7. www.sevenstepconsulting.com
The Mobile Millennium!
• Mobile Ramping
Faster than Desktop
Internet Did and Will
Be Bigger Than Most
Think
• 5 Trends Converging
(3G + Social
Networking + Video +
VoIP + Impressive
Mobile Devices)
11. www.sevenstepconsulting.com
Herbert Marshall McLuhan, (July 21, 1911 – December 31, 1980)
McLuhan is known for coining the expressions "the medium is the message" and "the global village" and
predicted the World Wide Web almost thirty years before it was invented.
Seven Step Consulting Pvt. Ltd., India.
22. www.sevenstepconsulting.com
Multiple Issues & Challenges
•Rapid Technological Change
•User Awareness
•Increased Threats and Vulnerabilities
•Ease of Exploitation
•Lack Of Personnel
•Lack of Guidelines
•Lack Of Legal Frameworks
.. The list Goes on and on
Seven Step Consulting Pvt. Ltd., India.
24. www.sevenstepconsulting.com
Brief History
• Examples of prehistoric standardization are found in the ancient
regions of Mesopotamia, Sumer, Egypt and Babylon: at these
locations, pre-Christian civilizations were found to use many
kinds of standards in their daily activities.
• Around five to six thousand years ago, the Mohenjo-daro or
Harappa civilizations of the Indus valley used standardization for
town planning, water supply, drainage, house building and even
weights and measures.
• Between the 7th century B.C. and the 17th century A.D.,
standards for units of measurement of length, volume, weight
and money were further developed in various parts of the world.
• Standardization of screw threads by Sir Joseph Whitworth dates
back to 1841.
• Other instances of early standardization can be found in the
dawning age of the railway industry
• Mass production became possible through standardization
Seven Step Consulting Pvt. Ltd., India.
25. www.sevenstepconsulting.com
What are Standards?
Standards and standardization
• A standard is a document which provides, inter alia,
requirements, rules, and guidelines, for a process, product or
service. These requirements are sometimes complemented
by a description of the process, products or services.
• Standards are the result of a consensus and are approved by
a recognized body.
• Standards aim at achieving the optimum degree of order in a
given context.
• The process of formulating, issuing and implementing
standards is called standardization.
Seven Step Consulting Pvt. Ltd., India.
26. www.sevenstepconsulting.com
The primary aims of standardization
• Fitness for purpose
• Interchangeability
• Variety reduction
• Compatibility
• Guarding against factors that affect the health and safety
of consumers
• Environmental protection
• Better utilization of resources
• Better communication and understanding
• Transfer of technology
• Removal of trade barriers
Seven Step Consulting Pvt. Ltd., India.
27. www.sevenstepconsulting.com
Attributes of a standard
• A standard generally has three
attributes:
• Level: such as at the company,
national or international level.
• Subject: such as engineering,
food, textile or management.
• Aspect: such as specification,
testing and analysis, packaging
and labelling (more than one
aspect may be covered in a
single standard: a standard may
include specification of items
such as the product, its
sampling and inspection, related
tests and analysis, packaging
and labelling).
Standardization diagram
Created by Dr. Lal C. Verman,
Founder and Director General of the Bureau of Indian Standards,
Seven Step Consulting Pvt. Ltd., India.
ISO/IEC 27001:2005
Information technology — Security
techniques — Information security
management systems — Requirements
28. www.sevenstepconsulting.com
Types of standards
There are several types of standards; these include:
• Vocabulary standards, e.g. glossaries, signs and symbols;
• Basic standards, such as units of measures;
• Product standards that cover, inter alia, specifications for dimensions,
performance, health, safety, environmental protection and documentation;
• Standards for inspection, test methods and analysis;
• Standards that focus on organization, such as for logistics, maintenance,
inventory management, quality management, project management and
production management.
• Specification standards contain three categories of requirements, namely:
obligatory requirements (essential characteristics that are needed to ensure
the usefulness of a product),optional or recommendatory requirements
(which help to improve the serviceability of a product or to meet the specific
requirements of a particular type of customer) and informative requirements.
Seven Step Consulting Pvt. Ltd., India.
