Who Can I Trust?

Ongoing Aims

1. Install and try out Vulnerable Mobile Applications
2. Find papers and start Lit Review - Started
3. Plan Introduction - Started
4. Gather Questions to Fuel Research - Completed
5. Analyse trusted sources - partially completed

--------------------------------------------------------------------------------------------------------------------------

Todays blog is all about the analysis of the trusted journals i've collected and why I trust them and what they information they can provide me. The articles have been split into categories regarding my research questions. The categories are:

1. Mobile Application Security
2. Android
3. iOS
4. Risk Assessment
5. Mobile Protection

By the side of each article title i will put numbers of the categories the article relates to.

1. Journal Articles - Emerging Threats from a Mobile Platform - 1,2,3

Journal - MIPRO

Year - 2011

Brief Description - Provides an overview of the challenges and threats to mobile platforms. The articles focus's on iOS, Android and Symbian mobile devices. Also reviews the similarities between Mobile and desktop malware.

Cited - 2

URL - http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5967292

- This journal is trusted because it was used during an international conference on IT Security, the authors also all work at respectable establishments, such as various universities.

2. Journal Article - A Survey On Security for Mobile devices - 1

Journal - Communications Surveys & Tutorials, IEEE

Year - 2013

Brief Description - The paper surveys the state of art threats, vulnerabilities and solutions of mobile devices from 2004-2011.

Cited - N/A

URL - http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6170530

- This journal is trusted because the authors are both from respectable companies, e.g. telefonica, and would be able to get access to the data required to come to a trusted and accepted solution. It was also posted in a Journal that was created by IEEE which was published very recently.

3. Journal Article - Mobile Security: A look ahead - 1,2,3,5

Journal - Security & Privacy, IEEE

Year - 2013

Brief Description - This article reviews the challenges faces by employee owned mobile devices and compares iOS and Android security solutions. It also takes a look at various security solutions, some of which are application based and some are through the use of IDS's

Cited - N/A

URL -http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6427812

- Also the citing wasn't available for this article i feel is still extremely trustworthy as the authors are both from prestigious backgrounds and have written other articles in areas similar to this. The article was also published in a journal all about security and privacy which means it had to beat of some heavy competition to get into the journal.

4. Journal Article - Vetting Mobile Apps - 1,2,3

Journal - IT Professional

Year - 2011

Brief Description - Talks about why vetting mobile applications from 3rd parties is so important and discusses various vetting techniques.

Cited - 1

URL -http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5960018

- I feel that due to the authors and that it was in a Journal all about insecure IT that the source is trusted. The authors work at the national institute for Technology.

5. Report - Symantec International Security Threat Report - 1,5

Year - 2011

Brief Description - Report focusing on Threats from a range of devices, and focus's on threats from mobile devices. Provides lots of key figures.

Cited - N/A

URL - http://book.itep.ru/depository/security/symantec/Symantec%20-%20April%202011%20threat%20report.pdf

- This source is trusted because it is from one of the largest IT Security companies in the world, the used a wide sample for all of the key figures which proves the information can be trusted.

6. Journal Article - Android Architecture: Attacking the weak points - 2

Journal - Network Security

Year - 2012

Brief Description - This article talks about threats posed to android devices and why there so insecure.

Cited - 4

URL - http://www.sciencedirect.com/science/article/pii/S1353485812700922

- This article was written by a freelance journalist who specialises in Information Security. He produces a lot of respected journals which have been cited several times.

7. Journal Article - Android Malware and Mitigation - 2

Journal - 2012

Year - 2012

Brief Description - This article focus's on Malware attacks on Android devices and the mitigation techniques available

Cited - 2

URL - http://www.sciencedirect.com/science/article/pii/S1353485812701046

- This article was written by a freelance journalist who specialises in Information Security. He produces a lot of respected journals which have been cited several times.

Other Trusted Resources Include:

• FOD Security user guide - Manual for tool used by the application security team
• FOD mobile security review for the company - outlines the processes provided to the company by their 3rd part application testers
• Software Security: Building Security In, Gary McGraw - Gary's book on application security.

So far i've gathered a wide variety of trusted resources, but only in certain area. I need to focus and find more in the areas of iOS, Risk assessment and mobile protection. I'll be looking into design policies, frameworks for risk assessment and various protection mechanisms over the next few days.

