Bring Your Own Device Project Report: Security and Risk Analysis
VerifiedAdded on 2020/04/01
|17
|5265
|85
Report
AI Summary
This report provides a detailed analysis of a 'Bring Your Own Device' (BYOD) project, focusing on the security implications and risks associated with allowing employees to use their personal devices for work. The report begins with an executive summary, followed by a review of the project's merits and challenges, emphasizing the impact on productivity and connectivity versus potential security threats. It then assesses the project's impact on Aztec's security posture, considering infrastructural costs, employee preferences, and the need for revised security safeguards. A comprehensive risk assessment is conducted, identifying threats, vulnerabilities, and potential consequences, particularly concerning data security. The report also addresses existing recommendations and their relevance. Overall, the report highlights the importance of balancing organizational security, business needs, and individual privacy when implementing a BYOD policy, emphasizing the need for careful planning and ongoing monitoring to mitigate risks.
Running Head: “BRING YOUR OWN DEVICE” PROJECT 1
Title: “Bring your Own Device” Project
Name:
Institution:
Title: “Bring your Own Device” Project
Name:
Institution:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
“BRING YOUR OWN DEVICE” PROJECT 2
Contents
Executive summary....................................................................................................................3
Review of project.......................................................................................................................5
Project impact on Aztec security posture...................................................................................6
Risk assessment – threats, vulnerabilities and consequences....................................................9
Threats....................................................................................................................................9
Vulnerabilities......................................................................................................................10
Consequences.......................................................................................................................12
Existing recommendations...................................................................................................12
Risks for Data security.............................................................................................................12
References................................................................................................................................14
Contents
Executive summary....................................................................................................................3
Review of project.......................................................................................................................5
Project impact on Aztec security posture...................................................................................6
Risk assessment – threats, vulnerabilities and consequences....................................................9
Threats....................................................................................................................................9
Vulnerabilities......................................................................................................................10
Consequences.......................................................................................................................12
Existing recommendations...................................................................................................12
Risks for Data security.............................................................................................................12
References................................................................................................................................14
“BRING YOUR OWN DEVICE” PROJECT 3
Executive summary
Professionally run organizations consistently carry out risk assessments on their
business operations so that they can identify and deal with threats to their business. Beyond
undertaking risk assessment and management as a mere good corporate governance measure,
there is the more important need to identify the potential risks that a business faces, and its
capacity to respond to them in case they do occur. Businesses also need to properly map out
the risk areas in their businesses, so that they can adopt appropriate strategies to deal with
these risks while dedicating the required resources for this task.
Risk emanates from the unauthorized access or utilisation of information which is
transacted or stored using technological tools such as phones and computers. Organizations
constantly worry about being victims of hacking schemes perpetrated by cyber criminals. For
this, they come up with complex security systems that try their best to keep up with
developments in cybercrime. The risk does not always emanate from the outside, however.
Internally, employees may be guilty of acts of omission or commission which expose their
organizations to risk. This may include negligently or maliciously disclosing confidential
information, or failing to secure the information in their care appropriately, causing it to fall
into the wrong hands.
Risk assessments encompass several factors involved in the IT framework. The
factors include the people who use the system, including the users, administrators and
managers, as well as the hardware used. Networks used to pass information, and software
which runs the hardware is also important factors, as is the overall system governance that the
company has adopted.
A vast majority of Australians have cell phones, which they carry to work. A
significant number of these phones are Smartphones, which are able to perform several roles
akin to those of a computer. At the same time, a big number of Australians own laptops,
tablets and other gadgets which can be used for communication, in addition to performing
Executive summary
Professionally run organizations consistently carry out risk assessments on their
business operations so that they can identify and deal with threats to their business. Beyond
undertaking risk assessment and management as a mere good corporate governance measure,
there is the more important need to identify the potential risks that a business faces, and its
capacity to respond to them in case they do occur. Businesses also need to properly map out
the risk areas in their businesses, so that they can adopt appropriate strategies to deal with
these risks while dedicating the required resources for this task.
Risk emanates from the unauthorized access or utilisation of information which is
transacted or stored using technological tools such as phones and computers. Organizations
constantly worry about being victims of hacking schemes perpetrated by cyber criminals. For
this, they come up with complex security systems that try their best to keep up with
developments in cybercrime. The risk does not always emanate from the outside, however.
