BYOD安全风险和缓解策略:来自IT安全专家的见解

IF 2 4区 管理学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS
R. Palanisamy, A. Norman, M. L. M. Kiah
{"title":"BYOD安全风险和缓解策略:来自IT安全专家的见解","authors":"R. Palanisamy, A. Norman, M. L. M. Kiah","doi":"10.1080/10919392.2022.2028530","DOIUrl":null,"url":null,"abstract":"ABSTRACT Bring Your Own Device (BYOD) is considered one of the top security risks organizations face today as these devices are very much part of the working culture of today’s employees. However, there is still a lack of understanding of BYOD security risks and their impact on both information security and service delivery, particularly in the government sector, nor are there any strategies to reduce these risks. To examine this problem, interviews and BYOD risk assessments were conducted with eight IT security experts from selected public sector organizations to furnish in-depth insights into BYOD risks and its impact on organizations, and to recommend mitigation strategies to overcome them. Security risks that emanate from the security behavior of employees using their personal devices are identified and categorized into people, process, and technology risks. The risk assessment resulted in 16 critical risks for public sector organizations and strategies such as security training and awareness (SETA), policy, top management commitment, and technical countermeasures to overcome critical BYOD risks.","PeriodicalId":54777,"journal":{"name":"Journal of Organizational Computing and Electronic Commerce","volume":"31 1","pages":"320 - 342"},"PeriodicalIF":2.0000,"publicationDate":"2021-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"BYOD Security Risks and Mitigation Strategies: Insights from IT Security Experts\",\"authors\":\"R. Palanisamy, A. Norman, M. L. M. Kiah\",\"doi\":\"10.1080/10919392.2022.2028530\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"ABSTRACT Bring Your Own Device (BYOD) is considered one of the top security risks organizations face today as these devices are very much part of the working culture of today’s employees. However, there is still a lack of understanding of BYOD security risks and their impact on both information security and service delivery, particularly in the government sector, nor are there any strategies to reduce these risks. To examine this problem, interviews and BYOD risk assessments were conducted with eight IT security experts from selected public sector organizations to furnish in-depth insights into BYOD risks and its impact on organizations, and to recommend mitigation strategies to overcome them. Security risks that emanate from the security behavior of employees using their personal devices are identified and categorized into people, process, and technology risks. The risk assessment resulted in 16 critical risks for public sector organizations and strategies such as security training and awareness (SETA), policy, top management commitment, and technical countermeasures to overcome critical BYOD risks.\",\"PeriodicalId\":54777,\"journal\":{\"name\":\"Journal of Organizational Computing and Electronic Commerce\",\"volume\":\"31 1\",\"pages\":\"320 - 342\"},\"PeriodicalIF\":2.0000,\"publicationDate\":\"2021-10-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Organizational Computing and Electronic Commerce\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1080/10919392.2022.2028530\",\"RegionNum\":4,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Organizational Computing and Electronic Commerce","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1080/10919392.2022.2028530","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 4

摘要

摘要自带设备(BYOD)被认为是当今组织面临的最大安全风险之一,因为这些设备在很大程度上是当今员工工作文化的一部分。然而,人们仍然缺乏对BYOD安全风险及其对信息安全和服务提供的影响的了解,特别是在政府部门,也没有任何降低这些风险的策略。为了研究这个问题,对来自选定公共部门组织的八名IT安全专家进行了访谈和BYOD风险评估,以深入了解BYOD风险及其对组织的影响,并建议克服这些风险的缓解策略。员工使用个人设备的安全行为所产生的安全风险被识别并分类为人员风险、过程风险和技术风险。风险评估为公共部门组织和战略带来了16个关键风险,如安全培训和意识(SETA)、政策、最高管理层承诺和克服关键BYOD风险的技术对策。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
BYOD Security Risks and Mitigation Strategies: Insights from IT Security Experts
ABSTRACT Bring Your Own Device (BYOD) is considered one of the top security risks organizations face today as these devices are very much part of the working culture of today’s employees. However, there is still a lack of understanding of BYOD security risks and their impact on both information security and service delivery, particularly in the government sector, nor are there any strategies to reduce these risks. To examine this problem, interviews and BYOD risk assessments were conducted with eight IT security experts from selected public sector organizations to furnish in-depth insights into BYOD risks and its impact on organizations, and to recommend mitigation strategies to overcome them. Security risks that emanate from the security behavior of employees using their personal devices are identified and categorized into people, process, and technology risks. The risk assessment resulted in 16 critical risks for public sector organizations and strategies such as security training and awareness (SETA), policy, top management commitment, and technical countermeasures to overcome critical BYOD risks.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Journal of Organizational Computing and Electronic Commerce
Journal of Organizational Computing and Electronic Commerce 工程技术-计算机:跨学科应用
CiteScore
5.80
自引率
17.20%
发文量
7
审稿时长
>12 weeks
期刊介绍: The aim of the Journal of Organizational Computing and Electronic Commerce (JOCEC) is to publish quality, fresh, and innovative work that will make a difference for future research and practice rather than focusing on well-established research areas. JOCEC publishes original research that explores the relationships between computer/communication technology and the design, operations, and performance of organizations. This includes implications of the technologies for organizational structure and dynamics, technological advances to keep pace with changes of organizations and their environments, emerging technological possibilities for improving organizational performance, and the many facets of electronic business. Theoretical, experimental, survey, and design science research are all welcome and might look at: • E-commerce • Collaborative commerce • Interorganizational systems • Enterprise systems • Supply chain technologies • Computer-supported cooperative work • Computer-aided coordination • Economics of organizational computing • Technologies for organizational learning • Behavioral aspects of organizational computing.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信