthorized users  Small size – Easily misplaced, left unattended, stolen  Vulnerabilities in mobile applications - Malicious Code embedded in mobile apps  Wireless Technology – Bluetooth & Wi-Fi SECURITY RISKS AND THREATS - CONFIDENTIALITY

9 Data integrity refers to the accuracy and consistency of stored or data in transit, which is mainly indicated by the absence of data alteration in an unauthorized way or by unauthorized person  Weak protection mechanisms  Turning off security features  Intentional hacking of the traffic through sniffing and spoofing SECURITY RISKS AND THREATS - INTEGRITY

10 Availability is a security attribute of ensuring that a system is operational and functional at a given moment of time  Compromised devices causing downtime to the connected infrastructure  DOS attacks targeting mobile devices battery SECURITY RISKS AND THREATS - AVAILABILITY

11 Secure Information while optimize Key requirements of security solution ENFORCE SECURITY Protection ManagementSupport Detection

12  Discover devices’ protection mechanisms  availability of antivirus  remote sanitization & encryption capabilities  authentication strength  Block unprotected /compromised devices based on Security policy set ENFORCE SECURITY - DETECTION MECHANISMS

13  Effective Authentication methods – avoid plain, weak passwords  Access Control - Limit what attacker can do  Encryption  Protect stored information – even when device is lost  Protect transmitted data  Block unused, vulnerable communication ports  Disable wireless communication (Bluetooth, Wi-Fi) while not in use ENFORCE SECURITY – PROTECTION MECHANISMS

14 Centrally managing all devices  Security Administration  Control  Audit  Report Security Policies - Digital Policy Certificate ENFORCE SECURITY - MANAGEMENT

15 Support when devices are lost  Remote Sanitization  GPS Locator Education and Security awareness  Simple Steps to reduce risks  Trusted sites for downloading applications  Proper security settings  Use of strong password  Regular updating devices ENFORCE SECURITY - SUPPORT

16 Ratings by Security Mechanisms Category Enterprise Readiness of Consumer mobile platforms by Cesare Garlati of Trend Micro Security Mechanisms in Mobile Platforms

17  Usage of mobile applications is inevitable  Organizations’ commitment  Investment in security solutions - Means for enforcing, monitoring and auditing protection mechanisms  Users Security Awareness CONCLUSION

18 Q & A THANK YOU

Download ppt "Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION."

Similar presentations

Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.

Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Beyond Compliance: Advanced SmartGrid Authentication Paul Miller Uniloc.

Beyond Compliance: Advanced SmartGrid Authentication Paul Miller Uniloc.
Identify risks with mobile devices: Portable data storage Wireless connections 3 rd party applications Data integrity Data availability 2.

Identify risks with mobile devices: Portable data storage Wireless connections 3 rd party applications Data integrity Data availability 2.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.

Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Sixth Annual African Dialogue Consumer Protection Conference Session 5: Panel Discussion – Mobile Technology, Mobile Payments and Cyber Threats September.

Sixth Annual African Dialogue Consumer Protection Conference Session 5: Panel Discussion – Mobile Technology, Mobile Payments and Cyber Threats September.
By Ashlee Parton, Kimmy McCoy, & Labdhi Shah

By Ashlee Parton, Kimmy McCoy, & Labdhi Shah
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
Purdue University proudly presents www.purdue.edu/securepurdue Doug Couch & Nathan Heck, IT Security Analysts.

Purdue University proudly presents Doug Couch & Nathan Heck, IT Security Analysts.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Chapter 1 – Introduction

Chapter 1 – Introduction
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
CS691 Robin Kimzey Cell Phone Security a little computer in your pocket an easy target for malcontents.

CS691 Robin Kimzey Cell Phone Security a little computer in your pocket an easy target for malcontents.

Similar presentations

Ads by Google