906 research outputs found

    Securing Bring-Your-Own-Device (BYOD) programming exams

    Get PDF
    Traditional pen and paper exams are inadequate for modern university programming courses as they are misaligned with pedagogies and learning objectives that target practical coding ability. Unfortunately, many institutions lack the resources or space to be able to run assessments in dedicated computer labs. This has motivated the development of bring-your-own-device (BYOD) exam formats, allowing students to program in a similar environment to how they learnt, but presenting instructors with significant additional challenges in preventing plagiarism and cheating. In this paper, we describe a BYOD exam solution based on lockdown browsers, software which temporarily turns students' laptops into secure workstations with limited system or internet access. We combine the use of this technology with a learning management system and cloud-based programming tool to facilitate conceptual and practical programming questions that can be tackled in an interactive but controlled environment. We reflect on our experience of implementing this solution for a major undergraduate programming course, highlighting our principal lesson that policies and support mechanisms are as important to consider as the technology itself.Comment: Accepted by SIGCSE 202

    Bring Your Own Device (BYOD): Risks to Adopters and Users

    Get PDF
    Bring your own device (BYOD) policy refers to a set of regulation broadly adopted by organizations that allows employee-owned mobile devices – like as laptops, smartphones, personal digital assistant and tablets – to the office for use and connection to the organizations IT infrastructure. BYOD offers numerous benefits ranging from plummeting organizational logistic cost, access to information at any time and boosting employee’s productivity. On the contrary, this concept presents various safety issues and challenges because of its characteristic security requirements. This study explored diverse literature databases to identify and classify BYOD policy adoption issues, possible control measures and guidelines that could hypothetically inform organizations and users that adopt and implement BYOD policy. The literature domain search yielded 110 articles, 26 of them were deemed to have met the inclusion standards. In this paper, a list of possible threats/vulnerabilities of BYOD adoption were identified. This investigation also identified and classified the impact of the threats/vulnerabilities on BYOD layered components according to security standards of “FIPS Publication 199” for classification. Finally, a checklist of measures that could be applied by organizations & users to mitigate BYOD vulnerabilities using a set layered approach of data, device, applications, and people were recommended

    Cybersecurity Strategies for Universities With Bring Your Own Device Programs

    Get PDF
    The bring your own device (BYOD) phenomenon has proliferated, making its way into different business and educational sectors and enabling multiple vectors of attack and vulnerability to protected data. The purpose of this multiple-case study was to explore the strategies information technology (IT) security professionals working in a university setting use to secure an environment to support BYOD in a university system. The study population was comprised of IT security professionals from the University of California campuses currently managing a network environment for at least 2 years where BYOD has been implemented. Protection motivation theory was the study\u27s conceptual framework. The data collection process included interviews with 10 IT security professionals and the gathering of publicly-accessible documents retrieved from the Internet (n = 59). Data collected from the interviews and member checking were triangulated with the publicly-accessible documents to identify major themes. Thematic analysis with the aid of NVivo 12 Plus was used to identify 4 themes: the ubiquity of BYOD in higher education, accessibility strategies for mobile devices, the effectiveness of BYOD strategies that minimize risk, and IT security professionals\u27 tasks include identifying and implementing network security strategies. The study\u27s implications for positive social change include increasing the number of users informed about cybersecurity and comfortable with defending their networks against foreign and domestic threats to information security and privacy. These changes may mitigate and reduce the spread of malware and viruses and improve overall cybersecurity in BYOD-enabled organizations

    Cybersecurity Strategies for Universities With Bring Your Own Device Programs

    Get PDF
    The bring your own device (BYOD) phenomenon has proliferated, making its way into different business and educational sectors and enabling multiple vectors of attack and vulnerability to protected data. The purpose of this multiple-case study was to explore the strategies information technology (IT) security professionals working in a university setting use to secure an environment to support BYOD in a university system. The study population was comprised of IT security professionals from the University of California campuses currently managing a network environment for at least 2 years where BYOD has been implemented. Protection motivation theory was the study\u27s conceptual framework. The data collection process included interviews with 10 IT security professionals and the gathering of publicly-accessible documents retrieved from the Internet (n = 59). Data collected from the interviews and member checking were triangulated with the publicly-accessible documents to identify major themes. Thematic analysis with the aid of NVivo 12 Plus was used to identify 4 themes: the ubiquity of BYOD in higher education, accessibility strategies for mobile devices, the effectiveness of BYOD strategies that minimize risk, and IT security professionals\u27 tasks include identifying and implementing network security strategies. The study\u27s implications for positive social change include increasing the number of users informed about cybersecurity and comfortable with defending their networks against foreign and domestic threats to information security and privacy. These changes may mitigate and reduce the spread of malware and viruses and improve overall cybersecurity in BYOD-enabled organizations

