Paper #2: Mobile App Security Assessment & Strategy
Scenario:
A federal agency has asked your cybersecurity consulting firm to provide it with a white paper
that discusses best practices for security architectures and designs for mobile apps. The white paper
should also present the agency with a strategy for developing an award winning digital government
mobile app for its submission to next years’ Mobi-Gov awards. The agency had several mobile apps in
the “honorable mention” category this past year but, each of the apps failed to make passing scores in
the mobile app security category. The contest rules do not allow revision and resubmission of entries
from prior years. For this reason, your starting point should be recommendations for a security
architecture for a completely new mobile app.
The scoring for the awards is organized around the three strategies from the federal
government’s digital government strategy (see https://www.whitehouse.gov/sites/default/files/omb/
egov/digital-government/digital-government.html ).
1. Enable the American people and an increasingly mobile workforce to access high-quality digital
government information and services anywhere, anytime, on any device.
2. Ensure that as the government adjusts to this new digital world, we seize the opportunity to
procure and manage devices, applications, and data in smart, secure and affordable ways.
3. Unlock the power of government data to spur innovation across our Nation and improve the
quality of services for the American people.
Research:
1. Research the “best” of federal mobile apps to see examples of the type of apps the agency will be
competing against next year.
a. 19 of the Coolest Government Mobile Apps
https://www.govloop.com/community/blog/cool-gov-mobile-apps/
b. 10 Most Entertaining Government Mobile Apps
https://www.govloop.com/community/blog/10-most-entertaining-government-mobileapps/
c. 3 Innovative Ways Agencies are Leveraging Mobile Apps http://fedscoop.com/greatgovernment-mobile-apps
2. Research the federal government’s perspective on mobile app security architectures and design
recommendations. Here are three sources to help you get started:
a. Mobile App Developers: Start with Security
https://www.ftc.gov/tips-advice/business-center/guidance/mobile-app-developersstart-security
b. Mobile Security Reference Architecture
https://cio.gov/wp-content/uploads/downloads/2013/05/Mobile-Security-ReferenceArchitecture.pdf
c. Architecture and Design Considerations for Secure Software (Mobile Applications)
https://buildsecurityin.uscert.gov/sites/default/files/ArchitectureAndDesign_PocketGuide_v2%200_05182012_P
ostOnline.pdf
3. Research industry recommendations for mobile app security. Begin with the following sources:
a. OWASP Mobile Security Project
https://www.owasp.org/index.php/OWASP_Mobile_Security_Project
b. Top 10 Mobile Risks (click on tab)
https://www.owasp.org/index.php/OWASP_Mobile_Security_Project
c. Mobile app security: Always keep the back door locked
http://arstechnica.com/security/2013/02/mobile-app-security-always-keep-the-backdoor-locked/
4. Find five or more best practice recommendations for ensuring the security of mobile apps. These
recommendations must include security for the platform (mobile device), the data on the device,
and the transmission path between the device and the mobile application server.
Write:
Write a five (5) to eight (8) page white paper in which you summarize your research and present
your “best practices” based strategy for developing an award winning, secure mobile app. You should
focus upon clarity and conciseness more than length when determining what content to include in your
paper. At a minimum, your white paper must include the following:
1. An introduction or overview of mobile apps for digital government. Your overview should include
examples of mobile apps which are recognized as being innovative and “best of category” for
delivering government information and services to mobile devices. This introduction should be
suitable for an executive audience.
2. A separate section in which you discuss the federal government’s requirements and
recommendations for mobile app security architectures and the associated design
recommendations. This section should be written for non-technical managers; you will need to
translate from tech-speak to manager-speak. Diagrams and pictures may be useful but, remember
to include the appropriate in-text citations for the source (append to the figure caption).
3. A separate section in which you discuss industry’s recommendations for security architectures and
risk reduction for mobile app security.
4. A section in which you present 5 or more best practice recommendations for building security into
the new mobile app which will become next year’s entry into the Mobi-Gov awards contest. These
recommendations should be presented as your “strategy” for “winning” the security evaluation
category for mobile apps.
