Article Preview
TopIntroduction
Mobile devices such as cell phones, smartphone, and tablet computers are rapidly penetrating all human activities; causing changes in the way people work, learn, play, and interact with each other. International Telecommunication Union, ITU’s (2015) recent figures show that the number of mobile phone subscriptions exceeds the world’s population of about seven billion and the number of active mobile broadband subscriptions is in excess of 2.1 billion. One area where mobile devices are predominantly used is in higher education (Mtebe & Raisamo, 2014). Mobile devices have impacted students’ learning process; students use these devices on daily basis to communicate with their peers and instructors, obtain Internet-based information for research and other purposes, complete assignments using applications such as wikis (Komlenov et al., 2013), and for social networking (Claybaugh & Haried, 2014) such as sharing information, photographs and videos. Even in some cases students use applications on the mobile devices to post inappropriate contents (Melton, Miller, & Salmona, 2012).
However, mobile devices are faced with various security attacks, mainly as a result of the user’s behavior and activities that can make the device vulnerable to attacks. Another factor is the user’s lack of knowledge of and familiarity with the device features and failure to apply device security measures. For instance, recent studies show that Android phone users have poor understanding of its security features (Felt et al., 2012; Kelley et al., 2012) and 62 percent of smartphone users fail to lock their devices with a password or a pin code (Javelin Strategy & Research, 2012). But, just like all other computing resources, mobile devices must comply with the core security principles of confidentiality, integrity, and availability, if they are to be relied upon. Accordingly, mobile device security strategies must cover the three security controls that have been implemented to protect information resources: technical, physical, and administrative controls.
While technical (logical) controls are the software or hardware components such as firewalls, intrusion preventive and detection systems, antimalware, encryption, identification and authentication mechanisms, physical controls are measures including cable locks, fencing, closed-circuit TV, and lighting that are implemented to protect facilities, personnel, and other resources (Shon, 2013). But, administrative controls are more management-oriented and deal with security policies and procedures, risk management, personnel security, effective hiring practices, and security awareness and training programs (Shon, 2013). Specific to mobile devices, the major operating systems developers, BlackBerry operating system (OS), iPhone OS (iOS), Android OS, and Windows Phone OS, have implemented security measures to protect the devices and the data they contain. These security measures can broadly be grouped under four layers. The device security layer prevents an unauthorized individual from accessing and using the device, data security layer protects the data stored on the device even if the device is stolen, network security layer provides tools that can encrypt data while being in transit across a network, and application security layer has mechanisms to secure the operating system and isolate applications while they are running (Apple Inc., 2014).