Cybersecurity Fundamentals

Questions and Answers

Which core concept ensures that only authorized users can access data?

• Security Policy
• Vulnerability Analysis
• Audit and Monitoring
• Access Control (correct)

In the context of cybersecurity, what is the primary role of cryptography?

• Training personnel on security awareness
• Detecting unauthorized access
• Protecting data through encryption (correct)
• Identifying and mitigating risks

Which security measure emphasizes the importance of training employees to recognize and respond to potential security threats?

• People Layer (correct)
• Process Layer
• Network Security
• Technology Layer

What is TRUE regarding the function of deception technology in cybersecurity?

It creates decoys to mislead attackers. (B)

In cloud security, what role do services like Amazon Web Services (AWS) typically play?

They enhance security as Infrastructure as a Service (IaaS). (D)

Why is hardware authentication considered an improvement over traditional password-based systems?

It verifies devices and users before granting access. (A)

What capability does the application of Machine Learning (ML) and AI bring to cybersecurity?

Detecting anomalous behavior in real time (B)

Which principle of the CIA Triad focuses on ensuring the accuracy and reliability of data?

Integrity (C)

What is the primary function of the National Institute of Standards and Technology (NIST) in cybersecurity?

Developing IT standards and guidelines (D)

Which element is a key component of the Cybersecurity Framework Core?

Defining cybersecurity activities and outcomes (A)

The Cybercrime Prevention Act of 2012 in the Philippines primarily aims to:

Prevent and prosecute cybercrimes (D)

What is the purpose of reconnaissance in the anatomy of a cyberattack?

Gathering information about the target organization (B)

Which type of malware is designed to trick users into thinking their computer is infected to persuade them to pay for a fake solution?

Scareware (A)

What is the main purpose of 'crypting services' used in cybercrime?

Encrypting malware to avoid detection (A)

Which type of attack involves intercepting and altering communications between two parties?

Man-in-the-Middle (MITM) (B)

What is the goal of a Denial-of-Service (DoS) attack?

Overloading networks with traffic (C)

Why is 'accountability' considered an important concept in cybersecurity?

It generates the requirement for actions to be traced uniquely to an entity. (B)

What is the primary goal of a 'non-repudiation' security service?

Preventing a sender from denying transmission of a message (A)

What should organizations do to properly 'formulate' security policies?

Create policies that are informative and regulative (C)

What type of security measure involves protecting physical assets through surveillance and alarms?

Physical Security (B)

What is the purpose of a 'Firewall Audit Checklist'?

To ensure thorough documentation of security precautions (A)

Why is 'salted hashing' used in cryptography?

To prevent rainbow table attacks (D)

What does 'Privileged Password Management' aim to achieve?

Protecting sensitive data by limiting access (D)

Which method is used to authenticate devices to prevent unauthorized network access?

Device Authentication (A)

Why is keeping firewalls updated crucial for organizations?

To avoid security vulnerabilities (A)

What is the function of a Web Application Firewall (WAF)?

Protecting web applications by filtering HTTP/HTTPS traffic (C)

What is the main function of an Intrusion Detection System (IDS)?

Detecting vulnerability exploits (C)

What security benefit does network segmentation provide?

Improving security and performance (D)

Which network security device creates isolated logical networks on a single physical network and helps to segment traffic by department or function?

VLAN (A)

What is the primary goal of cryptography?

To keep data secret (A)

What is the purpose of applying the 'Principle of Least Privilege' (PLoP) in Identity and Access Management (IAM)?

Reducing the risks of misuse (C)

What is the purpose of device identification in IoT and 5G security?

Detecting fraudulent activity (D)

What is the purpose of Vulnerability Management in cybersecurity?

Assessing and prioritizing vulnerabilities (C)

Data privacy primarily governs which of the following?

Who can access personal data and how it is processed. (C)

According to the principles related to data privacy laws, what element is essential for the lawful processing of personal data?

Transparency (D)

Which of the following is a goal of Privacy Engineering?

Prevent PII compromise (A)

According to the GDPR, within how many hours must organizations report a data breach to relevant authorities after detection?

72 hours (A)

Flashcards

Information Assurance and Security (IAS)

Protecting data from unauthorized access, ensuring Confidentiality, Integrity, and Availability.

Security Policy

Rules and guidelines for maintaining system and data security.

Access Control

Granting data access only to authorized users.

Vulnerability Analysis

Identifying and mitigating potential security risks.