Internally, employees may be guilty of acts of omission or commission which expose their
organizations to risk. This may include negligently or maliciously disclosing confidential
information, or failing to secure the information in their care appropriately, causing it to fall
into the wrong hands.
Risk assessments encompass several factors involved in the IT framework. The
factors include the people who use the system, including the users, administrators and
managers, as well as the hardware used. Networks used to pass information, and software
which runs the hardware is also important factors, as is the overall system governance that the
company has adopted.
A vast majority of Australians have cell phones, which they carry to work. A
significant number of these phones are Smartphones, which are able to perform several roles
akin to those of a computer. At the same time, a big number of Australians own laptops,
tablets and other gadgets which can be used for communication, in addition to performing
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
“BRING YOUR OWN DEVICE” PROJECT 4
many tasks at the workplace. A company may be tempted to allow employees to bring in
their devices and use them to work, for several reasons. First, this saves the company cost.
Instead of having to acquire the said gadgets, the company can easily utilize what the
employees already have, and only engage in routine maintenance and monitoring.
A second reason for allowing this is to enable connectivity between employees if it is
an important part of the work that they do, and where the same connectivity cannot easily be
provided by the company’s assets. The employees may in such circumstances be more
productive using their own devices, as opposed to having company – provided infrastructure.
This decision may, however, be laden with several risks, that at times force companies
just to opt to equip their employees with company assets, which can easily be maintained and
monitored, in addition to providing for uniformity.
Review of project
The project to allow employees use their devices to work has several merits and
challenges, as described before. The benefits mainly refer to the increased connectivity and
ease of work, which may improve morale and productivity in some instances. On the other
hand, unwanted access to information, irregular use of company resources and difficulty in
monitoring activity are some of the challenges. According to Derks and Bakker (2010), the
organization must be in well understanding of its priorities. Only then will it be able to make
the right decision about allowing the use.
Technology has dramatically changed the way businesses conduct their affairs, mostly
making communication faster and easier. It has also provided companies with powerful tools
to communicate with their customer's conduct market research and facilitate intra-
organizational transactions. The development of information technology has not been without
its own risks and challenges. For instance, the field is constantly changing, sometimes
dramatically. Organisations have to constantly check their assets to ensure they are up to the
task and change what is no longer well equipped for current and future business needs.
many tasks at the workplace. A company may be tempted to allow employees to bring in
their devices and use them to work, for several reasons. First, this saves the company cost.
Instead of having to acquire the said gadgets, the company can easily utilize what the
employees already have, and only engage in routine maintenance and monitoring.
A second reason for allowing this is to enable connectivity between employees if it is
an important part of the work that they do, and where the same connectivity cannot easily be
provided by the company’s assets. The employees may in such circumstances be more
productive using their own devices, as opposed to having company – provided infrastructure.
This decision may, however, be laden with several risks, that at times force companies
just to opt to equip their employees with company assets, which can easily be maintained and
monitored, in addition to providing for uniformity.
Review of project
The project to allow employees use their devices to work has several merits and
challenges, as described before. The benefits mainly refer to the increased connectivity and
ease of work, which may improve morale and productivity in some instances. On the other
hand, unwanted access to information, irregular use of company resources and difficulty in
monitoring activity are some of the challenges. According to Derks and Bakker (2010), the
organization must be in well understanding of its priorities. Only then will it be able to make
the right decision about allowing the use.
Technology has dramatically changed the way businesses conduct their affairs, mostly
making communication faster and easier. It has also provided companies with powerful tools
to communicate with their customer's conduct market research and facilitate intra-
organizational transactions. The development of information technology has not been without
its own risks and challenges. For instance, the field is constantly changing, sometimes
dramatically. Organisations have to constantly check their assets to ensure they are up to the
task and change what is no longer well equipped for current and future business needs.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
“BRING YOUR OWN DEVICE” PROJECT 5
According to Yelby (2013), employee monitoring is a controversial practice, which is
undoubtedly on the rise. Companies find themselves monitoring their employees as a way of
managing risks emanating to employees’ use of communication tools such as laptops and
phones. Technological advances, for instance, mean that employees can more easily use work
resources for personal chores, such as communicating with friends and entertaining
themselves, at the expense of the company. By using company resources, it is easier to
monitor such instances, since they should exclusively be used for work-related duties. With
personal gadgets equipped with organizational software applications and connection, it
becomes much harder, sometimes bordering on invasion of privacy to monitor the same
employees. In the financial services sector, where dedicated secure applications are usual
used to effect transactions, the ability to control every device accessing the system becomes
even more important (Olalere, Abdullah & Mahmod, 2015).
