Bring your own device: an overview of risk assessment

As organizations constantly strive to improve strategies for ICT management, one of the major challenges they must tackle is bring your own device (BYOD). BYOD is a term that collectively refers to the related technologies, concepts, and policies in which employees are allowed to access internal corporate IT resources, such as databases and applications, using their personal mobile devices like smartphones, laptop computers, and tablet PCs [1]. It is a side effect of the consumerization of IT, a term used to describe the growing tendency of the new information technologies to emerge first in the consumer market and then spread into business and government organizations [2]. Basically, employees want to act in an any-devices, anywhere work style, performing personal activities during work and working activities during personal time [2]. There are several risks associated with BYOD [3, p. 63], and the big gaps in BYOD policies adopted by today\u27s organizations [4, p. 194] show that the solution to BYOD is not well understood. This article establishes a background to understand BYOD risks by considering conditions that increase the occurrence of these risks and the consequences of the risks occurring. It then aims to present the most commonly adopted BYOD solutions, their limitations, and remedies, as well as important policy considerations for successfully implementing them

A framework for the adoption of bring your own device (BYOD) in the hospital environment

The concept of Bring Your Own Device (BYOD) – the use of a personally owned device in a working environment – is all over the place, nobody talks about it but many are using it. To find out the state of the art of BYOD in Swiss hospitals, an intense literature research revealed a research gap in the combination of BYOD and healthcare related topics. Six hospitals in Switzerland were examined, were questioned about their IT organization and services as well as their usage of mobile devices with a special focus on BYOD. As the Swiss hospital system is organized in a federalist way – much alike the Swiss state structure – it was to no surprise that the results among the study sites varied quite a bit. BYOD is used in many ways and for a mature implementation of BYOD, an EMM solution is crucial

Genres of Inquiry in Design Science Research: Applying Search Conference to Contemporary Information Systems Security Theory

This dissertation investigates the core subject of knowledge in design-science research (DSR). In contrast to natural and social sciences that are more explanatory in nature, design-science research is concerned with solving complex practical problems that are ill-defined or of a “wicked” nature. At the same time, as in any research activity, design-science research is also concerned with the production of knowledge. In the process of design-science research, the researcher must act as both designer and scientist. Design knowledge is distinct from scientific knowledge, however, and must be evaluated against a different set of criteria. Since the DSR process is iterative the scope of DSR knowledge can evolve, abstracting general (nomothetic) knowledge from situated (idiographic) artifacts or, alternately, applying abstract knowledge to situated settings. General knowledge is different from situated knowledge and must be evaluated accordingly. In the current design-science literature, situated (idiographic) knowledge is associated with design, and abstract (nomothetic) knowledge is associated with science. This dissertation proposes that design can be abstract and that science can be situated in scope. The purpose of the dissertation is to identify the problems with the current conceptualization of contributions in DSR, offer an alternative view of the design-science paradigm as one having multiple genres of inquiry, provide the criteria for framing and evaluating design-science contributions, and describe how this will help address some of the current debate and clarify the current discourse. The dissertation is structured in three parts. Part I employs a theoretical argument to develop a framework for these genres of inquiry in design-science research and demonstrates how the evaluation criteria for design-science research studies change as the research moves from one genre to another. Part II is an empirical study that uses a search conference method to apply the bindpoint model (Baskerville and Lee 2013), an explanatory design theory to the problem of information security risk resulting from consumerization and BYOD (bring your own device). Part III reflects on the learning from the theoretical and the practical discourse and provides the contributions and opportunities for future research. This dissertation contributes to the design-science field by providing a more nuanced understanding of the contributions and evaluation criteria of design-science research. It contributes to the Information Systems (IS) security field by providing a design theory for managing BYOD security. Lastly, it contributes to Information Systems research methods by introducing the search conference method as a viable approach for theorizing and for evaluating design-science contributions

Mobile Technology Deployment Strategies for Improving the Quality of Healthcare

Ineffective deployment of mobile technology jeopardizes healthcare quality, cost control, and access, resulting in healthcare organizations losing customers and revenue. A multiple case study was conducted to explore the strategies that chief information officers (CIOs) used for the effective deployment of mobile technology in healthcare organizations. The study population consisted of 3 healthcare CIOs and 2 healthcare information technology consultants who have experience in deploying mobile technology in a healthcare organization in the United States. The conceptual framework that grounded the study was Wallace and Iyer\u27s health information technology value hierarchy. Data were collected using semistructured interviews and document reviews, followed by within-case and cross-case analyses for triangulation and data saturation. Key themes that emerged from data analysis included the application of disruptive technology in healthcare, ownership and management of mobile health equipment, and cybersecurity. The healthcare CIOs and consultants emphasized their concern about the lack of cybersecurity in mobile technology. CIOs were reluctant to deploy the bring-your-own-device strategy in their organizations. The implications of this study for positive social change include the potential for healthcare CIOs to emphasize the business practice of supporting healthcare providers in using secure mobile equipment deployment strategies to provide enhanced care, safety, peace of mind, convenience, and ease of access to patients while controlling costs