30. www.sevenstepconsulting.com
Example Adoption by Industry Bodies
• QS 9000 Quality System Requirements for Automatic
Suppliers, published by Chrysler, Ford, General Motors and
others.
• TL 9000 Telecommunications-specific Quality Management
System Requirements, published by QUEST-USA.
• AS 9000 Aerospace Unique Requirements, published by the
SAE.
• OHSAS 18001 Specifications for Occupational Health and
Safety Management Systems, published by three NSBs and
10 certification bodies.
• HACCP Hazard Analysis Critical Control Point System and
Guidelines for the Food Industry, published by CODEX.
• SA-8000 Social Accountability, published by the Council of
Economic Principles Accreditation Agency (CEPAA).
Seven Step Consulting Pvt. Ltd., India.
32. www.sevenstepconsulting.com
Management System Standards For Mobile Security
• No dedicated
international Standard
for Mobile System &
Security yet as on Date
http://en.wikipedia.org/wiki/List_of_
mobile_phone_standards
Seven Step Consulting Pvt. Ltd., India.
34. www.sevenstepconsulting.com
Management Aspects
Technical Aspects
Physical Aspects
Legend :
Security Policy
Organization of
Information Security
Asset
Management
Business Continuity
Management
Compliance Communications &
Operations
Management
Human Resources
Security
Information Security Incident
Management
Information System Acquisition,
Development & Maintenance
Access Control
Physical &
Environmental Security
Operations
Management
Organizational Structure
The 11 Security Domains
Security Policy (1)
Organization of Information Security (2)
Asset Management (2)
Human Resources Security (3)
Physical & Environmental Security (2)
Communications & Operations
Management (10)
Access Control (7)
Information System Acquisition,
Development & Maintenance (6)
Information Security Incident
Management (2)
Business Continuity Management (1)
Compliance (3)
The Eleven Security Domains in Annexure A
of ISO 27001:2005
Seven Step Consulting Pvt. Ltd., India.
35. www.sevenstepconsulting.com
A.10 Communications and operations
management
• A.10.4.2 Controls against mobile code
• Control
• “Where the use of mobile code is
authorized, the configuration shall ensure
that the authorized mobile code operates
according to a clearly defined security
policy, and unauthorized mobile code shall
be prevented from executing.”
Seven Step Consulting Pvt. Ltd., India.
36. www.sevenstepconsulting.com
A.11 Access control
• A.11.7.1 Mobile computing and communications
• Control
• A formal policy shall be in place, and appropriate
security measures shall be adopted to protect
against the risks of using mobile computing and
communication facilities.
• A.11.7.2
• Teleworking Control
• A policy, operational plans and procedures shall
be developed and implemented for teleworking
activities.
Seven Step Consulting Pvt. Ltd., India.
43. www.sevenstepconsulting.com
Seven Step Consulting Pvt. Ltd.
153 Maidangarhi , New Delhi 110068. (India)
Phone: + 91 11 29533609
Mobile: + 91 9810609560
E-Mail: ajai@sevenstepconsulting.com
Web: www.sevenstepconsulting.com
Reach Us at:
This document or any part thereof may not, without the written consent of Seven Step
Consulting Pvt. Ltd. , be copied, reprinted, or reproduced in any material form, including but
not limited to photocopying, transcribing, transmitting, or storing it in any medium or translating
it into any language, in any form or by any means, be it electronic, mechanical, xerographic,
optical, magnetic or otherwise.
The information contained in this document is proprietary and confidential; all copyrights,
trademarks, trade names, patents and other intellectual property rights in the documentation
are the exclusive property of 7SConsulting International unless otherwise specified. The
information (including but not limited to data, drawings, specification, and documentation) shall
not at any time, be disclosed directly or indirectly to any third party without the prior written
consent of Seven Step Consulting Pvt. Ltd. .
The information contained herein is believed to be accurate and reliable. Seven Step
Consulting Pvt. Ltd. accepts no responsibility for its use by any means or in any way
whatsoever. The information contained herein is subject to change without notice.
Seven Step Consulting Pvt. Ltd., India.
Delhi
Mauritius
Mumbai
Riyadh
Bangalore
HEAD OFFICE
ASSOCIATE OFFICES