Ongoing Aims
- Install and try out Vulnerable Mobile Applications
- Find papers and start Lit Review - Started
- Plan Introduction - Started
- Gather Questions to Fuel Research
- Analyse trusted sources
--------------------------------------------------------------------------------------------------------------------------
Todays blog entry will focus on the questions that will help fuel my research for my Lit Review and why they will be vital to my lit review, and it will also contain analysis on the trusted sources i have at hand that are people I can use and can lend knowledge to me during my project.
Research Questions
1. What are the main threats to mobile security?
The first questions is focused on Mobile application security and the threats posed to this area. This research will focus on general mobile security, the leap from Desktop to Mobile and the main exploit and vulnerabilities in mobile devices.
2. Which platform is the most secure iOS or Android?
This second question will delve into specifics of which platform is the most vulnerable and why? It will also look briefly at larger mobile devices such as iPads and tablets. This will help my artefact design as it will allow me to assess applications based on which OS there going to be launched on, as the team will want to more thoroughly test an application that is on a more vulnerable OS.
3. What are the most effective ways to perform application risk assessments? Are there any frameworks to follow?
This question will delve into general risk assessment. It will look at various frameworks and the ways other companies have performed risk assessments. At the end of this research i'll have a chosen framework to follow and some key areas to assess the applications.
4. What is Architecture level risk analysis (ARA)? How is it best to perform this process?
This question is for me to gain a greater insight into the area of ARA. by the end of this research i'll know how the process works, how to design a risk assessment using ARA and the benefits that this will give.
5. What protection is there for mobile devices at application level? And non-application level?
This question will focus me on mobile protection and the kind of protection the apps at the company should have. This will look into areas like secure coding, jailbroken devices etc. By the end of this research i'll have some more areas to assess the risk level of the application by.
Human Trusted Sources
1. Ollie Green - Myself
I feel i'm a trusted resource as i have 3 years of forensic computing at university under my belt. I am a 1st class student who has over a year and half's experience at two FTSE 100 companies. I worked in IT Risk at GE Capital for a year where i performed various risk assessments and gained a large amount of knowledge into IT Risk. I worked at the company i'm currently doing this project for for 3 months where i was in the application security team and gained a lot of knowledge into application vulnerabilities and protection.
2. Michael Jones - Project Tutor
Mike is a trusted resources as he has years of experience lecturing in the field of forensic computing and before that worked as a consultant for lots of different companies and has a lot of experience in IT security. During the project Mike will be there to provide hints and tips and feedback on various drafts.
3. S.G. - Application Security Analyst
SG is a recent graduate of IS stream at this company which takes 2 years, and has been in the application security team for almost 2 years. He has a great wealth of knowledge in the area of IT security and application security which he has learned throughout his 4 years at the company. He also has recently gained an IT security qualification and has become a certified penetration tester. Stephen will be my main contact and stakeholder throughout the duration of my project and will act as the expert of mobile applications for use externally (public facing)
4. D.K. - Application Security Analyst
DK has been a member of the application security team for over a year, and before that has moved throughout various roles aimed at quality assurance and testing within the company. He has a lot of knowledge within the area of mobile security and will act as my expert of mobile applications used internal (engineer apps). Holds same qualification as SG.
5. R.N. - Application Security Manager
RN has been manager of the application security team for over 3 years. Previous experience involves work at Oracle and other roles within the company. RN will act as one of the main stakeholders and will provide feedback on the artefact. Holds same qualification as SG.
6. P.P. - Quality Assurance and Control Manger
PP manager several teams, one of them being the Application Security team, he has a wide area of knowledge within IS and has been at the company for over 15 years. PP will act as one of the main stakeholders and will provide feedback and guide dance on the artefact.
7. Gary McGraw - Expert on ARA
Gary McGraw is a resident expert in Mobile Security and more specifically ARA to which is the author of a book called Software Security: Building it in, where it talks about how vital ARA is to software security. Gary McGraw is a trusted source due to his many years within the business of IT Security and his current role as CTO for Citigal, he has written a lot of books and is quite of the keynote speaker at HP's Enterprise security conferences. I won't have Gary on hand during the project but I do has a copy of his book and lots of videos of his key note speeches in which ARA focuses heavily.
So this is all of my Human trusted sources and research questions.
The next blog will feature a quick analysis of the other trusted sources i've already gathered, these sources are all Journal Articles and Books to be used for my Literature Review.
