Securing Mobile Devices and Applications

CybersecurityIT Audit

Overview

Here are the topics we'll cover.

  1. Mobile Computing Fundamentals
    • Definitions, principles, and unique characteristics
    • Hardware and software components
    • Mobile applications and important statistics
  2. Mobile Payments
    • Mobile payment statistics and trends
    • Wallets and key providers
  3. Wireless Network Fundamentals
    • Types, characteristics, and areas of focus
    • Wireless Application Protocol (WAP)
    • 5G and Bluetooth
  4. Connectivity Risks
    • Wireless network risks
    • Signaling System 7 (SS7) and Bluetooth security risks
  5. Mobile Security
    • Key actions for payment application data security
    • PCI data security standard
    • NIST mobile device security and privacy controls
    • Common on-device mobile security technologies and essential controls
    • CIS Controls Mobile Companion Guide
    • ISO 27002 Information Security Management
  6. Mobile Device Management (MDM) Solutions
    • Mobile Device Management (MDM) requirements
    • Enterprise Mobility Management (EMM), Unified Endpoint Management (UEM), and Mobile Application Management (MAM) key components and practices
    • Mobile Threat Defense (MTD) implications for devices, networks and applications
  7. Mobile Security
    • Cloning, SIM hijacking, jailbreaking, and rooting
    • Mobile security trends, online attacks, and dangerous popular apps
    • Ways to work securely from home and improve Bring Your Own Device (BYOD) policies and programs
  8. Mobile Threats / Common Attacks
    • Mobile fraud and other top threats
    • NIST Mobile Threat Catalogue
    • Attack and defense approaches
  9. Vulnerability Management
    • Definitions and key considerations
    • Essential vulnerability management program techniques
  10. Secure Mobile Application Development Fundamentals
  • In-demand mobile app features and evolving trends
  • App development challenges
  • Key components of application systems development, Software Development Kits (SDKs), and sandboxing
  • Certificates, mobile app languages, testing, and Software Application Maturity Model (SAMM)
  • Risk considerations, application security models, controls, and best practices
  1. Documenting the Data Flow
  • Data flow diagrams and tips for assessing them
  • EFT and ACH fund transfers, participants, credits, and debits
  • Securing data at rest and in motion
  1. Penetration Testing
  • Definitions, types, and key approaches
  • Vulnerability scanning vs. penetration testing
  • Best practices and testing tools
  1. Incident Response (IR)
  • Incidents vs. breaches, and notification requirements
  • The incident response life cycle
  • Incident response policies, preparation, and testing
  1. Business Continuity Planning (BCP)
  • Mobile strategies, risks, controls, and overall governance
  • Key considerations and practices
  1. Audit Considerations
  • Objectives, scope, risks and essential controls
  • Important considerations and reviewing the supply chain
  • Important audit steps and documents

Learning Style

Instructor Led

Level

Intermediate

Who this course is for

Senior operational and IT auditors, technologists, information security managers and analysts, and audit managers and directors looking to increase their knowledge about mobile devices and technologies, and how to audit them effectively.

NASBA Certified CPE

24 credits

Field of Study

Auditing

Length of course

24h

Prerequisites

None

Advanced Preparation

None
Start Learning Today
Stay ahead of the curve and future-proof your business with training programs designed for you.
Contact Sales

Here are the learning objectives we'll cover

  • Describe mobile devices and networks, features, and characteristics.
  • Recognize the indicators of effective mobile configuration and practices.
  • Identify key risks, controls, and audit techniques.

Attendance policy for on-site and online instructor-led training

Students are expected to arrive on time for classes with the proper materials and attitude. An overall attendance rate of 100% is expected to fully absorb the materials and to complete labs. If you have an expected absence, please email support@acilearning.com or your instructor ahead of time. The number of CPEs awarded will be equivalent to the number of hours attended.

ACI Learning is registered with NASBA

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: https://www.nasbaregistry.org/