3 research outputs found

    Modelling semantics of security risk assessment for bring your own device using metamodelling technique

    Get PDF
    Rapid changes in mobile computing devices or modern devices such as smartphones, tablets and iPads have encouraged employees to use their personal devices at workplace. Bring Your Own Devices (BYOD) phenomenon in an enterprise has become pervasive in demand for business purposes. Most organizations practice BYOD as it offers a wide variety of advantages such as increasing work productivity, reducing cost and giving employee’s satisfaction. Despite that, BYOD practices trigger opportunities and challenges for the enterprise if there have no security policies, regulations and management on personal devices. Common BYOD security threats includes data leakage, exposure to malicious malware and sensitive corporates information. In this study, the Security-based BYOD Risk Assessment Metamodel (Security-based BYODRAM), a high-level knowledge structure was proposed for describing Security-based BYOD Risk Assessment domain. Review on thirty-five existing models which comprises of Risk Assessment and BYOD security models was done to identify the important concepts and semantic. Meta Object Facility (MOF) was the metamodeling language used in developing the metamodel. This study contributes a platform of incorporating and sharing of the Security-based BYOD Risk Assessment knowledge and giving solutions in managing BYOD security breaches. Real BYOD scenarios such as the Ottawa Hospital, privacy risks in enterprise and independent schools in Western Australian were used in demonstrating the semantics of proposed metamodel

    User-differentiated hierarchical key management for the bring-your-own-device environments

    Get PDF
    To ensure confidentiality, the sensitive electronic data held within a corporation is always carefully encrypted and stored in a manner so that it is inaccessible to those parties who are not involved. During this process, the specific manners of how to keep, distribute, use, and update keys which are used to encrypt the sensitive data become an important thing to be considered. Through use of hierarchical key management, a technique that provides access controls in multi-user systems where a portion of sensitive resources shall only be made available to authorized users or security ordinances, required information is distributed on a need-to-know basis. As a result of this hierarchical key management, time-bound hierarchical key management further adds time controls to the information access process. There is no existing hierarchical key management scheme or time-bound hierarchical key management scheme which is able to differentiate users with the same authority. When changes are required for any user, all other users who have the same access authorities will be similarly affected, and this deficiency then further deteriorates due to a recent trend which has been called Bring-Your-Own-Device. This thesis proposes the construction of a new time-bound hierarchical key management scheme called the User-Differentiated Two-Layer Encryption-Based Scheme (UDTLEBC), one which is designed to differentiate between users. With this differentiation, whenever any changes are required for one user during the processes of key management, no additional users will be affected during these changes and these changes can be done without interactions with the users. This new scheme is both proven to be secure as a time-bound hierarchical key management scheme and efficient for use in a BYOD environment

    Working virtually : a phenomenological and autoethnographic inquiry

    Get PDF
    Globalisation, technological advancements and changing social needs result in virtual work arrangements becoming more prominent. Virtual work is conducted away from the traditional office setting and usually occurs in employees’ personal home environments. Virtual work has been called virtualling in this study, and virtual employees are referred to as virtuallers. A phenomenological orientation was adopted in studying completely virtual workers in a completely virtual context; sourcing of participants and data collection were also conducted completely virtually. This study presented new ways of conducting research in the modern, virtual world of work. An autoethnography was included, as the researcher is also a virtualler and insider of virtualling. Four key case studies are presented to provide a holistic picture of virtualling and virtuallers. Thematic results indicate key influencing factors that originate from virtualling, as well as factors and mindset requirements that pertain to the virtualler personally. It was further found and proposed that the resulting virtual environment changes virtuallers’ ways of doing things and viewing the world, hence results in changes in their lifestyle and career identity. The abstract psychological structure as it resulted from the thread of meanings was presented as virtualness. Authentic psychological identification with virtualling and adopting a boundarylessness employability mindset oriented towards psychological success are highlighted as key requirements in order to experience virtualness.Industrial and Organisational PsychologyM.Comm. (Industrial and Organisational Psychology
    corecore