• This paper presents a secure design framework for a digital application aimed at reducing procrastination, integrating risk management, threat modeling, and international data protection compliance
• It applies standards like ISO/IEC 27001, NIST, OWASP MASVS, and GDPR to ensure confidentiality, integrity, and availability while addressing common cyber threats and vulnerabilities
• A prototype was developed and evaluated using layered security architecture, encryption, multi-factor authentication, and privacy-by-design principles, demonstrating the feasibility of balancing usability and security
This study proposes a comprehensive information security strategy for a mobile application developed to help users manage procrastination through gamified task management. Recognizing the growing cybersecurity threats to personal productivity tools, the authors emphasize the necessity of integrating robust information security management (ISM) from the ground up. The approach combines theoretical underpinnings with applied security frameworks, including ISO/IEC 27001, NIST CSF, and OWASP MASVS, ensuring that the application remains secure against vulnerabilities such as data breaches, malware, and unauthorized access.
The application is designed using a layered architecture—presentation, business logic, and data storage—secured with encryption (AES-256 and TLS 1.3), role-based access controls, and cryptographic hashing. Threat modeling via STRIDE identifies and mitigates risks like spoofing, data tampering, and privilege escalation. Authentication measures include multi-factor authentication (MFA) options such as SMS-based OTPs, authenticator apps, and backup codes, while session and password management are tightly controlled through secure hash storage, activity monitoring, and automatic timeouts.
Data privacy is prioritized through GDPR and CCPA compliance, data minimization, anonymization, and user controls for data access, deletion, and permission management. The paper outlines risk assessment methodologies like OCTAVE, FAIR, and Risk IT to identify, quantify, and mitigate threats in real-time. Security requirements were implemented and evaluated using a Figma prototype that simulates registration, login, and in-app task management flows, showcasing practical security integration without compromising user experience.
By demonstrating the practical application of internationally recognized security standards and frameworks, this work contributes a replicable model for developers creating behavioral intervention apps. It validates that security and usability can coexist, ensuring trust, data protection, and compliance in solutions addressing human productivity challenges.
Leave a Reply
You must be logged in to post a comment.