Scenario:
A federal agency has asked your cybersecurity
consulting firm to provide it with a white paper that discusses best practices
for security architectures and designs for mobile apps. The white paper should also
present the agency with a strategy for developing an award winning digital government mobile app for its
submission to next years’ Mobi-Gov awards. The agency had several mobile apps
in the “honorable mention” category this past year but, each of the apps failed
to make passing scores in the mobile app security category. The contest rules do not allow revision and
resubmission of entries from prior years. For this reason, your starting point
should be recommendations for a security architecture for a completely new
mobile app.
The scoring for the awards is organized around the
three strategies from the federal government’s digital government strategy (see https://www.whitehouse.gov/sites/default/files/omb/egov/digital-government/digital-government.html
).
1.
Enable the American people and an increasingly
mobile workforce to access high-quality digital government information and
services anywhere, anytime, on any device.
2.
Ensure that as the government adjusts to this
new digital world, we seize the opportunity to procure and manage devices,
applications, and data in smart, secure and affordable ways.
3.
Unlock the power of government data to spur
innovation across our Nation and improve the quality of services for the
American people.
Research:
1.
Research the “best” of federal mobile apps to
see examples of the type of apps the agency will be competing against next
year.
a.
19 of the
Coolest Government Mobile Apps https://www.govloop.com/community/blog/cool-gov-mobile-apps/
b.
10 Most
Entertaining Government Mobile Apps https://www.govloop.com/community/blog/10-most-entertaining-government-mobile-apps/
c.
3 Innovative Ways Agencies are Leveraging Mobile
Apps http://fedscoop.com/great-government-mobile-apps
2.
Research the federal government’s perspective on
mobile app security architectures and design recommendations. Here are three sources
to help you get started:
a.
Mobile App
Developers: Start with Security
https://www.ftc.gov/tips-advice/business-center/guidance/mobile-app-developers-start-security
b.
Mobile
Security Reference Architecture
https://cio.gov/wp-content/uploads/downloads/2013/05/Mobile-Security-Reference-Architecture.pdf
c.
Architecture
and Design Considerations for Secure Software (Mobile Applications)https://buildsecurityin.us-cert.gov/sites/default/files/ArchitectureAndDesign_PocketGuide_v2%200_05182012_PostOnline.pdf
3.
Research industry recommendations for mobile app
security. Begin with the following sources:
a.
OWASP Mobile Security Project https://www.owasp.org/index.php/OWASP_Mobile_Security_Project
b.
Top 10
Mobile Risks (click on tab) https://www.owasp.org/index.php/OWASP_Mobile_Security_Project
c.
Mobile app
security: Always keep the back door locked http://arstechnica.com/security/2013/02/mobile-app-security-always-keep-the-back-door-locked/
4. Find
five or more best practice recommendations for ensuring the security of mobile
apps. These recommendations must include security for the platform (mobile
device), the data on the device, and the transmission path between the device
and the mobile application server.
Write:
Write a three to five page white paper in which you summarize your research and present your
“best practices” based strategy for developing an award winning, secure mobile
app. You should focus upon clarity and conciseness more than length when
determining what content to include in your paper. At a minimum, your white
paper must include the following:
1. An
introduction or overview of mobile apps for digital government. Your overview
should include examples of mobile apps which are recognized as being innovative
and “best of category” for delivering government information and services to mobile
devices. This introduction should be suitable for an executive audience.
2. A
separate section in which you discuss the federal government’s requirements and
recommendations for mobile app security architectures and the associated design
recommendations. This section should be written for non-technical managers; you
will need to translate from tech-speak to manager-speak. Diagrams and pictures
may be useful but, remember to include the appropriate in-text citations for
the source (append to the figure caption).
3. A
separate section in which you discuss industry’s recommendations for security
architectures and risk reduction for mobile app security.
4.
A section in which you present 5 or more best practice recommendations for
building security into the new mobile app which will become next year’s entry
into the Mobi-Gov awards contest. These recommendations should be presented as
your “strategy” for “winning” the security evaluation category for mobile apps.
0 comments