NIST: Updating Recommendations for Mobile App Security. The National Institute of Standards and Technology is working on updating its recommendations for how organizations and developers can keep mobile applications secure. The updated recommendations are being made to the Special Publication (SP) 800-163, Vetting the Security of Mobile Applications document that was initially released in January 2015. The 50-page draft revision includes additional clarity and details on how to minimize mobile app risks. Read more
OUR HISTORY WITH MOBILE: A Prescient Steve Jobs Predicted Our Obsession with Mobile Apps. Though even he might have undersold it a little. Read more
SECURITY: Team Finds Many Mobile Applications Are Open to Web API Hijacking. Smartphones, tablets, iPads—mobile devices have become invaluable to the everyday consumer. But few consider the security issues that occur when using these devices. Modern mobile applications or “apps” use cloud-hosted HTTP-based application programming interface (API) services and heavily rely on the internet infrastructure for data communication and storage. To improve performance and leverage the power of the mobile device, input validation and other business logic required for interfacing with web API services are typically implemented on the mobile client. However, when a web service implementation fails to thoroughly replicate input validation, it gives rise to inconsistencies that could lead to attacks that can compromise user security and privacy. Developing automatic methods of auditing web APIs for security remains challenging. Read more
CYBERSECURITY: Risky Mobile Apps No Fun for Entertainment Sector. In case it’s not already on your risk radar, it’s time to add mobile apps to the growing list of threat vectors. Mobile apps are risky across all sectors, but more specifically, those that come from media and entertainment businesses are putting users at risk. BitSight recently released the results of its research that looked at data from more than 1,000 companies offering apps on iOS and Google Play and found vulnerabilities across the board. Read more
NOW ON SLIDESHARE: Tech Update Summary from Blue Mountain Data Systems July 2018 https://www.slideshare.net/BMDS3416/tech-update-summary-from-blue-mountain-data-systems-july-2018.
IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.