Modelling semantics of security risk assessment for bring your own device using metamodelling technique

Rapid changes in mobile computing devices or modern devices such as smartphones, tablets and iPads have encouraged employees to use their personal devices at workplace. Bring Your Own Devices (BYOD) phenomenon in an enterprise has become pervasive in demand for business purposes. Most organizations practice BYOD as it offers a wide variety of advantages such as increasing work productivity, reducing cost and giving employee’s satisfaction. Despite that, BYOD practices trigger opportunities and challenges for the enterprise if there have no security policies, regulations and management on personal devices. Common BYOD security threats includes data leakage, exposure to malicious malware and sensitive corporates information. In this study, the Security-based BYOD Risk Assessment Metamodel (Security-based BYODRAM), a high-level knowledge structure was proposed for describing Security-based BYOD Risk Assessment domain. Review on thirty-five existing models which comprises of Risk Assessment and BYOD security models was done to identify the important concepts and semantic. Meta Object Facility (MOF) was the metamodeling language used in developing the metamodel. This study contributes a platform of incorporating and sharing of the Security-based BYOD Risk Assessment knowledge and giving solutions in managing BYOD security breaches. Real BYOD scenarios such as the Ottawa Hospital, privacy risks in enterprise and independent schools in Western Australian were used in demonstrating the semantics of proposed metamodel

Towards a Privacy Risk Assessment Methodology for Location-Based Systems

International audienceMobiquitous systems are gaining more and more weight in our daily lives. They are becoming a reality from our home and work to our leisure. The use of Location-Based Services (LBS) in these systems is increasingly demanded by users. Yet, while on one hand they enable people to be more " connected " , on the other hand, they may expose people to serious privacy issues. The design and deployment of Privacy-Enhancing Technologies (PETs) for LBS has been widely addressed in the last years. However, strikingly, there is still a lack of methodologies to assess the risk that using LBS may have on users' privacy (even when PETs are considered). This paper presents the first steps towards a privacy risk assessment methodology to (i) identify (ii) analyse, and (iii) evaluate the potential privacy issues affecting mobiquitous systems