Security audit in mobile apps security design
| dc.contributor.author | Feng, Xiaohua | |
| dc.contributor.author | Conrad, Marc | |
| dc.date.accessioned | 2020-07-13T09:22:43Z | |
| dc.date.available | 2020-07-13T09:22:43Z | |
| dc.date.issued | 2018-11-01 | |
| dc.identifier.citation | Feng X, Conrad M (2018) 'Security audit in mobile apps security design', 2nd International Conference on Computer Science and Application Engineering - Hohhot , Association for Computing Machinery. | en_US |
| dc.identifier.isbn | 9781450365123 | |
| dc.identifier.doi | 10.1145/3207677.3277925 | |
| dc.identifier.uri | http://hdl.handle.net/10547/624203 | |
| dc.description.abstract | Security design of mobile apps is very important, and it is also important that researchers consider and disseminate the continually changing requirements. For mobile application i.e. a software program that runs on a mobile phone, its design, development and management need to consider security impact. In particular, because of mobile app is running on online devices, cyber security defense is required. In this chapter, mobile app security is discussed from the initial planning and design stage to its maintenance after its launch. | en_US |
| dc.language.iso | en | en_US |
| dc.publisher | Association for Computing Machinery | en_US |
| dc.relation.url | https://dl.acm.org/doi/abs/10.1145/3207677.3277925 | en_US |
| dc.subject | cyber security and Personally Identifiable Information (PII) data privacy | en_US |
| dc.subject | General Data Protection Regulation (GDPR) | en_US |
| dc.subject | CIAA | en_US |
| dc.subject | Security Audit Mobile app security design | en_US |
| dc.subject | smartphone system | en_US |
| dc.title | Security audit in mobile apps security design | en_US |
| dc.type | Conference papers, meetings and proceedings | en_US |
| dc.date.updated | 2020-07-13T09:20:47Z | |
| dc.description.note |
This item appears in the following Collection(s)
Related items
Showing items related by title, author, creator and subject.
-
Information security policy : the National Payment System in LibyaInformation security officers, practitioners and academics agree that information security policy is the basis of any organisation’s information security. Information security practitioners share and agree that it is rare that information security policy bring out the desirable results. In order to study and analyse this problem, academics have focused on various methods to motivate employees toward policy compliance, however, they have not paid much attention on employees’ expectations and how they perceive the information security policy. Also, employees’ satisfaction and awareness of information security policy is critical as it may improve the security level by decreasing the internal threat risks. In this thesis, analysing organisation’s employees’ expectation about information security policies based on a framework that is formed regarding internal threat motivation, consequences, security behaviour and security countermeasures. Therefore, single case study was adopted in this thesis. The study outcomes along with the case study findings state that organisation’s employees’ expectations toward an information security policy should be paid much attention during forming security regulations and even during implementation of information security policy within organisations. The thesis concludes that employees’ security behaviour is related to their information security background and awareness, as well as, security countermeasures, where if the countermeasures perceived negatively, it may negatively help to increase the risk in terms of internal threat. Finally, security countermeasures must be defined before taking negative actions toward employees, as well as, information security training should be scheduled regularly within organisation and they should be arranged regarding to the organisational groups’ professions.
-
Strategic framework to minimise information security risks in the UAEThe transition process to ICT (Information and Communication Technology) has had significant influence on different aspects of society. Although the computerisation process has motivated the alignment of different technical and human factors with the expansion process, the technical pace of the transition surpasses the human adaptation to change. Much research on ICT development has shown that ICT security is essentially a political and a managerial act that must not disregard the importance of the relevant cultural characteristics of a society. Information sharing is a necessary action in society to exchange knowledge and to enable and facilitate communication. However, certain information should be shared only with selected parties or even kept private. Information sharing by humans forms the main obstacle to security measure undertaken by organisations to protect their assets. Moreover, certain cultural traits play a major role in thwarting information security measures. Arab culture of the United Arab Emirates is one of those cultures with strong collectivism featuring strong ties among individuals. Sharing sensitive information including passwords of online accounts can be found in some settings in some cultures, but with reason and generally on a small scale. However, this research includes a study on 3 main Gulf Cooperation Council (GCC) countries, namely, Saudi Arabia (KSA), United Arab Emirates (UAE) and Oman, showing that there is similar a significant level of sensitive information sharing among employees in the region. This is proven to highly contribute to compromising user digital authentication, eventually, putting users’ accounts at risk. The research continued by carrying out a comparison between the United Kingdom (UK) and the Gulf Cooperation Council (GCC) countries in terms of attitudes and behaviour towards information sharing. It was evident that there is a significant difference between GCC Arab culture and the UK culture in terms of information sharing. Respondents from the GCC countries were more inclined to share sensitive information with their families and friends than the UK respondents were. However, UK respondents still revealed behaviour in some contexts, which may lead potential threats to the authentication mechanism and consequently to other digital accounts that require a credential pass. It was shown that the lack of awareness and the cultural impact are the main issues for sensitive information sharing among family members and friends in the GCC. The research hence investigated channels and measures of reducing the prevalence of social engineering attacks, such as legislative measures, technological measures, and education and awareness. The found out that cultural change is necessary to remedy sensitive information sharing as a cultural trait. Education and awareness are perhaps the best defence to cultural change and should be designed effectively. Accordingly, the work critically analysed three national cybersecurity strategies of the United Kingdom (UK), the United States (U.S.) and Australia (AUS) in order to identify any information security awareness education designed to educate online users about the risk of sharing sensitive information including passwords. The analysis aimed to assess possible adoption of certain elements, if any, of these strategies by the UAE. The strategies discussed only user awareness to reduce information sharing. However, awareness in itself may not achieve the required result of reducing information sharing among family members and friends. Rather, computer users should be educated about the risks of such behaviour in order to realise and change. As a result, the research conducted an intervention study that proposed a UAE-focused strategy designed to promote information security education for the younger generation to mitigate the risk of sensitive information sharing. The results obtained from the intervention study of school children formed a basis for the information security education framework also proposed in this work.
