Controls for Application and Softwa

Controls for Application and Software Risk
 Encourage up-to-date operating systems and anti-malware software installed on all
mobile devices. Mobile security technology such as Kaspersky Internet Security can be
installed to routinely scan the system and protect against viruses, malware and theft.22
 Installation of endpoint security protection software such as those offered by McAfee or
Symantec.23
 Only install applications from trusted sources. Third party application stores should not
be trusted.
 Create customized corporate applications which are downloaded from a separate
enterprise application store. Building an in-house app store would allow separation
between company apps and non-company apps. Applications can be managed through a
mobile app management product.
 Install and regularly perform patch management. This includes scanning for missing
security patches, installing the patch and performing remediation to update systems with
the latest patches.24
 Ensure that jail broken or rooted devices are not being used as they can remove security
features on the device and allow potentially malicious applications to be installed.
3.3 General Risks and Controls
There are additional risks and controls for mobile devices that need to be addressed on a
company-wide basis.
3.3.1 Platform Management Risk
Different mobile platforms providers offer varying levels of controls over their mobile systems.
Each mobile operating system design is based on whether its target audience are consumers or
corporate users and this will also help determine which security features are included on the
platform. Each platform has different vulnerabilities and these must be considered when deciding