Counter-attack Measures

Strategies and techniques to defend against cyber attacks.

Privacy Awareness

Training personnel to understand and adhere to security practices.

Audit and Monitoring

Detecting and flagging unauthorized access attempts.

Cryptography

Using encryption methods to protect data confidentiality.

Security measures

People (employees), processes, and technology.

Deception Technology

Creating decoys to mislead attackers in network security.

System Security

Protecting hardware, software, and data on computing devices.

Network Security

Ensuring secure data transmission across networks.

System Architecture

A structure carefully planned out for security.

Virtualized Security

Cloud-based firewalls and intrusion detection/prevention systems.

Hardware Authentication

Improving security through device and user verification before access.

Deep Learning & AI in Security

Detecting anomalous behavior and responding to threats in real-time.

Deep Learning

A subset of machine learning using artificial neural networks for anomaly detection.

CIA Triad

Confidentiality, Integrity, and Availability.

Confidentiality

Preventing unauthorized access to data.

Integrity

Maintaining the accuracy and reliability of data.

Availability

Ensuring data is accessible when needed.

Cybersecurity Framework Core

Defines cybersecurity activities and outcomes with understanding risk management.

PCI DSS

Payment Card Industry Data Security Standard ensuring secure payment processing.

R.A. 10175

Republic Act that preventing cybercrimes.

Reconnaissance

The first step of cybersecurity attack.

Obfuscation

Hiding tracks to mask the origin of an attack.

Malware

Programs designed to gain unauthorized access or cause damage.

Viruses

Attaches to legitimate files and spreads.

Rootkits

Hides malicious activity while maintaining access.

Ransomware

Extorting money by blocking access to files.

Credential Stuffing

Using stolen login credentials for unauthorized access.

Advanced Persistent Threats (APTs)

Long-term, stealthy attacks targeting sensitive data.

Internet of Things (IoT) Vulnerabilities

Exploiting weak security in IoT devices.

Denial of Service (DoS)

Prevents or inhibits normal use of facilities

Security risk assessment

Evaluates the likelihood of threat.

Study Notes

Cybersecurity Fundamentals

• Information Assurance and Security (IAS) protects data from unauthorized access, ensuring Confidentiality, Integrity, and Availability (CIA).
• Key domains include Information Assurance (Risk Management), Information Security (Data Protection), and Cybersecurity (Defense against cyber threats).

Core Concepts and Principles

• Security Policy: Rules and guidelines for system and data security.
• Access Control: Ensuring only authorized users can access data.
• Vulnerability Analysis: Identifying and mitigating risks.
• Counter-attack Measures: Strategies to defend against attacks.
• Privacy Awareness: Training personnel on security.
• Audit and Monitoring: Detecting unauthorized access.
• Cryptography: Using encryption techniques to protect data.

Cybersecurity and Key Roles

• Cybersecurity protects systems, networks, and programs from digital attacks.
• Key cybersecurity roles include:
  • Security Architect: Designs and maintains a company's security system.
  • Security Consultant: Advises on security strategies.
  • Ethical Hacker: Identifies vulnerabilities by testing security defenses.
  • Chief Information Security Officer (CISO): Oversees an organization's information security policies.

Data and Information Security

• It is a key component of cybersecurity, focusing on protection against unauthorized access.
• Security measures involve:
  • People Layer: Recognizing that employees can be security risks and the first line of defense.
  • Process Layer: Implementing organizational strategies to prevent, detect, and respond to threats.
  • Technology Layer: Integrating appropriate technologies to enhance security defenses.
• Deception Technology: Used to create decoys and mislead attackers in network security by creating fake assets to confuse attackers and prevent them from targeting real data.

System and Network Security

• System Security protects hardware, software, and data on devices.
• Network Security ensures the secure transmission of data over networks.
• System Architecture implements a structured design for security.
• Cloud Technology is significantly transforming systems security technology.

Cloud Security Components

• Virtualized Security: Firewalls and intrusion detection/prevention systems (IDS/IPS) are now cloud-based.
• Infrastructure as a Service (IaaS): Cloud services such as FireHost and Amazon Web Services (AWS) enhance security.

Authentication

• Weak passwords and usernames pose a major security risk.
• Hardware authentication improves security by verifying devices and users before granting access.
• Internet of Things (IoT) relies on hardware authentication to verify connected devices before network access.

