Waiting for answer This question has not been answered yet. You can hire a professional tutor to get the answer.

QUESTION

I need the below paraphrased for originality yet still cover the same content. I will provide generous tip afterwards if properly done. Thank you....

I need the below paraphrased for originality yet still cover the same content. I will provide generous tip afterwards if properly done. Thank you.

The U.S. Government has been making its best attempt to leverage its OPEN Data initiatives with mobile application development. Now, more than ever, data gathered by the federal government is made available for public consumption and dozens of studies show that many Americans access the internet via a mobile device. At this moment, mobile apps are the way of the world and the government is embracing and even harnessing the agility that mobile apps bring to its workforce as well as everyday citizens. Mobile apps allow citizens and the mobile workforce to interact with government services anywhere, anytime, and on any device; the difficult task is ensuring that all of this is done in a secure manner. 

There have been some digital government mobile apps that have earned Mobi-Gov awards for their innovative approach to the services they provide. The Ask Karen mobile app is available via the mobile web, iOS, and Android devices. The application was launched and is controlled by the US Department of Agriculture. The purpose of the app is to provide food safety information to users. A person can ask Karen, the friendly food safety icon expert, all sorts of questions such as "How long can food last in a power failure," or "How can I tell if a restaurant has adequately cooked my fish?", "How long can a vegetable or fruit stay fresh", or even "How can you tell which cantaloupes are fresh in the store?" and the app will return helpful information (Breeden, 2012). An innovation feature on the mobile app is that it allows for live help from a real food safety expert. Another Mobi-Gov award-winning app was created by the National Cancer Institute (NCI). The NCI mobile app is available on multiple mobile platforms, and it is a detailed dictionary of cancer terms, topics and constantly updated research news. It will even give users helpful advice about what to ask their doctor in the event of a cancer diagnosis and suggest new treatment plans that your general practitioner may not yet be aware of (Breeden, 2012). Most recently, in 2015, the Food and Drug Administration unveiled the Field Investigator Tool with Mapping (FIT-MAP). The FIT-MAP was identified as the Best Business Investment at the 2015 Mobility Application Fair. The app is designed to help employees collect and geo-tag field data to perform food inspections and create real-time maps based on current information. The great benefit of this application is that it standardizes data collection, and it reduces the cost and time to analyze data (Ravindranath, 2015). There are scores of governments devised mobile apps available that serve a great purpose, which prove that the government is making strides to keep up with modern technological advancements.

Federal Requirements for Mobile App Security

Mobile devices primarily consist of smartphones and tablets. It is these devices that are a part of everyday life for millions of Americans. These same devices are being integrated into government networks and therefore the federal government had to develop security requirements to maintain the integrity of government computing systems. The federal government's requirements on mobile app security are outlined in the Government Mobile and Wireless Security Baseline, which was issued by the Federal Information Chief Officer (CIO) in May 2012 as a part of the Digital Government Strategy (DGS). The baseline is referenced along with the National Institute of Standards and Technology Internal Report (NISTIR) 8018: Public Safety Mobile Application Security Requirements. Both the NIST publication and Wireless Security Baseline cover requirements on everything from data management, device battery life, unintentional denial of service (DoS) attacks, how to perform implement data protection, safeguard location information, identity management requirements and more. 

To completely understand how and why mobile app requirements are constructed, one must first understand mobile architecture. The mobile computing environment is comprised of three primary components: mobile devices, access networks, and enterprise infrastructure. 

The above is not a complete picture of a mobile architecture; rather it is an overview of how information flows between a federal government infrastructure, over a network, and to a mobile application that resides on a mobile device. There are multiple intricacies that exist at every layer and both the baseline and NIST requirements document cover the broad basics of mobile application security. The Top Mobile Challenges that are identified in the diagram represent areas of concern in a mobile computing environment. It is these mobile challenges that requirements have been developed against; Mobile Device Management (MDM), Mobile Application Management (MAM), Identity and Access Management (IAM), and Data Management. 

