{"title":"BYOD安全风险和缓解策略:来自IT安全专家的见解","authors":"R. Palanisamy, A. Norman, M. L. M. Kiah","doi":"10.1080/10919392.2022.2028530","DOIUrl":null,"url":null,"abstract":"ABSTRACT Bring Your Own Device (BYOD) is considered one of the top security risks organizations face today as these devices are very much part of the working culture of today’s employees. However, there is still a lack of understanding of BYOD security risks and their impact on both information security and service delivery, particularly in the government sector, nor are there any strategies to reduce these risks. To examine this problem, interviews and BYOD risk assessments were conducted with eight IT security experts from selected public sector organizations to furnish in-depth insights into BYOD risks and its impact on organizations, and to recommend mitigation strategies to overcome them. Security risks that emanate from the security behavior of employees using their personal devices are identified and categorized into people, process, and technology risks. The risk assessment resulted in 16 critical risks for public sector organizations and strategies such as security training and awareness (SETA), policy, top management commitment, and technical countermeasures to overcome critical BYOD risks.","PeriodicalId":54777,"journal":{"name":"Journal of Organizational Computing and Electronic Commerce","volume":"31 1","pages":"320 - 342"},"PeriodicalIF":2.0000,"publicationDate":"2021-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"BYOD Security Risks and Mitigation Strategies: Insights from IT Security Experts\",\"authors\":\"R. Palanisamy, A. Norman, M. L. M. Kiah\",\"doi\":\"10.1080/10919392.2022.2028530\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"ABSTRACT Bring Your Own Device (BYOD) is considered one of the top security risks organizations face today as these devices are very much part of the working culture of today’s employees. However, there is still a lack of understanding of BYOD security risks and their impact on both information security and service delivery, particularly in the government sector, nor are there any strategies to reduce these risks. To examine this problem, interviews and BYOD risk assessments were conducted with eight IT security experts from selected public sector organizations to furnish in-depth insights into BYOD risks and its impact on organizations, and to recommend mitigation strategies to overcome them. Security risks that emanate from the security behavior of employees using their personal devices are identified and categorized into people, process, and technology risks. The risk assessment resulted in 16 critical risks for public sector organizations and strategies such as security training and awareness (SETA), policy, top management commitment, and technical countermeasures to overcome critical BYOD risks.\",\"PeriodicalId\":54777,\"journal\":{\"name\":\"Journal of Organizational Computing and Electronic Commerce\",\"volume\":\"31 1\",\"pages\":\"320 - 342\"},\"PeriodicalIF\":2.0000,\"publicationDate\":\"2021-10-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Organizational Computing and Electronic Commerce\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1080/10919392.2022.2028530\",\"RegionNum\":4,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Organizational Computing and Electronic Commerce","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1080/10919392.2022.2028530","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
BYOD Security Risks and Mitigation Strategies: Insights from IT Security Experts
ABSTRACT Bring Your Own Device (BYOD) is considered one of the top security risks organizations face today as these devices are very much part of the working culture of today’s employees. However, there is still a lack of understanding of BYOD security risks and their impact on both information security and service delivery, particularly in the government sector, nor are there any strategies to reduce these risks. To examine this problem, interviews and BYOD risk assessments were conducted with eight IT security experts from selected public sector organizations to furnish in-depth insights into BYOD risks and its impact on organizations, and to recommend mitigation strategies to overcome them. Security risks that emanate from the security behavior of employees using their personal devices are identified and categorized into people, process, and technology risks. The risk assessment resulted in 16 critical risks for public sector organizations and strategies such as security training and awareness (SETA), policy, top management commitment, and technical countermeasures to overcome critical BYOD risks.
期刊介绍:
The aim of the Journal of Organizational Computing and Electronic Commerce (JOCEC) is to publish quality, fresh, and innovative work that will make a difference for future research and practice rather than focusing on well-established research areas.
JOCEC publishes original research that explores the relationships between computer/communication technology and the design, operations, and performance of organizations. This includes implications of the technologies for organizational structure and dynamics, technological advances to keep pace with changes of organizations and their environments, emerging technological possibilities for improving organizational performance, and the many facets of electronic business.
Theoretical, experimental, survey, and design science research are all welcome and might look at:
• E-commerce
• Collaborative commerce
• Interorganizational systems
• Enterprise systems
• Supply chain technologies
• Computer-supported cooperative work
• Computer-aided coordination
• Economics of organizational computing
• Technologies for organizational learning
• Behavioral aspects of organizational computing.