The “Mobile Security: How to Secure, Privatize, and Recover Your Devices” by Tim Speed, Joseph Anderson, Darla Nykamp, Jaya Nampalli and Mari Heiser, published by Packt Publishing contains an abundance of information pertaining to the threats mobile devices are susceptible to as well as providing guidelines on how protect them from the assorted threats.
The book provides a blue print that can be used by information security practitioners in charge of protecting mobile devices as well as others seeking to better understand the mobile security landscape.
The table of contents represents an orderly and organized method to learning the subjects in the book. The book begins with introductory topics and builds to more advance concepts and practices in later chapters. The body of the book consists of eight chapters and an appendix section. Each chapter in the book ends with a chapter summary recapping the main topics.
Chapters 1 through 4 presented a great introduction to the book as well as some key matters and definitions that were useful and used in later chapters. Chapter 1: Living in a Mobile World (Chapter 1), Users and Mobile Device Management (Chapter 2), Privacy – Small Word, Big Consequences (Chapter 3) and Mobile and Social – the Threats You Should _Know About (Chapter 4). While these chapters covered certain basic operational and security concepts, the information was comprehensive enough to educate and inform even mobile security professionals in the industry. I found the use of figures, diagrams and screenshots to be extremely effective as well as the web links in those chapters.
In chapter 5, “Protecting Your Mobile Devices” the authors offered protective measures from the earlier threats discussed against mobile devices. They offered recommendations on how to reduce the likelihood of your device or devices you are charged with protecting from being compromised. In addition, the authors also discussed protective controls such as using strong authentication practices, encryption and antiviruses, which are often overlooked as additional elements. Lastly, instructions are provided in the unfortunate situation were to occur if the mobile device were to get hack.
Chapter 6 “Support and Warranty Insurance” as well as Chapter 7: “Baby Boomers, Teens, and Tweens” took an alternate depiction pertaining to mobile security. In chapter 6, the author provided a story titled “Toby’s Story” which touches on BYOD (Bring Your Own Devices) and the issues pertaining to that matter. They also explained some key information as it relates to customer service, technical support, service level agreements and warranties in the mobile space. The information was very enlightened and I learned some fascinating concepts that would be very useful. In chapter 7, the authors discussed topics pertaining to the different generations using mobile devices and some of the operational, safety and security issues encompassed.
Finally in chapter 8 “Getting Your Life Back After You've Been Hacked”, provided the readers with some guidelines to bet back to production status after a mobile device has been hacked. The topics expressed by the authors focused on, understanding the different variations of being hacked, such as a device hack or a profile hack. In addition, an informative explanation on device wiping was also presented in the chapter offering valuable information on when or if it should occur.
The Appendices also provided some additional information the reader should be able to build on. The topics were as followed below:
Appendix A: IBM Notes Traveler
Appendix B: Mobile Device Management
Appendix C: Tips to Help You Protect Your Mobile Device
Appendix D: Mobile Acceptable Use Policy Template
Appendix E: The History of Social Networking, the Internet, _and Smartphones
The author’s coverage of the book was comprehensive for both the technical and non-technical individual. In addition, the information would serve useful in a personal capacity as well as in the business environment. It was written in a manner suitable for a novice interested in the mobile security field, to the seasoned mobile security practitioner trying to obtain additional information. This book is a contribution to the information security community and will likely aid in producing knowledgeable information security practitioners in the future. I personally enjoyed topics pertaining to the threats mobile devices faced by attackers.
The book is available online and can be purchased at Packt Publishing website here.
Tim Speed, Joseph Anderson, Darla Nykamp, Jaya Nampalli and Mari Heiser (2013). Mobile Security: How to Secure, Privatize, and Recover Your Devices. Packt Publishing