Page 620 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 620
Assess and Mitigate Vulnerabilities in Mobile
Systems
Smartphones and other mobile devices present an ever-increasing
security risk as they become more and more capable of interacting
with the internet as well as corporate networks. When personally
owned devices are allowed to enter and leave a secured facility without
limitation, oversight, or control, the potential for harm is significant.
Malicious insiders can bring in malicious code from outside on various
storage devices, including mobile phones, audio players, digital
cameras, memory cards, optical discs, and Universal Serial Bus (USB)
drives. These same storage devices can be used to leak or steal internal
confidential and private data in order to disclose it to the outside
world. (Where do you think most of the content on WikiLeaks comes
from?) Malicious insiders can execute malicious code, visit dangerous
websites, or intentionally perform harmful activities.
A device owned by an individual can be referenced using
any of these terms: portable device, mobile device, personal mobile
device (PMD), personal electronic device or portable electronic
device (PED), and personally owned device (POD).
Mobile devices often contain sensitive data such as contacts, text
messages, email, and possibly notes and documents. Any mobile
device with a camera feature can take photographs of sensitive
information or locations. The loss or theft of a mobile device could
mean the compromise of personal and/or corporate secrets.
Mobile devices are common targets of hackers and malicious code. It’s
important to keep nonessential information off portable devices, run a
firewall and antivirus product (if available), and keep the system
locked and/or encrypted (if possible).
Many mobile devices also support USB connections to perform
synchronization of communications and contacts with desktop and/or