    Bring your own device: an overview of risk assessment

    Get PDF
    As organizations constantly strive to improve strategies for ICT management, one of the major challenges they must tackle is bring your own device (BYOD). BYOD is a term that collectively refers to the related technologies, concepts, and policies in which employees are allowed to access internal corporate IT resources, such as databases and applications, using their personal mobile devices like smartphones, laptop computers, and tablet PCs [1]. It is a side effect of the consumerization of IT, a term used to describe the growing tendency of the new information technologies to emerge first in the consumer market and then spread into business and government organizations [2]. Basically, employees want to act in an any-devices, anywhere work style, performing personal activities during work and working activities during personal time [2]. There are several risks associated with BYOD [3, p. 63], and the big gaps in BYOD policies adopted by today\u27s organizations [4, p. 194] show that the solution to BYOD is not well understood. This article establishes a background to understand BYOD risks by considering conditions that increase the occurrence of these risks and the consequences of the risks occurring. It then aims to present the most commonly adopted BYOD solutions, their limitations, and remedies, as well as important policy considerations for successfully implementing them

    The Challenges of Implementing Bring Your Own Device

    Get PDF
    Research conducted by Tech Pro (2014) indicated that the Bring Your Own Device (BYOD) concept is gaining momentum with 74% of organizations already having some BYOD program or planning to implement one. While BYOD offers several benefits, it also presents challenges that concern information technology leaders and information security managers. This correlational study used the systems theory framework to examine the relationship between information security managers\u27 intentions, perceptions of security, and compliance regarding BYOD implementation. Participants of the study consisted of information security managers in the eastern United States who had obtained the Certified Information Systems Manager certification. Data was collected from 94 information security managers through a survey instrument. The survey instrument integrated three other instruments with proven reliability developed by other researchers. Data was analyzed using a multiple regression analysis to test for a relationship between the variables of the study (security, compliance, and intent to implement BYOD). The multiple regression conducted in this study was insignificant indicating a relationship did not exist between the study\u27s variables (F(2, 86) = 0.33, p = .718, R2 = .00). A significant negative relationship was found between security and compliance indicating a weakly negative correlation (r = -.26, p = .016). Using the results from the study, information technology leaders may be able to develop strategies from which to implement BYOD successfully. Implications for social change include increased knowledge of securing personal devices for employees and consumers in general and reduction in costs associated with security and data breaches

    A bring your own device information security behavioural model

    Get PDF
    The Bring Your Own Device (BYOD) phenomenon has become prevalent in the modern-day workplace, including the banking industry. Employees who own devices have become the unintended administrators of the organisation’s information as their mobile devices often carry information belonging to the organisation. The unintended administrator is not necessarily schooled or aware of the information security risks and challenges that are associated with the BYOD. This inadvertently shifts the management of organisational information security from the information technology (IT) administrator to the unintended administrator. This shift leaves the organisation at risk of information security breaches that can permeate the organisation, which result from the behaviour that the unintended administrator displays when operating the mobile device. This study introduces the BYOD Information Security Behavioural (BISB) model. The model constructs are a combination of individual and organisational traits of the unintended administrator. The purpose of this study is to mitigate the risks posed by the unintended administrator in organisations through the implementation this model. The risk that the unintended administrator poses in relation to the BYOD phenomenon results in chief information officers (CIOs) being unable to totally control these mobile devices. Traditional endpoint information security management tools and methods can no longer secure devices in the BYOD the way they can in the traditional network where they are confined to the organisation’s IT administrator. This results in the organisation’s information security becoming the responsibility of the unintended administrator. This study was conducted in the banking sector in Zimbabwe. It is noteworthy that the BYOD phenomenon has become prevalent in the banking sector among other organisational sectors like education, health or even government departments. Information security is also an important component of the banks as such and a choice was made to conduct the study in the banking industry. The design science research paradigm was followed in this study and included a survey of 270 bank employees in Zimbabwe, which received 170 complete responses. A literature review on both employee behaviour and organisational culture was conducted, followed by a case study of a commercial bank in Zimbabwe. The literature review culminated in traits that were then classified as individual traits and organisational traits. Six constructs –, knowledge, attitude, habit, environment, governance and training – were identified from the literature and combined to form the BYOD information security behavioural (BISB) model. Statistical calculations were conducted on the survey results which informed the reliability, validity and rigour of the model constructs. An expert review including industry experts was conducted to evaluate the BISB model. This study concludes by recommending that organisations in Zimbabwe should make use of the BISB model to mitigate the information security risks that are posed by the unintended administrator. While there are technical solutions for managing the information security risks that come with the BYOD, this study points out that without harnessing the individual and organisational traits that make up the BYOD information security behavioural model for the unintended administrator, technical solutions alone will not be effective

