Bring Your Own Device (BYOD): Risks to Adopters and Users

Bring your own device (BYOD) policy refers to a set of regulation broadly adopted by organizations that allows employee-owned mobile devices – like as laptops, smartphones, personal digital assistant and tablets – to the office for use and connection to the organizations IT infrastructure. BYOD offers numerous benefits ranging from plummeting organizational logistic cost, access to information at any time and boosting employee’s productivity. On the contrary, this concept presents various safety issues and challenges because of its characteristic security requirements. This study explored diverse literature databases to identify and classify BYOD policy adoption issues, possible control measures and guidelines that could hypothetically inform organizations and users that adopt and implement BYOD policy. The literature domain search yielded 110 articles, 26 of them were deemed to have met the inclusion standards. In this paper, a list of possible threats/vulnerabilities of BYOD adoption were identified. This investigation also identified and classified the impact of the threats/vulnerabilities on BYOD layered components according to security standards of “FIPS Publication 199” for classification. Finally, a checklist of measures that could be applied by organizations & users to mitigate BYOD vulnerabilities using a set layered approach of data, device, applications, and people were recommended

Optimizing Onion Crop Management: A Smart Agriculture Framework with IoT Sensors and Cloud Technology

Smart agriculture, fueled by the integration of Internet of Things (IoT) and cloud technology, has revolutionized modern farming practices. In this study, we propose a step-by-step framework for optimizing onion crop management using IoT sensors and cloud-based solutions. By deploying various IoT sensors, including soil moisture, temperature, humidity, and aerial drones, essential data about the onion crops is collected and transmitted to a central data hub. Optional edge computing devices enable real-time data processing, minimizing latency and bandwidth usage.The collected data is aggregated and stored securely on a cloud platform, which facilitates advanced data analysis and insights. Utilizing machine learning algorithms, the cloud platform can provide valuable information about the onion's growth patterns, health status, and growth trajectory. Farmers can easily access this information through a user-friendly dashboard, accessible via web or mobile applications.Automated alerts and notifications enable timely intervention, notifying farmers about any deviations from optimal conditions, such as low moisture levels or pest infestations. The system's predictive capabilities allow for precision irrigation and nutrient management, optimizing resource usage and improving crop health.The accumulated historical data offers a wealth of information, enabling the identification of trends and the prediction of growth patterns for future planting seasons. Throughout this process, data security and privacy measures are prioritized, with encrypted data transmission and storage to protect farmers' sensitive information.The integration of IoT and cloud technology provides an efficient and effective solution for monitoring onion crop growth. The proposed framework offers farmers valuable insights, improves productivity, and promotes sustainable agricultural practices

An Empirical Investigation Of The Influence Of Fear Appeals On Attitudes And Behavioral Intentions Associated With Recommended Individual Computer Security Actions

Through persuasive communication, IT executives strive to align the actions of end users with the desired security posture of management and of the firm. In many cases, the element of fear is incorporated within these communications. However, within the context of computer security and information assurance, it is not yet clear how these fear-inducing arguments, known as fear appeals, will ultimately impact the actions of end users. The purpose of this study is to examine the influence of fear appeals on the compliance of end users with recommendations to enact specific individual computer security actions toward the amelioration of threats. A two-phase examination was adopted that involved two distinct data collection and analysis procedures, and culminated in the development and testing of a conceptual model representing an infusion of theories based on prior research in Social Psychology and Information Systems (IS), namely the Extended Parallel Process Model (EPPM) and the Unified Theory of Acceptance and Use of Technology (UTAUT). Results of the study suggest that fear appeals do impact end users attitudes and behavioral intentions to comply with recommended individual acts of security, and that the impact is not uniform across all end users, but is determined in part by perceptions of self-efficacy, response efficacy, threat severity, threat susceptibility, and social influence. The findings suggest that self-efficacy and, to a lesser extent, response efficacy predict attitudes and behavioral intentions to engage individual computer security actions, and that these relationships are governed by perceptions of threat severity and threat susceptibility. The findings of this research will contribute to IS expectancy research, human-computer interaction, and organizational communication by revealing a new paradigm in which IT users form perceptions of the technology, not on the basis of performance gains, but on the basis of utility for threat amelioration

ANDRuspex: leveraging graph representation learning to predict harmful app installations on mobile devices

Android's security model severely limits the capabilities of anti-malware software. Unlike commodity anti-malware solutions on desktop systems, their Android counterparts run as sandboxed applications without root privileges and are limited by Android's permission system. As such, PHAs on Android are usually willingly installed by victims, as they come disguised as useful applications with hidden malicious functionality, and are encountered on mobile app stores as suggestions based on the apps that a user previously installed. Users with similar interests and app installation history are likely to be exposed and to decide to install the same PHA. This observation gives us the opportunity to develop predictive approaches that can warn the user about which PHAs they will encounter and potentially be tempted to install in the near future. These approaches could then be used to complement commodity anti-malware solutions, which are focused on post-fact detection, closing the window of opportunity that existing solutions suffer from. In this paper we develop ANDRuspex, a system based on graph representation learning, allowing us to learn latent relationships between user devices and PHAs and leverage them for prediction. We test ANDRuspex on a real world dataset of PHA installations collected by a security company, and show that our approach achieves very high prediction results (up to 0.994 TPR at 0.0001 FPR), while at the same time outperforming alternative baseline methods. We also demonstrate that ANDRuspex is robust and its runtime performance is acceptable for a real world deployment.Accepted manuscrip

How WEIRD is Usable Privacy and Security Research? (Extended Version)

In human factor fields such as human-computer interaction (HCI) and psychology, researchers have been concerned that participants mostly come from WEIRD (Western, Educated, Industrialized, Rich, and Democratic) countries. This WEIRD skew may hinder understanding of diverse populations and their cultural differences. The usable privacy and security (UPS) field has inherited many research methodologies from research on human factor fields. We conducted a literature review to understand the extent to which participant samples in UPS papers were from WEIRD countries and the characteristics of the methodologies and research topics in each user study recruiting Western or non-Western participants. We found that the skew toward WEIRD countries in UPS is greater than that in HCI. Geographic and linguistic barriers in the study methods and recruitment methods may cause researchers to conduct user studies locally. In addition, many papers did not report participant demographics, which could hinder the replication of the reported studies, leading to low reproducibility. To improve geographic diversity, we provide the suggestions including facilitate replication studies, address geographic and linguistic issues of study/recruitment methods, and facilitate research on the topics for non-WEIRD populations.Comment: This paper is the extended version of the paper presented at USENIX SECURITY 202