Bring your own device: an overview of risk assessment

As organizations constantly strive to improve strategies for ICT management, one of the major challenges they must tackle is bring your own device (BYOD). BYOD is a term that collectively refers to the related technologies, concepts, and policies in which employees are allowed to access internal corporate IT resources, such as databases and applications, using their personal mobile devices like smartphones, laptop computers, and tablet PCs [1]. It is a side effect of the consumerization of IT, a term used to describe the growing tendency of the new information technologies to emerge first in the consumer market and then spread into business and government organizations [2]. Basically, employees want to act in an any-devices, anywhere work style, performing personal activities during work and working activities during personal time [2]. There are several risks associated with BYOD [3, p. 63], and the big gaps in BYOD policies adopted by today\u27s organizations [4, p. 194] show that the solution to BYOD is not well understood. This article establishes a background to understand BYOD risks by considering conditions that increase the occurrence of these risks and the consequences of the risks occurring. It then aims to present the most commonly adopted BYOD solutions, their limitations, and remedies, as well as important policy considerations for successfully implementing them

Outsiders: an exploratory history of IS in corporations

This paper is an exploratory study that provides a brief history of information systems (IS) in corporations that are not part of the Information Technology sector, such as retailers, banks, government agencies and so on. It looks at the development of the IS function and the changing roles of IS practitioners in such organisations over the past 60 years, and assesses how they perceived themselves and were perceived by their peers, by business colleagues and by others. It uses the testimony of successful IS practitioners to provide a grounded perspective on the history of the IS worker over this time. The research identifies a trajectory of a gradual diminishment in the role and status of the IS worker in the corporation over the lifetime of the discipline. It observes that the IS worker has experienced changed fortunes: from a position of influence at the outset, leading to a peak of status and reward in the years up to the millennium; and to the present day where the occupation has a much lower profile. It ascribes this to the increasing commoditisation of IS, manifested by phenomena such as end-user computing, outsourcing and cloud computing. The paper is of relevance to academics who are interested in IS in the corporate organisation; to business professionals, who are sometimes bewildered by their IS colleagues; and to those who work in IS. The research is presented as an interpretative study and is intended to help future researchers frame questions and design research projects. It also aims to inform and witness, and provide a perspective on a currently neglected part of the business world

Security Issues with Mobile IT: A Narrative Review of Bring Your Own Device (BYOD).

The use of employee-owned mobile devices such as smart phones, tablets, laptops, etc., to access business enterprise content or networks otherwise referred to as of ‘Bring Your Own Device’ (BYOD) has further made the confidentiality, integrity, and availability of organizations’ data become insecure, and prone to breaches and fraudulent activities. In this study, the authors explored a narrative review that focuses on the theoretical underpinnings of vast works of literature that revealed significant information on the conceptual framework, existing systems that adopt BYOD security, analysis, and synthesis of prior research. Using some keywords “BYOD system security”, “BYOD security threats”, “cyber-attacks and security”, etc., an electronic database search extracted peer-reviewed articles from the last five years. The thematic analysis of fifty-one articles retrieved revealed that breaches and fraudulent activities exist with the use of BYOD that may be perpetrated against organization’s data, intentionally or maliciously. Good policies and guidelines on the use of BYOD coupled with good formulation and communication of same, should be adhered to avert some forms of security breaches. There is the need to preserve user’s privacy, organizations’ data confidentiality, integrity, and availability, and secure same in the devices of employees using their own devices to process corporate and personal data, by using acceptable and effective BYOD Policy and Mobile Device Management Solution (MDMS). This may increase mutual trust and BYOD adoption rate, new innovations and influence that can positively impact the organizations and their employees. Keyword: BYOD, security threats, password, cyber-attacks and security, Information security. DOI: 10.7176/JIEA/8-1-0

Three-dimensional security framework for BYOD enabled banking institutions in Nigeria.

