Skip to main content
SpringerLink
Log in
Book cover

International Conference on E-Business and Telecommunications

ICETE 2016: E-Business and Telecommunications pp 75–98Cite as

Security Framework for Adopting Mobile Applications in Small and Medium Enterprises

  • Conference paper
  • First Online:

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 764))

Abstract

Nowadays, people increasingly rely on mobile devices (namely, smartphones and tablets) in their daily life. Beside their private use, mobile devices are also used for work. Hence, companies are motivated to integrate mobile devices into their business processes, and they demand mobility and flexibility of their employees. However, in spite of the advances in mobile technologies, security is still the primary concern that slows down the adoption of mobile applications within Small and Medium Enterprises (SMEs). Companies should first know the potential threats in the mobile environments and then the requirements and measures to mitigate the potential risks. Typically, the existing security tools such as frameworks, guidelines and threat catalogues target IT-professionals, but not business users who mostly lack the technical knowledge to navigate through these tools. This chapter presents a mobile security framework that mainly supports SMEs by adopting mobile applications. Potential threats have been included in a risk catalogue, which forms a main component of the presented framework. This catalogue will help business users in extending their awareness of possible mobile security risks. Moreover, this framework guides business users and helps them by mapping between security requirements, threats and measures when adopting mobile enterprise applications.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Abura’ed, N., Otrok, H., Mizouni, R., Bentahar, J.: Mobile phishing attack for Android platform. In: 10th International Conference on Innovations in Information Technology, Al Ain, United Arab Emirates, pp. 18–23 (2014)

    Google Scholar 

  2. Adeel, M., Tokarchuk, L.N.: Analysis of mobile P2P malware detection framework through cabir & commwarrior families. In: IEEE Third International Conference on Privacy, Security, Risk and Trust, Boston, MA, USA, pp. 1335–1343 (2011)

    Google Scholar 

  3. Andriole, S.J., Bojanova, I.: Optimizing operational and strategic IT. IT Prof. 16(5), 12–15 (2014). doi:10.1109/MITP.2014.74

    Article  Google Scholar 

  4. Brown, C., Spike, D., Joshua, M.F., Neil, M., Sharon, V.-N., Michael, P., Bart, S.: Assessing threats to mobile devices & infrastructure. The Mobile Threat Catalogue. Draft NISTIR 8144. NIST (2016). http://csrc.nist.gov/publications/drafts/nistir-8144/nistir8144_draft.pdf

  5. BSI: IT-Grundschutz-Catalogues (2013). https://www.bsi.bund.de/EN/Topics/ITGrundschutz/ITGrundschutzCatalogues/itgrundschutzcatalogues_node.html

  6. Bundesministerium für Wirtschaft und Energie: Ergebnisse des SimoBIT-Arbeitsforums IT-Sicherheit in mobilen Geschäftsprozessen. Leitfaden IT-Sicherheit (2010). http://www.digitale-technologien.de/DT/Redaktion/DE/Downloads/leitfaden-it-sicherheit.pdf

  7. CISCO: Cisco 2016 Annual Security Report (2016). http://www.cisco.com/c/en/us/products/security/annual_security_report.html

  8. Common Criteria: Common Criteria for Information Technology Security Evaluation (2009). http://www.commoncriteriaportal.org/cc/

  9. Damopoulos, D., Kambourakis, G., Anagnostopoulos, M., Gritzalis, S., Park, J.H.: User privacy and modern mobile services. Are they on the same path. Pers. Ubiquit. Comput. 17(7), 1437–1448 (2013). doi:10.1007/s00779-012-0579-1

    Article  Google Scholar 

  10. He, D., Chan, S., Guizani, M.: Mobile application security: malware threats and defenses. IEEE Wireless Commun. 22(1), 138–144 (2015). doi:10.1109/MWC.2015.7054729

    Article  Google Scholar 

  11. Euler, M., Hacke, M., Hartherz, C., Steiner, S., Verclas, S.: Herausforderungen bei der Mobilisierung von Business Applikationen und erste Lösungsansätze. In: Verclas, S., Linnhoff-Popien, C. (eds.) Smart Mobile Apps, pp. 107–121. Springer, Heidelberg (2012). doi:10.1007/978-3-642-22259-7_8

