ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > Personal Information on Your Mobile Devices

Personal Information on Your Mobile Devices

Larry G. Wlosinski, CISA, CISM, CRISC, CAP, CBCP, CCSP, CDP, CISSP, ITIL v3
| Published: 7/5/2016 7:44 AM | Permalink | Email this Post | Comments (0)

In this age of instant access to information on any topic in almost any location, it is important to be aware of the dangers that mobile computing devices (e.g., laptops, tablets, smart phones, electronic notepads) can present. I have several mobile devices and have been evaluating their capabilities, features and security weaknesses. During my investigation, I became aware that the US National Vulnerability Database does not list all vulnerabilities. I also became aware that there are many articles and blogs written about new products as they reviewed and tested, as they are upgraded, and as people share solutions to the problems encountered. I also became aware that security problems are found by accident, by vendor or government contests, and sometimes by those with malicious intent. Security issues are usually found after the device has hit the market. 

The results uncovered in my research motivated me to write my recent Journal article. It is important to everyone who owns one of these devices to be aware of the threats, the vulnerabilities and the risk involved when you download  software or open malware attached to communications software (e.g., email). You should not take technology for granted because even with the best intentions, manufacturers and software developers can make mistakes.

I encourage everyone who owns a mobile computing device to think about the importance of their personal information and that of their organization. There are design weaknesses in the operating system and security vulnerabilities in the applications loaded onto the device. You should be aware that the vendors who make your device are aware that their devices are not perfect and that they have taken action to help you. They have knowledge bases, and some even issue alerts to the owners that an upgrade or patch is available to help keep your device secure. I advise you to do some research on your own to review your vendor’s web site, locate their knowledge base and sign up to their alerting system to be more proactive in protecting your and/or your organization’s information.

Read Larry G. Wlosinski’s recent Journal article:
Mobile Computing Device Threats, Vulnerabilities and Risk Are Ubiquitous,” ISACA Journal, volume 4, 2016.

Comments

There are no comments yet for this post.
Email