Doctoral Degree. University of KwaZulu-Natal, Durban.Bring your own device (BYOD) has become a trend in the present day, giving employees the freedom to bring personal mobile devices to access corporate networks. In Nigeria, most banking institutions are increasingly allowing their employees the flexibility to utilize mobile devices for work-related activities. However, as they do so, the risk of corporate data being exposed to threats increases. Hence, the study considered developing a security framework for mitigating BYOD security challenges. The study was guided by organizational, socio-technical and mobility theories in developing a conceptual framework. The study was conducted in two phases, the threat identification and the framework evaluation, using a mixed-methods approach. The main research strategies used for the threat identification were a questionnaire and interviews while closed and open-ended questions were used for the framework evaluation. A sample consisted of 380 banking employees from four banks were involved in the study. In addition, the study conducted in-depth interviews with twelve management officials from the participating banks. As for the framework evaluation, the study sampled twelve respondents to assess the developed security framework for viability as far as mitigating security threats emanating from BYOD in the banking sector is concerned. The sample consisted of eight executive managers of the bank and four academic experts in information security. Quantitative data was analysed using SPSS version 21 while qualitative data was thematically analysed. Findings from the threat identification revealed that banking institutions must develop security systems that not only identify threats associated with technical, social and mobility domains but also provide adequate mitigation of the threats. For the framework evaluation, the findings revealed that the security framework is appropriate in mitigating BYOD security threats. Based on the findings of the study, the developed security framework will help banks in Nigeria to mitigate against BYOD security threats. Furthermore, this security framework will contribute towards the generation of new knowledge in the field of information security as far as BYODs are concerned. The study recommends ongoing training for banks’ employees as it relates to mitigation of security threats posed by mobile devices

Security attacks taxonomy on bring your own devices (BYOD) model

Mobile devices, specifically smartphones, have become ubiquitous. For this reason, businesses are starting to develop “Bring Your Own Device” policies to allow their employees to use their owned devices in the workplace. BYOD offers many potential advantages: enhanced productivity, increased revenues, reduced mobile costs and IT efficiencies. However, due to emerging attacks and limitations on device resources, it is difficult to trust these devices with access to critical proprietary information. Therefore, in this paper, the potential attacks of BYOD and taxonomy of BYOD attacks are presented. Advanced persistent threat (APT) and malware attack are discussed in depth in this paper. Next, the proposed solution to mitigate the attacks of BYOD is discussed. Lastly, the evaluations of the proposed solutions based on the X. 800 security architecture are presented

Cybersecurity Strategies for Universities With Bring Your Own Device Programs

The bring your own device (BYOD) phenomenon has proliferated, making its way into different business and educational sectors and enabling multiple vectors of attack and vulnerability to protected data. The purpose of this multiple-case study was to explore the strategies information technology (IT) security professionals working in a university setting use to secure an environment to support BYOD in a university system. The study population was comprised of IT security professionals from the University of California campuses currently managing a network environment for at least 2 years where BYOD has been implemented. Protection motivation theory was the study\u27s conceptual framework. The data collection process included interviews with 10 IT security professionals and the gathering of publicly-accessible documents retrieved from the Internet (n = 59). Data collected from the interviews and member checking were triangulated with the publicly-accessible documents to identify major themes. Thematic analysis with the aid of NVivo 12 Plus was used to identify 4 themes: the ubiquity of BYOD in higher education, accessibility strategies for mobile devices, the effectiveness of BYOD strategies that minimize risk, and IT security professionals\u27 tasks include identifying and implementing network security strategies. The study\u27s implications for positive social change include increasing the number of users informed about cybersecurity and comfortable with defending their networks against foreign and domestic threats to information security and privacy. These changes may mitigate and reduce the spread of malware and viruses and improve overall cybersecurity in BYOD-enabled organizations

Cybersecurity Strategies for Universities With Bring Your Own Device Programs

The bring your own device (BYOD) phenomenon has proliferated, making its way into different business and educational sectors and enabling multiple vectors of attack and vulnerability to protected data. The purpose of this multiple-case study was to explore the strategies information technology (IT) security professionals working in a university setting use to secure an environment to support BYOD in a university system. The study population was comprised of IT security professionals from the University of California campuses currently managing a network environment for at least 2 years where BYOD has been implemented. Protection motivation theory was the study\u27s conceptual framework. The data collection process included interviews with 10 IT security professionals and the gathering of publicly-accessible documents retrieved from the Internet (n = 59). Data collected from the interviews and member checking were triangulated with the publicly-accessible documents to identify major themes. Thematic analysis with the aid of NVivo 12 Plus was used to identify 4 themes: the ubiquity of BYOD in higher education, accessibility strategies for mobile devices, the effectiveness of BYOD strategies that minimize risk, and IT security professionals\u27 tasks include identifying and implementing network security strategies. The study\u27s implications for positive social change include increasing the number of users informed about cybersecurity and comfortable with defending their networks against foreign and domestic threats to information security and privacy. These changes may mitigate and reduce the spread of malware and viruses and improve overall cybersecurity in BYOD-enabled organizations