Todays blog entry will focus on the questions that will help fuel my research for my Lit Review and why they will be vital to my lit review, and it will also contain analysis on the trusted sources i have at hand that are people I can use and can lend knowledge to me during my project.
Research Questions
1. What are the main threats to mobile security?
The first questions is focused on Mobile application security and the threats posed to this area. This research will focus on general mobile security, the leap from Desktop to Mobile and the main exploit and vulnerabilities in mobile devices.
2. Which platform is the most secure iOS or Android?
This second question will delve into specifics of which platform is the most vulnerable and why? It will also look briefly at larger mobile devices such as iPads and tablets. This will help my artefact design as it will allow me to assess applications based on which OS there going to be launched on, as the team will want to more thoroughly test an application that is on a more vulnerable OS.
3. What are the most effective ways to perform application risk assessments? Are there any frameworks to follow?
This question will delve into general risk assessment. It will look at various frameworks and the ways other companies have performed risk assessments. At the end of this research i'll have a chosen framework to follow and some key areas to assess the applications.
4. What is Architecture level risk analysis (ARA)? How is it best to perform this process?
This question is for me to gain a greater insight into the area of ARA. by the end of this research i'll know how the process works, how to design a risk assessment using ARA and the benefits that this will give.
5. What protection is there for mobile devices at application level? And non-application level?
This question will focus me on mobile protection and the kind of protection the apps at the company should have. This will look into areas like secure coding, jailbroken devices etc. By the end of this research i'll have some more areas to assess the risk level of the application by.
Human Trusted Sources
1. Ollie Green - Myself
I feel i'm a trusted resource as i have 3 years of forensic computing at university under my belt. I am a 1st class student who has over a year and half's experience at two FTSE 100 companies. I worked in IT Risk at GE Capital for a year where i performed various risk assessments and gained a large amount of knowledge into IT Risk. I worked at the company i'm currently doing this project for for 3 months where i was in the application security team and gained a lot of knowledge into application vulnerabilities and protection.
2. Michael Jones - Project Tutor
Mike is a trusted resources as he has years of experience lecturing in the field of forensic computing and before that worked as a consultant for lots of different companies and has a lot of experience in IT security. During the project Mike will be there to provide hints and tips and feedback on various drafts.
3. S.G. - Application Security Analyst
SG is a recent graduate of IS stream at this company which takes 2 years, and has been in the application security team for almost 2 years. He has a great wealth of knowledge in the area of IT security and application security which he has learned throughout his 4 years at the company. He also has recently gained an IT security qualification and has become a certified penetration tester. Stephen will be my main contact and stakeholder throughout the duration of my project and will act as the expert of mobile applications for use externally (public facing)
4. D.K. - Application Security Analyst
DK has been a member of the application security team for over a year, and before that has moved throughout various roles aimed at quality assurance and testing within the company. He has a lot of knowledge within the area of mobile security and will act as my expert of mobile applications used internal (engineer apps). Holds same qualification as SG.
5. R.N. - Application Security Manager
RN has been manager of the application security team for over 3 years. Previous experience involves work at Oracle and other roles within the company. RN will act as one of the main stakeholders and will provide feedback on the artefact. Holds same qualification as SG.
6. P.P. - Quality Assurance and Control Manger
PP manager several teams, one of them being the Application Security team, he has a wide area of knowledge within IS and has been at the company for over 15 years. PP will act as one of the main stakeholders and will provide feedback and guide dance on the artefact.
7. Gary McGraw - Expert on ARA
Gary McGraw is a resident expert in Mobile Security and more specifically ARA to which is the author of a book called Software Security: Building it in, where it talks about how vital ARA is to software security. Gary McGraw is a trusted source due to his many years within the business of IT Security and his current role as CTO for Citigal, he has written a lot of books and is quite of the keynote speaker at HP's Enterprise security conferences. I won't have Gary on hand during the project but I do has a copy of his book and lots of videos of his key note speeches in which ARA focuses heavily.
So this is all of my Human trusted sources and research questions.
The next blog will feature a quick analysis of the other trusted sources i've already gathered, these sources are all Journal Articles and Books to be used for my Literature Review.
Thank you very much for reading!! Stayed tune for more. You Stay Classy Bournemouth.
Contact Info:
No comments:
Post a Comment