Define context-aware authentication
Using other information, such as location, proximity to other devices, in addition to multi-factor authentication to determine if the user is valid
Define Containerization, relative to mobile device security (2)
- With BYOD, user’s personal data needs to separated from company data
- Containerization is the concept of dividing this data and providing the capability to remove company data without affecting personal data
Define storage segmentation relative to mobile devices
An implementation of containerization where company data is stored separately from personal data on the device
Define MicroSD HSM
Implementation of hardware security module on mobile devices provides hardware-based cryptographic functions
Define MDM/UEM
Mobile Device Management/Unified Endpoint Management allows centralized management of security for all mobile devices within an organization
Define Mobile Application Management (MAM)
allows management of and access to applications that are allowed to run on company mobile devices
Define SEAndroid
Security enhancements for Android OS provides additional access controls and security policies for Android-based mobile devices
Implementing third-party application security on mobile devices (2)
- MDM/UEM can utilized to allow/disallow certain apps from running on the device
- Even though an AppStore is provided for mobile apps, not every app is desirable or secure enough to allow
Define concerns of rooting/jailbreaking mobile devices
A rooted/jailbroken (firmware) mobile device cannot be managed by MDM and allows sideloading of apps. Ensure all mobile devices are using the standard firmware for the OS
Define USB OTG
USB On-the-Go, ability to transfer data from other devices to a mobile device via USB cable connection
-
1.1 Social Engineering30
-
1.2 Attack Types39
-
1.3 Application Attacks42
-
1.4 Network Attacks28
-
1.5 Threat Actors, Vectors & Intelligence Sources39
-
1.6 Vulnerabilities & Security Concerns16
-
1.7 Security Assessment Techniques21
-
1.8 Penetration Testing17
-
2.1 Enterprise Security Concepts25
-
2.2 Virtualization & Cloud Computing26
-
2.3 Application Development, Deployment & Automation20
-
2.4 Authentication & Authorization31
-
2.5 Cybersecurity Resilience40
-
2.6 Embedded & Specialized Systems12
-
2.7 Physical Security Controls0
-
2.8 Cryptographic Concepts27
-
3.1 Secure Protocols15
-
3.2 Securing Hosts & Applications24
-
3.3 Secure Network Designs36
-
3.4 Wireless Security24
-
3.5 Securing Mobile Devices10
-
3.6 Cloud Security8
-
3.7 Identity & Account Management5
-
3.8 Authentication & Authorization21
-
3.9 Public Key Infrastructure PKI21
-
4.1 Tools to Assess Security24
-
4.2 Policies, Procedures & Processes10
-
4.3 Incident Investigation11
-
4.4 Post-Incident Mitigation7
-
4.5 Digital Forensics29
-
5.1 Governance - Controls9
-
5.2 Governance - Regulations, Standards & Frameworks9
-
5.3 Organizational Security Policies16
-
5.4 Risk Management22
-
5.5 Data Privacy8
