A Risk management framework for the BYOD environment

Computer networks in organisations today have different layers of connections, which are either domain connections or external connections. The hybrid network contains the standard domain connections, cloud base connections, “bring your own device” (BYOD) connections, together with the devices and network connections of the Internet of Things (IoT). All these technologies will need to be incorporated in the Oman Vision 2040 strategy, which will involve changing several cities to smart cities. To implement this strategy artificial intelligence, cloud computing, BYOD and IoT will be adopted. This research will focus on the adoption of BYOD in the Oman context. It will have advantages for organisations, such as increasing productivity and reducing costs. However, these benefits come with security risks and privacy concerns, the users being the main contributors of these risks. The aim of this research is to develop a risk management and security framework for the BYOD environment to minimise these risks. The proposed framework is designed to detect and predict the risks by the use of MDM event logs and function logs. The chosen methodology is a combination of both qualitative and quantitative approaches, known as a mixed-methods approach. The approach adopted in this research will identify the latest threats and risks experienced in BYOD environments. This research also investigates the level of user-awareness of BYOD security methods. The proposed framework will enhance the current techniques for risk management by improving risk detection and prediction of threats, as well as, enabling BYOD risk management systems to generate notifications and recommendations of possible preventive/mitigation actions to deal with them

Bring your own device: an overview of risk assessment

As organizations constantly strive to improve strategies for ICT management, one of the major challenges they must tackle is bring your own device (BYOD). BYOD is a term that collectively refers to the related technologies, concepts, and policies in which employees are allowed to access internal corporate IT resources, such as databases and applications, using their personal mobile devices like smartphones, laptop computers, and tablet PCs [1]. It is a side effect of the consumerization of IT, a term used to describe the growing tendency of the new information technologies to emerge first in the consumer market and then spread into business and government organizations [2]. Basically, employees want to act in an any-devices, anywhere work style, performing personal activities during work and working activities during personal time [2]. There are several risks associated with BYOD [3, p. 63], and the big gaps in BYOD policies adopted by today\u27s organizations [4, p. 194] show that the solution to BYOD is not well understood. This article establishes a background to understand BYOD risks by considering conditions that increase the occurrence of these risks and the consequences of the risks occurring. It then aims to present the most commonly adopted BYOD solutions, their limitations, and remedies, as well as important policy considerations for successfully implementing them

Isolated Mobile Malware Observation

The idea behind Bring Your Own Device (BYOD) it that personal mobile devices can be used in the workplace to enhance convenience and flexibility. This development encourages organizations to allow access of personal mobile devices to business information and systems for businesses operation. However, BYOD opens a firm to various security risks such as data contamination and the exposure of user interest to criminal activities. Mobile devices were not designed to handle intense data security and advanced security features are frequently turned off. Using personal mobile devices can also expose a system to various forms of security threats like malware. This research aims to analyze mobile network traffic from suspicious mobile applications and investigate data accessible to malicious applications on mobile devices. The research is further intended to observe the behavior of malware on mobile devices. A network with a wireless communication over a centralized access control point was built. The control access point serves as the centralized location for data monitoring, capturing and analyzing of transmitted data from all the devices connected to it. The research demonstrates a procedure for data capturing for analysis from a data collection point which does not require access to each application and allows for the study of potential infections from the outside of the mobile device

Bring Your Own Device (BYOD): Risks to Adopters and Users

Bring your own device (BYOD) policy refers to a set of regulation broadly adopted by organizations that allows employee-owned mobile devices – like as laptops, smartphones, personal digital assistant and tablets – to the office for use and connection to the organizations IT infrastructure. BYOD offers numerous benefits ranging from plummeting organizational logistic cost, access to information at any time and boosting employee’s productivity. On the contrary, this concept presents various safety issues and challenges because of its characteristic security requirements. This study explored diverse literature databases to identify and classify BYOD policy adoption issues, possible control measures and guidelines that could hypothetically inform organizations and users that adopt and implement BYOD policy. The literature domain search yielded 110 articles, 26 of them were deemed to have met the inclusion standards. In this paper, a list of possible threats/vulnerabilities of BYOD adoption were identified. This investigation also identified and classified the impact of the threats/vulnerabilities on BYOD layered components according to security standards of “FIPS Publication 199” for classification. Finally, a checklist of measures that could be applied by organizations & users to mitigate BYOD vulnerabilities using a set layered approach of data, device, applications, and people were recommended

