BYOD Security Risks and Mitigation Strategies: Insights from IT Security Experts

IF 2 4区管理学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Organizational Computing and Electronic Commerce Pub Date : 2021-10-02 DOI:10.1080/10919392.2022.2028530

R. Palanisamy, A. Norman, M. L. M. Kiah

{"title":"BYOD Security Risks and Mitigation Strategies: Insights from IT Security Experts","authors":"R. Palanisamy, A. Norman, M. L. M. Kiah","doi":"10.1080/10919392.2022.2028530","DOIUrl":null,"url":null,"abstract":"ABSTRACT Bring Your Own Device (BYOD) is considered one of the top security risks organizations face today as these devices are very much part of the working culture of today’s employees. However, there is still a lack of understanding of BYOD security risks and their impact on both information security and service delivery, particularly in the government sector, nor are there any strategies to reduce these risks. To examine this problem, interviews and BYOD risk assessments were conducted with eight IT security experts from selected public sector organizations to furnish in-depth insights into BYOD risks and its impact on organizations, and to recommend mitigation strategies to overcome them. Security risks that emanate from the security behavior of employees using their personal devices are identified and categorized into people, process, and technology risks. The risk assessment resulted in 16 critical risks for public sector organizations and strategies such as security training and awareness (SETA), policy, top management commitment, and technical countermeasures to overcome critical BYOD risks.","PeriodicalId":54777,"journal":{"name":"Journal of Organizational Computing and Electronic Commerce","volume":"31 1","pages":"320 - 342"},"PeriodicalIF":2.0000,"publicationDate":"2021-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Organizational Computing and Electronic Commerce","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1080/10919392.2022.2028530","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 4

Abstract

ABSTRACT Bring Your Own Device (BYOD) is considered one of the top security risks organizations face today as these devices are very much part of the working culture of today’s employees. However, there is still a lack of understanding of BYOD security risks and their impact on both information security and service delivery, particularly in the government sector, nor are there any strategies to reduce these risks. To examine this problem, interviews and BYOD risk assessments were conducted with eight IT security experts from selected public sector organizations to furnish in-depth insights into BYOD risks and its impact on organizations, and to recommend mitigation strategies to overcome them. Security risks that emanate from the security behavior of employees using their personal devices are identified and categorized into people, process, and technology risks. The risk assessment resulted in 16 critical risks for public sector organizations and strategies such as security training and awareness (SETA), policy, top management commitment, and technical countermeasures to overcome critical BYOD risks.

查看原文本刊更多论文

BYOD安全风险和缓解策略:来自IT安全专家的见解

摘要自带设备（BYOD）被认为是当今组织面临的最大安全风险之一，因为这些设备在很大程度上是当今员工工作文化的一部分。然而，人们仍然缺乏对BYOD安全风险及其对信息安全和服务提供的影响的了解，特别是在政府部门，也没有任何降低这些风险的策略。为了研究这个问题，对来自选定公共部门组织的八名IT安全专家进行了访谈和BYOD风险评估，以深入了解BYOD风险及其对组织的影响，并建议克服这些风险的缓解策略。员工使用个人设备的安全行为所产生的安全风险被识别并分类为人员风险、过程风险和技术风险。风险评估为公共部门组织和战略带来了16个关键风险，如安全培训和意识（SETA）、政策、最高管理层承诺和克服关键BYOD风险的技术对策。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Organizational Computing and Electronic Commerce 工程技术-计算机：跨学科应用

CiteScore

5.80

自引率

17.20%

发文量

审稿时长

>12 weeks

期刊介绍： The aim of the Journal of Organizational Computing and Electronic Commerce (JOCEC) is to publish quality, fresh, and innovative work that will make a difference for future research and practice rather than focusing on well-established research areas. JOCEC publishes original research that explores the relationships between computer/communication technology and the design, operations, and performance of organizations. This includes implications of the technologies for organizational structure and dynamics, technological advances to keep pace with changes of organizations and their environments, emerging technological possibilities for improving organizational performance, and the many facets of electronic business. Theoretical, experimental, survey, and design science research are all welcome and might look at: • E-commerce • Collaborative commerce • Interorganizational systems • Enterprise systems • Supply chain technologies • Computer-supported cooperative work • Computer-aided coordination • Economics of organizational computing • Technologies for organizational learning • Behavioral aspects of organizational computing.