Högskolan i Skövde

his.sePublications
Change search
Link to record
Permanent link

Direct link
Brodin, Martin
Publications (10 of 12) Show all publications
Brodin, M. & Rose, J. (2020). Improving mobile security management in SME’s: the MSME framework. Journal of Information System Security, 16(1), 47-75
Open this publication in new window or tab >>Improving mobile security management in SME’s: the MSME framework
2020 (English)In: Journal of Information System Security, ISSN 1551-0123, E-ISSN 1551-0808, Vol. 16, no 1, p. 47-75Article in journal (Refereed) Published
Abstract [en]

The rapid proliferation of mobile devices makes mobile security a weak point in many organisations’ security management. Though there are a number of frameworks and methods available for improving security management, few of these target mobile devices, and most are designed for large organisations. Small and medium size organisations are known to be vulnerable to mobile threats, and often subject to the same legal requirements as larger organisations (for example the European General Data Protection Regulation). However they typically lack the resources and specialist competences necessary to use the available commercial frameworks. This article describes an Action Design Research project to devise and test a low cost, low learning curve framework for improving mobile security management. The project is conducted together with a small Swedish consulting company with the pseudonym Novukon. The results show that simple theoretical models can be integrated with well-known analysis techniques to inform managers and provide practical help for small companies to improve mobile security practice. A set of nine design principles are included to guide further research.

Place, publisher, year, edition, pages
Journal of Information System Security (JISSec), 2020
Keywords
Mobile security, Action Design Research project, Mobile threats
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-18539 (URN)2-s2.0-85087352310 (Scopus ID)
Available from: 2020-06-16 Created: 2020-06-16 Last updated: 2020-08-27Bibliographically approved
Brodin, M. (2020). Managing information security for mobile devices in small and medium-sized enterprises: Information management, Information security management, mobile device. (Doctoral dissertation). Skövde: University of Skövde
Open this publication in new window or tab >>Managing information security for mobile devices in small and medium-sized enterprises: Information management, Information security management, mobile device
2020 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The rapid proliferation of mobile devices makes mobile security a weak point in many organisations’ security management. Though there are a number of frameworks and methods available for improving security management, few of these target mobile devices, and most are designed for large organisations. Small and medium size organisations are known to be vulnerable to mobile threats, and often subject to the same legal requirements as larger organisations. However, they typically lack the resources and specialist competences necessary to use the available frameworks.

This thesis describes an Action Design Research project to devise and test a low cost, low learning curve method for improving mobile security management. The project is conducted together with a small Swedish consulting company and evaluated in several other companies. In order to solve the challenge that SMEs faces; three objectives have been set:

1. Identify existing solutions at a strategic level to managing information that is accessible with mobile devices and their suitability for SMEs.

2. Develop a framework to support SMEs to manage information in a secure way on mobile devices.

3. Evaluate the framework in practice.

The results show that simple theoretical models can be integrated with well-known analysis techniques to inform managers and provide practical help for small companies to improve mobile security practice. The most important contribution to both science and practice is a structured approach for managers to deal with mobile devices, or for that matter other technology advances that do not fit into the existing management system. The journey to the final solution also produced several smaller contributions to science, for example insights from C-suites about strategies and work with mobile devices, differences and similarities between CYOD (choose your own device) and BYOD (bring your own device), the role of security policies in organisations, and twelve identified management issues with mobile devices.

Place, publisher, year, edition, pages
Skövde: University of Skövde, 2020. p. 228
Series
Dissertation Series ; 32
Keywords
Information management, Information security management, mobile device
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-18889 (URN)978-91-984918-4-5 (ISBN)
Public defence
2020-09-11, G109, Högskolevägen 1, Skövde, 13:00 (English)
Opponent
Supervisors
Funder
Knowledge Foundation
Available from: 2020-08-10 Created: 2020-08-10 Last updated: 2020-08-20Bibliographically approved
Brodin, M. & Rose, J. (2020). Mobile information security management for small organisation technology upgrades: the policy-driven approach and the evolving implementation approach. International Journal of Mobile Communications, 18(5), 598-618
Open this publication in new window or tab >>Mobile information security management for small organisation technology upgrades: the policy-driven approach and the evolving implementation approach
2020 (English)In: International Journal of Mobile Communications, ISSN 1470-949X, E-ISSN 1741-5217, Vol. 18, no 5, p. 598-618Article in journal (Refereed) Published
Abstract [en]

