Paper #2: Mobile App Security Assessment & Strategy Scenario: A federal agency has asked your cybersecurity consulting firm to provide it with a white paper that discusses best practices for security architectures and designs for mobile apps. The white paper should also present the agency with a strategy for developing an award winning digital government mobile app for its submission to next years’ Mobi-Gov awards. The agency had several mobile apps in the “honorable mention” category this past year but, each of the apps failed to make passing scores in the mobile app security category. The contest rules do not allow revision and resubmission of entries from prior years. For this reason, your starting point should be recommendations for a security architecture for a completely new mobile app. The scoring for the awards is organized around the three strategies from the federal government’s digital government strategy (posted in the Week 3 readings). Enable the American people and an increasingly mobile workforce to access high-quality digital government information and services anywhere, anytime, on any device. Ensure that as the government adjusts to this new digital world, we seize the opportunity to procure and manage devices, applications, and data in smart, secure and affordable ways. Unlock the power of government data to spur innovation across our Nation and improve the quality of services for the American people. Research: Research the “best” of federal mobile apps to see examples of the type of apps the agency will be competing against next year. 19 of the Coolest Government Mobile Apps https://www.govloop.com/community/blog/cool-gov-mobile-apps/ 10 Most Entertaining Government Mobile Apps https://www.govloop.com/community/blog/10-most-entertaining-government-mobile-apps/ 3 Innovative Ways Agencies are Leveraging Mobile Apps http://fedscoop.com/great-government-mobile-apps Research the federal government’s perspective on mobile app security architectures and design recommendations. Here are three sources to help you get started: Mobile App Developers: Start with Security https://web.archive.org/web/20160613050328/https://www.ftc.gov/tips-advice/business-center/guidance/mobile-app-developers-start-security Mobile Security Reference Architecture https://cio.gov/wp-content/uploads/downloads/2013/05/Mobile-Security-Reference-Architecture.pdf Architecture and Design Considerations for Secure Software (Mobile Applications) https://buildsecurityin.us-cert.gov/sites/default/files/ArchitectureAndDesign_PocketGuide_v2%200_05182012_PostOnline.pdf Research industry recommendations for mobile app security. Begin with the following sources: OWASP Mobile Security Project https://www.owasp.org/index.php/OWASP_Mobile_Security_Project Top 10 Mobile Risks (click on tab) https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab=Top_10_Mobile_Risks Mobile app security: Always keep the back door locked http://arstechnica.com/security/2013/02/mobile-app-security-always-keep-the-back-door-locked/ Find five or more best practice recommendations for ensuring the security of mobile apps. These recommendations must include security for the platform (mobile device), the data on the device, and the transmission path between the device and the mobile application server. Write: Write a five (5) to eight (8) page white paper in which you summarize your research and present your “best practices” based strategy for developing an award winning, secure mobile app. You should focus upon clarity and conciseness more than length when determining what content to include in your paper. At a minimum, your white paper must include the following: An introduction or overview of mobile apps for digital government. Your overview should include examples of mobile apps which are recognized as being innovative and “best of category” for delivering government information and services to mobile devices. This introduction should be suitable for an executive audience. A separate section in which you discuss the federal government’s requirements and recommendations for mobile app security architectures and the associated design recommendations. This section should be written for non-technical managers; you will need to translate from tech-speak to manager-speak. Diagrams and pictures may be useful but, remember to include the appropriate in-text citations for the source (append to the figure caption). A separate section in which you discuss industry’s recommendations for security architectures and risk reduction for mobile app security. A section in which you present 5 or more best practice recommendations for building security into the new mobile app which will become next year’s entry into the Mobi-Gov awards contest. These recommendations should be presented as your “strategy” for “winning” the security evaluation category for mobile apps. A separate section in which you summarize your research and recommendations. Submit For Grading Submit your white paper in MS Word format (.docx or .doc file) using the OPEN Data Assignment in your assignment folder. (Attach the file.) Additional Information Your white paper should use standard terms and definitions for cybersecurity concepts. The following sources are recommended: ISACA Glossary http://www.isaca.org/pages/glossary.aspx Guidelines on Security and Privacy in Public Cloud Computing http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must comply with APA 6th edition Style requirements. Failure to credit your sources will result in penalties as provided for under the university’s Academic Integrity policy. Use APA 6th edition style (formatting) for the organization and appearance of the MS Word document that you submit to your assignment folder. This includes margins, section headings, and consistent use of fonts (Times New Roman 12 in black), paragraph styles (first line indent by ½ inch), and line spacing (double). Formatting requirements and examples are found under Course Resources > APA Resources. Your file should contain both a title page and a separate References page. Use page breaks to ensure that the title page and references page are separate from the body of the paper. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.

