Study into the Implications of Smartphone Operating System Security

Recommendations

Info

Study into the implications of Smartphone operating system security Attorney General’s Office (AGO) National Fraud Intelligence Bureau (NFIB) City of London Police UK legislation and Smartphone security This section investigates current UK legislation and Smartphone security threats and vulnerabilities that have been discussed in this report. It maps relevant UK legislation and Smartphone security risk to the bodies that are responsible for governing it. Table 7.1: UK legislation and Smartphone security Smartphone security risk Applicable legislation Unpatched Smartphone Unclear Unclear Lost and stolen Smartphone (leading to potential loss of privacy, identity and data) Telephony Financial (Premium Rate Services) fraud Loss of privacy (due to Spyware and Malware Criminal law for theft Data Protection Act Communications Act 2003 PhonepayPlus Code of Practice Data Protection Act 1998 Communications Act 2003 Computer Misuse Act 1990 (Police and Justice Act 2006) Financial services (banking) fraud Financial Fraud Act 2006 Institution Responsible Shared between: Police Service The ICO FSA PhonepayPlus PhonepayPlus Ofcom The ICO Ofcom CPS FCA & PRA National Fraud Authority (NFA) Source: Goode Intelligence © 2013 Goode Intelligence © 2013 P a g e | 111 www.goodeintelligence.com
Study into the implications of Smartphone operating system security Summary and Recommendations Smartphones have become the remote control for our digital and non-digital lives, replacing desktop computers, notebooks and even TVs and personal music players. As such, they are subject to the same threats that have affected consumers for many years. These threats are controlled by legislation and governed by bodies that have been assigned responsibility to govern them. Governing bodies need to understand the nature of these threats. Many of the current threats are old ones adapted for Smartphones, e.g. Dialler fraud. There are threats that are either unique to the Smartphone or are amplified as a result of the characteristics of the Smartphone. A Smartphone is more likely to be lost and stolen and when it gets into the hands of unauthorised users more likely to be poorly protected by either no passcodes or weak ones. From table 7.1 above, we have identified the current Smartphone security risks and matched them against relevant legislation and the bodies responsible for governing them. Goode Intelligence believes that current legislation should be sufficient in dealing with current Smartphone security issues. There does not seem to be any major holes in current legislation that could result in a disparity between the technology and the governing framework. However, this must be constantly reviewed in light of emerging, sometimes disruptive, technology that could alter the effectiveness of regulation and legislation. Related to legislation is education (engagement) and enforcement; educating affective parties as to the nature of legislation by engaging with all parts of the ecosystem and enforcement once there has been a breach (either intentional or unintentional). Recommendations Goode Intelligence recommends the following: 1. Creation of a cross-regulatory working party to discuss potential issues and gaps in protecting Smartphones, and their associated services. This study could act as the initial reference point for such a group. 2. Review of Smartphone security risks against UK legislation to determine: a. UK legislation related to particular security risk b. UK regulatory that is responsible for particular security risk c. Gaps d. Action plan to manage security risks Goode Intelligence © 2013 P a g e | 112 www.goodeintelligence.com
Page 1 and 2:
www.goodeintelligence.com £ Study
Page 3 and 4:
Study into the implications of Smar
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62: Study into the implications of Smar
Page 111: Study into the implications of Smar
show all

Study into the Implications of Smartphone Operating System Security

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?