Information security management researchers are often focused on the information security policy, its implementation and evaluation as the primary means of ensuring that organisations protect their valuable data. However, information security is usually nested with a variety of other concerns (for instance technology upgrades, information access, efficiency and sustainability issues, employee satisfaction), so this policy-driven approach is seldom operated in isolation. We investigate the approach as implied in the mobile information security literature, provide a literature-inspired characterisation and use it to analyse an iPad implementation for politicians in a Swedish municipality. The analysis provides only a partial explanation for security work in this kind of small organisation technology upgrade, so we develop a complementary approach: the evolving implementation approach. A suggestion is made for how the two approaches can be reconciled, and implications for both practitioners and researchers derived.

Place, publisher, year, edition, pages
InderScience Publishers, 2020
Keywords
information management, mobile devices, implementation, device strategy, IS management
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-18538 (URN)10.1504/IJMC.2020.10023760 (DOI)000576967200006 ()
Available from: 2020-06-16 Created: 2020-06-16 Last updated: 2020-10-29Bibliographically approved
Brodin, M. (2019). A Framework for GDPR Compliance for Small- and Medium-Sized Enterprises. European Journal for Security Research, 4(2), 243-264
Open this publication in new window or tab >>A Framework for GDPR Compliance for Small- and Medium-Sized Enterprises
2019 (English)In: European Journal for Security Research, ISSN 2365-0931, E-ISSN 2365-1695, Vol. 4, no 2, p. 243-264Article in journal (Refereed) Published
Abstract [en]

The EU’s General Data Protection (GDPR) is an EU regulation that affects everyone in the EU and all organisations outside the EU that wants to do business with the EU. GDPR introduces tougher requirements for processing personal data, which may be difficult for many small- and medium-sized enterprises (SMEs) to follow without major adjustments. This work uses design science to develop a framework for SMEs to adapt to GDPR. The framework was empirically evaluated in three different types of organisations, resulting of GDPR compliance according to their Data Protection Officers. It was also theoretical evaluated against scientific literature including the identified implications of GDPR. In this paper the framework is presented, from initial analysis and design to implementation and future work, with advice on how to work with each part to achieve compliance. The paper also highlights some of the most important changes in GDPR compared to its predecessor, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (DIR95).

Place, publisher, year, edition, pages
Springer, 2019
Keywords
General Data Protection Regulation, GDPR, Information management, SME, SMEs, information security
National Category
Information Systems
Research subject
INF303 Information Security; Information Systems
Identifiers
urn:nbn:se:his:diva-17874 (URN)10.1007/s41125-019-00042-z (DOI)
Available from: 2019-11-11 Created: 2019-11-11 Last updated: 2020-01-29Bibliographically approved
Brodin, M. (2017). Mobile Device Strategy: From a Management Point of View. Journal of Mobile Technologies, Knowledge and Society, 2017, Article ID 593035.
Open this publication in new window or tab >>Mobile Device Strategy: From a Management Point of View
2017 (English)In: Journal of Mobile Technologies, Knowledge and Society, E-ISSN 2155-4811, Vol. 2017, article id 593035Article in journal (Refereed) Published
Abstract [en]

In recent years, mobile devices have become an indispensable part of working life. However, in many cases the same device is also used privately, which has blurred the line between personal and company data. This situation needs to be analysed, and a long-term strategy implemented for organisations not to lose control of their data. This article is based on interviews with executives and a theoretical framework for managing mobile devices. Empirical input from practice is used to update the framework to help organisations to better respond to emerging trends for mobile devices.