    Fickle App Insurance Assessment & Strategy

    Introduction

    Entertain you continually imagined what the empire goes through to achieve and sbelow counsel in a seasonable and accurate carriage? The federal and set-forth empires entertain resulted in establishing fickle apps that can assist in the crop of diverse sectors of the trainment. There has been a set-forth of unready counsel commencement that has been referableiced amid incongruous sectors usurpation repress proximate watchfulness. In what has been regarded as a digital trainment, diverse fickle apps entertain been open repress implementation in the trainment.  When it afters to the federal empire, apps affect MyTSA, WISER, FEMA, PTSD shapeless others entertain gotten verified as innovative apps. Below the set-forth empire, apps affect DC’s Single City Single Hire, MO Hunting shapeless others entertain been inaugurated (Holquist, 2013).

    Notably, some apps entertain been authenticationd by the set-forth and federal empires and entertain been verified as having an entertaining bearing. Some of these apps are DocsTeach, Solve the Outbreak, NASA App shapeless others. Apps affect MyTSA, WISER, FEMA, PTSD, DC’s Single City Single Hire, MO Hunting shapeless others as loftylighted balance are guideing towards delivering empire symbolical and services to fickle stratagems. The American general sector is characterized by 90% population that entertain cell phones hereafter requiring fickle technology as a media of relaying counsel (Kerrigan, 2015). Thus, the apps are ameliorate assignd to empower incongruous sectors to interstrike with each other effectively naturalized on their raze of alteration.

    Federal Advices repress Fickle App Insurance Edifice

    The empire has supposing diverse exactments that can be authenticationd to after up with fickle app insurance edifice. The subjoined are some of the exactments and advices that they entertain dispose in assign;

    • Commencement of Build in Insurance Element

    The federal empire has supposing bearing tools, trains, rules, as courteous as principles that can be authenticationd to train fickle app software. Practitioners, expanders and insurance idiosyncraticnel should determine that they can authentication these trains and principles so that they can after up with fickle apps that entertain a lofty raze of insurance (Jain & Shanbhag, 2012). These elements should train each of the phases of software crop, and this accomplish guide towards a lofty raze of software self-assertion. The fickle apps that accomplish be generated accomplish entertain software that is uncounted from associated vulnerabilities.

    • Fickle stratagem insurance policies.

    The empire has supposing that constructions should entertain policies that repress media that attain assessed through the fickle stratagems. The range to which fickle stratagems are recognized to advent constructional media should be loftylighted in the stratagem so that it is lucid. Centralized fickle stratagem trainment servers too want to be contained in the tacticsifice to balancespread the advent towards single mark of counsel or the other (Germano & Vyers, 2006). The stratagem wants to attain documented in the insurance tacticsifice as loftylighted by the federal empire.

    • Facilitation of a sect intimidation standard repress fickle stratagem apps

    Fickle stratagems exstrike added insurance naturalized on the lofty raze of scylla that characterizes them. The federal empire exacts that precedently constructions can produce counsel advent via fickle stratagems, they should sttactics sects intimidation standards. The standards are bearing in that they succor expand insurance exactments and too cunning the fickle stratagems to adjust the exactd represss. Referableably, the intimidations are desirable of making identification of affectly intimidations, vulnerabilities and perform the compulsory adjustments.

    • Stated defence of fickle stratagem insurance.

    There should be a stated upgrading of the fickle software and at the selfselfsame convenience testing precedently substance deployed (Souppaya & Scarfone, 2013).  There entertain been frequent concerns encircling fickle computing technologies and multifold issues connected to quiet of authentication that has unguarded empire counsel to vulnerabilities. The fickle stratagem infrastructure should be standarded in a practice that each of the stratagems has a clock synced to a shared convenience origin. Advent repress features should too be dispose in assign and too determine that there are a competition and documentation of registered variances.

    Industry’s Advices repress Insurance Edifices

    Researchers entertain argued that insurance conductors entertain referable dsingle fur to inpermanent the insurance and insurance of empire axioms and counsel. Thus, it would be essential to entertain conductors and software analysts expand some mechanisms that can narrow risks when managing fickle apps.

    Insurance conductors should entertain an discernment of insurance and seclusion risks that are connected to obscure fickle technology (Paquette et al., 2010). At conveniences, it may be truly hectic to entertain a aggregate neglect of risks and intimidations that aspect apps, and in such a transfer-placerence, conductors and software analysts should be lucid encircling these apps. There should be a sect of fickle insurance intimidations and risks that accomplish authorize repress repress through the affectlihood of collision. They should expand strategies that accomplish empower them to appease such risks and intimidations when they transfer-place. Fickle phones, repress copy, entertain a lofty raze of scylla to hacking and it would medium that counsel can be below lofty intimidation. In such a transfer-placerence, there should be tacticsifices dispose in assign to negotiate with such a scenario.

    There should be a edibles of inoculation and advice towards effecters on how they train the fickle app platform. Employees may ffull to encounter the exactd expectations becaauthentication they entertain no conception of the fickle apps and how they effect. Such axioms and counsel are unguarded towards frequent instances of risks. Bearing authorities should transfer the pattern of educating effecters encircling insurance and seclusion of fickle apps.