AI and Security

• Machine Learning (ML) & AI improve security by detecting anomalous behavior and responding to threats in real time.
• AI systems analyze entities instead of users, focusing on patterns to identify cyber threats.
• Behavior Analytics helps detect and prevent persistent cyber threats at both macro and micro levels.
• Deep Learning uses artificial neural networks to analyze patterns and detect anomalies: Particularly useful for identifying suspicious behavior, predicting threats, and preventing cyberattacks.

CIA Triad

• It is the foundational cybersecurity framework.
• Confidentiality: Preventing unauthorized access.
• Integrity: Ensuring accuracy and credibility of data.
• Availability: Ensuring backup and accessibility when needed.

Cybersecurity Standards & Frameworks

• NIST develops IT standards & guidelines to enhance security.
• The Cybersecurity Framework includes:
  • Framework Core: Defines cybersecurity activities & outcomes in a common language.
  • Framework Implementation Tiers: Helps organizations understand cybersecurity risk management.
  • Framework Profiles: Identifies & prioritizes cybersecurity improvements.
• ISO 27000 Series is a systematic approach applicable to any organization to secure information.
• A six-part approach includes defining a security policy, defining the ISMS scope, conducting risk assessments, managing identified risks, selecting and implementing control objectives, and preparing a statement of applicability.
• PCI DSS ensures secure payment processing & fraud reduction, involving six categories including secure network maintenance and information security policies.

Cybersecurity Laws in the Philippines

• Republic Act No. 10175 (Cybercrime Prevention Act of 2012) provides the legal framework for preventing, investigating, and prosecuting cybercrimes.
• Republic Act No. 10844 established DICT to create national cybersecurity policies & protect government networks.
• National Cybersecurity Plan 2022 aims to strengthen national cyber defense, protect critical information infrastructure, and improve digital security for all sectors.
• The Philippine Government Cybersecurity Framework guides government agencies on risk assessments, threat mitigation, and cybersecurity roles.

Cybersecurity Attacks and Anatomy

• Consist of risks, attacks, and potential issues that may affect the integrity of organizations' data and systems.
• The anatomy of an attack has 4 main steps:
  • Reconnaissance: Attackers gather information about the target organization, including network ranges, IP addresses, and domain names.
  • Attack: Hackers infiltrate the organization's network, stealing credentials using tools like rainbow tables.
  • Expansion: Malicious programs are used to spread across the system.
  • Obfuscation: Hackers hide their tracks to mask the origin of the attack.

Malware

• It is a type of software designed to gain unauthorized access or cause damage.
• Different types include:
  • Viruses: Attach to legitimate files and spread.
  • Trojans: Disguised as legitimate programs.
  • Adware: Displays or downloads unwanted advertisements.
  • Spyware: Secretly gathers user data.
  • Worms: Self-replicate across networks.
  • Rootkits: Hide malicious activities while maintaining access.
  • Botnets: Infected computers controlled remotely.
  • Scareware: Tricks users with fake security alerts.

Cybercrime Tools and Tactics

• Ransomware: Extorts money by blocking access to files until a ransom is paid.
• Crimeware: Buying and selling of malware on the Dark Web.
• Social Engineering: Tricking users into revealing sensitive information.
• Crypting Services: Encrypting malware to avoid detection.
• Remote Administration Tools: Grant hackers full control over an infected device.
• Keyloggers: Record keystrokes to steal login credentials.
• Exploit Kits: Redirect users from legitimate sites to malicious sites.
• Leaked Data: Stolen data sold on the Dark Web.

Exploiting System Vulnerabilities

• Unpatched Systems: Lack of security updates makes systems vulnerable.
• Phishing: Fraudulent emails that steal sensitive information.
• Vishing: Voice calls or messages impersonating trusted sources.
• Skimming: Devices placed in ATMs or gas pumps to steal card data.
• Pharming: Redirecting users to fraudulent websites.

Advanced Cyber Threats

• Man-in-the-Middle (MITM) Attacks: Intercept and alter communications.
• Denial-of-Service (DoS) & Distributed Denial-of-Service (DDoS) Attacks: Overload networks with traffic.
• SQL Injection: Exploiting web application vulnerabilities.
• Zero-Day Exploits: Target unknown software vulnerabilities before they are patched.
• Credential Stuffing: Using stolen login credentials for unauthorized access.
• Advanced Persistent Threats (APTs): Long-term, stealthy attacks targeting sensitive data.
• Cryptojacking: Hijacking computer resources to mine cryptocurrency.
• Supply Chain Attacks: Targeting third-party vendors to infiltrate organizations.
• Internet of Things (IoT) Vulnerabilities: Exploiting weak security in connected devices.