    Chapter  Google Scholar 

  12. Gartner: Gartner Says 75 Percent of Mobile Security Breaches Will Be the Result of Mobile Application Misconfiguration (2014). http://www.gartner.com/newsroom/id/2753017

  13. Gartner: Gartner Forecasts 59% Mobile Data Growth Worldwide in 2015 (2015). http://www.gartner.com/newsroom/id/3098617

  14. Gartner: Gartner Says Worldwide Smartphone Sales Grew 9.7% in Fourth Quarter of 2015 (2016). http://www.gartner.com/newsroom/id/3215217

  15. Gartner: Magic Quadrant for Enterprise Mobility Management Suites (2016). https://www.gartner.com/doc/reprints?id=1-390IMNG&ct=160608&st=sb

  16. Godber, A., Dasgupta, P.:Secure wireless gateway. In: Maughan, D., Vaidya, N.H. (eds.) The ACM Workshop, Atlanta, GA, USA, pp. 41–46 (2002)

    Google Scholar 

  17. de Gramatica, M., Labunets, K., Massacci, F., Paci, F., Tedeschi, A.: The role of catalogues of threats and security controls in security risk assessment: an empirical study with ATM professionals. In: Fricker, S.A., Schneider, K. (eds.) REFSQ 2015. LNCS, vol. 9013, pp. 98–114. Springer, Cham (2015). doi:10.1007/978-3-319-16101-3_7

    Google Scholar 

  18. Gröger, C., Silcher, S., Westkämper, E., Mitschang, B.: Leveraging apps in manufacturing. A framework for app technology in the enterprise. Procedia CIRP 7, 664–669 (2013). doi:10.1016/j.procir.2013.06.050

    Article  Google Scholar 

  19. Hasan, B., Dmitriyev, V., Marx Gómez, J., Kurzhöfer, J.: A framework along with guidelines for designing secure mobile enterprise applications. In: International Carnahan Conference on Security Technology (ICCST), pp. 1–6. IEEE, Rome (2014)

    Google Scholar 

  20. Hasan, B., Rajski, E., Gómez, J.M., Kurzhöfer, J.: A proposed model for user acceptance of mobile security measures – business context. In: Kim, K.J., Wattanapongsakorn, N., Joukov, N. (eds.) Mobile and Wireless Technologies 2016. LNEE, vol. 391, pp. 97–108. Springer, Singapore (2016). doi:10.1007/978-981-10-1409-3_11

    Google Scholar 

  21. Hasan, B., Schäfer, P., Marx Gómez, J., Kurzhöfer, J.: Risk catalogue for mobile business applications. In: Proceedings of the 13th International Joint Conference on e-Business and Telecommunications, pp. 43–53 (2016)

    Google Scholar 

  22. Hoos, E., Gröger, C., Kramer, S., Mitschang, B.: ValueApping: an analysis method to identify value-adding mobile enterprise apps in business processes. In: Cordeiro, J., Hammoudi, S., Maciaszek, L., Camp, O., Filipe, J. (eds.) ICEIS 2014. LNBIP, vol. 227, pp. 222–243. Springer, Cham (2015). doi:10.1007/978-3-319-22348-3_13

    Chapter  Google Scholar 

  23. Howard, M., Lipner, S.: The Security Development Lifecycle. SDL: A Process for Developing Demonstrably More Secure Software. Microsoft Press, Redmond (2006)

    Google Scholar 

  24. IDC: IDC Reveals Worldwide Mobile Enterprise Applications and Solutions Predictions for 2015 (2014). http://www.businesswire.com/news/home/20141218006258/en/IDC-Reveals-Worldwide-Mobile-Enterprise-Applications-Solutions

  25. ISO 31000:2009: Risk Management—Principles and Guidelines. Geneva: International Standards Organisation (2009)

    Google Scholar 

  26. ISO/IEC: ISO/IEC 27002: Information technology – Security techniques – Code of practice for information security controls (2013)

    Google Scholar 

  27. Jain, S.: Security threats in manets. A review. IJIT 3(2), 37–50 (2014). doi:10.5121/ijit.2014.3204

    Article  Google Scholar 

  28. Jermyn, J., Salles-Loustau, G., Zonouz, S.: An analysis of DoS attack strategies against the LTE RAN. J. Cyber Secur. Mob. (JCSM) 3(2), 159–180 (2014). doi:10.13052/jcsm2245-1439.323

