Caio Steglich, Azriel Majdenbaum, S. Marczak, R. Santos
{"title":"移动软件生态系统中的组织IT安全研究","authors":"Caio Steglich, Azriel Majdenbaum, S. Marczak, R. Santos","doi":"10.1109/ICSA-C50368.2020.00047","DOIUrl":null,"url":null,"abstract":"Information security is a key topic for most organizations. With the digital revolution, smartphones have become popular not only for personal use but also within organizations where many employees use them for business purposes. As smartphones are increasingly present in organizations, it is necessary to understand what recommendations the literature provides for the safe use of such devices, helping organizations to protect themselves from threats. ISO 27000 is a well-known standard for information security in a business context. It provides a set of controls that must be observed to ensure more secure organizational information. Therefore, the goal of this study is to identify which controls presented in ISO 27000, more specifically ISO 27001, are present in the Mobile Software Ecosystem (MSECO) literature. To do so, we conducted a systematic mapping review supplemented by a snowballing process to identify studies in the field of MSECO that have addressed any subject that is present in ISO 27001. We found that 34 out of the 114 ISO 27001 controls are covered by the MSECO literature. Also, some of the ISO sections (e.g., Asset Management) have not yet been explored in the MSECO literature. Our results can inspire future and further studies on the topic of MSECO information security.","PeriodicalId":202587,"journal":{"name":"2020 IEEE International Conference on Software Architecture Companion (ICSA-C)","volume":"206 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"A Study on Organizational IT Security in Mobile Software Ecosystems Literature\",\"authors\":\"Caio Steglich, Azriel Majdenbaum, S. Marczak, R. Santos\",\"doi\":\"10.1109/ICSA-C50368.2020.00047\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Information security is a key topic for most organizations. With the digital revolution, smartphones have become popular not only for personal use but also within organizations where many employees use them for business purposes. As smartphones are increasingly present in organizations, it is necessary to understand what recommendations the literature provides for the safe use of such devices, helping organizations to protect themselves from threats. ISO 27000 is a well-known standard for information security in a business context. It provides a set of controls that must be observed to ensure more secure organizational information. Therefore, the goal of this study is to identify which controls presented in ISO 27000, more specifically ISO 27001, are present in the Mobile Software Ecosystem (MSECO) literature. To do so, we conducted a systematic mapping review supplemented by a snowballing process to identify studies in the field of MSECO that have addressed any subject that is present in ISO 27001. We found that 34 out of the 114 ISO 27001 controls are covered by the MSECO literature. Also, some of the ISO sections (e.g., Asset Management) have not yet been explored in the MSECO literature. Our results can inspire future and further studies on the topic of MSECO information security.\",\"PeriodicalId\":202587,\"journal\":{\"name\":\"2020 IEEE International Conference on Software Architecture Companion (ICSA-C)\",\"volume\":\"206 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-03-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE International Conference on Software Architecture Companion (ICSA-C)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSA-C50368.2020.00047\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE International Conference on Software Architecture Companion (ICSA-C)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSA-C50368.2020.00047","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Study on Organizational IT Security in Mobile Software Ecosystems Literature
Information security is a key topic for most organizations. With the digital revolution, smartphones have become popular not only for personal use but also within organizations where many employees use them for business purposes. As smartphones are increasingly present in organizations, it is necessary to understand what recommendations the literature provides for the safe use of such devices, helping organizations to protect themselves from threats. ISO 27000 is a well-known standard for information security in a business context. It provides a set of controls that must be observed to ensure more secure organizational information. Therefore, the goal of this study is to identify which controls presented in ISO 27000, more specifically ISO 27001, are present in the Mobile Software Ecosystem (MSECO) literature. To do so, we conducted a systematic mapping review supplemented by a snowballing process to identify studies in the field of MSECO that have addressed any subject that is present in ISO 27001. We found that 34 out of the 114 ISO 27001 controls are covered by the MSECO literature. Also, some of the ISO sections (e.g., Asset Management) have not yet been explored in the MSECO literature. Our results can inspire future and further studies on the topic of MSECO information security.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