Generally, organizations require their employees not to create or exchange messages
which may be found to be offensive, obscene or inappropriate in the workplace. They should
also not visit websites which carry inappropriate information for the workplace. Sending
confidential information is also regulated, such that employees may not send a confidential
client or other information without clearance first (Vorakulpipat et al., 2017). In creating,
storing and exchanging information, existing copyright law must be considered. The
employee must ensure such activities do not go on. It is also improper to create adverts, chain
letters or other communication that is unauthorized by the organization, especially if it is to
be used for personal ends (Arregui, Maynard & Ahmad, 2016).
The standards above do not form any regulatory framework in the country. But they
are part of industry best practice that must be adhered to in order to properly secure
organizational resources. The organization may refer o the stated standards and find that it is
possible to achieve them while still allowing for the use of personal computers for
According to Yelby (2013), employee monitoring is a controversial practice, which is
undoubtedly on the rise. Companies find themselves monitoring their employees as a way of
managing risks emanating to employees’ use of communication tools such as laptops and
phones. Technological advances, for instance, mean that employees can more easily use work
resources for personal chores, such as communicating with friends and entertaining
themselves, at the expense of the company. By using company resources, it is easier to
monitor such instances, since they should exclusively be used for work-related duties. With
personal gadgets equipped with organizational software applications and connection, it
becomes much harder, sometimes bordering on invasion of privacy to monitor the same
employees. In the financial services sector, where dedicated secure applications are usual
used to effect transactions, the ability to control every device accessing the system becomes
even more important (Olalere, Abdullah & Mahmod, 2015).
Generally, organizations require their employees not to create or exchange messages
which may be found to be offensive, obscene or inappropriate in the workplace. They should
also not visit websites which carry inappropriate information for the workplace. Sending
confidential information is also regulated, such that employees may not send a confidential
client or other information without clearance first (Vorakulpipat et al., 2017). In creating,
storing and exchanging information, existing copyright law must be considered. The
employee must ensure such activities do not go on. It is also improper to create adverts, chain
letters or other communication that is unauthorized by the organization, especially if it is to
be used for personal ends (Arregui, Maynard & Ahmad, 2016).
The standards above do not form any regulatory framework in the country. But they
are part of industry best practice that must be adhered to in order to properly secure
organizational resources. The organization may refer o the stated standards and find that it is
possible to achieve them while still allowing for the use of personal computers for
“BRING YOUR OWN DEVICE” PROJECT 6
organizational tasks. However, this may prove to be a difficult undertaking, especially in light
of privacy laws, as well as the resources to be expended in ensuring compliance with
company requirements. Financial institutions operate within a strict framework of regulations
meant to ensure the privacy of client information and to ensure compliance with statutory
laws. These laws’ observance should not be limited in application by the use of personal
devices that could well act as a means of breaching the law (Gajar, Ghosh & Rai, 2013).
Project impact on Aztec security posture
In assessing the security risks and other impacts that the project will have on the
security posture at Aztek, it is important to note that the gadgets will be bought by the
employees, and will be used for personal as well as organizational tasks. However, the
organization will be responsible for the rest of the infrastructural and network issues. It will
need to ensure that the devices are well serviced so that they do not impact on organizational
efficiency. At the same time, the organization will be tasked with monitoring their use, to
ensure that they are not used to transfer information contrary to company policy (Coenescu,
2016).