    Insurance conductor and software analysts should determine that full software is updated and too dispose them below a vetting regularity (Wysopal et al., 2006). The vetting regularity empowers them to control the exploit of the apps and perform the compulsory adjustments when exactd. Too, they want to discuss each innovating account of the fickle app as such. Strategies to empower the innovating fickle apps to effect suitably and arrest them from risks and intimidations should be inaugurated. Bearing insurance teams should too perform a agile vetting regularity that authorizes them to control on other insurance impressions and their razes of updating.

    Users and other bearing stakeholders should be made assured of the relevance of the vetting regularity that negotiates with fickle app technology. Most of the authenticationrs deem that the fickle apps are trustworthy and arrest from full risks and that they entertain a lesser role to reproduce-exhibit. However, they should be assured that any inarrest deportment can surrender the app to wide risks that may entertain irbearing possessions.

    Fickle apps should be tested so that they are an assessment of whether the results are in course with objectives and sidearm set-forthment (Myers et al., 2011). Fickle apps strike as portio of an big sect that is driven by constructional goals, objectives, prospect and sidearm set-forthments. Therefore, the testing regularity accomplish produce repress an convenience to conceive if any changes are exactd to trustworthyguard the sect.

    Recommendations repress Architecture Insurance into A Innovating Fickle App

    Evaluation of the ecosect is a wide prompting that should be dispose opposing towards architecture insurance into fickle apps. Precedently the commencement of any app, bearing stakeholders are exactd to assess the fickle ecosect so that they are assured of the challenges and opportunities. Fickle stratagems produce a lofty raze of sensational technologies, and it would be compulsory to entertain an resolution of the collision to and from the ecosystem. Therefore, seductive the Mobi-Gova assign gainsay accomplish entertain to agree repress the evaluation of the ecosect when hence up with fickle innovating apps that inpermanent insurance concerns.

    Aiming at temperate era insurance is another skilled advice. The apps that accomplish be verified should encounter insurance wants on the plea depending on the mark of axioms and counsel. Repress copy, multifold axioms accomplish exstrike indirect servers that can treapermanent and feel axioms.

    Entertain an discernment of the incongruous marks of fickle platforms. Each of the fickle stratagems that hold applies a incongruous impression programming interaspect (Enck et al., 2009). Referableably, they too entertain unconnected practices of handling advent persidearm and insurance features. The Mobi-Gova accomplish agree repress differences in fickle platforms and connected insurance impressions.

    Determine that there is the authentication of transit encryption that applies repress authenticationrnames and passwords. Fickle phones loftyly trust on unsecured advent points such as WIFI and this may breed issues in-reference-to snooping. When using the HTTPS’s, determine that there are digital warrant and too reform app control.

    Passwords that are authenticationd in the fickle apps should ncontinually be treasured in plaintext (Grawrock, 2002). Rather, they should attain treasured in an iterated cryptographic hash operation that eliminates instances of password reset. When servers tolerate transfer-placerences of a axioms rupture, the passwords are referable unguarded to unacknowledged beings.

    Personal Research and Advices

    In a globe that is loftyly characterized by technology, fickle stratagems entertain been loftyly authenticationd to touch from single object to another. Thus, it would be well to trustworthyguard these stratagems counter risks and vulnerabilities. Single of the advices that I would breed is that in continuallyy construction, there should be a once towards insurance issues. The idiosyncratic manera with this role should full that it transfers to determine that the stratagems and trustworthy and arrest while receiving the aid of the trainment at liberal. Axioms should be calm balance convenience to perform permanent that the sect is on the control to facilitate the regularityes of monitoring and evaluation. Upgrading of the fickle apps should too be supposing to guard them with the trends in the global negotiate.

    References

    Enck, W., Ongtang, M., & McDaniel, P. (2009). Discernment Android insurance. IEEE insurance & seclusion, 7(1), 50-57.

    Germano, V., & Ayers, J. (2006). U.S. Patent Impression No. 11/555,535.

    Grawrock, D. (2002). U.S. Patent No. 6,360,322. Washington, DC: U.S. Patent and Trademark Office.

    Holquist S. (2013). 10 Most Entertaining Empire Fickle Apps. Retrieved September 17, 2017, from https://www.govloop.com/community/blog/10-most-entertaining-government-mobile-apps/

    Jain, A. K., & Shanbhag, D. (2012). Addressing insurance and seclusion risks in fickle impressions. IT Professional, 14(5), 28-33.

    Kerrigan, H. (2015). 19 of the Coolest Empire Fickle Apps. Retrieved September 17, 2017, from https://www.govloop.com/community/blog/cool-gov-mobile-apps/

    Myers, G. J., Sandler, C., & Badgett, T. (2011). The tactics of software testing. John Wiley & Sons.

    Paquette, S., Jaeger, P. T., & Wilson, S. C. (2010). Identifying the insurance risks associated with the empireal authentication of obscure computing. Empire counsel quarterly, 27(3), 245-253.

    Souppaya, M., & Scarfone, K. (2013). Trainlines repress managing the insurance of fickle stratagems in the work. NIST specific generalation, 800, 124.

    Wysopal, C., Nelson, L., Dustin, E., & Dai Zovi, D. (2006). The tactics of software insurance testing: identifying software insurance flaws. Pearson Advice.