Aims For This Week
- Install and try out Vulnerable Mobile Applications
- Find papers and start Lit Review
- Choose a Final Pathway - Completed
- Decide on Research method for final pathway
- Plan Introduction
--------------------------------------------------------------------------------------------------------------------------
Today I had a meeting with the company I will be working with and we discussed the 3 pathways that they thought I could take my project. The meeting was extremely interesting and it was nice to catch up with old colleagues. The objective of the meeting was to decide on a final pathway so that I could start getting stuck into the project and start planning my introduction.
During the course of the meeting it was decided that I will create and implement a risk assessment strategy for Old and New mobile applications. This strategy will be an Architecture-level Risk Assessment, so it will be used to provide a risk rating for applications based on certain architectural characteristics. The main outputs of this project will be a risk assessment excel document that calculates risk ratings based on certain inputs and an approach/strategy for testing new applications and categorising them. Other outputs are still to be decided but one that has been decided is a scanning schedule that schedules how frequently and what type of test should be run on an application.
The new risk assessment strategy will be built upon their current threat model and treat analysis process, which is unable to handle the influx of new mobile applications and is primarily a test driven which isn't suitable anymore for mobile applications. The strategy should rank applications, rate their risk level and recommend testing strategies and the analysis.
To gain further insight into Architecture-level risk analysis (ARA) i've been provided the name of an author and keynote speaker at security conferences called Gary Mcgraw (Unsure whether he is related to the country singer Tim Mcgraw) and i've spent a few hours today looking into his articles and book which I am going to attempt to find a copy of.
At the end of the meeting i was provided with several key documents relating to the companies current security process which I will read through and will provide valuable insight into the what is missing and what needs to be implemented. I've also arranged several interviews in the first week of march so i can start my data collection.
Overall i've extremely happy that I have my project pathway so clearly laid before me, now i'm able to start planning what i have to do and i can start setting myself some goals.
Thank you very much for reading!! Stayed tune for more. You Stay Classy Bournemouth.
Contact Info:
A reasonable commentary on what you did today. More on the tasks for the next day would help as there is the possibility that tasks will not flow from one day to the next.
ReplyDelete