When you have completed the Workspace exercise, provide a 8-10 page double-spaced Word document including your findings and any recommendations for mitigating the threats found with citations in APA format. The page count does not include figures, diagrams, tables or citations.
Step 1: Describe Your Mobile Application Architecture
In your role as a cyber threat analyst, you will identify for senior management how a particular mobile application of your choosing conforms to mobile architectures where you are asked to describe device-specific features used by the application, wireless transmission protocols, data transmission mediums, interaction with hardware components, and other applications. You will identify the needs and requirements for application security, computing security, and device management and security. You will describe the operational environment and use cases, and identify the operating system security and enclave/computing environment security concerns, if there are any. This can be fictional or modeled after a real-world application. Be sure to use APA citation format. This will be part of your final report. To guide you in your completion of this task, click the following links and review the topics and their resources:
network security threats
operating system security
Begin by first reviewing the OWASP Mobile Security Project Testing Guide.
Although mobile applications vary in function, they can be described in general as follows:
interaction with on device applications/services
interaction with off device applications/services
In Section 1 of your research report, you are to address a number of questions as they apply to your selected mobile application. You will focus your discussion on the security threats, vulnerabilities, and mitigations of the above considerations.
The following resources will continue to educate your management about mobile devices and mobile application security: mobile platform security, mobile protocols and security, mobile security vulnerabilities, and related technologies and their security. Related technologies can include hardware and software that are needed to interoperate with mobile devices and mobile applications. Include an overview of these topics in your report.
Use Mobile Application and Architecture Considerations to review the architecture considerations for mobile applications and architecture. Then, in your report to senior management, include those that are relevant to your mobile application. Address the following questions:
What is the design of the architecture (network infrastructure, web services, trust boundaries, third-party APIs, etc.)?
What are the common hardware components?
What are the authentication specifics?
What should or shouldn’t the app do?
You will include this information in your report.
When you have completed the work for Section 1, describing the architecture for your app, move on to the next step, where you will define the requirements for the app.
Step 2: Define the Requirements for Your Mobile Application
In the previous step, you described your app’s architecture. For Step 2 and in the second section of your report, you will define what purpose the mobile app serves from a business perspective and what data the app will store, transmit, and receive. It’s also important to include a data flow diagram to determine exactly how data is handled and managed by the application. You can use fictional information or model it after a real-world application. Here are some questions to consider as you define your requirements:
What is the business function of the app?
What data does the application store/process (provide data flow diagram)?
This diagram should outline network, device file system, and application data flows
How is data transmitted between third-party APIs and app(s)?
Will there be remote access and connectivity? Read this resource about mobile VPN security, and include any of these security issues in your report.
Are there different data-handling requirements between different mobile platforms? (iOS/Android/Blackberry/Windows/J2ME)
Does the app use cloud storage APIs (e.g., Dropbox, Google Drive, iCloud, Lookout) for device data backups?
Does personal data intermingle with corporate data?
Is there specific business logic built into the app to process data?
What does the data give you (or an attacker) access to? Think about data at rest and data in motion as they relate to your app. Do stored credentials provide authentication? Do stored keys allow attackers to break crypto functions (data integrity)?
Third-party data: Is it being stored and/or transmitted? What are the privacy requirements of user data? Consider, for example, a unique device identifier (UDID) or geolocation being transmitted to a third party. Are there regulatory requirements to meet specific-to-user privacy?
How does other data on the device affect the app? Consider, for example, authentication credentials shared between apps.
Compare the impacts of jailbroken devices (i.e., a device with hacked or bypassed digital rights software) and non-jailbroken devices. How does the differences affect app data? This can also relate to threat agent identification.
When you have defined the requirements, move to the next step, where you will identify any threats to the app’s operation.
Step 3: Identify Threats and Threat Agents
Now that you have identified the mobile app’s requirements, you will define its threats. In Section 3 of the report, you will identify possible threats to the mobile application and also identify the threat agents. Additionally, you will outline the process for defining what threats apply to your mobile application.
For an example of threat agent identification, review Threat Agent Identification Example.
For a list of threat agents, review List of Threat Agents.
After you’ve identified threats and threat agents, move to the next step, where you will consider the kinds of ways an attacker might use to reach your app’s data.
Step 4: Identify Methods of Attack
In the previous step, you identified threat agents. In this step and in Section 4 of the report, you will identify different methods an attacker can use to reach the data. This data can be sensitive information to the device or something sensitive to the app itself. Read these resources on cyberattacks and provide senior management with an understanding of the possible methods of attack of your app.
When you have identified the attack methods, move to the next step, where you will analyze threats to your app.
Step 5: Controls
You’ve just identified the methods of attack, and now you will discuss the controls to prevent attacks. Consider the following questions:
Note: Not all of the following may apply. You will need to address only the areas that apply to the application you have chosen.
What are the controls to prevent an attack? Conduct independent research, then define these controls by platform (e.g., Apple iOS, Android, Windows Mobile, BlackBerry).
What are the controls to detect an attack? Define these controls by platform.
What are the controls to mitigate/minimize impact of an attack? Define these controls by platform.
What are the privacy controls (i.e., controls to protect users’ private information)? An example of this would be a security prompt for users to access an address book or geolocation.
Create a mapping of controls to each specific method of attack (defined in the previous step)
Create a level of assurance framework based on controls implemented. This would be subjective to a certain point, but it would be useful in guiding organizations who want to achieve a certain level of risk management based on the threats and vulnerabilities
Step 6: Complete Your Threat Model
You’ve just discussed the controls to prevent attacks. By now you should have completed all the components of your report. Now, you will compile all your findings and produce your threat model.
Submit your threat model report to the Assignments folder.
We always make sure that writers follow all your instructions precisely. You can choose your academic level or professional level, and we will assign a writer who has a respective degree.
We have a team of professional writers with experience in academic and business writing. Many are native speakers and able to perform any task for which you need help.
If you think we missed something, send your order for a free revision. You have 10 days to submit the order for review after you have received the final document.
All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension.A 100% refund is guaranteed.
We use several writing tools checks to ensure that all documents you receive are free from plagiarism. Our editors carefully review all quotations in the text.
Tutorpro support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.
Try it now!
How it works?
Follow these simple steps to get your paper done
Place your order
Fill in the order form and provide all details of your assignment.
Proceed with the payment
Choose the payment system that suits you most.
Receive the final file
Once your paper is ready, we will email it to you.
At Tutorpro, we have top rated masters and PhD writers who will help you tacke that homework and score A+ grade. Tutorpro services covers all levels of education : high school, college, university undergraduate, masters and PhD academic level.
No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.
An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.
Tutorpro academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.
If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. This is free because we want you to be completely satisfied with the service offered.