    Article  Google Scholar 

  29. Kaspersky: One in Every Six users suffer loss or theft of mobile devices (2013). http://www.kaspersky.com/au/about/news/press/2013/one-in-every-six-users-suffer-loss-or-theft-of-mobile-devices

  30. Kennedy, M., Sulaiman, R.: Following the Wi-Fi breadcrumbs: network based mobile application privacy threats. In: 2015 International Conference on Electrical Engineering and Informatics (ICEEI), Denpasar, Bali, Indonesia, pp 265–270 (2015)

    Google Scholar 

  31. Kizza, J.M.: Mobile Systems and Corresponding Intractable Security Issues. In: Kizza, J.M. (ed.) Guide to Computer Network Security, pp. 491–507. Springer, London (2015)

    Chapter  Google Scholar 

  32. Lacerda, A., Queiroz, R., Barbosa, M.: A systematic mapping on security threats in mobile devices. In: 2015 Internet Technologies and Applications (ITA), Wrexham, UK, pp. 286–291 (2015)

    Google Scholar 

  33. Levinson, M.: 6 ways to defend against drive-by downloads (2012). http://www.cio.com/article/2448967/security0/6-ways-to-defend-against-drive-by-downloads.html

  34. Lookout: Enterprise Mobile Threat report. The State of iOS and Android Security Threats to Enterprise Mobility [Whitepaper] (2015). https://info.lookout.com/rs/051-ESQ-475/images/Enterprise_MTR.pdf

  35. Lookout: Lookout Mobile Threat report (2011). https://www.lookout.com/img/images/lookout-mobile-threat-report-2011.pdf

  36. Luenendonk: Mobile Enterprise Review. Mehr Strategie wagen (2014). http://www.luenendonk-shop.de/out/pictures/0/mc_mobileenterprisereview_studie_f210214_fl.pdf

  37. Maan, J.: Enterprise mobility – a future transformation strategy for organizations. In: Wyld, D.C., Zizka, J., Nagamalai, D. (eds.) Advances in Computer Science, Engineering & Applications, vol. 167, pp. 559–567. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  38. Marble, J.L., Lawless, W.F., Mittu, R., Sibley, C.: The human factor in cybersecurity: robust & intelligent defense. In: Jajodia, S., Shakarian, P., Subrahmanian, V., Swarup, V., Wang, C. (eds.) Cyber Warfare, vol. 56, pp. 173–206. Springer, Cham (2015). doi:10.1007/978-3-319-14039-1_9

    Google Scholar 

  39. Markelj, B., Bernik, I.: Safe use of mobile devices arises from knowing the threats. J. Inf. Secur. Appl. 20, 84–89 (2015). doi:10.1016/j.jisa.2014.11.001

    Google Scholar 

  40. Martin, T., Hsiao, M., Ha, D., Krishnaswami, J.: Denial-of-service attacks on battery-powered mobile computers. In: Proceedings of the Second IEEE International Conference on Pervasive Computing and Communications (PerCom 2004), pp. 309–318. IEEE Computer Society, Washington, DC (2004)

    Google Scholar 

  41. McAfee Labs: McAfee Labs Threats report (2014). http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q2-2014.pdf

  42. Michaelis, P.: Enterprise mobility – a balancing act between security and usability. In: Reimer, H., Pohlmann, N., Schneider, W. (eds.) ISSE 2012 Securing Electronic Business Processes, pp. 75–79. Springer Fachmedien Wiesbaden, Wiesbaden (2012)

    Chapter  Google Scholar 

  43. Moonsamy, V., Batten, L.: Mitigating man-in-the-middle attacks on smartphones - a discussion of SSL pinning and DNSSec. In: The 12th Australian Information Security Management Conference, pp. 5–13. Edith Cowan University, Perth (2014)

    Google Scholar 

  44. Myagmar, S., Lee, A.J., Yurcik, W.: Threat modeling as a basis for security requirements. In: Symposium on Requirements Engineering for Information Security (SREIS) (2005)

    Google Scholar 

  45. Nikbakhsh, S., Manaf, A.B.A., Zamani, M., Janbeglou, M.: A novel approach for rogue access point detection on the client-side. In: 2012 IEEE Workshops of International Conference on Advanced Information Networking and Applications (WAINA), pp. 684–687. IEEE, Fukuoka (2012)

