An enhanced smartphone security model based on information security management system (ISMS)

As the penetration of smartphones increases rapidly, in the occurrence of security threats in smartphones, smartphone security technologies are not sufficient, and moreover, the security technologies and measures that can be applied to smartphones remain limited. This, as a result, creates a problem that smartphones are easily exposed to security attacks. Gradually, the studies on smartphone security are progressing and the development of security technologies is underway. However, such efforts remain inadequate in view of the vulnerabilities that lie in smartphone security. Therefore, studies are necessary on enhanced information security measures that can ensure the safe usage of smartphones in a real environment. In this paper, a Smartphone-information security management system (ISMS) model based on ISMS is proposed. Firstly, this study defines the elements of smartphone security threats, which can occur in the smartphone environment, and the requirements for smartphone security. Based on the results, this work derives seven relevant control items by combining existing ISMS-based information security models with the smartphone environment, and thereby proposes a Smartphone-ISMS model through the materialization of each control item. Additionally, the results of the comparison of characteristics between existing ISMS models and the proposed Smartphone-ISMS are presented.

[1]  Christopher J. Alberts,et al.  Managing Information Security Risks: The OCTAVE Approach , 2002 .

[2]  J.G. Tront,et al.  Battery Exhaustion Attack Detection with Small Handheld Mobile Computers , 2007, 2007 IEEE International Conference on Portable Information Devices.

[3]  Siani Pearson How trusted computers can enhance privacy preserving mobile applications , 2005, Sixth IEEE International Symposium on a World of Wireless Mobile and Multimedia Networks.

[4]  Kun Peng Efficient and General PVSS Based on ElGamal Encryption , 2012, J. Inf. Process. Syst..

[5]  Junho Ahn,et al.  An indoor augmented-reality evacuation system for the Smartphone using personalized Pedometry , 2012, Human-centric Computing and Information Sciences.

[6]  Ken Dunham Mobile Malware Attacks and Defense , 2008 .

[7]  Diane J. Janvrin,et al.  The effect of encryption on Internet purchase intent in multiple vendor and product risk settings , 2011, Electron. Commer. Res..

[8]  Francesco Buccafurri,et al.  Implementing disposable credit card numbers by mobile phones , 2011, Electron. Commer. Res..

[9]  A. Clark,et al.  Enterprise Security Architecture: A Business-Driven Approach , 2005 .

[10]  Stephen Smalley,et al.  The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments , 2000 .

[11]  Xi Chen,et al.  Service and P2P based secure media sharing in mobile commerce environments , 2011, Electron. Commer. Res..

[12]  Giovanni Vigna,et al.  Using Labeling to Prevent Cross-Service Attacks Against Smart Phones , 2006, DIMVA.

[13]  Maik Moeller Managing Information Security Risks The Octave Approach , 2016 .

[14]  B. Schneier SIMS: Solution, or Part of the Problem? , 2004, IEEE Secur. Priv..

[15]  Maro Vlachopoulou,et al.  Modeling users’ acceptance of mobile services , 2012, Electronic Commerce Research.

[16]  Bruce Schneier Hacking the business climate for network security , 2004, Computer.

[17]  Bruce Schneier,et al.  Customers, Passwords, and Web Sites , 2004, IEEE Secur. Priv..

[18]  Sherali Zeadally,et al.  A lightweight secure mobile Payment protocol for vehicular ad-hoc networks (VANETs) , 2012, Electron. Commer. Res..