Skip to main content
Log in

An enhanced smartphone security model based on information security management system (ISMS)

  • Published:
Electronic Commerce Research Aims and scope Submit manuscript

Abstract

As the penetration of smartphones increases rapidly, in the occurrence of security threats in smartphones, smartphone security technologies are not sufficient, and moreover, the security technologies and measures that can be applied to smartphones remain limited. This, as a result, creates a problem that smartphones are easily exposed to security attacks. Gradually, the studies on smartphone security are progressing and the development of security technologies is underway. However, such efforts remain inadequate in view of the vulnerabilities that lie in smartphone security. Therefore, studies are necessary on enhanced information security measures that can ensure the safe usage of smartphones in a real environment. In this paper, a Smartphone-information security management system (ISMS) model based on ISMS is proposed. Firstly, this study defines the elements of smartphone security threats, which can occur in the smartphone environment, and the requirements for smartphone security. Based on the results, this work derives seven relevant control items by combining existing ISMS-based information security models with the smartphone environment, and thereby proposes a Smartphone-ISMS model through the materialization of each control item. Additionally, the results of the comparison of characteristics between existing ISMS models and the proposed Smartphone-ISMS are presented.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Ahn, J., & Han, R. (2012). An indoor augmented-reality evacuation system for the smartphone using personalized pedometry. Human-centric Computing and Information Science, 2, 18.

    Article  Google Scholar 

  2. Alberts, C. J., & Dorofee, A. J. (2002). Managing information security risks: The OCTAVE approach. Boston: Addison-Wesley Professional.

    Google Scholar 

  3. Bruce, S. (2004). Hacking the business climate for network security. IEEE Security & Privacy, 2(5), 88.

    Article  Google Scholar 

  4. Buccafurri, F., & Lax, G. (2011). Implementing disposable credit card numbers by mobile phones. Electronic Commerce Research, 11(3), 271–296.

    Article  Google Scholar 

  5. Buennemeyer, T. K., Gora, M., Marchany, R. C., & Tront, J. G. (2007). Battery exhaustion attack detection with small handheld mobile computers. In IEEE International Conference on Portable Information Devices (PORTABLE ’07), Orlando, FL.

  6. Carey, M. (2005). Enterprise risk management: how to jumpstart your implementation efforts. International Risk Management Institute, Suffolk.

  7. Chen, X., & Lian, S. (2011). Service and P2P based secure media sharing in mobile commerce environments. Electronic Commerce Research, 11(1), 91–101.

    Article  Google Scholar 

  8. Dunham, K. (2009). Mobile malware attacks and defense. SYNGRESS2009. http://www.filecrop.com/syngress-2009.html.

  9. Isaac, J. T., Zeadally, S., & Cámara, J. S. (2012). A lightweight secure mobile payment protocol for vehicular ad-hoc networks (VANETs). Electronic Commerce Research, 12(1), 97–123.

    Article  Google Scholar 

  10. Jody, W. (2004). Information security: Responsibilities of Boards of Directors and Senior Management. Intergovernmental Relations and the Census.

  11. Loscocco, P. A., Smalley, S. D., Muckelbauer, P. A., Taylor, R. C., Turner, S. J., & Farrell, J. F. (1998). National Security Agency, “The inevitability of failure: The flawed assumption of security in modern computing environments. In The Proceedings of the 21st national information systems security conference (pp. 303–314).

  12. Mascha, M. F., Miller, C. L., & Janvrin, D. J. (Nov. 2011). The effect of encryption on Internet purchase intent in multiple vendor and product risk settings. Electronic Commerce Research, 11(4), 401–419.

  13. Mulliner, C., Vigna, G., Dagon, D., & Lee, W. (2006). Using labeling to prevent cross-service attacks against smart phones, DIMVA 2006. Lecture Notes in Computer Science (Vol. 4064, pp. 91–108).

  14. Obaidat, M. S., & Zarai, F. (June 2012). Novel algorithm for secured mobility and IP traceability for WLAN networks. Journal of Convergence, 3(2), 1–8.

  15. Pearson, S. (2005). How trusted computers can enhance privacy preserving mobile applications. In Sixth IEEE international symposium on a world of wireless mobile and multimedia networks.

  16. Peng, K. (2012). Efficient and general PVSS based on ElGamal encryption. Journal of Information Processing Systems, 8(2), 375–388.

    Article  Google Scholar 

  17. Sherwood, J., Clark, A., & Lynas, D. (2005). Enterprise security architecture: A business-driven approach. San Francisco: CPM Books.

    Google Scholar 

  18. Zarmpou, T., Saprikis, V., Markos, A., & Vlachopoulou, M. (2012). Modeling users’ acceptance of mobile services. Electronic Commerce Research, 12(2), 225–248.

    Article  Google Scholar 

  19. Apple App Store, http://www.apple.com/iphone/apps-for-iphone.

  20. Corporate Governance Task Force. (2004). Information security governance: A call to action. National Cyber Security Summit Task Force.

  21. DAI-Labor (2008). Malicious software for smartphones. Technical Report.

  22. Google Android Market, http://www.android.com/market.

  23. ITU-T, “Security aspects of mobile phones”, T09 SG17 100407 TD PLEN 1012, 2010.04.16.

  24. Korea Internet & Security Agency (2010). Document for information security management system. Vol. 2010, No. 21.

  25. Microsoft Mobile Marketplace, http://www.microsoft.com/windowsmobile/enus/meet/marketplace.mspx.

  26. Mobile Application Stores State of Play (2010). Distimo, MWC.

  27. Mobile World Congress Daily (2010). Mobile operatorsUnite on global Apps Platform”, 2010.2. 15.

  28. Nokia Ovi Store, http://store.ovi.com/.

  29. Palm App Catalog, http://www.palm.com/us/products/software/mobile-applications.html.

  30. RIM App World, http://appworld.blackberry.com/webstore.

Download references

Acknowledgments

This research was supported by Basic Science Research Program through the National Research Foundation of Korea(NRF) funded by the Ministry of Education, Science and Technology(2012-0008296).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Young-Sik Jeong.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Park, J.H., Yi, K.J. & Jeong, YS. An enhanced smartphone security model based on information security management system (ISMS). Electron Commer Res 14, 321–348 (2014). https://doi.org/10.1007/s10660-014-9146-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10660-014-9146-3

Keywords

Navigation