Thank you very much for reading!! Stayed tune for more. You Stay Classy Bournemouth.

Contact Info:

• Facebook - Oliver Green
• Twitter - @Ollimusprime
• Google+ - Oliver Green
• Linkedin - Oliver Green
• Email: olivergreen92@hotmail.co.uk

Fuelling the Research

Ongoing Aims

1. Install and try out Vulnerable Mobile Applications
2. Find papers and start Lit Review - Started
3. Plan Introduction - Started
4. Gather Questions to Fuel Research
5. Analyse trusted sources

--------------------------------------------------------------------------------------------------------------------------

Todays blog entry will focus on the questions that will help fuel my research for my Lit Review and why they will be vital to my lit review, and it will also contain analysis on the trusted sources i have at hand that are people I can use and can lend knowledge to me during my project.

Research Questions
1. What are the main threats to mobile security?
The first questions is focused on Mobile application security and the threats posed to this area. This research will focus on general mobile security, the leap from Desktop to Mobile and the main exploit and vulnerabilities in mobile devices.

2. Which platform is the most secure iOS or Android?
This second question will delve into specifics of which platform is the most vulnerable and why? It will also look briefly at larger mobile devices such as iPads and tablets. This will help my artefact design as it will allow me to assess applications based on which OS there going to be launched on, as the team will want to more thoroughly test an application that is on a more vulnerable OS.

3. What are the most effective ways to perform application risk assessments? Are there any frameworks to follow?
This question will delve into general risk assessment. It will look at various frameworks and the ways other companies have performed risk assessments. At the end of this research i'll have a chosen framework to follow and some key areas to assess the applications.

4. What is Architecture level risk analysis (ARA)? How is it best to perform this process?
This question is for me to gain a greater insight into the area of ARA. by the end of this research i'll know how the process works, how to design a risk assessment using ARA and the benefits that this will give.

5. What protection is there for mobile devices at application level? And non-application level?
This question will focus me on mobile protection and the kind of protection the apps at the company should have. This will look into areas like secure coding, jailbroken devices etc. By the end of this research i'll have some more areas to assess the risk level of the application by.

Human Trusted Sources
1. Ollie Green - Myself
I feel i'm a trusted resource as i have 3 years of forensic computing at university under my belt. I am a 1st class student who has over a year and half's experience at two FTSE 100 companies. I worked in IT Risk at GE Capital for a year where i performed various risk assessments and gained a large amount of knowledge into IT Risk. I worked at the company i'm currently doing this project for for 3 months where i was in the application security team and gained a lot of knowledge into application vulnerabilities and protection.

2. Michael Jones - Project Tutor
Mike is a trusted resources as he has years of experience lecturing in the field of forensic computing and before that worked as a consultant for lots of different companies and has a lot of experience in IT security. During the project Mike will be there to provide hints and tips and feedback on various drafts.

3. S.G. - Application Security Analyst
SG is a recent graduate of IS stream at this company which takes 2 years, and has been in the application security team for almost 2 years. He has a great wealth of knowledge in the area of IT security and application security which he has learned throughout his 4 years at the company. He also has recently gained an IT security qualification and has become a certified penetration tester. Stephen will be my main contact and stakeholder throughout the duration of my project and will act as the expert of mobile applications for use externally (public facing)

4. D.K. - Application  Security Analyst
DK has been a member of the application security team for over a year, and before that has moved throughout various roles aimed at quality assurance and testing within the company. He has a lot of knowledge within the area of mobile security and will act as my expert of mobile applications used internal (engineer apps). Holds same qualification as SG.

5. R.N. - Application Security Manager
RN has been manager of the application security team for over 3 years. Previous experience involves work at Oracle and other roles within the company. RN will act as one of the main stakeholders and will provide feedback on the artefact. Holds same qualification as SG.

6. P.P. - Quality Assurance and Control Manger
PP manager several teams, one of them being the Application Security team, he has a wide area of knowledge within IS and has been at the company for over 15 years. PP will act as one of the main stakeholders and will provide feedback and guide dance on the artefact.

