A systematic approach to investigating how information security and privacy can be achieved in BYOD environments

Purpose This paper’s purpose is to provide a current best practice approach that can be used to identify and manage bring your own device (BYOD) security and privacy risks faced by organisations that use mobile devices as part of their business strategy. While BYOD deployment can provide work flexibility, boost employees’ productivity and be cost cutting for organisations, there are also many information security and privacy issues, with some widely recognised, and others less understood. This paper focuses on BYOD adoption, and its associated risks and mitigation strategies, investigating how both information security and privacy can be effectively achieved in BYOD environments. Design/methodology/approach This research paper used a qualitative research methodology, applying the case study approach to understand both organisational and employee views, thoughts, opinions and actions in BYOD environments. Findings This paper identifies and understands BYOD risks, threats and influences, and determines effective controls and procedures for managing organisational and personal information resources in BYOD. Research limitations/implications The scope of this paper is limited to the inquiry and findings from organisations operating in Australia. This paper also suggests key implications that lie within the ability of organisations to adequately develop and deploy successful BYOD management and practices. Originality/value This paper expands previous research investigating BYOD practices, and also provides a current best practice approach that can be used by organisations to systematically investigate and understand how to manage security and privacy risks in BYOD environments.

[1]  Floyd J. Fowler,et al.  Survey Research Methods , 1984 .

[2]  J. Armarego,et al.  Review of the Information Security and Privacy Challenges in Bring Your Own Device (BYOD) Environments , 2015 .

[3]  David Rivera,et al.  Analysis of security controls for BYOD (Bring Your Own Device) , 2013 .

[4]  E. Schein Organizational Culture and Leadership , 1991 .

[5]  Jeffrey M. Voas,et al.  BYOD: Security and Privacy Considerations , 2012, IT Professional.

[6]  Richard E. Boyatzis,et al.  Transforming Qualitative Information: Thematic Analysis and Code Development , 1998 .

[7]  Paul D. Tolchinsky,et al.  A Survey of Employee Perceptions of Information Privacy in Organizations , 1982 .

[8]  Matthew B. Miles,et al.  Qualitative Data Analysis: An Expanded Sourcebook , 1994 .

[9]  Oliver Brdiczka,et al.  Proactive Insider Threat Detection through Graph Learning and Psychological Context , 2012, 2012 IEEE Symposium on Security and Privacy Workshops.

[10]  Sylwia Męcfal Recenzja książki. Robert K. yin, Case Study Research. Design and Methods (fourth Edition), thousand Oaks, CA: Sage Publications, 2009 , 2012 .

[11]  M. Chang Predicting Unethical Behavior: A Comparison of the Theory of Reasoned Action and the Theory of Planned Behavior , 1998 .

[12]  Jung P. Shim,et al.  Current Status, Issues, and Future of Bring Your Own Device (BYOD) , 2014, Commun. Assoc. Inf. Syst..

[13]  Michael H. Breitner,et al.  Investigating the Influence of Security, Privacy, and Legal Concerns on Employees' Intention to Use BYOD Mobile Devices , 2013, AMCIS.

[14]  Hormazd Romer,et al.  Best practices for BYOD security , 2014 .

[15]  Catherine C. Marshall,et al.  Designing Qualitative Research , 1996 .

[16]  Mark A. Harris,et al.  The Need for BYOD Mobile Device Security Awareness and Training , 2013, AMCIS.

[17]  Joint Task Force Transformation Initiative,et al.  Security and Privacy Controls for Federal Information Systems and Organizations , 2013 .

[18]  Manmeet Mahinderjit Singh,et al.  SECURITY ATTACKS TAXONOMY ON BRING YOUR OWN DEVICES (BYOD) MODEL , 2014 .

[19]  Grafton Whyte,et al.  Introducing BYOD in an organisation: The risk and customer services viewpoints. Paper presented at the 1st Namibia Customer Service Awards & Conference, 2014. , 2014 .

[20]  Maryam Var Naseri,et al.  BYOD: Current state and security challenges , 2014, 2014 IEEE Symposium on Computer Applications and Industrial Electronics (ISCAIE).

[21]  M. Angela Sasse,et al.  "Comply or Die" Is Dead: Long Live Security-Aware Principal Agents , 2013, Financial Cryptography Workshops.

[22]  R. Yin Case Study Research: Design and Methods , 1984 .

[23]  Brian Tokuyoshi The security implications of BYOD , 2013, Netw. Secur..

[24]  Bill Morrow,et al.  BYOD security challenges: control and protect your most sensitive data , 2012, Netw. Secur..

[25]  Elizabeth Garnsey,et al.  The Genesis of the High Technology Milieu: A Study in Complexity , 1998 .

[26]  Yufei Yuan,et al.  Understanding User's Behaviors in Coping with Security Threat of Mobile Devices Loss and Theft , 2012, 2012 45th Hawaii International Conference on System Sciences.

[27]  Fenglin Liu,et al.  Emergent BYOD security challenges and mitigation strategy , 2013 .

[28]  H. Jeff Smith,et al.  Values, personal information privacy, and regulatory approaches , 1995, CACM.

[29]  Shashikant Rai,et al.  BRING YOUR OWN DEVICE (BYOD): SECURITY RISKS AND MITIGATING STRATEGIES , 2013 .

[30]  Icek Ajzen,et al.  From Intentions to Actions: A Theory of Planned Behavior , 1985 .

[31]  Izak Benbasat,et al.  The Case Research Strategy in Studies of Information Systems , 1987, MIS Q..

[32]  I. Ajzen,et al.  Belief, Attitude, Intention, and Behavior: An Introduction to Theory and Research , 1977 .

[33]  Lilia Guan Established BYOD management policies needed , 2012 .

[34]  Jocelyn Armarego,et al.  A Policy-Based Framework for Managing Information Security and Privacy Risks in BYOD Environments , 2015 .