Organizations are right to want more form technology, in the form presented by
Smartphones and other gadgets. They may also not be in a position to provide these devices
to their employees for official use. In rushing to reap the benefits of smart technology, as well
as the cost savings of having employees shoulder the initial acquisition of the device, the firm
should not be blind to the huge security problems that this portends. For instance, the
infrastructural costs to monitor and maintain the devices will be much higher than if they
were company owned. This is because the devices bought will have individual preferences
(Vorakulpipat et al., 2017). They may be of different operating systems, model, capabilities
and other differences.
The main reason behind the project to allow employees use their devices for
organizational duties is to make them pore productive, by giving them the ability to better
organizational tasks. However, this may prove to be a difficult undertaking, especially in light
of privacy laws, as well as the resources to be expended in ensuring compliance with
company requirements. Financial institutions operate within a strict framework of regulations
meant to ensure the privacy of client information and to ensure compliance with statutory
laws. These laws’ observance should not be limited in application by the use of personal
devices that could well act as a means of breaching the law (Gajar, Ghosh & Rai, 2013).
Project impact on Aztec security posture
In assessing the security risks and other impacts that the project will have on the
security posture at Aztek, it is important to note that the gadgets will be bought by the
employees, and will be used for personal as well as organizational tasks. However, the
organization will be responsible for the rest of the infrastructural and network issues. It will
need to ensure that the devices are well serviced so that they do not impact on organizational
efficiency. At the same time, the organization will be tasked with monitoring their use, to
ensure that they are not used to transfer information contrary to company policy (Coenescu,
2016).
Organizations are right to want more form technology, in the form presented by
Smartphones and other gadgets. They may also not be in a position to provide these devices
to their employees for official use. In rushing to reap the benefits of smart technology, as well
as the cost savings of having employees shoulder the initial acquisition of the device, the firm
should not be blind to the huge security problems that this portends. For instance, the
infrastructural costs to monitor and maintain the devices will be much higher than if they
were company owned. This is because the devices bought will have individual preferences
(Vorakulpipat et al., 2017). They may be of different operating systems, model, capabilities
and other differences.
The main reason behind the project to allow employees use their devices for
organizational duties is to make them pore productive, by giving them the ability to better
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
“BRING YOUR OWN DEVICE” PROJECT 7
streamline their working routines. However, the streamlining steps were taken, such as the
use of passwords to access sensitive information, and secondary use of the devices, such as
accessing unsecured websites, may have an adverse effect on the organization’s security. This
will further jeopardize the organization's security systems (Yeboah-Boateng & Boaten,
2016).
In the hypothetical scenario whereby the organization does allow the project to
continue, it needs to understand that the security posture then adopted will have to also
conform to employee preferences. After all, it will be selected so that they feel more at ease
working while saving initial acquisition costs of the gadgets. The safeguards which have been
instituted by the company to manage security better will have to be revised so that they can
be better adapted to the employee’s needs, while simultaneously addressing any security
concerns (Keyes, 2013).
The importance of connectivity cannot be downplayed. Employees need to be
connected with fellow employees, their managers, and with clients. Organization – provided
gadgets may not be able to provide this in the seamless way that the personal devices can.
Due to this, the trend has been gaining speed in the market, with more and more
organizations allowing their employees to use personal gadgets for work. This presents an
advantage for Aztek, were it to adopt the project. It will have several other organizations to
look up to in devising its own mechanisms to deal with the security challenges presented.
The performance of the network must be another consideration in determining
whether the project goes ahead or not. An assessment of the potential effect on the network’s
performance regarding efficiency and security must be done before the project goes ahead. If
the prognosis is poor, the organization must then decide on whether to shelve the plan, or
additionally invest in the network in line with recommendations, and therefore make it better
placed to handle the new development. In other instances, it may make the network perform
streamline their working routines. However, the streamlining steps were taken, such as the
use of passwords to access sensitive information, and secondary use of the devices, such as
accessing unsecured websites, may have an adverse effect on the organization’s security. This
will further jeopardize the organization's security systems (Yeboah-Boateng & Boaten,
2016).
In the hypothetical scenario whereby the organization does allow the project to
continue, it needs to understand that the security posture then adopted will have to also
conform to employee preferences. After all, it will be selected so that they feel more at ease
working while saving initial acquisition costs of the gadgets. The safeguards which have been
instituted by the company to manage security better will have to be revised so that they can
be better adapted to the employee’s needs, while simultaneously addressing any security
concerns (Keyes, 2013).