7. Gary McGraw - Expert on ARA
Gary McGraw is a resident expert in Mobile Security and more specifically ARA to which is the author of a book called Software Security: Building it in, where it talks about how vital ARA is to software security. Gary McGraw is a trusted source due to his many years within the business of IT Security and his current role as CTO for Citigal, he has written a lot of books and is quite of the keynote speaker at HP's Enterprise security conferences. I won't have Gary on hand during the project but I do has a copy of his book and lots of videos of his key note speeches in which ARA focuses heavily.

So this is all of my Human trusted sources and research questions.
The next blog will feature a quick analysis of the other trusted sources i've already gathered, these sources are all Journal Articles and Books to be used for my Literature Review.

Thank you very much for reading!! Stayed tune for more. You Stay Classy Bournemouth.

Contact Info:

• Facebook - Oliver Green
• Twitter - @Ollimusprime
• Google+ - Oliver Green
• Linkedin - Oliver Green
• Email: olivergreen92@hotmail.co.uk

Laying the foundations

Ongoing Aims

1. Install and try out Vulnerable Mobile Applications
2. Find papers and start Lit Review - Started
3. Decide on Research method for final pathway - Completed
4. Plan Introduction - Started
5. Create Basic Dissertation Layout - Completed

--------------------------------------------------------------------------------------------------------------------------

It's been a while since my last blog as Friday was my birthday and the celebrations went on all weekend. This blog revolves around the work completed yesterday and today.

Yesterday I was very focused on laying the foundations for my dissertation. By reading through past dissertations and looking at the structures theirs took i was able to lay the foundations for my dissertation and plan out various sections.

The main sections planned out and given headers were the Introduction and Lit Review.

The introduction was split into:

• Problem Statement
• Project Scope
• Intended Audience
• Project Objectives
• Why the project is honours worthy

Today and tomorrow will be spent bullet pointing out key points that i feel should be included in these sections. This will help when it comes to writing as it'll act as a reminder to any thoughts i had early on.

The Lit review was split into a few sections which need to be discussed with my project tutor:

• Mobile Application Security
• This section will be used to give an overview on mobile application security, and vulnerabilities that occur in mobile devices. there will also be a brief section discussing android vs iOS vs Windows mobile in which the various benefits and disadvantages of the platforms are outlined
• Risk Analysis
• This section will focus on how to perform a risk analysis, it will also have a sub section on Architecture level risk analysis. I will take a look at various risk frameworks and see if they can be incorporated in my paper.
• Mobile Protection
• This section will discuss various techniques for securing mobile platforms. Most of the protection will be application based, but i'll also go into some detail regarding other ways of non app based security.

These sections and sub sections need to be agreed upon with my tutor, but until they are i've spent today gathering various articles and journals on all areas covered in the lit review. To gather the articles and store their references i've used End Note basic. End note was an application I hadn't previously used before so i spent some of today learning how to use it's interface and how to import references from various websites such as science direct and google scholar. 

The articles i've gathered so far have been grouped used a function within end note, the articles are grouped using the sections and sub sections of the lit review. I did this so when it comes to writing the lit review I won't have to sift through all of my articles to find the one i need, i'll only have to look through a set few, so findings quotes and referencing will be much easier as i'll know the category i wish to make a point about so i can find a quote much easier.

On going work with the articles is my analysis of them as my trusted sources. At the moment I have around 9 articles and 5 trusted people that will all be used as my trusted sources. As i read through my articles this list will continue to grow until i have a healthy amount of articles.  By Thursday I will hopefully have a completed list of trusted sources that have been analysed ready for my meeting with my project tutor.

The only articles i haven't gathered yet are ones specific to research methods, this will be completed by friday and i'll be able to start my lit review this weekend.

Thank you very much for reading!! Stayed tune for more. You Stay Classy Bournemouth.

Contact Info:

• Facebook - Oliver Green
• Twitter - @Ollimusprime
• Google+ - Oliver Green
• Linkedin - Oliver Green
• Email: olivergreen92@hotmail.co.uk

Goals upon Goals

Aims For This Week

1. Install and try out Vulnerable Mobile Applications
2. Find papers and start Lit Review
3. Choose a Final Pathway - Completed
4. Decide on Research method for final pathway
5. Plan Introduction

--------------------------------------------------------------------------------------------------------------------------

Since my last blog i've been doing some research into academic articles around ARA, Mobile risk assessment and mobile vulnerabilities but all that research will come together in a blog over the next few days.

