Weitere Kapitel dieses Buchs durch Wischen aufrufen
The rapid increase of personal mobile devices (mainly smartphones and tablets) accessing corporate data has created a phenomenon commonly known as Bring Your Own Device (BYOD). Companies that allow the use of BYODs need to be aware of the risks of exposing their business to inadvertent data leakage or malicious intent posed by inside or outside threats. The adoption of BYOD policies mitigates these types of risks. However, many companies have weak policies, and the problem of exposure of corporate data persists. This paper addresses this problem by proposing a BYOD policy evaluation method to help companies to strengthen their BYOD policies.
This initial research proposes a novel BYOD security policy evaluation model that aims to identify weaknesses in BYOD policies using mathematical comparisons. The results are measurable and provide specific recommendations to strengthen a BYOD policy. Further research is needed in order to demonstrate the viability and effectiveness of this model.
Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten
Sie möchten Zugang zu diesem Inhalt erhalten? Dann informieren Sie sich jetzt über unsere Produkte:
Souppaya, M., & Scarfone, K. (2013). Guidelines for managing the security of mobile devices in the enterprise NIST Special Publication 800-124 Revision 1.
Cisco’s Technology News Site. (2012). Cisco study: IT saying yes to BYOD. Retrieved September 19 from https://newsroom.cisco.com/press-release-content?articleId=854754
BYOD Insights. (2013). A cisco partner network study, report. Retrieved September 2016 from http://www.ciscomcon.com/sw/swchannel/registration/internet/registration.cfm?SWAPPID=91&RegPageID=350200&SWTHEMEID=12949
Gartner. Gartner predicts by 2017, half of employers will require employees to supply their own device for work purposes. Retrieved August 31, 2016 from http://www.gartner.com/newsroom/id/2466615
Wang, Y., Wei, J., & Vangury, K. (2014). Bring your own device security issues and challenges. Consumer Communications and Networking Conference (CCNC), 2014 I.E. 11th, pp. 80–85.
Holleran, J. (2014). Building a better BYOD strategy. Risk Management, 61, 12–13.
Miller, K. W., Voas, J., & Hurlburt, G. F. (2012). BYOD: Security and privacy considerations. IT Professional, 14, 53–55. CrossRef
Thompson, G. (2012). BYOD: Enabling the chaos. Network Security, 2012, 5. CrossRef
Casola, V., Mazzeo, A., Maxxocca, N., & Vittorini, V. (2007). A policy-based methodology for security evaluation: A security metric for public key infrastructures. Journal of Computer Security, 15, 197–229. CrossRef
Vorakulpipat, C., Polprasert, C., & Siwamogsatham, S. (2014). Managing mobile device security in critical infrastructure sectors. Proceedings of the 7th international conference on Security of Information and Networks, p. 65.
Kumar, R., & Singh, H. (2015). A proactive procedure to mitigate the BYOD risks on the security of an information system. SIGSOFT Software Engineering Notes, 40, 1–4.
Souppaya, M., & Scarfone K. (2016). NIST 800-114 Rev 1 user’s guide to Telework and Bring Your Own Device (BYOD) security. Retrieved from http://csrc.nist.gov/publications/drafts/800-114r1/sp800_114r1_draft.pdf
Souppaya, M., & Scarfone, K. (2016). NIST 800-46 Rev 2 guide to enterprise telework, remote access, and Bring Your Own Device (BYOD) security. Retrieved from http://csrc.nist.gov/publications/drafts/800-46r2/sp800_46r2_draft.pdf
McCumber, J. (2004). Assessing and managing security risk in IT systems: A structured methodology. CRC Press. Boca Raton.
Peltier, T. R. (2016). Information security policies,procedures, and standards: Guidelines for effective information security management. Chicago: CRC Press.
Wood, C. C. (1995). Writing infosec policies. Computers & Security, 14, 667–674. CrossRef
- BYOD: A Security Policy Evaluation Model
Melva M. Ratchford
Neuer Inhalt/© ITandMEDIA