The importance of connectivity cannot be downplayed. Employees need to be
connected with fellow employees, their managers, and with clients. Organization – provided
gadgets may not be able to provide this in the seamless way that the personal devices can.
Due to this, the trend has been gaining speed in the market, with more and more
organizations allowing their employees to use personal gadgets for work. This presents an
advantage for Aztek, were it to adopt the project. It will have several other organizations to
look up to in devising its own mechanisms to deal with the security challenges presented.
The performance of the network must be another consideration in determining
whether the project goes ahead or not. An assessment of the potential effect on the network’s
performance regarding efficiency and security must be done before the project goes ahead. If
the prognosis is poor, the organization must then decide on whether to shelve the plan, or
additionally invest in the network in line with recommendations, and therefore make it better
placed to handle the new development. In other instances, it may make the network perform
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
“BRING YOUR OWN DEVICE” PROJECT 8
better, especially when specific safeguards are put in place to limit their access to the network
(Brodin, Rose & Ahlfedt, 2015).
The management of employees in terms of their security clearance and access, as well
as the management of the ICT platform in the organization, will be drastically altered. The
organization must be alive to new challenges that were previously not part of its risk
management portfolio. It must increasingly worry about what employees do privately since
this has a real effect on the security of the organization. In relation to this, the question on the
security of the devices used to access the system must be posed and be satisfactorily
answered. The particular and nature of applications accessed by the devices will be
thoroughly scrutinised. Changes may need to be adapted to make them better equipped to
handle the increased risk level from cyberspace (Assing & Cale, 2013).
Recreational apps must be cleared after their interaction and effect on the
organization’s security have been assessed. For instance, some games that employees enjoy
privately may have security loopholes that can be used to access company data, putting it at
risk. Besides the clearance, the use of these devices both at the workplace and elsewhere will
be a source of concern for the organization. A new framework of management must be
formulated balancing between organizational security, business needs and individual privacy
(Brodin, Rose & Ahlfedt, 2015).
Risk assessment – threats, vulnerabilities, and consequences
Threats
Risk assessment is never about creating so much paperwork but rather identifying
reasonable measures that that will control the risks at the workplace.It should above all help
to decide if a company has covered all its needs not only its employees.It involves the
determination of quantitative or qualitative estimation of a risk related to the defined situation
and a recognized hazard and or threat.Application of the risk assessment is common in
better, especially when specific safeguards are put in place to limit their access to the network
(Brodin, Rose & Ahlfedt, 2015).
The management of employees in terms of their security clearance and access, as well
as the management of the ICT platform in the organization, will be drastically altered. The
organization must be alive to new challenges that were previously not part of its risk
management portfolio. It must increasingly worry about what employees do privately since
this has a real effect on the security of the organization. In relation to this, the question on the
security of the devices used to access the system must be posed and be satisfactorily
answered. The particular and nature of applications accessed by the devices will be
thoroughly scrutinised. Changes may need to be adapted to make them better equipped to
handle the increased risk level from cyberspace (Assing & Cale, 2013).
Recreational apps must be cleared after their interaction and effect on the
organization’s security have been assessed. For instance, some games that employees enjoy
privately may have security loopholes that can be used to access company data, putting it at
risk. Besides the clearance, the use of these devices both at the workplace and elsewhere will
be a source of concern for the organization. A new framework of management must be
formulated balancing between organizational security, business needs and individual privacy
(Brodin, Rose & Ahlfedt, 2015).
Risk assessment – threats, vulnerabilities, and consequences
Threats
Risk assessment is never about creating so much paperwork but rather identifying
reasonable measures that that will control the risks at the workplace.It should above all help
to decide if a company has covered all its needs not only its employees.It involves the
determination of quantitative or qualitative estimation of a risk related to the defined situation
and a recognized hazard and or threat.Application of the risk assessment is common in
“BRING YOUR OWN DEVICE” PROJECT 9
several fields and these sometimes may have specific legal obligations, codes of practice and
standardized procedures.