Today's blog is all about me setting myself some goals. The reason i'm setting myself these goals is because i'm a very goal oriented person who needs to have a deadline to aim for otherwise I'll keep putting the work off, so therefore by aiming for a deadline i can make sure i'm always on target!

Goal 1 - 20th Feb Plan and flesh out introduction
The output of this goal will be to have a planned introduction with various bullet points which when I come to writing the main body will easily be fleshed out into complete sentences. I'll also have my project Aims and Objectives written therefore i'll show that from the beginning i knew what my intended output was.

Goal 2 - 24th Feb Plan out Interviews
This goal is for me to have all my interviews planned out and memorised, i'll also run them past my dissertation tutor to see if there is anything I've missed. To plan out the interviews i'll have to conduct further research into interview techniques to make sure there as professional as possible.

Goal 3 - 28th Feb Majority of Literature Review written
This goal is for me to make sure i'm proceeding quickly and effectively with my Literature review. To complete this goal i'll need to have a set of academic papers that i will be using in my review. By making sure I get the majority of it finished by February 28th I can then make sure it makes sense and flows from point to point.

Goal 4 - 6th Mar Conduct and Analyse all Interviews
In the first week of March I want to make sure all my interviews have been completed and are ready for me to analyse right away. I'll be analysing the interviews right away because that way the interview is still fresh in my mind and I'll be able to provide a lot of details on gesture and body movements.

Goal 5 - 9th Mar Plan and Start writing artefact
Once all the analysis has been completed I will start planning and then writing the artefact right after the interviews. I want to start writing the artefacts as early as possible because it will require feedback from my colleagues so I want as much time as possible for any changes that may need to be made.

Other Goals

• April 10th - Draft Artefact Completed and submitted for feedback
• April 15th - Draft Main body dissertation completed
• April 25th - Final Artefact Completed and presented to colleagues for final feedback

Over the next few days as well as aiming to complete my goals, I will be producing a Gantt chart with detail on what areas i'm looking at, when certain research should be completed, etc. I feel that this will be able to provide a detailed look into my inner thinking and the time scale i'm looking at for my project.

Thank you very much for reading!! Stayed tune for more. You Stay Classy Bournemouth.

Contact Info:

• Facebook - Oliver Green
• Twitter - @Ollimusprime
• Google+ - Oliver Green
• Linkedin - Oliver Green
• Email: olivergreen92@hotmail.co.uk

The Chosen One

Aims For This Week

1. Install and try out Vulnerable Mobile Applications
2. Find papers and start Lit Review
3. Choose a Final Pathway - Completed
4. Decide on Research method for final pathway
5. Plan Introduction

--------------------------------------------------------------------------------------------------------------------------

Today I had a meeting with the company I will be working with and we discussed the 3 pathways that they thought I could take my project. The meeting was extremely interesting and it was nice to catch up with old colleagues. The objective of the meeting was to decide on a final pathway so that I could start getting stuck into the project and start planning my introduction.

During the course of the meeting it was decided that I will create and implement a risk assessment strategy for Old and New mobile applications. This strategy will be an Architecture-level Risk Assessment, so it will be used to provide a risk rating for applications based on certain architectural characteristics. The main outputs of this project will be a risk assessment excel document that calculates risk ratings based on certain inputs and an approach/strategy for testing new applications and categorising them. Other outputs are still to be decided but one that has been decided is a scanning schedule that schedules how frequently and what type of test should be run on an application.

The new risk assessment strategy will be built upon their current threat model and treat analysis process, which is unable to handle the influx of new mobile applications and is primarily a test driven which isn't suitable anymore for mobile applications. The strategy should rank applications, rate their risk level and recommend testing strategies and the analysis.

To gain further insight into Architecture-level risk analysis (ARA) i've been provided the name of an author and keynote speaker at security conferences called Gary Mcgraw (Unsure whether he is related to the country singer Tim Mcgraw) and i've spent a few hours today looking into his articles and book which I am going to attempt to find a copy of.

