Mobile Security - A Pocket Guide

Steven Furnell


IT Governance Publishing





Reviewed by

George Williams, MBCS CITP MIMC


9 out of 10

Mobile Security - A Pocket GuideThis book is an excellent little primer into the world of mobile security. Considering its provenance, this book is surprisingly easy to read and presented in a readily digestible series of seven chapters, spanning some 70 pages.

Each chapter concludes with a short bullet list of ‘Takeaways’, which should indeed be taken away and used as the basis for the discussion and development of mobile security policies in your business workplace.

The scene is set in the opening chapter, which identifies the range and increasing capabilities of mobile devices, including laptops/notebooks, PDAs, mobile phones, media players and removable storage. The introductory discussion compares the benefits of ‘mobility to the business’ against the new range of risks opened up by mobile technology.

Moving on to ‘Surviving Outside’, the author looks more closely at the benefits associated with the freedom to roam outside the safety of the workplace, and the fundamental  consequences of the exposure to threats such as loss or theft.

Consideration is then given to the issues around connectivity, and the security issues associated with different levels of network access that mobile devices now permit, encompassing personal, local and wide area coverage. Particular attention is devoted to WiFi and Bluetooth contexts, where security depends more particularly on the user’s discretion.

The author then explores the importance of giving access to the right person, by authentication, and pays attention to the challenges posed by the current dominance of passwords and PINs, especially in the case of handheld devices that are more vulnerable to loss and theft.

The chapter on ‘Safeguarding your Data’ considers that the true value of mobile devices comes from the data that they hold or that can be accessed through them; and looks at the measures needed to be deployed to safeguard against potential threats.

The penultimate chapter of the book, and perhaps my favourite - because of the examples quoted - considers the attacks that specifically target mobile devices and makes the point that although worms and viruses have yet to appear in volume on current mobile devices (laptops excepted), the rich processing and communication capabilities are likely to see mobile platforms affected in the future. New opportunities are being found to target mobile users from established attack mechanisms in other domains.

In the final chapter we are advised to ‘Know our Limits’, and to take steps to understand the level and flexibility of the protection available on our mobile devices, which is somewhat less than one would expect in a full PC context

All in all, this is an excellent little primer into the issues surrounding mobile security, containing much of what we probably know already, reminding us to be vigilant and throwing light on emerging issues of which we were probably not aware!

The only negative of an otherwise excellent book is the illustrative photographs which, whilst endeavouring to support the arguments, were too small and out of focus; a full page illustration may have better served the purpose.

Further information: IT Governance Publishing

October 2009