Question

APPLICATION Security Policies / Enterprise Security Strategy Plan

Instructions: In NO LESS than 200 words, answer the following question.

Create an outline that could serve as a template for creating future security policies for an IT Network's Applications. Your template should reflect2–3 key parts of a security policy related to intranet operations.

For each element you include in your outline template, give two sentences describing the information that should be included. It is acceptable if you want to borrow elements from an actual security policy from a company; however,ORIGINAL WORK IS A MUST.

The following are suggestions of items to consider as key parts of a security policy:

Threat

Policy statement

Responsibilities

Guidelines and user procedure

Information technology procedures

Compliance and enforcement

Answer 1

Application Security:

As, the world is moving towards the smaller devices which are being more effective than the larger devices. One of the most important of all the devices is mobile phones which is been successful in replacing the laptops and computers. As, the use of phones increased there was mere need of getting application security as the utmost thing for the protection of the applications for smoothing the use of the phones.

Threats:

• The threats in the applications are same as that for any of the device which is being connected to the internet and it becomes more easy and swift to threat the mobile applications.
• The major things that are encountered in the application hacking are as follows:
  • Injections
  • Broken Authentication & Session Management
  • Cross-Site Scripting
  • Insecure Direct Object References
  • Security Misconfiguration
  • Missing Function Level Access Control
  • CSRF(Cross Site Request Forgery)
  • Unvalidated Redirects & Forwards
• The threats in the applications are very severe and recovering through such hacks sometimes becomes very complicated for the experts to recover the data and manage the application back to how it was.

How to Secure Applications?

• To secure the mobile applications from getting hacked the most important step is to secure the applications code from the ground up.
• The next and most important step is to secure the network connections that are being handled on the back end of the applications.
• Next is to enable identification, authentication and the authorization measures in the best place.
• There must be implementation of the best encryption technology to gather the customer data and must be kept secured.
• There must be also an implementation of the solid API security strategy that is being placed in the applications.
• Testing the app till the perfection is achieved is the key to make an application solid and unhackable.

Responsibilities:

• The responsibilities of an user is to secure the connection while using internet without any of the mobile devices and always visit the safer sites and manage the connection properly.
• Must stay connected to a secure network and must never provide sensitive information in plain text. There must be always taken care of the formation of the valid and forbidable vulenrabilites.

Hence, these are the things one must remember while using the mobile applications.