Industry Recommendations & Risk Reduction

 It is extremely difficult to find a person who does not utilize a mobile device in their personal affairs. This notion leads to the fact that many mobile devices are integrated into the professional arena; business and government networks. IT managers in both the federal government and private sector have the task of putting in place robust security architecture and implement risk reduction strategies and tools to maintain mobile application security.   Cybersecurity professionals and aficionados have dedicated their time and efforts to construct, develop, and implement software, technologies, and methods that will aide in web security applications; the outcome has been the Open Web Application Security Project (OWASP). The OWASP online community publishes its security controls and design principles that are free for anyone to digest, modify, and implement in the form of the OWASP Secure Development Guidelines. The guidelines provide detailed suggestions on how to institute security architectures that will remediate and reduce security risks and vulnerabilities. OWASP has developed a set of controls geared toward mobile application development.

Best Practice Recommendations for Mobile App Security

           Cybersecurity is an evolving science; solutions and recommendations made today may be null and void tomorrow. However, best practices that include overriding criterion will stand the test of time and remain relevant. Mobile devices and applications introduce a layer of complexity and intrusion that is not always present when securing desktop computers or servers. Mobile devices are more vulnerable to intrusion and malicious attacks than desktops and servers. Mobile devices that federal employees carry represent another headache for agency security managers.  Mobile applications, to cite one major area of concern, can introduce vulnerabilities that can put sensitive data and network resources at risk.  For example, when an employee shares a photograph via a mobile application, the app may be granted access to the employee's contact list -- which could hold personally identifiable information that should remain private and secure (Walker, 2014). Below are several best practices that both IT managers and the average mobile device user can implement as appropriate. 

Secure data transmission - Mobile device data can have data intercepted when it's connected to an open WiFi network. The recommended solution to combat this vulnerability is to utilize a virtual private network (VPN) when sending data over a network, or to ensure that whatever application is being use encrypts data both at rest and especially during transmission. Ensure that the mobile app is designed to encrypt data in transmission and for best results, allow it to encrypt the data when it resides on the mobile device.

Anti-virus / malware protection - All computing devices should have some form of intrusion / malware detection installed and running at all times. All computing devices are susceptible to viruses, worms, Trojan horses, and other unwanted invaders that can make your computer "sick." Viruses, worms, and the like often perform malicious acts, such as deleting files, accessing personal data, or using your computer to attack other computers (Rubenking, 2014). The mobile app should offer to install anti-virus / malware protection when its installed; this will prompt the user to at least entertain the notion of installing protection if it does not already reside on the mobile device.

Common development platform - There are large benefits for digital government services to standardize their mobile app development platform. As of now, multiple mobile apps are coded for different platforms (Objective C, Java, C++, etc). If the federal government moved to a common code base, such as JSP/HTML & CSS, the overall cost, development delivery dates, development errors, content update times, and maintenance would be drastically reduced. Maintaining a similar code base also allows for the ease and simplicity of development, for both developers on the federal side and the customer side (Paget, 2014). 

Data encryption - Most mobile applications have poor encryption algorithms, which could render all data on the mobile device at risk. Application risks include the improper validation of certificates, clear text storage of sensitive information and the use of weak or broken encryption algorithms. This failure to store sensitive data properly and to correctly communicate with other secure services puts user data at risk, particularly as mobile devices have multiple, always-on networking capabilities, usually hold very personal data and are often used in a work capacity (Cobb, 2016).

Follow NIST guidelines - When developing a mobile app, following NIST Special Publication 800-163 - Vetting the Security of Mobile Applications is a must. NIST researchers are urging agencies to adopt requirements for applications they use on their mobile platforms and develop an app vetting system comprising tools and methodologies that identify security, privacy, reliability, functionality, accessibility, and performance issues (Walker, 2014).

Security Assessments - IT managers should routinely run penetration assessments and security audits. Vulnerability assessments are valuable because they can identify vulnerabilities that may not have been captured during a testing phase or a program may have become susceptible to exploitation when introduced to another application. Both internal and external assessments should be performed. An organization can enlist the services of a white-hat hacker, which is a person who possess the skills of a malicious hacker but will reveal the vulnerabilities to your organization as opposed to exploiting it for personal gain or malicious intent. However, to perform an inside penetration and security audit test, companies almost always hair a competitive and professional employee (Mobile Security Reference Architecture, 2013). Continuous auditing is valuable because it provides the ability to accurately identify who had access to what system and when. 

Show more
LEARN MORE EFFECTIVELY AND GET BETTER GRADES!
Ask a Question