Risk assessment for mobile devices
This article was originally published as: Ledermuller, T., & Clarke, N. (2011). Risk assessment for mobile devices. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 6863 (2011), 210-221. Original article available here. The original publication is available at www.springerlink.com.
With the market penetration of mobile phones and the trend towards the adoption of more sophisticated services, the risks posed by such devices, for the individual and the enterprise, has increased considerably. Risk assessment (RA) is an established approach with organisations for understanding and mitigating information security threats. However, it is also a time consuming process requiring an experienced analyst. Within mobile devices, the interested stakeholders range from administrators to the general public and an approach is therefore required that can establish RA in a fast, user convenient and effective manner. The proposed method utilises a number of approaches to minimise the effort required from the end-user, taking the different security requirements of various services into account and ensuring a level of flexibility that will enable all categories of user (from novice to expert) to engage with the process.