One of the major threats facing the project is the presence of bugs which are able to
bypass standard security features adopted by operating systems developers such as Android
or Apple. These bugs may not be easily discovered in the case of personal devices, putting
the company at a bigger risk than if a more easily manageable system was in place. At the
same time, the organization’s employees will bring a broad range of gadgets to the workplace
(Assing & Cale, 2013).
Without specifying the recommended or approved devices, the organization may be
stretched in trying to come up with a system that addresses all the likely bugs and other
threats presented to them. This also involves bug-prone apps that may be installed in phones.
These apps may have security issues, making information insecure. At the same time,
information the apps are extremely hard to track, unless such tracking is voluntary by the
owners of the gadgets (Yeboah-Boateng & Boaten, 2016).
Another eventuality that organizations have to face is the possibility of devices being
lost. Since they are not organizational property, they may not be open to the type of security
measures that would normally secure organization property, such as requiring that their
movement is cleared, or that their usage is in a specific area of the office. At the same time,
lost gadgets mean that a trove of information may easily fall into the wrong hands,
jeopardizing the organization (Brodin, Rose & Ahlfedt, 2015).
Some procedures, known as jail breaking, may undo the security features that a
gadget manufacturer has placed in the machine. In some instances, this may mean that the
gadget becomes a powerful tool to get information for malicious people outside, who may be
using a weakness in the gadget that the organization's security apparatus is still not able to
several fields and these sometimes may have specific legal obligations, codes of practice and
standardized procedures.
One of the major threats facing the project is the presence of bugs which are able to
bypass standard security features adopted by operating systems developers such as Android
or Apple. These bugs may not be easily discovered in the case of personal devices, putting
the company at a bigger risk than if a more easily manageable system was in place. At the
same time, the organization’s employees will bring a broad range of gadgets to the workplace
(Assing & Cale, 2013).
Without specifying the recommended or approved devices, the organization may be
stretched in trying to come up with a system that addresses all the likely bugs and other
threats presented to them. This also involves bug-prone apps that may be installed in phones.
These apps may have security issues, making information insecure. At the same time,
information the apps are extremely hard to track, unless such tracking is voluntary by the
owners of the gadgets (Yeboah-Boateng & Boaten, 2016).
Another eventuality that organizations have to face is the possibility of devices being
lost. Since they are not organizational property, they may not be open to the type of security
measures that would normally secure organization property, such as requiring that their
movement is cleared, or that their usage is in a specific area of the office. At the same time,
lost gadgets mean that a trove of information may easily fall into the wrong hands,
jeopardizing the organization (Brodin, Rose & Ahlfedt, 2015).
Some procedures, known as jail breaking, may undo the security features that a
gadget manufacturer has placed in the machine. In some instances, this may mean that the
gadget becomes a powerful tool to get information for malicious people outside, who may be
using a weakness in the gadget that the organization's security apparatus is still not able to
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
“BRING YOUR OWN DEVICE” PROJECT 10
address. Compromised devices in this away are different than bugged ones, which can be
resolved through antivirus or normal scanning mechanisms (Gajar, Ghosh & Rai, 2013).
As with any organization, there may be the risk of dishonest employees at the
company. These employees are likely to try everything to gain, at the expense of the
company. With a gadget whose monitoring is as compromised as personal devices, this
becomes a simple affair for the employee. The device is primarily under the control of the
employee, who may not voluntarily give details of their activities on the phone, and, with the
right skills, disable any attempts by the organization to rein in on unauthorised activity on the
system. It may be difficult not only to pinpoint the culprit of breaches perpetrated by these
people, but also difficult to come up with remedies which better address the issue without
limiting the use of personal devices (Garba, Armarego & Murray, 2015).
Vulnerabilities
The vulnerability is the inability of a system or even a unit to withstand the results or
impacts of a hostile environment.A window of vulnerability is a period of time where a
defensive measure is low or even lacking in some situations.Vulnerability expresses the
several dimensionalities of disaster by mainly focusing on the fullness of relationships in a
given environment and situation which gives forth a disaster.
There is an increased vulnerability in terms of losing data. The variety of gadgets used
as well as the inability of the organization to provide a thorough security system may mean
that leakages will become more prevalent. At the same time, the organization may be
required to regularly provide updates for software and operating systems to ensure they are
not vulnerable to attack. This will mean an aggressive and costly posture by the firm in terms
of how it manages security (Keyes, 2013).
