Computing and Information Systems - Research Publications

Permanent URI for this collection

http://hdl.handle.net/11343/350

Filters

2013 10
Reset filters

Settings
Statistics
Citations
Type: Working Paper × Start date: 2013 × End date: 2013 ×

Search Results

Now showing 1 - 10 of 10
  • Item
    Thumbnail Image
    Security challenges of BYOD: a security education, training and awareness perspective
    Chen, Hanlin ; Li, Jiao ; Hoang, Thomas ; Lou, Xiaowei (The University of Melbourne, 2013)
    This paper explores the security challenges of Bring Your Own Device (BYOD) for users and organisations by identifying the security threats to mobile devices. Based on these challenges, this paper will aim to identify the security education, training and awareness approaches and concepts based on existing literature to form an understanding of how users can be motivated to commit to BYOD policies and practices. The extent in which users are accountable for the security threats related to BYOD is found to be significant in this paper. It is therefore critical that organisations considering implementing BYOD should focus on developing the education, training and awareness programs for its employees based on concepts of motivation, commitment, knowledge retention and the tradeoff between user/device monitoring and user privacy.
  • Item
    Thumbnail Image
    Effectiveness of security controls in BYOD environments
    Marjanovic, Zoran (The University of Melbourne, 2013)
    Mobile computing introduced completely new security risks and increased the potential of the old ones. Remote access as an enabler of mobile computing opened the organisations’ systems to various attacks from the Internet, both technical and social ones. Regular access to the Internet outside corporate systems exposed mobile devices to malicious code and hackers which improved the attack success rate. As a response, security experts have been developing technical and non-technical mechanisms for protection of information. They have been trying to identify the most effective approach and combination of security controls that can deliver maximum security without impairing the business processes. These efforts increased with the introduction of Bring Your Own Device (BYOD) concept. BYOD reduces IT costs and provides more flexible work experience. So far, many organisations decided to allow userowned devices on the system and the trend is still growing. From information security perspective, BYOD comes with risks common for mobile computing, but it also introduces new technical and legal ones. Technical solution providers have been trying to develop security systems that can help organisation in adopting the BYOD concept, and security experts have been trying to design a complete security strategy that can meet the challenges of BYOD. The focus of these efforts is information security.
  • Item
    Thumbnail Image
    Does BYOD increase risks or drive benefits?
    Pillay, Ashwin ; Diaki, Harrik ; Nham, Eric ; Senanayake, Samanthi ; TAN, GLORIA ; Deshpande, Saurabh (The University of Melbourne, 2013)
    This paper looks at the benefits and risks associated with bring your own device (BYOD), a practice that is becoming common to many organisations. Literature reviews of established academic journals were conducted to illustrate key points, arguments, and supporting evidence to draw conclusions. The paper has found that BYOD is an inevitable part of modern organizations’ business practice. Its adoption will continue to rise due to its effectiveness in supporting business operations. The paper also found that there are substantial risks in BYOD that can be harmful to organizations, and thus its ability to control BYOD is crucial in the prevention and mitigation of these risks. The paper contributes to current literature by emphasizing that in order to fully realize the potential ongoing benefits of BYOD, control strategies must be applied, and that the human factor must be taken into account as it plays a pivotal role in the effectiveness of these security measures.
  • Item
    Thumbnail Image
    Confidentiality and health: a literature review
    Alateeq, Sulaiman ; Viswanathan, Hari Hara Sudhan ; Fuentealba, Christobal ; Pang, Haoran ; HU, CHENWEI ; Salisbury, Sean (The University of Melbourne, 2013)
    Confidentiality in the growing Electronic Patient Records is a heated argument in the current world with heavy political involvement; this paper aims at learning how to achieve EPRs confidentiality through security policies to satisfy privacy legislations electronic health provisions. The literature part initially focuses on concepts involved in general and information security policies, and moves on towards the concepts of information security policy concepts, modules and mechanisms within the healthcare industry literature. The merits and demerits of these concepts will be discussed and an efficient model will be proposed in the discussion part. The paper discusses about finding efficient and effective approaches for formulating, implementing and refining security policies, and in enforcing them with appropriate procedures; and in analysing human behaviours to achieve the objective of achieving EPRs confidentiality. These information security policy modules and mechanisms includes of the Individual Identifiable Micro-data Technique, ETHICS method and Information Assurance policy compliance framework. The premise of this research also provide launch space with opportunities for future research.
  • Item
    Thumbnail Image
    Security risks in teleworking: a review and analysis
    Yang, Huiyi ; Zheng, Chaofan ; Zhu, Lika ; Chen, Fei ; ZHAO, YUMIN ; Valluri, Manjeera (The University of Melbourne, 2013)
    Teleworking as an innovative working practice attracts organizations to apply it throughout whole organizations, with providing plenty of benefits. However, the related information security risks generated in teleworking threaten organizations to implement it. This paper aims to ascertain information security risks arising from teleworking based on literature. The contributions of this paper are addressing most challenging security risks that existed in teleworking for companies to be concerned, providing security controls for avoiding these mentionable risks that are identified, generally discussing which component of the risks are more crucial for the risk control, and indicating intangible security risks not mentioned in literature. These risks are aligned with teleworking business goals.