A Study into Detecting Anomalous Behaviours within HealthCare Infrastructures

The theft of medical data, which is intrinsically valuable, can lead to loss of patient privacy and trust. With increasing requirements for valuable and accurate information, patients need to be confident that their data is being stored safely and securely. However, medical devices are vulnerable to attacks from the digital domain, with many devices transmitting data unencrypted wirelessly to electronic patient record systems. As such, it is now becoming more necessary to visualise data patterns and trends in order identify erratic and anomalous data behaviours. In this paper, a system design for modelling data flow within healthcare infrastructures is presented. The system assists information security officers within healthcare organisations to improve the situational awareness of cyber security risks. In addition, a visualisation of TCP Socket Connections using real-world network data is put forward, in order to demonstrate the framework and present an analysis of potential risks

The Effectiveness of Cybersecurity Compliance in a Corporate Organization in Nigeria

The complexity and growth also create asymmetries between attackers and their targets, and incentives that drive underinvestment in cybersecurity The Digital technologies have transformed how people socialize, shop, interact with government and do business. The World Wide Web is of made amounts of information instantly available. The smartphones have put our fingertips everywhere we go it an improvement on effectiveness cybersecurity training for end users of systems and offers suggestions about and how topManagement leaders can improve on trainingto effectively combat cybersecurity threats at the organizations. Is imperative to achieve higher end-user cybersecurity compliance; practice is accepted, as a means to increase compliance behavior in any organization. The Training can influence compliance by one or more of three causal pathways: by increasing cybersecurity awareness, by increasing cybersecurity proficiency (i.e., improve cybersecurity skills) and by raising cybersecurity self-efficacy. This includes an extensive review of the cybersecurity policies and competencies that are the basis for training needs analysis, setting learning goals, and practical training. This paper discusses opportunities for human resource (HR) practitioners and industrial and organizational (I-O) psychologists, and informationtechnology (IT) specialists, and to integrate their skills and enhance the capabilities of organizations to counteract cybersecurity threats. AnyOrganizations cannot achieve their cybersecurity goalson workers alone, so all employees who use computer networks must be trained on the skill and policies related to cybersecurity

Mobile Technology Deployment Strategies for Improving the Quality of Healthcare

Ineffective deployment of mobile technology jeopardizes healthcare quality, cost control, and access, resulting in healthcare organizations losing customers and revenue. A multiple case study was conducted to explore the strategies that chief information officers (CIOs) used for the effective deployment of mobile technology in healthcare organizations. The study population consisted of 3 healthcare CIOs and 2 healthcare information technology consultants who have experience in deploying mobile technology in a healthcare organization in the United States. The conceptual framework that grounded the study was Wallace and Iyer\u27s health information technology value hierarchy. Data were collected using semistructured interviews and document reviews, followed by within-case and cross-case analyses for triangulation and data saturation. Key themes that emerged from data analysis included the application of disruptive technology in healthcare, ownership and management of mobile health equipment, and cybersecurity. The healthcare CIOs and consultants emphasized their concern about the lack of cybersecurity in mobile technology. CIOs were reluctant to deploy the bring-your-own-device strategy in their organizations. The implications of this study for positive social change include the potential for healthcare CIOs to emphasize the business practice of supporting healthcare providers in using secure mobile equipment deployment strategies to provide enhanced care, safety, peace of mind, convenience, and ease of access to patients while controlling costs

