Mobile Devices Personal or Corporate providing a Mechanism for Security |
In last couple of years use of advanced mobile devices such as PDA and smartphone has become a regular practice in both office and home environment. This devices are capable of performing advanced operation such as storing information, downloading files, and transmitting and receiving information in both wired and wireless environments, they increases productivity of the organisation. On the other hand using these devices for the above application, without proper security measures provides potential risk to the user. There are current technologies such as on device authentication, encryption, antivirus software are available to provide security, but there no unified framework provided to describe which security mechanism is applicable to which users. In this project users have been divided into two basic groups, personal and corporate. The main aim is two develop a unified framework, which will provide security to all the personal and corporate users, using different technology and using the device for different application. In order to develop a security mechanism it is necessary to know what risk the devices provide and how they affect the user. It is also necessary to know the current technologies available, and the amount of protection they can give to the device, the in built protection mechanism of the device. In order to do this the current mobile technologies, protection mechanism, operating systems have been discussed. Some statistics have been also shown from the recent survey taken to show the amount of risk in practical. In the later part of this paper personal and corporate users have been divided into nine subgroups depending on their mobility (low ,medium, high) and type information they carry(less important, medium important, highly important). These users have been put into a security mechanism matrix/table. In this table each group of users have been assigned certain security controls which provides information security for the data stored in the device, data on process and data send to or from the device. A certain number of policies have also been also added to the mechanism, in order to unify different technologies and different users. The mechanism has been analysed and it’s usefulness to minimise the threats and provide absolute security in both network level and to the device have been found out. Limitations of the mechanism have been found, the way to minimise them as much as possible have given.
Chaudhury D, Clarke NL