At the end of the meeting i was provided with several key documents relating to the companies current security process which I will read through and will provide valuable insight into the what is missing and what needs to be implemented. I've also arranged several interviews in the first week of march so i can start my data collection.

Overall i've extremely happy that I have my project pathway so clearly laid before me, now i'm able to start planning what i have to do and i can start setting myself some goals.

Thank you very much for reading!! Stayed tune for more. You Stay Classy Bournemouth.

Contact Info:

• Facebook - Oliver Green
• Twitter - @Ollimusprime
• Google+ - Oliver Green
• Linkedin - Oliver Green
• Email: olivergreen92@hotmail.co.uk

Prep, Prep, Prep

Aims For This Week

1. Install and try out Vulnerable Mobile Applications
2. Find papers and start Lit Review
3. Choose a Final Pathway
4. Decide on Research method for final pathway
5. Plan Introduction

--------------------------------------------------------------------------------------------------------------------------
Today was a refresher day after a quick weekend of relaxing. I refreshed myself on Grounded theory, delving into how grounded theory can be used in Information systems research, and found two articles (shown below) illustrating this. The articles were very interesting and had a lot of key ideas of grounded theory specifically for IS, i will be further exploring the articles within the next few days.

Paper 1:

The applicability of grounded theory as research methodology in studies on the use of methodologies in IS practices, R Goode & C Villiers

http://dl.acm.org/citation.cfm?id=954037

Paper 2: 

Investigating the use of "Grounded Theory" in information systems research, R Matavire & I Brown

http://dl.acm.org/citation.cfm?id=1456676

At 11am today we had a project lecture which outlined key points for how to get a high grade in the project by working towards a grade using the assessment criteria provided in the project handbook. This lecture was extremely useful as it showed the work that needs to be put in to get a high grade and how focused you have to be. It was definitely an eye opener and a real motivated session, making me want to strive for those higher grades.

The final part of today went towards planning for my meeting tomorrow with the company. The meeting will involve discussing the pathways that could be taken and deciding which is the most time effective and which will allow me to get the highest possible grade and will be the most beneficial for the company. To plan for the meetings, i've outlined my initial ideas on the pathways, detailing the work that would be need to be done, what resources i would need, what skills i would need, the research methods i could use and what would be the outcome. I feel extremely prepared for my meeting tomorrow and will let you all know how the meeting goes.

Thank you very much for reading!! Stayed tune for more. You Stay Classy Bournemouth.

Contact Info:

• Facebook - Oliver Green
• Twitter - @Ollimusprime
• Google+ - Oliver Green
• Linkedin - Oliver Green
• Email: olivergreen92@hotmail.co.uk

Choosing the most grounded pathway

03/01/2014 - 09/10/2014 AIMs (REVISED)

1. Research and gain an insight into qualitative and quantitative research methods
2. Learn Proper interview etiquette and plan interviews
3. To gather at a minimum 20 pieces of literature for the lit review
4. To analyse and gather all resources and make plans for any resources that aren't yet available
5. Plan for worst case scenario
6. Narrow down my initial ideas from 5 to 2

AIMS for 05/02/2014 & 06/02/2014

1. Explore OWASP tools to learn more about mobile security - postponed
2. Plan out interviews for various job roles - postponed
3. Research Qualitative research methods and analyse which one(s) to choose
4. Complete various forms on MYBU

------------------------------------------------------------------------------------------------------------------------

On Thursday 6th February i had my first official kick off meeting with my project tutor, we discussed the general layout of the project and how the project would use the V model as a basis for the main body.

The meeting discussed the next steps to be taken, which were for me to investigate and research qualitative and quantitative research methods that could use for the data analysis/collection section of my project. The meeting also discussed the 3 pathways that the company had proposed my project could take, these were:

• A mobile development security standard/strategy
• A report into whether their apps should work on jailbroken devices
• A strategy for risk assessment/analysis of their current mobile applications

Of the 3 pathways my tutor and i decided the risk assessment would be the most practical as this is an area i've got experience in and it will be a rich and challenging task but also one that fits in with the time restraint. But this topic is still up for discussion and i will be in a call with the company on tuesday 11th for a meeting to discuss which pathway is the most appropriate.

