Artificial Intelligence and IT Professionals

How will continuing developments in artificial intelligence (AI) and machine learning influence IT professionals? This article approaches this question by identifying the factors that influence the demand for software developers and IT professionals, describing how these factors relate to AI, and articulating the likely impact on IT professionals

Bring your own disclosure : analysing BYOD threats to corporate information

Mobile device consumerisation has introduced the Bring-Your-Own-Device (BYOD) trend to the organisational context, allowing employees to work using their personal devices. However, as personal mobile devices are perceived as less secure than those provided by the organisation, BYOD has risen security concerns about corporate information being accessed by mobile devices from inside and outside the corporate perimeter. Moreover, this uncontrolled mobile device activity makes it difficult to differentiate external (outsider) malicious activity from reckless/naive employee (insider) behaviour, preventing effective correlation of unauthorised actions with the perpetrators. In this paper, a STRIDE-based BYOD Threat Model is proposed to analyse BYOD Threat Interactions from inside and outside the corporate perimeter. Our research contributes to a better understanding and awareness about the influence of BYOD Threats on disclosure and contamination of corporate information, encouraging future work in the field of BYOD security and digital forensics in order to protect information and manage an increasing number of evidence sources

Service discovery and prediction on Pervasive Information System

International audienceRecent evolution of technology and its usages, such as BYOD (Bring Your Own Device) and IoT (Internet of Things), transformed the way we interact with Information Systems (IS), leading to a new generation of IS, called the Pervasive Information Systems (PIS). These systems have to face heterogeneous pervasive environments and hide the complexity of such environment end-user. In order to reach transparency and proactivity necessary for successful PIS, new discovery and prediction mechanisms are necessary. In this paper, we present a new user-centric approach for PIS and propose new service discovery and prediction based on both user's context and intentions. Intentions allow focusing on goals user wants to satisfy when requesting a service. Those intentions rise in a given context, which influence the service implementation. We propose a service discovery mechanism that observes user's context and intention in order to offer him/her the most appropriate service satisfying her/his intention on the current context. We also propose a prediction mechanism that tries to anticipate user's intentions considering the user's history and the observed context. We evaluate both mechanisms and discuss advanced features future PIS will have to deal with

Securing a "Bring Your Own Application" cloud environment using digital forensics

Thesis submitted in partial fulfillment of the requirements for the Degree of Master of Science in Information Systems Security (MSc.ISS) at Strathmore UniversityThe use of cloud applications introduces new challenges to information systems Security. The idea of applications accessible from multiple devices and hosted or provided by third party organizations brings new complications to IT security. In situations where organizations are embracing Bring Your Own Applications (BYOA) and where they allow use of free to public cloud applications within their networks, it is important for IT Security experts to consider how to secure their BYOA environments and also monitor how these applications are used and the flow of information. The aim of this research is to develop a digital forensics based solution for securing BYOA cloud environment. This solution can be used to improve security in an organisation implementing BYOA. The research focuses on free to public cloud applications, whereby security challenges are identified and security measures proposed. The security measures are enforced through the development of a customized solution. The solution has been developed using rapid application development (RAD) system development methodology. Using Geany editor and Python programming language, the prototype developed relies on digital forensics artefacts to gather information about the usage of BYOAs. The solution captures digital forensics artefacts and stores them into a database as logs of the activity on Google Drive application. The solution demonstrates how digital forensics artefacts can be used to enhance security in a BYOA environment

An Exploratory Study of the Approach to Bring Your Own Device (BYOD) in Assuring Information Security

The availability of smart device capabilities, easy to use apps, and collaborative capabilities has increased the expectations for the technology experience of employees. In addition, enterprises are adopting SaaS cloud-based systems that employees can access anytime, anywhere using their personal, mobile device. BYOD could drive an IT evolution for powerful device capabilities and easy to use apps, but only if the information security concerns can be addressed. This research proposed to determine the acceptance rate of BYOD in organizations, the decision making approach, and significant factors that led to the successful adoption of BYOD using the expertise of experienced internal control professionals. The approach and factors leading to the decision to permit the use of BYOD was identified through survey responses, which was distributed to approximately 5,000 members of the Institute for Internal Controls (IIC). The survey participation request was opened by 1,688 potential respondents, and 663 total responses were received for a response rate of 39%. Internal control professionals were targeted by this study to ensure a diverse population of organizations that have implemented or considered implementation of a BYOD program were included. This study provided an understanding of how widely the use of BYOD was permitted in organizations and identified effective approaches that were used in making the decision. In addition, the research identified the factors that were influential in the decision making process. This study also explored the new information security risks introduced by BYOD. The research argued that there were several new risks in the areas of access, compliance, compromise, data protection, and control that affect a company’s willingness to support BYOD. This study identified new information security concerns and risks associated with BYOD and suggested new elements of governance, risk management, and control systems that were necessary to ensure a secure BYOD program. Based on the initial research findings, future research areas were suggested

A Risk management framework for the BYOD environment

Computer networks in organisations today have different layers of connections, which are either domain connections or external connections. The hybrid network contains the standard domain connections, cloud base connections, “bring your own device” (BYOD) connections, together with the devices and network connections of the Internet of Things (IoT). All these technologies will need to be incorporated in the Oman Vision 2040 strategy, which will involve changing several cities to smart cities. To implement this strategy artificial intelligence, cloud computing, BYOD and IoT will be adopted. This research will focus on the adoption of BYOD in the Oman context. It will have advantages for organisations, such as increasing productivity and reducing costs. However, these benefits come with security risks and privacy concerns, the users being the main contributors of these risks. The aim of this research is to develop a risk management and security framework for the BYOD environment to minimise these risks. The proposed framework is designed to detect and predict the risks by the use of MDM event logs and function logs. The chosen methodology is a combination of both qualitative and quantitative approaches, known as a mixed-methods approach. The approach adopted in this research will identify the latest threats and risks experienced in BYOD environments. This research also investigates the level of user-awareness of BYOD security methods. The proposed framework will enhance the current techniques for risk management by improving risk detection and prediction of threats, as well as, enabling BYOD risk management systems to generate notifications and recommendations of possible preventive/mitigation actions to deal with them

Strategies to Prevent Security Breaches Caused by Mobile Devices

Data breaches happen almost every day in the United States and, according to research, the majority of these breaches occur due to a lack of security with organizations\u27 mobile devices. Although most of the security policies related to mobile devices currently in place may meet the guidelines required by law, they often fail to prevent a data breach caused by a mobile device. The main purpose of this qualitative single case study was to explore the strategies used by security managers to prevent data breaches caused by mobile devices. The study population consisted of security managers working for a government contractor located in the southeastern region of the United States. Ludwig von Bertalanffy\u27s general systems theory was used as the conceptual framework of this study. The data collection process included interviews with organization security managers (n = 5) and company documents and procedures (n = 13) from the target organization related to mobile device security. Data from the interviews and organizational documents were coded using thematic analysis. Methodological triangulation of the data uncovered 4 major themes: information security policies and procedures, security awareness, technology management tools, and defense-in-depth. The implications for positive social change from this study include the potential to enhance the organizations\u27 security policies, cultivate a better security awareness training program, and improve the organizations data protection strategies. In addition, this study outlines some strategies for preventing data breaches caused by mobile devices while still providing maximum benefit to its external and internal customers