Security Objectives- Security Principles

• Core principles that guide the protection of information and systems from threats.
• CIA Triad: foundational cybersecurity framework.
  • Confidentiality: preventing unauthorized access
  • Integrity: accuracy and credibility of the data and systems
  • Availability: backup and accessibility when needed
• Additional security concepts enhance its completeness, including:
  • Accountability: Requirement for actions of an entity to be traced uniquely to that entity.
  • Authenticity: The property of being genuine and able to be verified and trusted; confidence in the validity of a transmission.
  • Passive Attacks: No direct alteration or felt disruption.

Passive and Active Attacks

• Passive Attacks:
  • Eavesdropping: Attackers listen in communication to intercept data.
  • Traffic Analysis: Analyzing communication patterns, even if encrypted.
  • Sniffing: Using software and hardware to capture network traffic & access unencrypted data.
  • Shoulder Surfing: Physically observing a user to enter data.
• Active Attacks: Involve modifying, disrupting, or injecting data into a system or network.
  • Modification: Commonly called MITM or man-in-the-middle
  • Masquerade: Attacker pretends to be a legitimate user.
  • Data Modification: Attacker intercepts and alters communication without knowledge.
  • SQL Injection: Attacker injects malicious SQL code.
• Disruption:
  • Characterized by DOS or denial of service.
  • DoS Attack: Prevents or inhibits the normal use or management of communication facilities.
  • Privileged Escalation: The attacker exploits vulnerabilities to gain higher-level privileges such as administrative access.
  • Session Hijacking: Taking over a valid user session to gain unauthorized access.
  • Cache Poisoning: Corrupting a DNS server's cache to redirect users to malicious websites.
• Replay:
  • Passive capture of data and subsequent unauthorized retransmission.
  • Steps in a Replay Attack:
    • The attacker intercepts legitimate communication.
    • The attacker saves the message.
    • The attacker later retransmits it to the recipient as if it were a fresh request.
• Security Services are essential mechanisms that ensure the confidentiality, integrity, and availability of data and systems in a network or computing environment.
• Key Security Services:
  • Authentication: Confirms the identity of the sender or receiver, ensuring a communication is legitimate.
  • Privacy: Protects transmitted data from passive attacks by encrypting user data.
  • Non-repudiation: Prevents a sender or receiver from denying the transmission of a message.
  • Backup: Ensures system resources are accessible and usable upon demand, protecting against data loss.
  • V&V: Ensures that messages are received as sent, preventing duplication, modification, or unauthorized changes.

Cybersecurity Policies and Practices

• Cybersecurity Policies: Rules and guidelines for securing data, systems, and networks.
• Security Policies: Involves guidelines for data security activities such as encrypting emails and maintaining data integrity.
• A Cybersecurity Ecosystem includes data, information, systems, networks, and cloud platforms.
• Security Policy Development Process:
  • Proposal: Security policies are not solely the IT team responsibility, they involve stakeholders.
  • Formulation: Security policies should is informative, regulative and advisory.

Categories of Security Policies

• Physical security: Protects assets through surveillance, alarms, and controlled entry points.
• Personnel management: Guides employees on secure daily business activities.
• Hardware and Software: Defines the type of technology and network control.

Approval Process & Publication

• Approval is important to properly scrutinize the policy before implementation.
• Involved parties include clients, board members, the legal team, the IT Department, and HR.
• Publication: Awareness campaigns ensure employees understand and follow security policies.

