CS507 GDB No. 1 Solution & Discussion Due Date Feb 18, 2016
CS507 - Information Systems GDB No. 1 Solution Fall 2015 Due Date Feb 18, 2016
GDB for CS507 subject will open for two days from 17th February 2016 to 18th February 2016. (48 Hours only). You will be required to post your comments on following GDB Topic.
Topic for GDB
Enterprise Resource planning (ERP) has helped many organizations to automate their business applications. ERP systems have end to end coverage including customers, suppliers and their planning. It follows the best practices and standards to automate the business process. Business transactions are carried out through wireless devices and can be conducted 24/7 from anywhere, and is emergence of mobile Commerce (M-commerce). But it has created the security concern for their day to day business transactions.
Does the mobile ERP software address the security issues? Justify your answer with valid reason.
u r right sydea . but u not got the main point.
u give idea?
Dear Students Don’t wait for solution post your problems here and discuss ... after discussion a perfect solution will come in a result. So, Start it now, replies here give your comments according to your knowledge and understandings....
• Enable user authentication: Devices can be configured to require passwords or PINs to gain access. In addition, the password field can be masked to prevent it from being observed, and the devices can activate idle-time screen locking to prevent unauthorized access.
• Enable two-factor authentication for sensitive transactions: Two-factor authentication can be used when conducting sensitive transactions on mobile devices. Two-factor authentication provides a higher level of security than traditional passwords. Two-factor refers to an authentication system in which users are required to authenticate using at least two different "factors" — something you know, something you have, or something you are — before being granted access. Mobile devices themselves can be used as a second factor in some two-factor authentication schemes used for remote access. The mobile device can generate pass codes, or the codes can be sent via a text message to the phone. Two-factor authentication may be important when sensitive transactions occur, such as for mobile banking or conducting financial transactions.
• Verify the authenticity of downloaded applications: Procedures can be implemented for assessing the digital signatures of downloaded applications to ensure that they have not been tampered with.
• Install antimalware capability: Antimalware protection can be installed to protect against malicious applications, viruses, spyware, infected secure digital cards,b and malware-based attacks. In addition, such capabilities can protect against unwanted (spam) voice messages, text messages, and e-mail attachments.
• Install a firewall: A personal firewall can protect against unauthorized connections by intercepting both incoming and outgoing connection attempts and blocking or permitting them based on a list of rules.
Install security updates: Software updates can be automatically transferred from the manufacturer or carrier directly to a mobile device. Procedures can be implemented to ensure these updates are transmitted promptly.
• Remotely disable lost or stolen devices: Remote disabling is a feature for lost or stolen devices that either locks the device or completely erases its contents remotely. Locked devices can be unlocked subsequently by the user if they are recovered.
• Enable encryption for data stored on device or memory card: File encryption protects sensitive data stored on mobile devices and memory cards. Devices can have built-in encryption capabilities or use commercially available encryption tools.
• Enable whitelisting: Whitelisting is a software control that permits only known safe applications to execute commands.
• Establish a mobile device security policy: Security policies define the rules, principles, and practices that determine how an organization treats mobile devices, whether they are issued by the organization or owned by individuals. Policies should cover areas such as roles and responsibilities, infrastructure security, device security, and security assessments. By establishing policies that address these areas, agencies can create a framework for applying practices, tools, and training to help support the security of wireless networks.
• Provide mobile device security training: Training employees in an organization's mobile security policies can help to ensure that mobile devices are configured, operated, and used in a secure and appropriate manner.
• Establish a deployment plan: Following a well-designed deployment plan helps to ensure that security objectives are met.
• Perform risk assessments: Risk analysis identifies vulnerabilities and threats, enumerates potential attacks, assesses their likelihood of success, and estimates the potential damage from successful attacks on mobile devices.
• Perform configuration control and management: Configuration management ensures that mobile devices are protected against the introduction of improper modifications before, during, and after deployment.
it is irrelevant answer
ys it is irrelevent answer. gdb is not about solution of securtiy threats.. students please dont follow this answer.
1. Authentication-This is the first step which facilitate both participating entities ensuring no any illegal third party masquerading as a legitimate party in other words the process of determining if someone is indeed who he/she declares to be.
2. Confidentiality-This guarantees that secure transaction information sent across the network is not accessible by any unauthorised third party such as snooper.
3. Integrity-This ensures the message transmitted is not being tampered with and it will arrive at the intended recipient as genuine and un-tampered .
4. Non-Repudiation-This property assures that if the sending entity sends a message the receiving entity, both of the parties will not be able to claim with disapproval or reject one was responsible for the message.
5 Attestation-This enables an adhoc m-commerce peer to vouch for the identity trading history or transaction reputation of other peer nodes. It assists alleviate threat in transacting with formerly unknown entities.