    Google Scholar 

  46. NIST: Security and Privacy Controls for Federal Information Systems and Organizations (2013). http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf

  47. PCI DSS: PCI DSS Risk Assessment Guidelines (2012)

    Google Scholar 

  48. Pu, S., Chen, Z., Huang, C., Liu, Y., Zen, B.: Threat analysis of smart mobile device. In: URSI General Assembly and Scientific Symposium (URSI GASS), pp. 1–3. IEEE, Beijing (2014)

    Google Scholar 

  49. Ramu, S.: Mobile Malware Evolution, Detection and Defense. EECE 571B, Term Survey Paper (2012)

    Google Scholar 

  50. Rao, U.H., Nayak, U.: Malicious software and anti-virus software. In: Rao, U.H., Nayak, U. (eds.) The InfoSec Handbook, pp. 141–161. Apress, Berkeley (2014)

    Google Scholar 

  51. Rhee, K., Won, D., Jang, S.W., Chae, S., Park, S.: Threat modeling of a mobile device management system for secure smart work. Electron. Commer. Res. 13(3), 243–256 (2013). doi:10.1007/s10660-013-9121-4

    Article  Google Scholar 

  52. Eilts, S.: Technische Konzeption und prototypische Umsetzung eines Sicherheitsframeworks für mobile Unternehmensapplikationen. Master thesis, Carl von Ossietzky University of Oldenburg (2016)

    Google Scholar 

  53. Souppaya, M., Scarfone, K.: Guidelines for managing the security of mobile devices in the enterprise. NIST SP- 800-124 (2013). http://dx.doi.org/10.6028/NIST.SP.800-124r1

  54. Srinivasan, A., Wu, J.: SafeCode – safeguarding security and privacy of user data on stolen iOS devices. In: Xiang, Y., Lopez, J., Kuo, C.-C.J., Zhou, W. (eds.) CSS 2012. LNCS, vol. 7672, pp. 11–20. Springer, Heidelberg (2012). doi:10.1007/978-3-642-35362-8_2

    Chapter  Google Scholar 

  55. Sun, Z., Yang, Y., Zhou, Y., Cruickshank, H.: Agent-based resource management for mobile cloud. In: Rodrigues, J.J., Lin, K., Lloret, J. (eds.) Mobile Networks and Cloud Computing Convergence for Progressive Services and Applications, pp. 118–134. IGI Global (2014)

    Google Scholar 

  56. Symantec: Fraud Alert: Phishing — The Latest Fraud Alert: Phishing — The Latest Tactics and Potential Business Impacts – Phishing [White Paper] (2014). http://www.symantec.com/content/en/us/enterprise/white_papers/b-fraud-alert-phishing-wp.pdf

  57. Unhelkar, B., Murugesan, S.: The enterprise mobile applications development framework. IT Prof. 12(3), 33–39 (2010). doi:10.1109/MITP.2010.45

    Article  Google Scholar 

  58. v Do, T., Lyche, F.B., Lytskjold, J.H., van Thuan, D.: Threat assessment model for mobile malware. In: Kim, K.J. (ed.) Information Science and Applications. LNEE, vol. 339, pp. 467–474. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46578-3_55

    Chapter  Google Scholar 

  59. Venkatesan, D.: Android ransomware variants created directly on mobile devices (2016). http://www.symantec.com/connect/blogs/android-ransomware-variants-created-directly-mobile-devices

Download references

Author information

Authors and Affiliations

  1. Department of Computing Science, Oldenburg University, Oldenburg, Germany

    Basel Hasan & Jorge Marx Gómez

Authors
  1. Basel Hasan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jorge Marx Gómez
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Basel Hasan .

Editor information

Editors and Affiliations

  1. Department of Computer and Information Science, Fordham University, Bronx, New York, USA

    Mohammad S. Obaidat

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Hasan, B., Marx Gómez, J. (2017). Security Framework for Adopting Mobile Applications in Small and Medium Enterprises. In: Obaidat, M. (eds) E-Business and Telecommunications. ICETE 2016. Communications in Computer and Information Science, vol 764. Springer, Cham. https://doi.org/10.1007/978-3-319-67876-4_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-67876-4_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-67875-7

  • Online ISBN: 978-3-319-67876-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation