BYOD Security Policy Compliance Framework

Bring Your Own Device (BYOD) is an environment that allows employees to use their own personal device to access organisation’s resources to perform their work, but it has raised some security concerns as with BYOD, organisations face bigger challenges to safeguard their information assets. Compliance with ISP is a key factor in reducing organisation’s information security risks, as such, understanding employees’ compliance behaviour and other relevant factors that influence compliance with ISP is crucial. Hence, this study aims to explore this phenomenon by investigating the factors influencing employees in complying with BYOD Information Security Policy (ISP) in Malaysian public sector. A mixed method study on five (5) ministries in the public sector is proposed for the study. The understanding of these factors would assist in systematically developing a BYOD compliance framework for the public sector. This is critical as this trend is here to stay or even expand rapidly as employees carry more than one device to the workplace. The proposed framework will help improve ISP compliance to ensure organisational information assets are well protecte

Governing information security within the context of "bring your own device" in small, medium and micro enterprises

Throughout history, information has been core to the communication, processing and storage of most tasks in the organisation, in this case in Small-Medium and Micro Enterprises (SMMEs). The implementation of these tasks relies on Information and Communication Technology (ICT). ICT is constantly evolving, and with each developed ICT, it becomes important that organisations adapt to the changing environment. Organisations need to adapt to the changing environment by incorporating innovative ICT that allows employees to perform their tasks with ease anywhere and anytime, whilst reducing the costs affiliated with the ICT. In this modern, performing tasks with ease anywhere and anytime requires that the employee is mobile whilst using the ICT. As a result, a relatively new phenomenon called “Bring Your Own Device” (BYOD) is currently infiltrating most organisations, where personally-owned mobile devices are used to access organisational information that will be used to conduct the various tasks of the organisation. The use of BYOD in organisations breeds the previously mentioned benefits such as performing organisational tasks anywhere and anytime. However, with the benefits highlighted for BYOD, organisations should be aware that there are risks to the implementation of BYOD. Therefore, the implementation of BYOD deems that organisations should implement BYOD with proper management thereof

Governing information security within the context of "bring your own device" in small, medium and micro enterprises

Throughout history, information has been core to the communication, processing and storage of most tasks in the organisation, in this case in Small-Medium and Micro Enterprises (SMMEs). The implementation of these tasks relies on Information and Communication Technology (ICT). ICT is constantly evolving, and with each developed ICT, it becomes important that organisations adapt to the changing environment. Organisations need to adapt to the changing environment by incorporating innovative ICT that allows employees to perform their tasks with ease anywhere and anytime, whilst reducing the costs affiliated with the ICT. In this modern, performing tasks with ease anywhere and anytime requires that the employee is mobile whilst using the ICT. As a result, a relatively new phenomenon called “Bring Your Own Device” (BYOD) is currently infiltrating most organisations, where personally-owned mobile devices are used to access organisational information that will be used to conduct the various tasks of the organisation. The use of BYOD in organisations breeds the previously mentioned benefits such as performing organisational tasks anywhere and anytime. However, with the benefits highlighted for BYOD, organisations should be aware that there are risks to the implementation of BYOD. Therefore, the implementation of BYOD deems that organisations should implement BYOD with proper management thereof

A Review of Impacts of Bring Your Own Device (BYOD) and Nomadic Computing on Enterprise Security Policies’ Compliance: The Case of Higher Learning Institutions in Kenya

Network design is driven by mobility and as such Wireless Local Area Networks (WLANs) have become a major component of corporate networks in today’s business environment. A trend is emerging where there is explosive consumer adoption of smart phones and tablets due to their low price and broad applications support that these devices are offering since they are WLAN enabled. Desktop Computers and laptops are used to produce information; while tablets consume information and smart phones to communicate that information. BYOD (Bring your own device) is a term which refers to instances when employees use their personal computing devices (typically smart phones, tablets and laptops) in the workplace. This trend is here to stay and the challenge is that it is a double edged sword pitting user satisfaction and productivity on one end and organizations data security on the other. As more employees look to access corporate networks with their personal mobile devices, vendors must find ways of helping corporations allow such access in secure, efficient ways. This is due to the fact that technology is changing at a very fast rate and with consumerization of IT revolution there has been a cultural shift such that the users are the ones getting the latest, cutting edge technologies first, and they want to bring those devices to work. BYOD changes the security model of protecting the organizations’ data by blurring the definition of that perimeter, through physical location and in asset ownership. This study reviewed Bring Your Own Device (BYOD) and Nomadic computing on Enterprise security policies’ compliance in HLIs in Africa. A quantitative survey study approach was used in ten university campuses to determine BYOD security compliance issues. The study found that Perceived probability of security breach, Perceived severity of security breach, Security breach concern level and response efficacy had an impact on Enterprise Security Policies’ Compliance in an organization.       Keywords: BYOD, Nomadic computing, Enterprise Securit

Complying with BYOD Security Policies: A Moderation Model Based on Protection Motivation Theory

As security concerns have become critical to organizations’ Bring Your Own Device (BYOD) strategy, it is important for employees to comply with organization’s security measures and policies. Based on the protection motivation theory, this study develops a theoretical model to identify the key factors that affect an employee’s intention to comply with organization’s BYOD security policies. This model also enriches general Protection Motivation Theory (PMT) by investigating how unique BYOD features may play moderating roles on the relationships between employee’s security perceptions and compliance intention. A survey of organization employees who were using their own devices in their workplace was conducted. The research model was tested using the partial least squares (PLS) approach. The results suggest that employees’ threat appraisal and coping appraisal affect their intention to comply with BYOD security policies. Further, mixed usage of device and company surveillance visibility are verified moderators. This study contributes to both academics and management practice

A framework for implementing bring your own device in higher education institutions in South Africa

Although the concept of Bring Your Own Device (BYOD) was only first introduced in 2009, organisations and higher education institutions have shown an increasing interest in and tolerance for employees and students using their own mobile devices for work and academic purposes, to such an extent that it is predicted that BYOD will become the leading practice for all educational environments by the year 2017. Although mobile device usage is increasing in higher education institutions, it has been found that currently no generally recognised framework exists to aid South African higher education institutions with the implementation of BYOD. The problem is further worsened as research suggests that the number of new mobile vulnerabilities reported each year has increased. The primary objective of this study is to develop a framework for implementing BYOD in higher education institutions in South Africa. This primary objective is divided into several secondary objectives, which collectively aim to address the proposed problem. Therefore, the secondary objectives are to understand BYOD in organisations and the challenges it brings; to determine how BYOD challenges differ in higher education institutions; to determine the key components for implementing BYOD in higher education institutions; to determine the extent to which the BYOD key components relate to a higher education institution in South Africa; and to validate the proposed BYOD framework, verifying its quality, efficacy and utility. At first, a comprehensive literature study is used to determine and understand the benefits, challenges and key components for the implementation of BYOD in both organisations and higher education institutions. Thereafter, a case study is used to determine the extent to which the components, identified in the literature study, relate to an educational institution in South Africa. The findings from the case study, in combination with the key components, are then triangulated and a preliminary framework for implementing BYOD in higher education institutions in South Africa is argued. Furthermore, elite interviews are used to determine the quality, efficacy and utility of the proposed BYOD framework. To address the proposed problem, this research proposes a stepby- step holistic framework to aid South African higher education institutions with the implementation of BYOD. This framework adds a significant contribution to the work on this topic, as it provides a foundation upon which further such research can build. It is believed that such a framework would be useful for higher education institutions in South Africa and would result in the improved implementation of BYOD