Risk Assessment: BYOD Policy
Added on 2023-06-03
14 Pages4528 Words331 Views
Running Head: RISK ASSESSMENT: BYOD POLICY 1
Risk Assessment: BYOD Policy
Name
Institution
Risk Assessment: BYOD Policy
Name
Institution
RISK ASSESSMENT: BYOD POLICY 2
Table of Contents
Executive Summary.....................................................................................................................................3
Introduction.................................................................................................................................................3
Risk Assessment..........................................................................................................................................4
Threat Agents..........................................................................................................................................5
Vulnerabilities.........................................................................................................................................7
Consequences of BYOD Threats.............................................................................................................8
Impact......................................................................................................................................................9
BYOD Protection mechanisms for Information Security (Literature review)............................................10
Safeguards.............................................................................................................................................11
Conclusion.................................................................................................................................................12
References.................................................................................................................................................13
Table of Contents
Executive Summary.....................................................................................................................................3
Introduction.................................................................................................................................................3
Risk Assessment..........................................................................................................................................4
Threat Agents..........................................................................................................................................5
Vulnerabilities.........................................................................................................................................7
Consequences of BYOD Threats.............................................................................................................8
Impact......................................................................................................................................................9
BYOD Protection mechanisms for Information Security (Literature review)............................................10
Safeguards.............................................................................................................................................11
Conclusion.................................................................................................................................................12
References.................................................................................................................................................13
RISK ASSESSMENT: BYOD POLICY 3
Executive Summary
This report analyzes the risk assessment of the BYOD policy in an organization basing on
the threats agents, consequences and impact of the threats on the information assets of the
organization. The report analyzes different vulnerabilities and how they may impact the
corporation’s information system if they occur. It also provides the information security
strategies to be implemented to encounter the BYOD policy threats. Bring Your Device policies
allows employees to utilize own electronic devices such as laptops computers, tablets PCs and
smart phones for undertaking their official duties and responsibilities. An organization can fully
comprehend the BYOD policy threats and vulnerabilities by undertaking risk assessment of its
information systems.
Introduction
More and more corporations are implementing Bring Your Device policies which allow
employees to utilize own electronic devices such as laptops computers, tablets PCs and smart
phones for undertaking their official duties and responsibilities. Employees, therefore, will have
private terminals to assess information resources of organization. However, implementation of
Bring Your Device in organization carries various risks including information theft, data leakage,
network availability problems, loss of application security as well as legal liability. Therefore,
organizations require a well-designed cyber security framework to protect its information system
resources from the potential threats.
Information is vital to an organization’s operations, strategic objectives and its
brand and also of critical value to the clients and consumers who utilize the organization's
products and services. Therefore, the information can be considered as an organization's asset
and has its value, threats, and vulnerabilities which the threats can potentially abuse to cause
harm to the assets and the organization as a whole.
Organization’s information assets must be protected from various risks by implementing
different security strategies. To understand the risks brought by BYOD policies and processes
facing the information assets of an organization, a risk assessment must be undertaken to
comprehend the threats, key threats agents, their vulnerabilities and their potential impact on the
assets.
The organization should develop a BYOD policy that contains the procedures and
regulations to be adhered to when utilizing personal devices at the workplace. The other
strategies will include strongly encrypting the organization's data to be accessed through the
mobile device and also encrypt the data communication process (Densham, 2015). Regular
update of operating system, and the software of the system should be undertaken by the
organization, and the IT administrator should ensure that the users with personal mobile devices
are updating their antivirus and authentication measures.
Various tools and techniques should also be implemented including application
containerization software that ensures that applications are utilized in isolation and prevents
other applications from accessing. Data Loss Prevention techniques allow the network
administrators to monitor the employees' activities on the network and any security breach
source and respond quickly to that threat (Martin, Martin, Hankin, Darzi, & Kinross, 2017).
Executive Summary
This report analyzes the risk assessment of the BYOD policy in an organization basing on
the threats agents, consequences and impact of the threats on the information assets of the
organization. The report analyzes different vulnerabilities and how they may impact the
corporation’s information system if they occur. It also provides the information security
strategies to be implemented to encounter the BYOD policy threats. Bring Your Device policies
allows employees to utilize own electronic devices such as laptops computers, tablets PCs and
smart phones for undertaking their official duties and responsibilities. An organization can fully
comprehend the BYOD policy threats and vulnerabilities by undertaking risk assessment of its
information systems.
Introduction
More and more corporations are implementing Bring Your Device policies which allow
employees to utilize own electronic devices such as laptops computers, tablets PCs and smart
phones for undertaking their official duties and responsibilities. Employees, therefore, will have
private terminals to assess information resources of organization. However, implementation of
Bring Your Device in organization carries various risks including information theft, data leakage,
network availability problems, loss of application security as well as legal liability. Therefore,
organizations require a well-designed cyber security framework to protect its information system
resources from the potential threats.
Information is vital to an organization’s operations, strategic objectives and its
brand and also of critical value to the clients and consumers who utilize the organization's
products and services. Therefore, the information can be considered as an organization's asset
and has its value, threats, and vulnerabilities which the threats can potentially abuse to cause
harm to the assets and the organization as a whole.
Organization’s information assets must be protected from various risks by implementing
different security strategies. To understand the risks brought by BYOD policies and processes
facing the information assets of an organization, a risk assessment must be undertaken to
comprehend the threats, key threats agents, their vulnerabilities and their potential impact on the
assets.
