Abstract
During the last ten years, security attacks on information systems have led to a huge number of data breaches all over the globe. Information security risks are causing massive damage to organizations. The security risk could be costlier to handle if not given due attention. We need to build a security culture in which everyone can recognize and evaluate the risks. In the current scenario the risks due to BYOD have emerged as a new challenge to information-security practitioners. The present study focuses on evaluating BYOD risks and their causes well before they become a threat to an organization. A new procedure is proposed to tackle the threats from BYOD and an empirical analysis is provided for validation of the proposed procedure.
- A. Atzeni and A.Lioy. Why to adopt a security metric? A brief survey. In QoP-2005: Quality of Protection workshop, pages 1--12, 2005.Google Scholar
- A. Beautement, "Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security," Managing Information Risk and the Economics of Security, M.E. Johnson, ed., Springer Science+Business Media, 2009, pp. 141--162.Google Scholar
- Bulgurcu, B., Cavusoglu, H., and Benbasat, I.2010. Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information System Awareness, Management Information Systems Quarterly (2010), pp. 523--548. Google ScholarDigital Library
- C. Woody. Applying OCTAVE: Practitioners report. 2006. Carnegie Mellon University.Google Scholar
- Campbell, K., Gordon, L. A., Loeb, M. P., and Zhou, L.(2009).The economic cost of publicly announced information security breaches: Empirical evidence from the stock market. Journal of Computer Security, Vol. 17, 2009, pp. 431--448. Google ScholarDigital Library
- Flechais, I., M.A. Sasse, and S.M.V. Hailes. Bringing security home: a process for developing secure and usable systems. in Proceedings of the 2003 workshop on New security paradigms. 2003. Ascona, Switzerland: ACM Press. Google ScholarDigital Library
- Guarro, S.B.1987. Principles and procedures of the LRAM approach to information systems risk analysis and management. Computers and Security, vol. 6, 1987, pp. 493--504. Google ScholarDigital Library
- Joseph Migga Kizza: A Guide to Computer Network Security, Springer, 2008, pp 112--115, http://en.wikipedia.org/wiki/Timeline_of_computer_ security_hacker_history Google ScholarDigital Library
- Julia H. Allen, Sean Barnum, Robert J. Ellison, Gary McGraw, Nancy R. Mead: Software Security Engineering: A Guide for Project Managers, Addison Wesley Professional, 2008, pp 6--8. Google ScholarDigital Library
- Kazman, R.; Nord, R. L.; & Klein, M. A Life-Cycle View of Architecture Analysis and Design Methods (CMU/SEI-2003-TN-026). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2003.Google Scholar
- L.A., Gordon, M. P., Loeb, and W. Lucyshyn.2010. CSI/FBI computer crime and security survey. Computer Security Institute (San Francisco 2010).Google Scholar
- National Institute for Standards and Technology (NIST). Guide for assessing the security controls in federal information systems, NIST Special Publication 800-53A (third public draft), 2007.Google Scholar
- Oran, Andy & Viega, John, (2009) Beautiful Security Metrics, Leading Security Experts Explain How They Think, Chapter 3 Elizabeth Nichols.Google Scholar
- Petrocelli, T.D., "Data Protection and Information Lifecycle Management," Upper Saddle River, NJ: Pearson Education, Inc., 2005. Google ScholarDigital Library
- Security Threat Report 2013 by Sophos Labs. (Private communication)Google Scholar
- Sun, L., Srivastava, R.P., and Mock, T.J.2006. An information system security risk assessment model under the Dempster-Shafer Theory of Belief Functions. Journal of Management Information Systems, vol. 22, 2006, pp. 109--142. Google ScholarDigital Library
- Wade H. Baker and Linda Wallace, Is information security under control?: Investigating quality in information security management. IEEE Security and Privacy, 5(1):36--44, 2007. Google ScholarDigital Library
- http://www.dqindia.com/dataquest/feature/205756/india-most-vulnerable-cyber-attacks#sthash.Z9TrKNYG.dpufGoogle Scholar
Index Terms
- A Proactive Procedure to Mitigate the BYOD Risks on the Security of an Information System
Recommendations
BYOD in Hospitals-Security Issues and Mitigation Strategies
ACSW '19: Proceedings of the Australasian Computer Science Week MulticonferenceThe demand for using personal devices in hospitals (BYOD) has increased rapidly over the years. However, BYOD also means that healthcare organisations are at great risk of leaking sensitive information assets like Personal Health Information (PHI) of ...
Information security risks management framework A step towards mitigating security risks in university network
Information is one of the most prominent assets for Universities and must be protected from security breach. This paper analyzed the security threats specifically evolve in University's network, and with consideration of these issues, proposed ...
Taxonomy of information security risk assessment (ISRA)
Information is a perennially significant business asset in all organizations. Therefore, it must be protected as any other valuable asset. This is the objective of information security, and an information security program provides this kind of ...
Comments