Abstract
As the penetration of smartphones increases rapidly, in the occurrence of security threats in smartphones, smartphone security technologies are not sufficient, and moreover, the security technologies and measures that can be applied to smartphones remain limited. This, as a result, creates a problem that smartphones are easily exposed to security attacks. Gradually, the studies on smartphone security are progressing and the development of security technologies is underway. However, such efforts remain inadequate in view of the vulnerabilities that lie in smartphone security. Therefore, studies are necessary on enhanced information security measures that can ensure the safe usage of smartphones in a real environment. In this paper, a Smartphone-information security management system (ISMS) model based on ISMS is proposed. Firstly, this study defines the elements of smartphone security threats, which can occur in the smartphone environment, and the requirements for smartphone security. Based on the results, this work derives seven relevant control items by combining existing ISMS-based information security models with the smartphone environment, and thereby proposes a Smartphone-ISMS model through the materialization of each control item. Additionally, the results of the comparison of characteristics between existing ISMS models and the proposed Smartphone-ISMS are presented.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Ahn, J., & Han, R. (2012). An indoor augmented-reality evacuation system for the smartphone using personalized pedometry. Human-centric Computing and Information Science, 2, 18.
Alberts, C. J., & Dorofee, A. J. (2002). Managing information security risks: The OCTAVE approach. Boston: Addison-Wesley Professional.
Bruce, S. (2004). Hacking the business climate for network security. IEEE Security & Privacy, 2(5), 88.
Buccafurri, F., & Lax, G. (2011). Implementing disposable credit card numbers by mobile phones. Electronic Commerce Research, 11(3), 271–296.
Buennemeyer, T. K., Gora, M., Marchany, R. C., & Tront, J. G. (2007). Battery exhaustion attack detection with small handheld mobile computers. In IEEE International Conference on Portable Information Devices (PORTABLE ’07), Orlando, FL.
Carey, M. (2005). Enterprise risk management: how to jumpstart your implementation efforts. International Risk Management Institute, Suffolk.
Chen, X., & Lian, S. (2011). Service and P2P based secure media sharing in mobile commerce environments. Electronic Commerce Research, 11(1), 91–101.
Dunham, K. (2009). Mobile malware attacks and defense. SYNGRESS2009. http://www.filecrop.com/syngress-2009.html.
Isaac, J. T., Zeadally, S., & Cámara, J. S. (2012). A lightweight secure mobile payment protocol for vehicular ad-hoc networks (VANETs). Electronic Commerce Research, 12(1), 97–123.
Jody, W. (2004). Information security: Responsibilities of Boards of Directors and Senior Management. Intergovernmental Relations and the Census.
Loscocco, P. A., Smalley, S. D., Muckelbauer, P. A., Taylor, R. C., Turner, S. J., & Farrell, J. F. (1998). National Security Agency, “The inevitability of failure: The flawed assumption of security in modern computing environments. In The Proceedings of the 21st national information systems security conference (pp. 303–314).
Mascha, M. F., Miller, C. L., & Janvrin, D. J. (Nov. 2011). The effect of encryption on Internet purchase intent in multiple vendor and product risk settings. Electronic Commerce Research, 11(4), 401–419.
Mulliner, C., Vigna, G., Dagon, D., & Lee, W. (2006). Using labeling to prevent cross-service attacks against smart phones, DIMVA 2006. Lecture Notes in Computer Science (Vol. 4064, pp. 91–108).
Obaidat, M. S., & Zarai, F. (June 2012). Novel algorithm for secured mobility and IP traceability for WLAN networks. Journal of Convergence, 3(2), 1–8.
Pearson, S. (2005). How trusted computers can enhance privacy preserving mobile applications. In Sixth IEEE international symposium on a world of wireless mobile and multimedia networks.
Peng, K. (2012). Efficient and general PVSS based on ElGamal encryption. Journal of Information Processing Systems, 8(2), 375–388.
Sherwood, J., Clark, A., & Lynas, D. (2005). Enterprise security architecture: A business-driven approach. San Francisco: CPM Books.
Zarmpou, T., Saprikis, V., Markos, A., & Vlachopoulou, M. (2012). Modeling users’ acceptance of mobile services. Electronic Commerce Research, 12(2), 225–248.
Apple App Store, http://www.apple.com/iphone/apps-for-iphone.
Corporate Governance Task Force. (2004). Information security governance: A call to action. National Cyber Security Summit Task Force.
DAI-Labor (2008). Malicious software for smartphones. Technical Report.
Google Android Market, http://www.android.com/market.
ITU-T, “Security aspects of mobile phones”, T09 SG17 100407 TD PLEN 1012, 2010.04.16.
Korea Internet & Security Agency (2010). Document for information security management system. Vol. 2010, No. 21.
Microsoft Mobile Marketplace, http://www.microsoft.com/windowsmobile/enus/meet/marketplace.mspx.
Mobile Application Stores State of Play (2010). Distimo, MWC.
Mobile World Congress Daily (2010). Mobile operatorsUnite on global Apps Platform”, 2010.2. 15.
Nokia Ovi Store, http://store.ovi.com/.
Palm App Catalog, http://www.palm.com/us/products/software/mobile-applications.html.
RIM App World, http://appworld.blackberry.com/webstore.
Acknowledgments
This research was supported by Basic Science Research Program through the National Research Foundation of Korea(NRF) funded by the Ministry of Education, Science and Technology(2012-0008296).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Park, J.H., Yi, K.J. & Jeong, YS. An enhanced smartphone security model based on information security management system (ISMS). Electron Commer Res 14, 321–348 (2014). https://doi.org/10.1007/s10660-014-9146-3
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10660-014-9146-3