As discussed before, it is difficult to determine conclusively whether employees will
voluntarily place the required security protocols before the engage in a unmonitored online
address. Compromised devices in this away are different than bugged ones, which can be
resolved through antivirus or normal scanning mechanisms (Gajar, Ghosh & Rai, 2013).
As with any organization, there may be the risk of dishonest employees at the
company. These employees are likely to try everything to gain, at the expense of the
company. With a gadget whose monitoring is as compromised as personal devices, this
becomes a simple affair for the employee. The device is primarily under the control of the
employee, who may not voluntarily give details of their activities on the phone, and, with the
right skills, disable any attempts by the organization to rein in on unauthorised activity on the
system. It may be difficult not only to pinpoint the culprit of breaches perpetrated by these
people, but also difficult to come up with remedies which better address the issue without
limiting the use of personal devices (Garba, Armarego & Murray, 2015).
Vulnerabilities
The vulnerability is the inability of a system or even a unit to withstand the results or
impacts of a hostile environment.A window of vulnerability is a period of time where a
defensive measure is low or even lacking in some situations.Vulnerability expresses the
several dimensionalities of disaster by mainly focusing on the fullness of relationships in a
given environment and situation which gives forth a disaster.
There is an increased vulnerability in terms of losing data. The variety of gadgets used
as well as the inability of the organization to provide a thorough security system may mean
that leakages will become more prevalent. At the same time, the organization may be
required to regularly provide updates for software and operating systems to ensure they are
not vulnerable to attack. This will mean an aggressive and costly posture by the firm in terms
of how it manages security (Keyes, 2013).
As discussed before, it is difficult to determine conclusively whether employees will
voluntarily place the required security protocols before the engage in a unmonitored online
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
“BRING YOUR OWN DEVICE” PROJECT 11
activity, such as accessing unsecured WIFI away from the office and visiting websites which
are not well secured. A huge number of devices have issues related to privacy and security
settings. People may think it is not important to secure them, but the story changes when the
employee has been entrusted with highly valuable and sensitive information. Gadgets may
sometimes be used by more than one person away from work. This again raises the
vulnerability of this project, since such persons cannot be reasonably cleared before viewing
privileged information (Yeboah-Boateng & Boaten, 2016).
The nature of a persona device, when it is employed for work purposes, means that it
is impossible to divide personal issues form business affairs. The vulnerability, in this case,
relates to the danger of the employee inadvertently sharing privileged information, as well as
malicious bugs. These bugs can then easily be introduced into the system by the device, a
factor which will jeopardize the security of the whole system (Garba, Armarego & Murray,
2015).
Some employees do not properly take care of their devices, the way an organization
with a dedicated team of IT experts would. This means that the devices are sometimes not
even locked, nor are there any updates to ensure the security system is up to date. Employees
may also leave their devices unattended, raising the risk of the device being used maliciously
be others to transact business and frame an innocent but negligent person (Priyadarshi, 2013).
The nature of the project is such that the organization will have to make modifications
to its IT infrastructure. These modifications are meant to ensure that the system is able to
handle the new model of operation while maintaining the safety and integrity of the
system.thi may involve securing data, while also ensuring it conforms to current IT policy. In
the process of doing this, some security measures may be removed or otherwise ignored,
despite their importance under the previous regime, to enable the utilization of personal
devices. This likewise opens up the system to more vulnerability (Priyadarshi, 2013).
activity, such as accessing unsecured WIFI away from the office and visiting websites which
are not well secured. A huge number of devices have issues related to privacy and security
settings. People may think it is not important to secure them, but the story changes when the
employee has been entrusted with highly valuable and sensitive information. Gadgets may
sometimes be used by more than one person away from work. This again raises the
vulnerability of this project, since such persons cannot be reasonably cleared before viewing
privileged information (Yeboah-Boateng & Boaten, 2016).
