Constructing Military Smartphone Usage Criterion of Cloud-DEFSOP for Mobile Security

Currently, several cloud security threats on smartphones can be found. They often cause users serious financial loss or bring bad reputation to a company or a institute. To detect malicious behaviors on the smartphones, Taiwan military office sets up a measure on cloud-based instruction detection to prevent mobile devices from possible attacks, for example, phishing and man-in-the-middle attacks. This study designs information security measures which are derived from digital evidence forensics standard operating procedure (DEFSOP) and construct military smartphone usage criterion. In cloud computing, digital forensics on smartphones deals with device-related preservation, identification, collection, record and interpretation of digital evidences. In order to keep the original digital evidences on the smartphone so as to be accepted by court judge, the identification process needs to be legal since the integrity of forensic result will be the major referenced evidences in the court. Basically, the process that we developed in the previous study satisfies the principle of ISO 27001. But our newly developed mobile DEFSOP has met ISO 27037 with IACC principle, including integrity, accuracy, consistency, and compliance.