Mobile device security implementation framework Thesis uri icon


  • The advancement in the mobile industry has alienated mobile devices from their traditional roles of voice call and SMS into areas such data access and storage. The greatest headache to most data owners is thus security of the data in these mobile devices. The small size of these devices though enabling portability makes them more prone to theft or loss when compared to traditional computers. Their greater memory sizes allow these devices to hold much more information than they could originally store. To complicate the already complex situation, the existences of several security controls for mobile devices makes it a tiring task to implement mobile security with majority of organizations using ad-hoc implementations of mobile security. In this regard most organizations use mobile devices without proper security putting their businesses at great risks of data theft, security breaches and reputational damages that come with these risks. The security management of these mobile devices ranks as one of the biggest headaches for IT departments within the corporate world. This research based on a case study of Bank X, presents the concerns in the security of mobile devices and the data they contain. It further identifies the need for security of mobile devices and the available controls to mitigate the security holes they open in an organizations infrastructure. Based on research findings and literature in this area, the research proposes an implementation framework for mobile devices applicable to organizations utilizing mobile devices. The contributions of the hierarchical Framework model of mobile security and the NIST guidelines for cell phone and PDA security are considered in this research to come up with the proposed implementation framework. The results of this research not only assists in increasing the awareness on mobile device security for organizations focused on incorporating the use of mobile devices amongst their employees but also provides a standardized approach to implementation of mobile device security.