The organization should develop a BYOD policy that contains the procedures and
regulations to be adhered to when utilizing personal devices at the workplace. The other
strategies will include strongly encrypting the organization's data to be accessed through the
mobile device and also encrypt the data communication process (Densham, 2015). Regular
update of operating system, and the software of the system should be undertaken by the
organization, and the IT administrator should ensure that the users with personal mobile devices
are updating their antivirus and authentication measures.
Various tools and techniques should also be implemented including application
containerization software that ensures that applications are utilized in isolation and prevents
other applications from accessing. Data Loss Prevention techniques allow the network
administrators to monitor the employees' activities on the network and any security breach
source and respond quickly to that threat (Martin, Martin, Hankin, Darzi, & Kinross, 2017).
RISK ASSESSMENT: BYOD POLICY 4
Merits of BYOD
Adoption of BYOD in an organization harnesses numerous benefits including improved
productivity, reduced costs, the efficiency of work and convenience. The users face less
complication in terms of the operating systems and applications because they are utilizing the
own devices and usually know their way around the mobile devices. BYOD results in reduced IT
infrastructure expenses because the employees bring their own devices. Workplace efficiency is
also attained through BYOD implementation in an organization, because the policy allows the
employees to utilize their devices comfortably in the office. The operational costs of the
organization such as that meant for device or software upgrades, is avoided since the employees
upgraded their own devices and associated software. The expenses meant for IT operations can
then be utilized for other projects. BYOD improves the productivity and convenience in an
organization because the employees can work from anywhere at any time with no difficulties.
Therefore, an organization should not shy away from the use of personal devices in their
workplace due to the threats of the BYOD policy on the information assets, but the organization
should develop and implement a strategy to prevent and mitigate the risks of BYOD policies and
practices.
Risk Assessment
The essential benefits of undertaking a Risk assessment of the information system of the
organization are outlined below;
Risk assessment helps in the identification of the potential vulnerabilities to be utilized by
hackers to access the organization’s information assets.
Risk assessment results in the adoption of more secure practices, solutions and policies,
and guides in implementing the best information security strategy that suits the
organization.
Risk assessment of the information systems of an organization justifies security
investments by presenting a fair analysis of the information security investment versus
the costs of the potential losses due to breaches of the information assets.
A key aspect of risk assessment is the identification of the threats and determination of
their likelihood of occurrence. A threat is a physical or a logical process that has the potential to
impact operations, information, and systems of an organization negatively. In developing,
information security strategy and undertaking risk assessment, the first essential procedure is to
identify and comprehend the information assets that require protection. The information assets in
an organization impact integrity, confidentiality, availability and support the institution’s mission
and vision and it strategic objectives (Boranbayev, Mazhitov, & Kakhanov, 2015).
The information system assets of an organization are namely
Human resources: personal data of staff and reports.
Legal: contracts and internal documentation, employees confidential information on staff
Merits of BYOD
Adoption of BYOD in an organization harnesses numerous benefits including improved
productivity, reduced costs, the efficiency of work and convenience. The users face less
complication in terms of the operating systems and applications because they are utilizing the
own devices and usually know their way around the mobile devices. BYOD results in reduced IT
infrastructure expenses because the employees bring their own devices. Workplace efficiency is
also attained through BYOD implementation in an organization, because the policy allows the
employees to utilize their devices comfortably in the office. The operational costs of the
organization such as that meant for device or software upgrades, is avoided since the employees
upgraded their own devices and associated software. The expenses meant for IT operations can
then be utilized for other projects. BYOD improves the productivity and convenience in an
organization because the employees can work from anywhere at any time with no difficulties.
Therefore, an organization should not shy away from the use of personal devices in their
workplace due to the threats of the BYOD policy on the information assets, but the organization
should develop and implement a strategy to prevent and mitigate the risks of BYOD policies and
practices.
Risk Assessment
The essential benefits of undertaking a Risk assessment of the information system of the
organization are outlined below;
Risk assessment helps in the identification of the potential vulnerabilities to be utilized by
hackers to access the organization’s information assets.
Risk assessment results in the adoption of more secure practices, solutions and policies,
and guides in implementing the best information security strategy that suits the
organization.
Risk assessment of the information systems of an organization justifies security
investments by presenting a fair analysis of the information security investment versus
the costs of the potential losses due to breaches of the information assets.
A key aspect of risk assessment is the identification of the threats and determination of
their likelihood of occurrence. A threat is a physical or a logical process that has the potential to
impact operations, information, and systems of an organization negatively. In developing,
information security strategy and undertaking risk assessment, the first essential procedure is to
identify and comprehend the information assets that require protection. The information assets in
an organization impact integrity, confidentiality, availability and support the institution’s mission
and vision and it strategic objectives (Boranbayev, Mazhitov, & Kakhanov, 2015).
The information system assets of an organization are namely
Human resources: personal data of staff and reports.
Legal: contracts and internal documentation, employees confidential information on staff
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
BYOD Policy Threats and Security Strategies for Cybersecuritylg...
|11
|2820
|426
Risk Assessment of Southern Cross Universitylg...
|13
|2466
|317
Bring Your Own Device (BYOD) Project Description: Aztek Corporationlg...
|20
|5312
|490
Solutions of Cybersecurity Assignmentlg...
|9
|2005
|320
Cyber Security: BYOD Risk Assessment, Certificate-based Authentication, and Anti-phishing Guidelinelg...
|9
|2240
|285
BYOD Risk Assessment Task 1: Critical Components 2 2 Cyber Security Name of University Authorlg...
|15
|2429
|149