MANAGING AND SECURING ENDPOINTS: A SOLUTION FOR A TELEWORK ENVIRONMENT

This project introduces a business problem in which a water utility company – known as H2O District – was forced to discover and implement a solution that would enable the IT Department to effectively manage and secure their endpoints in a telework environment. Typically, an endpoint is defined as any device that is physically connected to a network. For the purposes of this project, the endpoints that the IT Department was concerned with consisted of Windows 10 PC’s, Laptops, and Apple iOS devices that employees use to access company resources while working outside of the corporate network. To properly manage endpoints, the IT Department was focused on being able to carry out their responsibilities for providing software deployments, software updates, operating system support, and remote support or troubleshooting. Regarding the security of their endpoints, the IT Department was concerned with being able to properly ensure endpoint compliance and provide adequate threat protection. Ultimately a decision was made to utilize various cloud services from Microsoft to assist the IT Department with carrying out their responsibilities in the new telework environment. The project analyzed the cloud technology used, e.g., Microsoft Azure Active Directory, Endpoint Manager, a Cloud Management Gateway, Intune, and Microsoft Defender for Endpoint; and examined some of the current on-premises infrastructure technology such as Microsoft Endpoint Configuration Manager, Active Directory, VPN, and Group Policy. The project also documented the implementation steps for configuring the cloud services and onboarding the endpoints to be properly managed and secured. The contribution of this project is: (i) to show how the H2O district examined the H2O district’s current infrastructure, (ii) identified any shortcomings with their current technological solutions, (iii) developed an understanding of the IT Departments service level agreements, and (iv) ultimately created a solution that allowed H2O to carry out its core responsibilities in the new telework environment. The project proved successful upon implementation and the IT Department was able to gain significant benefits by migrating some of their workloads to the cloud. The project also reports on some of the potential challenges the organization may face. Those include keeping up with the growing trend in hybrid remote work, managing the flow of information, and establishing zero trust. The solution implemented in this project can serve as an example for IT Departments facing similar challenges; namely, effectively managing and securing their endpoints in a telework environment

Device-type Profiling using Packet Inter-Arrival Time for Network Access Control

Network Access Control (NAC) systems are technologies and defined policies typically established to control the access of devices attempting to connect to enterprise networks. However, NAC limitations have led to security threats that can lead to illegal and unauthorised access to networks as well as insider misuse. Current NAC configuration settings rely on point of entry authentication systems including passwords, biometrics, two-factor, and multi-factor authentication to protect employees, but this reliance can lead to security susceptibilities that can significantly damage enterprise network systems. In addition, incorporating NAC into the growing Bring Your Own Device (BYOD) paradigm further increases the security threats, vulnerabilities and risks potentials in enterprise network environments. Regardless of any existing security solutions, such as antimalware, anti-virus and intrusion detection and prevention systems, security issues continue to rise within BYOD, with a proportionate increase in consequences and impacts. This thesis explores novel solution paths to the above challenges by investigating device-type fingerprinting and behaviour profiling to improve the security of NAC. This is achieved by proposing a novel Intelligent Filtering Technique (IFT) that uses packet Inter-Arrival Time (IAT) data for smartphones, tablets and laptops to profile and identify abnormal patterns based on device-types. The IFT is composed of three data mining algorithms, namely K-means clustering, clustering-based multivariate gaussian outlier score, and long short-term memory networks algorithms. These algorithms are capable of identifying abnormal inter-arrival time patterns based on device-types. The effectiveness of the proposed technique is evaluated using a combination of datasets from different network traffic protocols, such as Transmission Control Protocol (TCP), User Datagram Protocol (UDP) and Internet Control Message Protocol (ICMP), the author’s knowledge, this is the only technique to date that can identify abnormal inter-arrival time patterns based on the devicetype. The new technique can improve intrusion detection system capabilities and outcomes by using device-type profiling to reduce the false positive rates of detected abnormal patterns

Designing a comprehensive security framework for smartphones and mobile devices

This work investigates issues and challenges of cyber security, specifically malware targeting mobile devices. Recent advances in technology have provided high CPU power, large storage, broad bandwidth and integrated peripheral devices such as Bluetooth, Wi-Fi, 3G/4G to mobile devices, making them popular computing and communication devices. Mobile malware has been targeting mobile devices more than ever and seems to be shifted from their traditional host, the personal computers, to more vulnerable victims. In this study, we mainly focus on malware for Android-based mobile devices. We analyze and discuss related malware and recognize its trends and challenges. We also present a comprehensive security solution that addresses the security from malware threats