Additional Information
1. Your white paper should use standard terms and definitions for cybersecurity concepts. The
following sources are recommended:
a. NICCS Glossary http://niccs.us-cert.gov/glossary
b. Guidelines on Security and Privacy in Public Cloud Computing
http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf
2. You are expected to credit your sources using in-text citations and reference list entries. Both your
citations and your reference list entries must comply with APA 6th edition Style requirements.
Failure to credit your sources will result in penalties as provided for under the university’s Academic
Integrity policy.
3. Use APA 6th edition style (formatting) for the organization and appearance of the MS Word
document that you submit to your assignment folder. This includes margins, section headings, and
consistent use of fonts (Times New Roman 12 in black), paragraph styles (first line indent by ½ inch),
and line spacing (double). Formatting requirements and examples are found under Course
Resources > APA Resources. Your file should contain both a title page and a separate References
page. Use page breaks to ensure that the title page and references page are separate from the body
of the paper.
4. You are expected to write grammatically correct English in every assignment that you submit for
grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying
that your punctuation is correct and (d) reviewing your work for correct word usage and correctly
structured sentences and paragraphs. These items are graded under Professionalism and constitute
15% of the assignment grade.
Criteria
Excellent
15 points
Outstanding
Acceptable
Needs
Improvement
14 points
13 points
Introduction or Overview for
Mobile Apps
Provided an
excellent overview
of mobile apps for
digital government.
Discussion included
5 or more examples
of mobile apps
which have been
recognized as being
innovative or “best
of category” for
delivering
government
information and
services to mobile
devices. The
overview
appropriately used
information from 3
Provided an
outstanding
overview of mobile
apps for digital
government.
Discussion included
3 or more examples
of mobile apps
which have been
recognized as being
innovative or “best
of category” for
delivering
government
information and
services to mobile
devices. The
overview
appropriately used
Provided an overview
of mobile apps for
digital government.
Discussed the purpose
of mobile apps from
the federal
government. Included
at least one example
of a mobile app that is
available from the
federal government's
app store. The
overview
appropriately used
information from 1 or
more authoritative
sources.
11 points
Provided an overview
but the section lacked
important details
about federal
government mobile
apps. Information from
authoritative sources
was cited and used in
the overview.
or more
authoritative
sources.
20 points
Federal Perspective on Mobile
App Security
information from 2
or more
authoritative
sources.
18 points
Provided an
excellent overview
of the federal
government’s
requirements and
recommendations
for mobile app
security
architectures and
the associated
design
recommendations.
Explanations were
written for nontechnical managers
and included at
least three useful
diagrams or pictures
with appropriate intext citations for the
source (appended
to the figure
caption).
Appropriately used
information from 3
or more
authoritative
sources.
Provided an
outstanding
overview of the
federal
government’s
requirements and
recommendations
for mobile app
security
architectures and
the associated
design
recommendations.
Explanations were
written for nontechnical managers
and included at
least two useful
diagrams or pictures
with appropriate intext citations for the
source (appended
to the figure
caption).
Appropriately used
information from 2
or more
authoritative
sources.
20 points
18 points
16 points
Provided an overview
of the federal
government’s
requirements and
recommendations for
mobile app security
architectures and the
associated design
recommendations.
Included at one or
more useful diagrams
or pictures with
appropriate in-text
citations for the source
(appended to the
figure caption).
Appropriately used
information from 1 or
more authoritative
sources.
14 points
Provided a discussion
of the federal
government's
requirements or
recommendations for
mobil app
security.Appropriately
used information from
authoritative sources.
16 points
14 points
Industry Perspective on Mobile
App Security
Provided an
excellent overview
of industry
recommendations
for mobile app
security
architectures and
the associated
design
recommendations.
Explanations were
Provided an
outstanding
overview of industry
recommendations
for mobile app
security
architectures and
the associated
design
recommendations.
Explanations were
Provided an overview
of industry
recommendations for
mobile app security
architectures and the
associated design
recommendations.
Included at one or
more useful diagrams
or pictures with
appropriate in-text
Provided a discussion
of industry
recommendations for
mobil app
security.Appropriately
used information from
authoritative sources.
written for nontechnical managers
and included at
least three useful
diagrams or pictures
with appropriate intext citations for the
source (appended
to the figure
caption).
