Abstract
The rapid increase of personal mobile devices (mainly smartphones and tablets) accessing corporate data has created a phenomenon commonly known as Bring Your Own Device (BYOD). Companies that allow the use of BYODs need to be aware of the risks of exposing their business to inadvertent data leakage or malicious intent posed by inside or outside threats. The adoption of BYOD policies mitigates these types of risks. However, many companies have weak policies, and the problem of exposure of corporate data persists. This paper addresses this problem by proposing a BYOD policy evaluation method to help companies to strengthen their BYOD policies.
This initial research proposes a novel BYOD security policy evaluation model that aims to identify weaknesses in BYOD policies using mathematical comparisons. The results are measurable and provide specific recommendations to strengthen a BYOD policy. Further research is needed in order to demonstrate the viability and effectiveness of this model.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Souppaya, M., & Scarfone, K. (2013). Guidelines for managing the security of mobile devices in the enterprise NIST Special Publication 800-124 Revision 1.
Cisco’s Technology News Site. (2012). Cisco study: IT saying yes to BYOD. Retrieved September 19 from https://newsroom.cisco.com/press-release-content?articleId=854754
BYOD Insights. (2013). A cisco partner network study, report. Retrieved September 2016 from http://www.ciscomcon.com/sw/swchannel/registration/internet/registration.cfm?SWAPPID=91&RegPageID=350200&SWTHEMEID=12949
Gartner. Gartner predicts by 2017, half of employers will require employees to supply their own device for work purposes. Retrieved August 31, 2016 from http://www.gartner.com/newsroom/id/2466615
Wang, Y., Wei, J., & Vangury, K. (2014). Bring your own device security issues and challenges. Consumer Communications and Networking Conference (CCNC), 2014 I.E. 11th, pp. 80–85.
Holleran, J. (2014). Building a better BYOD strategy. Risk Management, 61, 12–13.
Miller, K. W., Voas, J., & Hurlburt, G. F. (2012). BYOD: Security and privacy considerations. IT Professional, 14, 53–55.
Thompson, G. (2012). BYOD: Enabling the chaos. Network Security, 2012, 5.
Casola, V., Mazzeo, A., Maxxocca, N., & Vittorini, V. (2007). A policy-based methodology for security evaluation: A security metric for public key infrastructures. Journal of Computer Security, 15, 197–229.
Vorakulpipat, C., Polprasert, C., & Siwamogsatham, S. (2014). Managing mobile device security in critical infrastructure sectors. Proceedings of the 7th international conference on Security of Information and Networks, p. 65.
Kumar, R., & Singh, H. (2015). A proactive procedure to mitigate the BYOD risks on the security of an information system. SIGSOFT Software Engineering Notes, 40, 1–4.
Souppaya, M., & Scarfone K. (2016). NIST 800-114 Rev 1 user’s guide to Telework and Bring Your Own Device (BYOD) security. Retrieved from http://csrc.nist.gov/publications/drafts/800-114r1/sp800_114r1_draft.pdf
Souppaya, M., & Scarfone, K. (2016). NIST 800-46 Rev 2 guide to enterprise telework, remote access, and Bring Your Own Device (BYOD) security. Retrieved from http://csrc.nist.gov/publications/drafts/800-46r2/sp800_46r2_draft.pdf
McCumber, J. (2004). Assessing and managing security risk in IT systems: A structured methodology. CRC Press. Boca Raton.
Peltier, T. R. (2016). Information security policies,procedures, and standards: Guidelines for effective information security management. Chicago: CRC Press.
Wood, C. C. (1995). Writing infosec policies. Computers & Security, 14, 667–674.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Ratchford, M.M. (2018). BYOD: A Security Policy Evaluation Model. In: Latifi, S. (eds) Information Technology - New Generations. Advances in Intelligent Systems and Computing, vol 558. Springer, Cham. https://doi.org/10.1007/978-3-319-54978-1_30
Download citation
DOI: https://doi.org/10.1007/978-3-319-54978-1_30
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-54977-4
Online ISBN: 978-3-319-54978-1
eBook Packages: EngineeringEngineering (R0)