Bring Your Own Device (BYOD) adoption in South African SMEs

The advancement in technological development is now altering the conventional order in the diffusion of IT innovation from a top-down approach (organisation to employees) to a bottom-up approach (employees to organisation). This change is more notable in developed economies and has led to the Bring Your Own Device (BYOD) phenomenon which promises increased productivity for employees and their organisations. There have been several studies on the corporate adoption of BYOD but few have investigated the phenomenon from a small and medium enterprise (SME) perspective and from developing countries specifically. This study investigated the BYOD phenomenon in South African SMEs. The goal was to identify contextual factors influencing BYOD adoption with the purpose of understanding how these factors shaped and reshaped by SME actions. The Perceived EReadiness Model (PERM) was adopted to unearth contextual BYOD adoption factors, while the Structuration Theory was adopted as the theoretical lens from which the social construction of the BYOD phenomenon was understood. The study adopted an interpretive stance and was qualitative in nature. Data was collected from SMEs using semi-structured interviews, and analysed using a thematic analysis approach. The findings show that for BYOD to be adopted and institutionalized in an SME there needs to be organisational readiness in terms of awareness, management support, business resources, human resources, employees' pressure, formal governance, and technological readiness. Specifically, business resources, management support and technological readiness were perceived to be of the outmost importance to the success of BYOD. Environmental factors of market forces, support from industry, government readiness and the sociocultural factor are identified. Findings from the structuration analysis reports the presence of rules and resources (structures) which SMEs draw upon in their BYOD actions and interactions. It provides understanding on the guiding structures such as "no training" and "no formal governance" within which BYOD meanings are formed, and actions such as allowing employees to use their devices to access organisational resources without the fear of security breaches and data theft, are enacted. While it is true that the successive adoption of ICTs in organisation depends on the availability of a conducive formal policy, findings in the study show that SMEs used their business resources and management support as guiding structures of domination which were legitimized by internal informal verbal rules, lack of an institutional BYOD specific policy, minimal industry support; and the presences of social pressure

The impact of bring-your-own-device on work practices in the financial sector

Bring-your-own-device (BYOD) refers to the practice of allowing the employees of an organisation to use their own computers, smartphones, or other devices for work purposes. This has brought a tremendous change in today's working environment. Organisations are faced with many technology trends which have the potential to create a competitive advantage in terms of both performance and efficiency. This paper follows a qualitative approach in which 15 interviews were conducted and a survey covering of 87 respondents was distributed. The findings show that the financial sector interpret s BYOD as a strategy that can create a competitive advantage to provide benefits of increased productivity, flexibility in the workforce, more autonomy, and contribute to the cost - efficiency of the business. There was also a disregard of policy formulation for BYOD from management which created a problem as employees became despondent that their personal devices were n o t allowed to access the corporate network. In addition, the findings revealed that work practices have to be re - defined and policies have to be drawn up in order to protect the company's assets and to provide guidelines. To guide the research in this emerging area, a review of several established theories that have not yet been applied to BYOD were used to form part of the proposed framework, which aims to provide a mechanism in the workplace to evaluate the impact of BYOD. This paper used exploratory analysis where six major influences of work practices were identified: 1) Change in behaviour; 2) Impact on workload; 3) Changes in motivation of individuals; 4) Re-definition of work practices; 5) Impact on overall performance; and 6) Approach required for industry. It was possible to associate them to several related constructs in IS literature which exposed possibilities for future theory-building efforts. The main influences on work practices are discussed with respect to the proposed framework

Gaming, Gamification and BYOD in academic and library settings: bibliographic overview

