I spend a lot of time talking to organizations about Mobile Security. I consult on mobile security threats and have participated in many security reviews over the years. I am familiar with the security aspects of many mobile vendor products. I am also familiar with the mobile security efforts of many large organizations.
There are woefully few resources on the mobile security issues that are most pressing. The intent of this part of my site is to aggregate the resources that do exist to help organizations protect themselves.
Unfortunately, mobile security defense products are lagging, possibly due to the relative low adoption of mobile so far. This leaves Information Security professionals responsible for identifying and plugging security holes alone.
Despite low adoption, mobile infrastructure introduces risk to the entire organization on the same scale as ecommerce. Furthermore, organizations must ensure compliance with regulations such as Gramm-Leach-Bliley (GLBA), ISO 17799, HIPAA, California State Bill SB 1386, and even Sarbanes-Oxley.
I will be adding more of my own content here over time. Hopefully these external resources help you. Note that much of this is light on the details. Bring your skepticism.
- Mobile Security Lab
- Current Threats (Trojan, Worm) @F-Secure
- Mobile Security Threat Assessment Opinion (some of which I don’t agree with) @ GovernmentSecurity.org
- Foundstone / McAfee Security Assessments (one of hundreds of things they do)
- Symantec Mobile Security for Windows Mobile
Don’t hesitate to contact me for help: info@MobileStrategyPartners.com.