ABSTRACT
The information technology and security stakeholders like CIOs, CISOs and CTOs in financial services organization are
often asked to identify the risks with mobile computing channel for financial services that they support. They are also asked
to come up with approaches for handling risks, define risk acceptance level and mitigate them. This requires them to
articulate strategy for supporting a huge variety of mobile devices from various vendors with different operating systems and
hardware platforms and at the same time stay within the accepted risk level. These articulations should be captured in
information security policy document or other suitable document of financial services organization like banks, payment
service provider, etc. While risks and mitigation approaches are available from multiple sources, the senior stakeholders may
find it challenging to articulate the issues in a comprehensive manner for sharing with business owners and other technology
stakeholders. This paper reviews the current research that addresses the issues mentioned above and articulates a strategy that
the senior stakeholders may use in their organization. It is assumed that this type of comprehensive strategy guide for senior
stakeholders is not readily available and CIOs, CISOs and CTOs would find this paper to be very useful.
Keywords: - Root-of-Trust, Device Fingerprinting, Web Application Firewall, Application IPDS, Information Security Policy
Document, Secure Mobile Computing, Virtualization, Sandboxing