    Bring Your Own Device (BYOD) adoption in South African SMEs

    Get PDF
    The advancement in technological development is now altering the conventional order in the diffusion of IT innovation from a top-down approach (organisation to employees) to a bottom-up approach (employees to organisation). This change is more notable in developed economies and has led to the Bring Your Own Device (BYOD) phenomenon which promises increased productivity for employees and their organisations. There have been several studies on the corporate adoption of BYOD but few have investigated the phenomenon from a small and medium enterprise (SME) perspective and from developing countries specifically. This study investigated the BYOD phenomenon in South African SMEs. The goal was to identify contextual factors influencing BYOD adoption with the purpose of understanding how these factors shaped and reshaped by SME actions. The Perceived EReadiness Model (PERM) was adopted to unearth contextual BYOD adoption factors, while the Structuration Theory was adopted as the theoretical lens from which the social construction of the BYOD phenomenon was understood. The study adopted an interpretive stance and was qualitative in nature. Data was collected from SMEs using semi-structured interviews, and analysed using a thematic analysis approach. The findings show that for BYOD to be adopted and institutionalized in an SME there needs to be organisational readiness in terms of awareness, management support, business resources, human resources, employees' pressure, formal governance, and technological readiness. Specifically, business resources, management support and technological readiness were perceived to be of the outmost importance to the success of BYOD. Environmental factors of market forces, support from industry, government readiness and the sociocultural factor are identified. Findings from the structuration analysis reports the presence of rules and resources (structures) which SMEs draw upon in their BYOD actions and interactions. It provides understanding on the guiding structures such as "no training" and "no formal governance" within which BYOD meanings are formed, and actions such as allowing employees to use their devices to access organisational resources without the fear of security breaches and data theft, are enacted. While it is true that the successive adoption of ICTs in organisation depends on the availability of a conducive formal policy, findings in the study show that SMEs used their business resources and management support as guiding structures of domination which were legitimized by internal informal verbal rules, lack of an institutional BYOD specific policy, minimal industry support; and the presences of social pressure

    Policy framework for adoption of bring your own device (BYOD) by institutions in Nigeria

    Get PDF
    Mobile computing makes access to data and services available anytime and anywhere. The recent increase in the number of mobile devices like smartphones and tablets has given rise to a phenomenon known as “IT Consumerization” that focuses on satisfying the needs of the consumers to improve their productivity for the benefit of their organization. Recent report from mobile trends indicates that in 2014 alone, manufacturers will ship more than a billion Android devices. It is estimated that seven out of every ten employees (7/10) will use their mobile devices for work in corporate environments. Mobile devices according to studies are known to be more vulnerable compared to laptops and PCs due to their small size, mobility and general lack of protection against viruses and malware. The use of these devices therefore can impact negatively on corporate networks unless properly and effectively managed. Organizations are now adopting a program known as „bring your own device‟ (BYOD) that will enable them capture, register, and manage the mobile devices that connect and use their corporate infrastructure to guarantee the security of the infrastructure and data of the organization. They achieve this by putting in place strategies and policies that involves all stakeholders. This paper surveys literature to extract useful information that serve to enlighten the community of workers and IT leaders on the current and rapid growing phenomenon of BYOD, including the strategies for deployment, BYOD models, benefits, security threats on corporate and user data and infrastructure. The study presents guidelines and a framework for adoption of BYOD by institutions of higher learning in Nigeria in order to improve learning and provide a better workplace. The study will enable IT leaders formulate policies and guidelines that will guarantee smooth adoption and usage of BYOD by their various organizations

    Addressing the incremental risks associated with adopting Bring Your Own Device

    Get PDF
    CITATION: Weber, L. & Rudman, R. J. 2018. Addressing the incremental risks associated with adopting Bring Your Own Device. Journal of Economic and Financial Sciences, 11(1):a169, doi:10.4102/jef.v11i1.169.The original publication is available at https://jefjournal.org.zaBring Your Own Device (BYOD) involves allowing employees to use their own mobile devices to access their organisations’ networks. Many organisations are embracing this trend as a means to cut information technology (IT) expenditure, enhance employee satisfaction, etc. However, these and other benefits come at a cost in the form of exposing an organisation to new risks. The aim of this research was to assist organisations to identify the incremental risks they could potentially encounter if they implement a BYOD programme and how they can reduce the risks directly related to BYOD to an acceptable level. An extensive literature review was performed to identify the risks which arise as a result of the adoption of a BYOD programme. COBIT 5 was identified as the most appropriate framework which could be used to develop possible safeguards to mitigate the incremental risks associated with a BYOD programme to an acceptable level. Safeguards were developed to address the risks.https://jefjournal.org.za/index.php/jef/article/view/169Publisher's versio
    • …
    corecore