Risk Management in the Era of BYOD: The Quintet of Technology Adoption, Controls, Liabilities, User Perception, and User Behavior

Abstract

An increasing number of companies and organizations have allowed employees (as well as business partners and contractors) to use their own devices to connect to company assets, resulting in the phenomena of BYOD (Bring Your Own Devices). Employees' own devices may pose greater threats against the corporation than its own assets would. They are perceived as more vulnerable and easier to become compromised than devices issued and controlled by the company. In this context, the need to manage the BYOD practice is undeniable. In this paper we propose the Risk Management Quintet as a model of understanding the BYOD practice. The relationships among the components of the Quintet, i.e., technology adoption, control, liabilities, user perception, and user behavior, are examined in the context of control mechanisms.