  • Item
    Thumbnail Image
    Ready, steady telework: information security essentials for the teleworker
    Jilani, Umair ; Ahimmat, Alwan ; Raso, Anthony ; Thorpe, David ; TRAN, MAN (The University of Melbourne, 2013)
    We operate and live in an environment where data communication is dependent on Internet connectivity which is decentralised in nature and is not possible to regulate. Due to technology advances, organisations have allowed remote access to their data via the Internet which allows employees to perform work activities via teleworking. Employees have embraced this method of working and teleworking has become a norm in a large number of organisations today. The problem of teleworking arises as employees are accessing company data outside the organization walls; a potential risk to information leakage whether it be deliberate or unintentional. In this paper the risks associated with teleworking is attributed to physical, technical and document management. To address these risks, Security Education, Training and Awareness (SETA) and information security policies are important. This paper analyses three core information security objectives in context with SETA i.e. Confidentiality, Integrity and Availability. The SETA campaign has neither a goal nor content without a security policy, likewise a security policy cannot be enforced without awareness by those for which it is intended.
  • Item
    Thumbnail Image
    Information security strategy and teleworking (in)security
    Ampomah, Millicent ; DE SILVA, YEVINDRA ; Li, Hanqing ; Pahlisa, Piki ; Yang, Qian ; Zhang, Qian (The University of Melbourne, 2013)
    Mainstream writing of teleworking tends to focus on both the economic and social benefits with little emphasis on information security issues. Information security threats of telework however are identified by most literature as a concern for organisations. This literature review examines the different influences on issues leading to information insecurity within the teleworking environment. By drawing on literature, a strategic model for managing and controlling information security threats in teleworking environment is proposed. Organisations essentially needs to implement security measures or controls from a strategic point of view to include formal and informal controls.
  • Item
    Thumbnail Image
    Emergent BYOD security challenges and mitigation strategy
    DEDECHE, AHMED ; Liu, Fenglin ; LE, MICHELLE ; Lajami, Saeed (University of Melbourne, 2013)
    There is limited research and literature on the topic of ‘Bring-your-own-device’ (BYOD) in organizations. BYOD is a new business trend where employees are using their own devices for work purposes. This phenomenon has introduced new security challenges to the business environment. Traditionally, organizational security risks have been addressed by adapting various established Information Security (IS) strategies. This research paper aims to identify how these strategies can be implemented by organizations to address the emergent BYOD risks.
  • Item
    Thumbnail Image
    Analysis of security controls for BYOD (Bring Your Own Device)
    Rivera, David ; George, Geethu ; Peter, Prathap ; Muralidharan, Sahithya ; Khanum, Sumaya ( 2013)
    This paper researches on the impact of Bring Your Own Devices (BYOD) to Organizational security. It examines the principal threats and control mechanisms covered in academic and industry literatures. The paper also identifies key areas where organizations can implement security controls in order to reduce BYOD related security threats. An analysis of the key risks and how existing control mechanisms address them is also conducted.
  • Item
    Thumbnail Image
    Information security culture: literature review
    O'BRIEN, JESSICA ; Islam, Sabbir ; Bao, Senjie ; Weng, Fangren ; Xiong, Wenjia ; Ma, Anhua ( 2013)
    An organisational culture that is information security aware will minimise risks to information assets and specifically reduce the risk of employee misbehaviour and harmful interaction with information assets. With the rise of mobility and BYOD, organisations require guidance in establishing an information security-aware or implementing an appropriately stringent information security culture. Various bodies of literature exist to address the issues that employee behaviour could pose when exposed to the diverse and complex world of BYOD. However, published articles that focus specifically on the relationship between the BYOD wave and the influence it has on the culture in an organisation are limited. Organisations therefore have need of a call for further research on pertinent issues within this area of information security culture. Organisations should understand that the consumer world moves much faster than the enterprise world; the challenge is to try and keep up. There is a need to support repeated platform renewals and mass switching - companies are forever playing catch up and running six to twelve months behind the market. Organisations need to shift the perimeter from the network barriers back towards the information itself. Mobility completely defies this view, and people respond to that. The objective of this paper is to examine how BYOD influences security culture in organisations, discuss findings and apply them to new but untested sights, paving the way for areas for further research. The paper has been divided into the following sections. First, the authors review previous relevant research on both information security culture as well as cultural issues surrounding mobility and BYOD. Second, they deliver what the literature review called out to the group as three pertinent cultural issues surrounding mobility in the workforce. Third, they discuss the results of the review and apply them towards new but untested ideas. In the final section, they discuss contributions, and conclude by emphasizing further research direction in the area.