Appropriately used
information from 3
or more
authoritative
sources.
15 points
Best Practice Recommendations
for Mobile App Security
written for nontechnical managers
and included at
least two useful
diagrams or pictures
with appropriate intext citations for the
source (appended
to the figure
caption).
Appropriately used
information from 2
or more
authoritative
sources.
14 points
Provided an
Provided an
outstanding
excellent discussion
discussion of best
of best practice
practice
recommendations
recommendations
for ensuring the
for ensuring the
confidentiality,
confidentiality,
integrity,
integrity,
availability,
availability,
authenticity, and
authenticity, and
non-repudiation for
non-repudiation for
Mobile Applications.
Mobile Applications.
Included 5 or more
Included 4 or more
specific
specific
recommendations.
recommendations.
Appropriately used
Appropriately used
information from 3
information from 2
or more
or more
authoritative
authoritative
sources.
sources.
5 points
citations for the source
(appended to the
figure caption).
Appropriately used
information from 1 or
more authoritative
sources.
13 points
Provided a discussion
of best practice
recommendations for
ensuring the
confidentiality,
integrity, availability,
authenticity, and nonrepudiation for Mobile
Applications. Included
3 or more specific
recommendations.
Appropriately used
information from 1 or
more authoritative
sources.
4 points
11 points
Discussion provided
some information
about best practices
for ensuring
security for Mobile
Applications.
Mentioned
information obtained
from authoritative
sources.
2 points
3 points
Addressed security issues using Demonstrated
excellence in the
standard cybersecurity
integration of
terminology
standard
cybersecurity
terminology into
the case study.
Provided an
outstanding
integration of
standard
cybersecurity
terminology into
the case study.
Integrated standard
cybersecurity
terminology into the
into the case study
Used standard
cybersecurity
terminology but this
usage was not well
integrated with the
discussion.
APA Formatting for Citations
and Reference List
5 points
4 points
3 points
2 points
Work contains a
reference list
containing entries
for all cited
resources.
Reference list
entries and in-text
citations are
correctly formatted
using the
appropriate APA
style for each type
of resource.
Work contains a
reference list
containing entries
for all cited
resources. One or
two minor errors in
APA format for intext citations and/or
reference list
entries.
Work contains a
reference list
containing entries for
all cited resources. No
more than 3 minor
errors in APA format
for in-text citations
and/or reference list
entries.
Work has no more
than three paragraphs
with omissions of
citations crediting
sources for facts and
information. Work
contains a reference
list containing entries
for cited resources.
Work contains no
more than 5 minor
errors in APA format
for in-text citations
and/or reference list
entries.
4 points
3 points
5 points
Professionalism Part I:
Organization & Appearance
Submitted work
shows outstanding
organization and
the use of color,
fonts, titles,
headings and subheadings, etc. is
appropriate to the
assignment type.
Submitted work has
minor style or
formatting flaws but
still presents a
professional
appearance.
Submitted work is
well organized and
appropriately uses
color, fonts, and
section headings
(per the
assignment’s
directions).
2 points
Organization and/or
appearance of
submitted work could
be improved through
better use of fonts,
color, titles, headings,
etc. OR Submitted
work has multiple style
or formatting errors.
Professional
appearance could be
improved.
Submitted work has
multiple style or
formatting errors.
Organization and
professional
appearance need
substantial
improvement.
13 points
11 points
Errors in formatting,
spelling, grammar, or
punctuation which
detract from
professional
appearance of the
submitted work.
Submitted work has
numerous errors in
formatting, spelling,
grammar, or
punctuation. Work is
unprofessional in
appearance.
14 points
15 points
Professionalism Part II:
Execution
Overall Score
No formatting,
grammar, spelling,
or punctuation
errors.
Excellent
90 or more
Work contains
minor errors in
formatting,
grammar, spelling
or punctuation
which do not
significantly impact
professional
appearance.
Outstanding
80 or more
Acceptable
70 or more
Needs
Improvement
56 or more
Purchase answer to see full
attachment