| ๐ Back to Exam Syllabus | ๐บ RooCloud on YouTube | ๐ RooCloud Practice Exams |
Mobile, Wireless & Internet of Things Devices
This episode of the ISACA Certified Information Systems Auditor (CISA) exam prep series covers the security challenges posed by devices that operate beyond the traditional network perimeter. The episode examines mobile device risks and management, bring-your-own-device policies, mobile payment security, wireless encryption standards, and the unique vulnerabilities of Internet of Things and embedded devices.
What this episode covers
- Mobile device threats โ interception, malware, data leakage, identity theft, drive-by downloads, and the risks from jailbroken devices.
- Mobile device management (MDM) โ remote control capabilities including remote wipe, app control, asset tracking, and the limitations auditors should note.
- Bring-your-own-device (BYOD) โ policy requirements, signed agreements, data ownership, exit planning, and the privacy considerations of managing personal devices.
- Mobile payment security โ digital wallets, contactless payments, tokenization, device-specific cryptograms, and strong customer authentication.
- Wireless network security โ coverage types from wide-area to personal-area networks, encryption standard generations, and how to audit wireless infrastructure.
- Internet of Things and embedded devices โ why connected sensors are soft targets, isolation and segmentation controls, and monitoring for abnormal activity.
Watch the full episode above for the worked examples and detailed explanations of each concept.
Frequently Asked Questions
Why are mobile devices particularly difficult to secure?
Mobile devices are difficult to secure because they move beyond the organizationโs physical and network controls, riding untrusted networks and crossing the corporate perimeter carrying whatever they have picked up. They are also small enough to be lost or stolen quickly, which means data can disappear without warning. The combination of mobility and small form factor is the root of most mobile security problems.
What should a bring-your-own-device policy require before a personal device accesses business systems?
A bring-your-own-device policy should require a signed agreement before any personal device touches business systems. The agreement should establish data ownership, grant the organization the right to seize the device for legal matters, make security a shared duty, and define patching, antivirus, and support rules. An exit plan must also be in place so that when an employee leaves, company data is removed and access is cut off immediately.
How do mobile payment systems protect against fraud?
Mobile payment systems use tokenization to replace real card data with a useless stand-in so that a stolen token cannot be used elsewhere. Device-specific cryptograms add a further layer so that each transaction is unique to the device. Strong customer authentication with two or more factors, continuous fraud monitoring, and regular audits complete the defense.
Why are Internet of Things devices considered soft targets?
Internet of Things devices are soft targets because their software is often low quality and rarely encrypted, they run on weak processors with limited capacity for security controls, and their hardware and operating systems go stale without regular updates. Some devices ship with hidden back-door accounts, and they are tightly interconnected, meaning that compromising one can allow an attack to spread across the entire network.
๐ Master the ISACA CISA Exam!
Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISACA CISA certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.
Reference: This article is based on concepts discussed in Mobile, Wireless & Internet of Things Devices.