The paper "Information Security in Global Communication Enterprises " is a wonderful example of a case study on information technology. GCE is an Australian enterprise specialized in the production of human implantable technological devices. The report presents contextual research findings on the threats and risks that can affect the Smartphone of GCE’ s CEO. The background information provided the nature of the risks that included loss, theft, and hacking and malware attack. The further description provided the possible solutions that GCE’ s IT department needed to implement to overcome the risks. They included encryption, password authentication, antimalware installation, and remote data wiping.
The adoption and implementation of the solution mean that GCE can counter the threats of information leakage about the technological breakthrough device that the enterprise needs to officially launch in a three month period. Information Security Chapter 1 Introduction Since its inception, Global Communication Enterprise (GCE) has experienced substantial growth, particularly in the past five years. As it is specialized in human implantable communication devices, its market is relatively competitive due to the constant evolution of the same technology. In the past two years, the enterprise has invested in the development of a technological breakthrough device that might reward the enterprise with a lifetime contract of developing brain implantable phone devices.
As the device is undergoing its last tests, the technical specifications and information behind the creation of the device remain a myth to the enterprise employees and many people around the world. It is because; if the information gets in the wrong hands before the official launch of the device the enterprise may lose everything. High concerns over security, however, are linked to the recent research findings that show that GSM phones (Smartphones) are vulnerable to hacking and malware attacks, among other insecurity factors.
It is a prominent threat to GCE because many employees of the enterprise, including the CEO use Smartphones. Considering the fact that the CEO is the only person in the enterprise with full access to the information on the technological breakthrough device, it is important to identify the imminent threats to smartphones and set up measures to counter the threats before the device’ s information leaks (Want, 2006). It is the mandate of the Information Security Manager of the enterprise to research the issue and report to the CEO for the implementation of security measures.
This paper presents a report on the risks that are faced by Smartphones and possible solutions to the risks. Background Research done for the past decade showed that, on daily basis, many enterprises incorporated Information Technology (IT) and smartphone platforms in their working environment not only to adapt to the trending technological advances but also to improve work performance, effectiveness, and efficiency of employees (Androulidakis, 2012). The introduction of Smartphones in the enterprise, however, poses imminent security risks to the entire enterprise and any other individual or organization involved in storing and transferring data on Smartphones.
Just like personal computers, the Smartphones face threats from drive-by-downloads and Trojans which besiege unprotected vulnerable endpoint installed software applications (Traynor, Enck, McDaniel & La Porta, 2009). Other threats identified by researchers include spyware, worms, viruses, scoundrel security software applications, botnets, and phishing threats. It is important to note that once data is transferred to the employee’ s Smartphone, it is difficult for the enterprise to control it.
Since the use of smartphones has grown rapidly in recent years, it has attracted many Smartphone attackers (Ç abuk, Karademirler & İnceoğlu, 2009). Moreover, increased usage of Smartphones creates multiple unsecured endpoints for the attackers to launch attacks on the Smartphones of entrepreneurial individuals. It is upon the responsibility of the IT security manager to take note that as long as the employees’ Smartphones play a dual role (business and personal roles), it is entirely upon the enterprise to protect the information or data stored by the device because any loss of data directly leads to loss of consumer confidence, loss of shareholders and loss of enterprise reputation (Lee & Kim, 2006).
In this regard, losing vital information to the wrong hands shows the incompetence of the enterprise in safeguarding its confidential data rather than being viewed as an accidental in a security breach. Although the adoption of enterprise IT seems insecure, GCE cannot ban or limit the use of Smartphone devices due to the substantial benefits gained from their constant usage (Grech & Eronen, 2005). This calls for the immediate management of consumer IT risks especially the ones associated with Smartphones.
Androulidakis, I. I. (2012). Introduction: Confidentiality, Integrity, and Availability Threats in Mobile Phones. In Mobile Phone Security and Forensics (pp. 1-11). Springer US.
Arreymbi, J. (2006). Modeling to Enhance GSM Network Security. In Security and Management (pp. 252-260).
Barendregt, C., Van Der Poel, A., & Van De Mheen, D. (2006). The rise of the mobile phone in the hard drug scene of Rotterdam. Journal of psychoactive drugs, 38(1), 77-87.
Becher, M., Freiling, F. C., Hoffmann, J., Holz, T., Uellenbeck, S., & Wolf, C. (2011, May). Mobile security catching up? revealing the nuts and bolts of the security of mobile devices. In Security and Privacy (SP), 2011 IEEE Symposium on (pp. 96-111). IEEE.
