Please enable JavaScript.
Coggle requires JavaScript to display documents.
How information security and privacy can be achieved in BOYD environments,…
How information security and privacy can be achieved in BOYD environments
Case study findings. The case study conducted in this research exhibited the BYOD issues identified in the aforementioned literature. The findings from the survey indicate that there are many risks associated with BYOD in the areas of physical threats, access control, communications and applications, and compliance. The study revealed that organisations can put their critical data at risk by not having BYOD countermeasures in place or by ignoring simple steps such as employee BYOD education, thereby exposing confidential data
RQ1.2. What are current organisational perceptions and practices in respect to information
security and privacy management of BYOD?
BYOD privacy was lacking in the organisation, particularly for their employees, which indicated the potential for liabilities. Organisation B and Organisation C exhibited a reactive approach towards BYOD and had inadequate security and privacy policies, controls, awareness programs and training for BYOD
Although all three case organisations shared common information security and privacy issues, Organisation A had a high level of commitment towards BYOD information security, whereas no significant efforts were made by Organisation B and Organisation C towards BYOD information security. All three organisations have poor or no commitment of any kind to BYOD privacy
Generation X
37-52
Smartphone 57.8%
Tablet 39.6%
Laptop 44.2%
Generation Y
18-36
Smartphone - 37.7%
Tablet 27%
Laptop 35%
This data is the total percentage of each age group
Babyboomer
Over 52
Smartphone 11.9%
Tablet 11.9%
Laptop 12%
Average organisation range
Smartphone - 37.8%
Tablet- 29.7%
Laptop -32.5%
The three case studies indicate that BYOD significantly influences information security and privacy management in organisations. A key finding is that the influence of BYOD on information security and privacy management activities within the three case studies was similar, even though BYOD affected each organisation to differing extents. The disparities were attributed to variations in efforts to achieve information security and privacy management, as well as the industry concerned.
[Additional findings suggest that employees’ desire or unwillingness to comply with BYOD security and privacy requirements was a function of not only their knowledge and skills but also other elements involving perception and environmental settings]
The findings also suggest some employees’ have the intention to engage in BYOD information security- and privacy-related activities. Figure 3 below indicates that some employees’ desire to accept liability for data loss from their devices, but have total disagreement to the monitoring and tracking of their devices by their organisations.
BYOD Security and Privacy considerations
First, as soon as external (personal) devices are attached, malware could migrate from the personal device into the company’s machines and over the company’s networks. In the other direction, sensitive data is likely to make its way onto the personal devices. This data could include customer information that should be kept private and company information that should be kept proprietary
In April 2012, the four major US carriers agreed to team with the Federal Communication Commission to build a national government registry of all cell phones and tablets. Using this registry, when a device is reported missing, the database will flag that device and deactivate it
There’s an acknowledgment that as employees become attached and bound to particular personal devices, they’re often unwilling to learn a new device when they’ve already scanned the marketplace, selected the device and wireless plan they prefer, and invested their own time learning how to operate it. If management comes along and tells them they must use some other “approved” device that they already discounted in their search, the likelihood that such a bonding will be as successful is diminished. Apple used this principle well in its early days when it hired evangelists to work the college circuit to expose Apple products to college students