BYOD: A Security Policy Evaluation Model

Ratchford, Melva M.

doi:10.1007/978-3-319-54978-1_30

Melva M. Ratchford¹⁵

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 558))

3339 Accesses
6 Citations

Abstract

The rapid increase of personal mobile devices (mainly smartphones and tablets) accessing corporate data has created a phenomenon commonly known as Bring Your Own Device (BYOD). Companies that allow the use of BYODs need to be aware of the risks of exposing their business to inadvertent data leakage or malicious intent posed by inside or outside threats. The adoption of BYOD policies mitigates these types of risks. However, many companies have weak policies, and the problem of exposure of corporate data persists. This paper addresses this problem by proposing a BYOD policy evaluation method to help companies to strengthen their BYOD policies.

This initial research proposes a novel BYOD security policy evaluation model that aims to identify weaknesses in BYOD policies using mathematical comparisons. The results are measurable and provide specific recommendations to strengthen a BYOD policy. Further research is needed in order to demonstrate the viability and effectiveness of this model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 169.00; Price excludes VAT (USA)

Softcover Book: USD 219.99; Price excludes VAT (USA)

Hardcover Book: USD 219.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Souppaya, M., & Scarfone, K. (2013). Guidelines for managing the security of mobile devices in the enterprise NIST Special Publication 800-124 Revision 1.
Google Scholar
Cisco’s Technology News Site. (2012). Cisco study: IT saying yes to BYOD. Retrieved September 19 from https://newsroom.cisco.com/press-release-content?articleId=854754
BYOD Insights. (2013). A cisco partner network study, report. Retrieved September 2016 from http://www.ciscomcon.com/sw/swchannel/registration/internet/registration.cfm?SWAPPID=91&RegPageID=350200&SWTHEMEID=12949
Gartner. Gartner predicts by 2017, half of employers will require employees to supply their own device for work purposes. Retrieved August 31, 2016 from http://www.gartner.com/newsroom/id/2466615
Wang, Y., Wei, J., & Vangury, K. (2014). Bring your own device security issues and challenges. Consumer Communications and Networking Conference (CCNC), 2014 I.E. 11th, pp. 80–85.
Google Scholar
Holleran, J. (2014). Building a better BYOD strategy. Risk Management, 61, 12–13.
Google Scholar
Miller, K. W., Voas, J., & Hurlburt, G. F. (2012). BYOD: Security and privacy considerations. IT Professional, 14, 53–55.
Article Google Scholar
Thompson, G. (2012). BYOD: Enabling the chaos. Network Security, 2012, 5.
Article Google Scholar
Casola, V., Mazzeo, A., Maxxocca, N., & Vittorini, V. (2007). A policy-based methodology for security evaluation: A security metric for public key infrastructures. Journal of Computer Security, 15, 197–229.
Article Google Scholar
Vorakulpipat, C., Polprasert, C., & Siwamogsatham, S. (2014). Managing mobile device security in critical infrastructure sectors. Proceedings of the 7th international conference on Security of Information and Networks, p. 65.
Google Scholar
Kumar, R., & Singh, H. (2015). A proactive procedure to mitigate the BYOD risks on the security of an information system. SIGSOFT Software Engineering Notes, 40, 1–4.
Google Scholar
Souppaya, M., & Scarfone K. (2016). NIST 800-114 Rev 1 user’s guide to Telework and Bring Your Own Device (BYOD) security. Retrieved from http://csrc.nist.gov/publications/drafts/800-114r1/sp800_114r1_draft.pdf
Souppaya, M., & Scarfone, K. (2016). NIST 800-46 Rev 2 guide to enterprise telework, remote access, and Bring Your Own Device (BYOD) security. Retrieved from http://csrc.nist.gov/publications/drafts/800-46r2/sp800_46r2_draft.pdf
McCumber, J. (2004). Assessing and managing security risk in IT systems: A structured methodology. CRC Press. Boca Raton.
Google Scholar
Peltier, T. R. (2016). Information security policies,procedures, and standards: Guidelines for effective information security management. Chicago: CRC Press.
Google Scholar
Wood, C. C. (1995). Writing infosec policies. Computers & Security, 14, 667–674.
Article Google Scholar

Download references

Author information

Authors and Affiliations

Dakota State University, Madison, SA, USA
Melva M. Ratchford

Authors

Melva M. Ratchford
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Melva M. Ratchford .

Editor information

Editors and Affiliations

Department of Electrical and Computer Engineering, University of Nevada, Las Vegas, Nevada, USA
Shahram Latifi

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Ratchford, M.M. (2018). BYOD: A Security Policy Evaluation Model. In: Latifi, S. (eds) Information Technology - New Generations. Advances in Intelligent Systems and Computing, vol 558. Springer, Cham. https://doi.org/10.1007/978-3-319-54978-1_30

Download citation

DOI: https://doi.org/10.1007/978-3-319-54978-1_30
Published: 18 July 2017
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-54977-4
Online ISBN: 978-3-319-54978-1
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics