A Policy-Based Framework for Preserving Confidentiality in BYOD Environments: A Review of Information Security Perspectives

Vorakulpipat, Chalee; Sirapaisan, Soontorn; Rattanalerdnusorn, Ekkachan; Savangsuk, Visut

doi:10.1155/2017/2057260

Cited by 24 publications

(18 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Mobile devices contain a wealth of data that users might deem private. However, technological countermeasures for organizational security, such as monitoring and tracking, elicit privacy concerns among employees (Vorakulpipat et al , 2017). For example, e-mail filtering technology can monitor the content of private messages.…”

Section: Theoretical Backgroundmentioning

confidence: 99%

“…Organizations may face internal and external threats such as computer viruses and employees' inappropriate use of information assets and data (Li et al , 2019; Xu and Guo, 2019). Employees' adoption of BYOD in the workplace may increase such challenges for enterprise information security management (Scarfò, 2012; Vorakulpipat et al , 2017). In a recent survey, 39% of companies cited security concerns as the primary barrier to BYOD adoption, including employees' unauthorized access to company data, the ability to download unsafe applications (apps) or content and stolen and lost devices (Deyan, 2019).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Understanding employees' adoption of the Bring-Your-Own-Device (BYOD): the roles of information security-related conflict and fatigue

Chen

et al. 2020

JEIM

View full text Add to dashboard Cite

PurposeWhile the bring-your-own-device (BYOD) trend provides benefits for employees, it also poses security risks to organizations. This study explores whether and how employees decide to adopt BYOD practices when they encounter information security–related conflict.Design/methodology/approachUsing survey data from 235 employees of Chinese enterprises and applying partial least squares based structural equation modeling (PLS-SEM), we test a series of hypotheses.FindingsThe results suggest that information security–related conflict elicits information security fatigue among employees. As their information security fatigue increases, employees become less likely to adopt BYOD practices. In addition, information security–related conflict has an indirect effect on employee's BYOD adoption through the full mediation of information security fatigue.Practical implicationsThis study provides practical implications to adopt BYOD in the workplace through conflict management measures and emotion management strategies. Conflict management measures focused on the reducing of four facets of information security–related conflict, such as improve organization's privacy policies and help employees to build security habits. Emotion management strategies highlighted the solutions to reduce fatigue through easing conflict, such as involving employees in the development or update of information security policies to voice their demands of privacy and other rights.Originality/valueOur study extends knowledge by focusing on the barriers to employees' BYOD adoption when considering information security in the workplace. Specifically, this study takes a conflict perspective and builds a multi-faceted construct of information security–related conflict. Our study also extends information security behavior research by revealing an emotion-based mediation effect, that of information security fatigue, to explore the mechanism underlying the influence of information security–related conflict on employee behavior.

show abstract

Section: Theoretical Backgroundmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Understanding employees' adoption of the Bring-Your-Own-Device (BYOD): the roles of information security-related conflict and fatigue

Chen

et al. 2020

JEIM

View full text Add to dashboard Cite

show abstract

“…If the user keeps passwords for e.g. social networks stored in the browser, the employer may be able to get access to this very private area (Vorakulpipat et al 2017). Also modern smartphone have GPS systems and the employer may be able to track the employees location and travel paths (Vorakulpipat et al 2017).…”

Section: Perceived Risk Of Participating In a Byod Programmentioning

confidence: 99%

“…social networks stored in the browser, the employer may be able to get access to this very private area (Vorakulpipat et al 2017). Also modern smartphone have GPS systems and the employer may be able to track the employees location and travel paths (Vorakulpipat et al 2017). Capturing these issues, privacy risk (PR-PR) is defined as the Bpotential loss of control over personal information^ (Featherman andPavlou 2003, p.1036).…”

Section: Perceived Risk Of Participating In a Byod Programmentioning

confidence: 99%

Determinants of Intention to Participate in Corporate BYOD-Programs: The Case of Digital Natives

et al. 2018

View full text Add to dashboard Cite

Corporations continue to see a growing demand for Bring-Your-Own-Device (BYOD) programs which allow employees to use their own computing devices for business purposes. This study analyses the demand of digital natives for such programs when entering the workforce and how they perceive the benefits and risk associated with BYOD. A theoretical model building on net valence considerations, technology adoption theories and perceived risk theory is proposed and tested. International students from five countries in their final year and with relevant work experience were surveyed. The results show that the intention to enroll in a BYOD program is primarily a function of perceived benefits while risks are widely ignored. Only safety and performance risks proved to contribute significantly to the overall perceived risk. The knowledge acquired from this study is particularly beneficial to IT executives as a guide to deciding whether and how to set up or adjust corporate BYOD initiatives.

show abstract

“…Notice that users obtain superuser access privileges to change the current Android version, to get access to the file system without restrictions, to install modified apps and gain more privileges, to improve performance, and so on. However, these access privileges may affect the security of installed applications [12,13,15], providing an access door to many sensitive information [16][17][18]. In this scenario, unintended data leakage flaws may exist.…”

Section: Introductionmentioning

confidence: 99%

The Dangers of Rooting: Data Leakage Detection in Android Applications

Casati

Visconti

2018

Mobile Information Systems

View full text Add to dashboard Cite

Mobile devices are widely spread all over the world, and Android is the most popular operative system in use. According to Kaspersky Lab's threat statistic (June 2017), many users are tempted to root their mobile devices to get an unrestricted access to the file system, to install different versions of the operating system, to improve performance, and so on. e result is that unintended data leakage flaws may exist. In this paper, we (i) analyze the security issues of several applications considered relevant in terms of handling user sensitive information, for example, financial, social, and communication applications, showing that 51.6% of the tested applications suffer at least of an issue and (ii) show how an attacker might retrieve a user access token stored inside the device thus exposing users to a possible identity violation. Notice that such a token, and a number of other sensitive information, can be stolen by malicious users through a man-in-the-middle (MITM) attack.

show abstract

A Policy-Based Framework for Preserving Confidentiality in BYOD Environments: A Review of Information Security Perspectives

Cited by 24 publications

References 42 publications

Understanding employees' adoption of the Bring-Your-Own-Device (BYOD): the roles of information security-related conflict and fatigue

Understanding employees' adoption of the Bring-Your-Own-Device (BYOD): the roles of information security-related conflict and fatigue

Determinants of Intention to Participate in Corporate BYOD-Programs: The Case of Digital Natives

The Dangers of Rooting: Data Leakage Detection in Android Applications

Contact Info

Product

Resources

About