Çabuk, A., Karademirler, S. N., & İnceoğlu, H. U. M. (2009). GIS and RS Based Location Determination for GSM Transmitters to Minimize the Negative Effects of Electromagnetic Pollution for Improving Quality of Urban Places. International Journal of Natural and Engineering Sciences, 3(3), 63-71.
Ezenezi, R. E. (2010). Impact of Cellphone Technology on Users: The Wireless Technology Madness-Global System for Mobile Communications (Gsm). Bloomington, IN Xlibris Corporation.
Harvey, P. (2007). Remittances during crises: implications for humanitarian response. K. Savage (Ed.). London: Overseas Development Institute.
Jansen, W., & Ayers, R. (2007). Guidelines on cell phone forensics. NIST Special Publication, 800, 101.
Jansen, W., & Scarfone, K. (2008). Guidelines on the cell phone and PDA security. NIST Special Publication, 800, 124.
Lan, T. (2010). New Approaches to Information Security. Contemporary International Relations, 20(3), 41-49.
Last, D. (2010). GNSS: The present imperfect. Inside GNSS, 5(3), 60-64.
Traynor, P., Enck, W., McDaniel, P., & La Porta, T. (2009). Mitigating attacks on open functionality in SMS-capable cellular networks. Networking, IEEE/ACM Transactions on, 17(1), 40-53.
Traynor, P., McDaniel, P., & La Porta, T. (2008). Vulnerabilities in the Short Messaging Service (SMS). In Security for Telecommunications Networks (pp. 65-108). Springer US.
Want, R. (2006). An introduction to RFID technology. Pervasive Computing, IEEE, 5(1), 25-33.
Zheng, P., & Ni, L. (2010). Smartphone and next-generation mobile computing. San Francisco, CA: Morgan Kaufmann.
Enck, W., Gilbert, P., Chun, B. G., Cox, L. P., Jung, J., McDaniel, P., & Sheth, A. N. (2014). TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. Communications of the ACM, 57(3), 99-106.
Grech, S., & Eronen, P. (2005, September). Implications of unlicensed mobile access (UMA) for GSM security. In Security and Privacy for Emerging Areas in Communications Networks, 2005. SecureComm 2005. First International Conference on (pp. 3-12). IEEE.
Lee, H., & Kim, J. (2006, April). Privacy threats and issues in mobile RFID. In Availability, Reliability, and Security, 2006. ARES 2006. The First International Conference on (pp. 5-pp). IEEE.
Hallsteinsen, S., & Jorstad, I. (2007, August). Using the mobile phone as a security token for unified authentication. In Systems and Networks Communications, 2007. ICSNC 2007. Second International Conference on (pp. 68-68). IEEE.
Agarwal, S., Khapra, M., Menezes, B., & Uchat, N. (2007, December). Security issues in mobile payment systems. In Proceedings of ICEG 2007: The 5th International Conference on E-Governance (pp. 142-152).
Beji, S., & El Kadhi, N. (2008, July). An overview of mobile application architecture and associated technologies. In Wireless and Mobile Communications, 2008. ICWMC'08. The Fourth International Conference on (pp. 77-83). IEEE.
Toorani, M., & Beheshti, A. (2008, September). Solutions to the GSM security weaknesses. In Next Generation Mobile Applications, Services and Technologies, 2008. NGMAST'08. The Second International Conference on (pp. 576-581). IEEE.
Aloul, F., Zahidi, S., & El-Hajj, W. (2009, May). Two-factor authentication using mobile phones. In Computer Systems and Applications, 2009. AICCSA 2009. IEEE/ACS International Conference on (pp. 641-644). IEEE.
Beji, S., & El Kadhi, N. (2009, May). Security ontology proposal for mobile applications. In Mobile Data Management: Systems, Services, and Middleware, 2009. MDM'09. Tenth International Conference on (pp. 580-587). IEEE.
Paik, M. (2010, February). Stragglers of the herd get eaten: security concerns for GSM mobile banking applications. In Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications (pp. 54-59). ACM.
Landman, M. (2010, October). Managing smartphone security risks. In 2010 Information Security Curriculum Development Conference (pp. 145-155). ACM.
Weinmann, R. P. (2012, August). Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks. In WOOT (pp. 12-21).
Matsumoto, S., & Sakurai, K. (2013, January). A proposal for the privacy leakage verification tool for Android application developers. In Proceedings of the 7th International Conference on Ubiquitous Information Management and Communication (p. 54). ACM.