Lev Vygotsky’s “Zone of proximal development” and his Sociocultural Theory opened new opportunities for interpretations of the learning process. Vygotsky’s ideas overlapped Jean Piaget’s and Erik Erickson’s assertions that cooperative learning, added to experimental learning, enhances the learning process. Peer interaction, according to them, is quintessential in accelerating the learning process (Piaget, 1970; Erickson, 1977; Vygotsky, 1978). Robert Gagné, B.F. Skinner, Albert Bandura, and others contributed and constructivism established itself as a valid theory in learning. Further, an excellent chapter of social learning theories is presented by Anderson, & Dron (2014). Games are type of cooperative learning. Games embody the essence of constructivism, which for students/gamers means constructing their own knowledge while they interact (learn cooperatively). Learning can happen without games, yet games accelerate the process. Games engage. Games, specifically digital ones, relate to the digital natives, those born after 1976-80, who are also known as Generation Y, or Millennials (Howe & Strauss, 2000). Millennials in the United States, as per the recent Programme for the International Assessment of Adult Competencies (PIAAC), are performing rather poorly compared to their peers from 22 countries around the world (Schaffhauser, 2015b). While research is still tackling the reasons why, novel approaches to learning needs to be considered for a generation, which differs from previous generations in acquiring information and constructing knowledge. Millennials are gradually leaving the educational field and entering the working force, to be replaced in school settings by Generation Z (Levine & Dean, 2012). Gen Z, the next digitally- native generation, seeks changes of the learning process; changes even more drastic then the ones sought by the Millennials (Hackschooling, 2013). Gaming for Generation Z is not an alternative, but rather expectance. Gaming for Generation Z is associated with creativity (Jackson, A., Witt, Games, Fitzgerald, von Eye, & Zhao, 2012). Creativity, next to collaborative learning and knowledge construction, is one of the prevalent characteristics of games. Using games increases learning, making games increases learning more and is “tantamount to project- based learning” (Shapiro, 2014b). Games and gamifying of the learning process transforms from a cutting edge idea to a regular expectance. Beyond a fad or choice, it becomes, next to lecturing, an expected teaching method, which we, the older generation of educators will have to consider as a feasible alternative to traditional “lecturing” type of teaching

Modelling semantics of security risk assessment for bring your own device using metamodelling technique

Rapid changes in mobile computing devices or modern devices such as smartphones, tablets and iPads have encouraged employees to use their personal devices at workplace. Bring Your Own Devices (BYOD) phenomenon in an enterprise has become pervasive in demand for business purposes. Most organizations practice BYOD as it offers a wide variety of advantages such as increasing work productivity, reducing cost and giving employee’s satisfaction. Despite that, BYOD practices trigger opportunities and challenges for the enterprise if there have no security policies, regulations and management on personal devices. Common BYOD security threats includes data leakage, exposure to malicious malware and sensitive corporates information. In this study, the Security-based BYOD Risk Assessment Metamodel (Security-based BYODRAM), a high-level knowledge structure was proposed for describing Security-based BYOD Risk Assessment domain. Review on thirty-five existing models which comprises of Risk Assessment and BYOD security models was done to identify the important concepts and semantic. Meta Object Facility (MOF) was the metamodeling language used in developing the metamodel. This study contributes a platform of incorporating and sharing of the Security-based BYOD Risk Assessment knowledge and giving solutions in managing BYOD security breaches. Real BYOD scenarios such as the Ottawa Hospital, privacy risks in enterprise and independent schools in Western Australian were used in demonstrating the semantics of proposed metamodel

Understanding Contextual Factors of Bring Your Own Device and Employee Information Security Behaviors from the Work-Life Domain Perspective

Bring Your Own Device (BYOD) is no longer the exception, but rather the norm. Most prior research on employees’ compliance with organizational security policies has been primarily conducted with the assumption that work takes place in a specified workplace, not remotely. However, due to advances in technology, almost every employee brings his or her own device(s) to work. Further, particularly as a result of the 2020 Covid-19 pandemic, remote working has become very popular, with many employees using their own devices for work- related activities. BYOD brings new challenges in ensuring employees’ compliance with information security rules and policies by creating a gray area between the work and life domains as it diminishes the boundaries that separate them and thus affects employees’ perception of them. As yet, little is known about how BYOD changes individuals’ perception of work-life domains and how such perception may subsequently affect their compliance behavior. Building on prior research on information security behaviors and work-life domain management, this thesis investigates the possible effects of BYOD on employees’ compliance behavior through the changes it brings about in their work-life domain perspective. It extends existing border theory by identifying and empirically validating new border marking factors— namely, device ownership and data sensitivity—in employees’ interpretation of their work and life domains. Subsequently, protection motivation theory, a theory widely used in explaining employees’ compliance behavior, was used to examine why and how the perception of work- life domains is relevant and necessary to consider in examining employees’ intention to comply with information security policies