The nature of a persona device, when it is employed for work purposes, means that it
is impossible to divide personal issues form business affairs. The vulnerability, in this case,
relates to the danger of the employee inadvertently sharing privileged information, as well as
malicious bugs. These bugs can then easily be introduced into the system by the device, a
factor which will jeopardize the security of the whole system (Garba, Armarego & Murray,
2015).
Some employees do not properly take care of their devices, the way an organization
with a dedicated team of IT experts would. This means that the devices are sometimes not
even locked, nor are there any updates to ensure the security system is up to date. Employees
may also leave their devices unattended, raising the risk of the device being used maliciously
be others to transact business and frame an innocent but negligent person (Priyadarshi, 2013).
The nature of the project is such that the organization will have to make modifications
to its IT infrastructure. These modifications are meant to ensure that the system is able to
handle the new model of operation while maintaining the safety and integrity of the
system.thi may involve securing data, while also ensuring it conforms to current IT policy. In
the process of doing this, some security measures may be removed or otherwise ignored,
despite their importance under the previous regime, to enable the utilization of personal
devices. This likewise opens up the system to more vulnerability (Priyadarshi, 2013).
“BRING YOUR OWN DEVICE” PROJECT 12
Consequences
The vulnerabilities and consequences presented above bring about far-reaching
consequences for the organization and its posture to security risks. The organization will save
on the acquisition of devices brought by its own employees. However, it will need to spend
more to manage better them, and the threats they pose. This involves regular and rigorous
training to employees, as well as monitoring to the permissible standards, to identify the
unauthorised or malicious use of devices within the network (Dhingra, 2016).
Another consequence is the need for a modified network and IT infrastructure sop that
the nature of the devices can be accommodated, as well as the range of threats and
vulnerabilities they present to the organization (Dhingra, 2016).
Existing recommendations
There are several recommendations on how organizations can better address the
issues which face them. A policy change is necessary, to enable a better response to the
stated threats. A VPN is necessary to ensure that prior to enabling access; data transferred to
and from the device is encrypted and otherwise secured. The procurement of an Enterprise
mobility management is also recommended so that the organization can easily monitor and
manage risks in devices before they can compromise the system. Training is recommended to
help employees manage their devices better, and whistle blows on any unbecoming behavior
by others. Investment should also be made to ensure the system is able to handle the new
project (Garba, Armarego & Murray, 2015).
Garba, Armarego, and Murray (2015) appreciate the fact that the “bring your own
device” trend is picking steam, even with all the threats pointed out. Organizations, therefore,
need to proactively look for the environment and come up with a well-defined policy
regarding the devices, rather than hurriedly formulating one after a project such as the one
discussed in this paper is eventually approved. This will give all the relevant parties’
sufficient time to consider any loopholes and fix them.
Consequences
The vulnerabilities and consequences presented above bring about far-reaching
consequences for the organization and its posture to security risks. The organization will save
on the acquisition of devices brought by its own employees. However, it will need to spend
more to manage better them, and the threats they pose. This involves regular and rigorous
training to employees, as well as monitoring to the permissible standards, to identify the
unauthorised or malicious use of devices within the network (Dhingra, 2016).
Another consequence is the need for a modified network and IT infrastructure sop that
the nature of the devices can be accommodated, as well as the range of threats and
vulnerabilities they present to the organization (Dhingra, 2016).
Existing recommendations
There are several recommendations on how organizations can better address the
issues which face them. A policy change is necessary, to enable a better response to the
stated threats. A VPN is necessary to ensure that prior to enabling access; data transferred to
and from the device is encrypted and otherwise secured. The procurement of an Enterprise
mobility management is also recommended so that the organization can easily monitor and
manage risks in devices before they can compromise the system. Training is recommended to
help employees manage their devices better, and whistle blows on any unbecoming behavior
by others. Investment should also be made to ensure the system is able to handle the new
project (Garba, Armarego & Murray, 2015).
Garba, Armarego, and Murray (2015) appreciate the fact that the “bring your own
device” trend is picking steam, even with all the threats pointed out. Organizations, therefore,
need to proactively look for the environment and come up with a well-defined policy
regarding the devices, rather than hurriedly formulating one after a project such as the one
discussed in this paper is eventually approved. This will give all the relevant parties’
sufficient time to consider any loopholes and fix them.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 17
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.