Until then i'll be researching deeper into mobile security and research methods to be use for data analysis.

Qualitative Research Methods

The main research method i will be using is qualitative research, this will involve using case studies/interviews to gather my data and then using various qualitative techniques to analyse the data.

My Main research today has revolved around Grounded theory.

Grounded theory is the most common approach to qualitative research and is an analytic approach that prompts theory discovery and development rather than starting with a pre-proved theory.

I feel that this approach fits my three pathways well due to the fact that i'll be going into the project with a clean slate regarding the pathways and no theories, so by via conducting interviews and analysing the data i'll be able to discovery the theories which in terms of the pathways will be based around what the companies feels are the most important aspects of mobile security.

Grounded theory also has a key element of data collection and analysis proceeding simultaneously. This means that i'll conduct 2 or 3 interviews and then analyse the data from them, then from there i'll have to then conduct more interviews from areas I hadn't considered during sampling for various reasons. This element will allow me to easily and effectively show my thought process and evolution of my understanding of the situation.

Grounded theory uses coding as an analysis method, i haven't yet researched this method but I will be exploring this over the next few days and looking at other research methods and combining qualitative and quantitative methods.

AIMS for 07/02/2014

1. Explore OWASP tools to learn more about mobile security
2. Research Qualitative research methods and analyse which one(s) to choose
3. Complete various forms on MYBU

Thank you very much for reading!! Stayed tune for more. You Stay Classy Bournemouth.

Contact Info:

• Facebook - Oliver Green
• Twitter - @Ollimusprime
• Google+ - Oliver Green
• Linkedin - Oliver Green
• Email: olivergreen92@hotmail.co.uk

Mobile Application Security and Interview Techniques

03/01/2014 - 09/10/2014 AIMs 

1. To analyse my skills and achieve my desired skill level for each skill
2. To gather at a minimum 20 pieces of literature for the lit review
3. To analyse and gather all resources and make plans for any resources that aren't yet available
4. Plan for worst case scenario
5. Narrow down my initial ideas from 5 to 2

AIMs for 04/02/2014

1. To reach the desired level of 2 or more of my skills (starting with the lowest current level)
2. Create a plan for the Lit review
3. Start looking at literature, read a minimum of 10 pieces

Interview Techniques

I spent half of today looking into popular interview techniques. The reason i did this is because i will need to conduct several interviews for my project, to gather data for me to analyse, and i felt that with my current knowledge of how to conduct interviews i wouldn't have been able to conduct one than ran as smoothly as I would have liked.

The techniques I read up on taught me:

• How to plan an efficient interview
• How to properly phrase questions
• How to react to questions
• How to note down the interviewees reply
• How to start and end an interview
• How to order questions so they flow
• And most importantly what not to do

Because of what i've learnt today tomorrow i will be planning a list of questions for a variety of interviews that i hope will take place within the next few weeks.

Mobile Vulnerabilities and Mobile Malware

The other half of today was spent reading up on and investigating Mobile application security. The reading involved looking at common mobile vulnerabilities and looking briefly into different forms of Mobile malware and they different from malware that infects laptops and desktops.

A lot of today was spent reading up and getting known with this particular area, and theres a lot of information i've learnt about common mobile vulnerabilities and how they work, tools that are used to exploit these vulnerabilities, but there is still so much more for me to learn. One of my weaknesses is i'm not very good at taking in information i've read. So as there is still so much more to learn, which is the nitty gritty/technical part i will be using a much more hands on approach.

This approach involves me downloading and exploring a host of OWASP (Open Web Application Security Project) tools that will allow me to run these various exploits to really learn how they work and how to protect against them.

Analysis of Todays Aims

Todays Skill research and level increase went extremely well, I was happy with the outcome and now feel comfortable conducting an interview, but will still need to do more research till i feel extremely happy with conducting an interview. The Mobile application security research was extremely interesting and i learnt a lot about an unknown area to me. A lot of the research was extremely helpful and could be used towards my lit review.

Unfortunately i was unable to create a plan for my lit review which will have to be complete within the next two days. I will have to try harder to complete all of my targets.