Security Measures

• Firewall Audit Checklist: A thorough review of security precautions that ensures documentation.
• Network-based IDS: Monitors network traffic for suspicious activity.
• Virtual Private Network configuration: Establishes a secure and remote connection.
• Network Administrator Tasks: Daily checklists to maintain security and prevent network threats.
• Network Security Audit Checklist: Evaluates hardware, software, training, and procedures to minimize errors.
• Cryptography: Uses symmetric algorithms like AES and Salted Hashing to prevent rainbow table attacks.
• Identity and Access Management: Uses Privileged Password Management, Penetration Testing, and E-mail Server Security.
• IoT and 5G Security: Secure Boot and Firmware Integrity ensures devices start only with trusted firmware to reduce risks.
• Device Authentication: It utilizes strong authentication, such as the certificate-based approach, along with multi-factor authentication (MFA).
• Artificial Intelligence (AI) and Machine Learning (ML):
  • Anomaly Detection- help identify and block unusual attack patterns
  • (UEBA)- help identify unusual access patterns and potential insider threats
  • Predictive Analytics - detect and predict future security threats before they happen
• Firewall is a gatekeeper that defends the organization against internet based electronic threats.
• Functionality and Usability are simplified with GUIs prevent errors when setting up firewall
• VPN Confirmation ensure they are helping encrypted remote access
• Hardware Integrity - Keeping firewalls updated is crucial to avoid security vulnerabilities
• Content Filtering – Web filtering to block harmful of inappropriate websites and malware
• Failover Support – Firewalls provide automatic failover especially if cloud based

Firewall Types

• Stateless Firewalls – Filter packets individually based on set rules
• Dynamic Firewalls – Stateful inspection firewalls that monitor active connections and apply security rules accordingly.
• Proxy Firewalls – Act as intermediaries between users and external servers, preventing direct communication.
• Web Application Firewalls (WAF) – Protect web applications by filtering HTTP/HTTPS traffic to block SQL injections, XSS, etc.
• AttackIQ FireDrill – Identifies firewall vulnerabilities and misconfigurations.
• Bitglass - A cloud-based firewall that ensures secure access.
• Fidelis Deception – Uses deception technology to confuse attackers.
• GreatHorn – Enhances email security beyond standard filters.
• JASK ASOC – Links local security consoles to cloud intelligence.
• SlashNext – Provides phishing threat detection and blocking.
• Intrusion Detection System (IDS) network security technology originally built for detecting vulnerability exploits against a target application or computer.
• Types of IDS
• Network-Based IDS (NIDS) – Monitors traffic at strategic points in a network, analyzing packet contents and metadata.
• Host-Based IDS (HIDS) – Installed on specific devices to detect threats targeting individual endpoints.
• Protocol-Based IDS (PIDS) – Focuses on monitoring communication protocols used by web servers.
• Application Protocol-Based IDS (APIDS) – Tracks application-specific interactions, such as SQL transactions. Virtual Private Network (VPN)
• is connection over the Internet from a device to a network:
• Types of VPNS
• Remote Access VPN – Connects individual devices (laptops, phones) securely to a corporate network.
• Site-to-Site VPN – Links office networks over the internet, ensuring secure communication between locations. Network Segmentation is a network that divides into multiple subnets to improve security, performance, and monitoring. Zero Trust Model: "Never Trust, Always Verify" Segmentation follows Zero Trust principles to limit access and minimize vulnerabilities.

Network Segmentation

• VLAN (Virtual Local Area Network) creates isolated logical networks on a single physical network, segmenting traffic by department or function.
• Subnets divide a network into smaller segments to control and limit access.
• ACL (Access Control List) defines allowed/denied traffic between network segments.
• DMZ (Demilitarized Zone) is a network segment that sits between internal and external networks.
• Cryptography is the science of secret writing to keep the data secret and an important aspect when dealing with network security.

Identity and Access Management

• IAM is a framework of policies, technologies, and tools that ensures the right individuals or systems have the right access to technology resources at the right time, for the right reasons.
• Identity Management: login credentials
• Authentication: multi-factor authentication
• Authorization: permissions and provisions includes
• Access Management: role-based access control
• Principles in IAM: Principle of Least Privilege (PLoP), Provisioning, Deprovisioning, Single Sign-On (SSO).
• Authentication - process of recognizing a user's identity. It is the mechanism of associating an incoming request with a set of identifying credentials.
• Authentication Mechanisms: Passwords (a shared secret, vulnerable to breaches) Hard Tokens uses small devices like smart cards. Soft Tokens use software-based security.
• Internet of Things (IoT) Security IoT security focuses on addressing risks and vulnerabilities related to interconnected devices that collect, send, and receive data. These devices range from smart thermostats, There is lack of Standardization, devices have Limited Device Resources, Insecure Communication, issues with Privacy Issues, and Physical Security Risks
• AI and Machine learning in Cybersecurity

Data Privacy (Module 4)

• Data Privacy primarily governs the rights of individuals to determine who can access their personal data, including how it is stored and processed.
• Key focus: Protecting personal data and ensuring that individuals control how their data is collected, used, and shared.
• Privacy refers to the right of individuals to control their personal information and to keep certain aspects of their lives or activities confidential.
• Types of Data Classification: Personal Data (identity is ascertainable), Sensitive Data (includes race, beliefs, health information), and Privileged Data (exempt from public access).
• Key Elements of Data Privacy: Rights, Procedures, and Laws.

