International Journal of Advanced Networking and Applications

Open Access Open Access  Restricted Access Subscription Access

Review of Considerations for Mobile Device Based Secure Access to Financial Services and Risk Handling Strategy for CIOs, CISOs and CTOs


Affiliations
1 Tata Institute of Fundamental Research (TIFR), Mumbai, India
2 Corporate Technology Office, Tata Consultancy Services, Mumbai, India
 

The information technology and security stakeholders like CIOs, CISOs and CTOs in financial services organization are often asked to identify the risks with mobile computing channel for financial services that they support. They are also asked to come up with approaches for handling risks, define risk acceptance level and mitigate them. This requires them to articulate strategy for supporting a huge variety of mobile devices from various vendors with different operating systems and hardware platforms and at the same time stay within the accepted risk level. These articulations should be captured in information security policy document or other suitable document of financial services organization like banks, payment service provider, etc. While risks and mitigation approaches are available from multiple sources, the senior stakeholders may find it challenging to articulate the issues in a comprehensive manner for sharing with business owners and other technology stakeholders. This paper reviews the current research that addresses the issues mentioned above and articulates a strategy that the senior stakeholders may use in their organization. It is assumed that this type of comprehensive strategy guide for senior stakeholders is not readily available and CIOs, CISOs and CTOs would find this paper to be very useful.

Keywords

Root-Of-Trust, Device Fingerprinting, Web Application Firewall, Application Ipds, Information Security Policy Document, Secure Mobile Computing, Virtualization, Sandboxing.
User
Notifications
Font Size

Abstract Views: 144

PDF Views: 2




  • Review of Considerations for Mobile Device Based Secure Access to Financial Services and Risk Handling Strategy for CIOs, CISOs and CTOs

Abstract Views: 144  |  PDF Views: 2

Authors

Amal Saha
Tata Institute of Fundamental Research (TIFR), Mumbai, India
Sugata Sanyal
Corporate Technology Office, Tata Consultancy Services, Mumbai, India

Abstract


The information technology and security stakeholders like CIOs, CISOs and CTOs in financial services organization are often asked to identify the risks with mobile computing channel for financial services that they support. They are also asked to come up with approaches for handling risks, define risk acceptance level and mitigate them. This requires them to articulate strategy for supporting a huge variety of mobile devices from various vendors with different operating systems and hardware platforms and at the same time stay within the accepted risk level. These articulations should be captured in information security policy document or other suitable document of financial services organization like banks, payment service provider, etc. While risks and mitigation approaches are available from multiple sources, the senior stakeholders may find it challenging to articulate the issues in a comprehensive manner for sharing with business owners and other technology stakeholders. This paper reviews the current research that addresses the issues mentioned above and articulates a strategy that the senior stakeholders may use in their organization. It is assumed that this type of comprehensive strategy guide for senior stakeholders is not readily available and CIOs, CISOs and CTOs would find this paper to be very useful.

Keywords


Root-Of-Trust, Device Fingerprinting, Web Application Firewall, Application Ipds, Information Security Policy Document, Secure Mobile Computing, Virtualization, Sandboxing.