AIMS for 05/02/2014 & 06/02/2014

1. Explore OWASP tools to learn more about mobile security
2. Research and Explore two more skills from the list in the previous blog
3. Plan out interviews for various job roles
4. Create lit review plan
5. Complete various forms on MYBU

Thank you very much for reading!! Stayed tune for more. You Stay Classy Bournemouth.

Contact Info:

• Facebook - Oliver Green
• Twitter - @Ollimusprime
• Google+ - Oliver Green
• Linkedin - Oliver Green
• Email: olivergreen92@hotmail.co.uk

Project Kick Off and Skill Analysis

Today was the official project kick off, we had a group meeting where the overall project was discussed and next steps were issued.

The next steps are:

• Skill Analysis/Recognition
• Decision of Evaluation methods
• Resource Recognition
• Literature gathering for Lit Review

The blogs from today and onwards will take the shape of:

-----------------------------------------------------------------------------------------------------

The weeks aim --- what is to be achieved at the end of the week

Todays Aim - what i hope to achieve today

-----------------------------------------------------------------------------------------------------

Main Body of blog relating to todays Aim

-----------------------------------------------------------------------------------------------------

Reflection of Today - Achieve what i set myself

Aim for the following day

-----------------------------------------------------------------------------------------------------

Any Comments

-----------------------------------------------------------------------------------------------------

03/01/2014 - 09/10/2014 AIMs 

1. To analyse my skills and achieve my desired skill level for each skill
2. To gather at a minimum 20 pieces of literature for the lit review
3. To analyse and gather all resources and make plans for any resources that aren't yet available
4. Plan for worst case scenario
5. Narrow down my initial ideas from 5 to 2

AIM for 03/01/2014

1. To recognise which skills are desirable for each of my pathways
2. To analyse my level of all of the desirable skills
3. Plan for next steps to reach my desired skill level for each skill

MAIN BODY

Skill analysis

Today I went through all of my initial ideas and analysed which skills I would need for each pathway (please refer to the first blog post to see ideas/pathways), when re-reading the skill list I had created for each pathway there was a common theme of skills that would be required throughout the project.

These were:

• Interview Technique: how to plan and execute a flowing formal interview
• Analysis Skills: how to spot trends and analyse the pro’s and con’s of software
• Mobile Malware knowledge: need to know different types of malware and the threats they pose
• Mobile Vulnerability knowledge: need to know the different types of vulnerability that can occur in mobile applications
• Report/Document Writing: need to know how to plan and write an effective and flowing report

The full list of Skills is shown below in a table that describes which skills are needed for each Pathway.

Table 1.1 Skills per Pathway

This table gives a general idea of the variety of skills needed for each Idea, these are just general skills, and isn't a complete list, there will be other skills required to complete this project but at the moment these skills aren't known to me, but as soon as they become know I will add them to the list.

Now I have my list of skills, I need to analyse my current level of each one. To do that I created another table which details:

• The Skill
• My current level
• My desired level
• The next steps (which have a brief description of my current knowledge of that skill)

The desired skill level is number 1 to 5 (1 low and 5 high) and to help show what these numbers mean i created a simple description of each level.

1. Little or no expertise/knowledge of the particular skill
2. Some expertise/knowledge but needs to learn more within that area to be sure of himself
3. Has a good understanding of key areas, but requires more learning to know all areas
4. Understands all areas within the the skill
5. Has a great understanding of all areas within the skill

Table 1.2 Skill Level

Analysis of Todays Aims

Today I was to efficiently and quickly gather an idea on the skills i would need for each particular pathway. I was then able to analyse my level of these skills and plan some brief next steps to get myself to the desired level that will allow me to gain the mark i wish to achieve. I feel that by using a tables in a clever way i was able to easily and efficiently show my thought pattern and show enough information in a detailed manor.

Although I have done a lot of analysis today, there was still more i could have done, i could have looked further down each pathway and discovered more skills that could be needed, but i chose a horizontal approach and covered all bases within each pathway, I did this because ultimately i will only choose 1 pathway and i want to remain focused on all pathways for the moment and not get to deeply involved in any of them.

AIMs for 04/02/2014

1. To reach the desired level of 2 or more of my skills (starting with the lowest current level)
2. Create a plan for the Lit review
3. Start looking at literature, read a minimum of 10 pieces

Thank you for reading, stayed tuned for more.