Data Privacy Rights

• Information: Being informed about data collection and processing.
• Access: Requesting access to personal data to see a copy.
• Rectification: Requesting corrections or updates to data.
• Deletion: if data was collected without consent
• Restriction: Requesting temporary suspension of data processing.
• Portability: Receiving data in a transferable format.
• Objection: Objecting to data processing for marketing or profiling.
• Withdrawal: Revoking consent.
• Complain: Reporting concerns to authority.
• Procedures in Data Handling - Collection, storage, Processing, and Compliance.
• Principles: Consent, Transparency, and Security.
• Data Security Concepts - Data Breach & Cyberattack.
• CIA Triad in Data Security - Confidentiality, Integrity, and Availability.
• Terms related to Data privacy - Security protects data against unauthorized data while Privacy ensures responsible handling of personal data and its compliance.
• Data Privacy ethical concerns; Suveillance and Unwarranted Tracking and Security.

Informational Privacy (Module 5)

• There are Three different strands of privacy that affects individuals:
  • Locational or Situational Privacy – Protects an individual's physical location or situation.
  • Informational Privacy Grants individuals the right to control information about themselves.
  • Decisional Privacy – Protects personal decision-making from interference.
• Authentication- helps verifying user identity before granting data access
• Encryption secures so that only authorized can have data access
• Data Masking conceals sensitive data
• Global Regulations helps protect data for compliance
• PII includes personal characteristics i.e photographic images, address etc

Privacy By Design

• Privacy by Design (PbD) ensures privacy requirements are considered through the system's development/implementation

• The Privacy by Design Principles are

  • Preventive-Proactive, not reactive;
  • Default-Privacy is considered default -Embedded- Designed into the program as core -Functional- Supports full functionality and features -End to end is developped to ensure a long term life cycle -Transparent to ensure visibility and accountability

• Risks asssessment is identifying and monitoring costs involved with data usage/protection

• Control selection is securing privacy through security measures

• Program Development Is ensuring data is being controlled for necessity only

• Anonymization is a step taken to protect PII(Identity Protected Individual): Irreversible - PII is processed in a way that the individual cannot be identified

• Pseudonymization, Reversible- PII is altered so that it is not directly linked to an individual

• Privacy assessment and goals - Privacy Impact Assessment (PIA)- is an analysis of how information is handled to ensure its compliance.

• Risk Management Process (Iterative) Assesss, Identify, Implement and Monitor

• Consent management is a tool to allow users to have compliance with compliance, GDPR ensures the individual is informed about how it can be used.

• Aspects of Data Privacy management - Clear Consent Requests,Granular Consent, Revocation of Consent and Record Keeping, , Transparency and Transparency

• Privacy Breach Management is when the org steps after a privay infingement/damage. After this they need to have a strategy to have proper damage handling and make sure it doesn't happen again.

• Three steps of breach managemet are : Detection to assess risks, containment is to prevent damage, and documentation of steps taken , and ensure to have prevention

• Lastly, Breach notification - refers to the process of stakeholders, regulators, and inform public

• Include: Legal Requirements, Narrative , Impact, Mitigation Measures, etc

• Mobile use has multiple online data processing system for better user experience

• Mobile data user - helps users for targets ads, freaf prevention and to look and credit risks

• Module 6: Online privacy and mobile- Ecosytem*

• Web Security is a common practice is to protect data against threats

• Vulnerability of web server, Exploitations and untrained - are common causes of issues w web data The most common solutions are to improve networks, make apps safer, and safer browsers while using mobile ecosystsems

• App store and Mobile App has a few vulnerabilities from 3rd parties - These devices are mostly managed with device-OS vender infrastrucutre

• The steps and evaluations of the process are known as Mobile vetting - approval steps

• Data must have clear data transfer with encryption and also mobile issues as well

To Minimize Exploitations you must have

• Transparent policy.

• Collect needed data only.

• Clear sharing policy.

• Secure database and session.

• Avoid open WiFi.

• Maintain good cyber practices - Passwords, Authentication and regularly update safe practices