Place, publisher, year, edition, pages
International Business Information Management Association (IBIMA), 2017
Keywords
Information Management, Mobile Device Strategy, BYOD, CYOD
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-13348 (URN)
Projects
IPSI
Note

10.5171/2017.593035

Available from: 2017-01-31 Created: 2017-01-31 Last updated: 2024-05-02Bibliographically approved
Brodin, M. (2017). Security strategies for managing mobile devices in SMEs: A theoretical evaluation. In: Proceedings of the 8th International Conference on Information, Intelligence, Systems & Applications (IISA): . Paper presented at The 8th International Conference on Information Intelligence Systems Applications 2017, Larnaca, Cyprus, August 27-30, 2017 (pp. 89-94). IEEE
Open this publication in new window or tab >>Security strategies for managing mobile devices in SMEs: A theoretical evaluation
2017 (English)In: Proceedings of the 8th International Conference on Information, Intelligence, Systems & Applications (IISA), IEEE, 2017, p. 89-94Conference paper, Published paper (Refereed)
Abstract [en]

With mobile devices connecting personal and business lives together creating opportunities for both employees and employers the need for a longtime mobile strategy increases. The scientific literature provides four different approaches which are analyzed together with an approach from a governmental agency. As basis for the analysis is identified security challenges which are adopted to a SMEs environment. The conclusion is that most of the framework manage the security challenges well, but only two take benefits with mobile devices into account.

Place, publisher, year, edition, pages
IEEE, 2017
Series
International Conference on Information, Intelligence, Systems & Applications (IISA), ISSN 2379-3732
Keywords
BYOD, CYOD, Mobile devices, SME, information management, information security management, security strategy
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-14966 (URN)10.1109/IISA.2017.8316387 (DOI)000454859600016 ()2-s2.0-85047927810 (Scopus ID)978-1-5386-3732-6 (ISBN)978-1-5386-3731-9 (ISBN)
Conference
The 8th International Conference on Information Intelligence Systems Applications 2017, Larnaca, Cyprus, August 27-30, 2017
Available from: 2018-03-16 Created: 2018-03-16 Last updated: 2020-08-10Bibliographically approved
Brodin, M. (2016). BYOD vs. CYOD: What is the difference?. In: Miguel Baptista Nunes, Pedro Isaías, Philip Powell (Ed.), Proceedings of the 9th IADIS International Conference: Information Systems 2016. Paper presented at 9th IADIS International Conference Information Systems, 9-11 April 2016, Vilamoura, Portugal (pp. 55-62). IADIS Press
Open this publication in new window or tab >>BYOD vs. CYOD: What is the difference?
2016 (English)In: Proceedings of the 9th IADIS International Conference: Information Systems 2016 / [ed] Miguel Baptista Nunes, Pedro Isaías, Philip Powell, IADIS Press, 2016, p. 55-62Conference paper, Published paper (Refereed)
Abstract [en]

During the last years mobile devices have become very popular to use both for work and pleasure. Different strategies have evolved to increase productivity and to satisfy the employees. In this paper, we look at the two most popular strategies and look at the strengths and weaknesses of those. This is done by a systematic literature review and semi-structured interviews with CIO’s or equivalent roles. We conclude that BYOD and CYOD comes with similar strengths, but CYOD brings a little fewer security risks.

Place, publisher, year, edition, pages
IADIS Press, 2016
Keywords
BYOD, CYOD, Information Management, Mobile Devices, Mobile strategy, Smartphone, Bring Your Own Device
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-12153 (URN)2-s2.0-84976351093 (Scopus ID)978-989-8533-50-0 (ISBN)978-1-5108-2369-3 (ISBN)
Conference
9th IADIS International Conference Information Systems, 9-11 April 2016, Vilamoura, Portugal
Available from: 2016-04-18 Created: 2016-04-18 Last updated: 2024-05-31Bibliographically approved
Brodin, M. (2016). Management of Mobile Devices: How to Implement a New Strategy. In: Khalid S. Soliman (Ed.), Proceedings of The 27th International Business Information Management Association Conference: Innovation Management and Education Excellence Vision 2020: From Regional Development Sustainability to Global Economic Growth. Paper presented at The 27th International Business Information Management Association Conference, IBIMA 2016, Milan, Italy, May 4-5, 2016 (pp. 1261-1268). International Business Information Management Association (IBIMA)
Open this publication in new window or tab >>Management of Mobile Devices: How to Implement a New Strategy
2016 (English)In: Proceedings of The 27th International Business Information Management Association Conference: Innovation Management and Education Excellence Vision 2020: From Regional Development Sustainability to Global Economic Growth / [ed] Khalid S. Soliman, International Business Information Management Association (IBIMA), 2016, p. 1261-1268Conference paper, Published paper (Refereed)
Abstract [en]

Since smartphones entered the market the need for them has exploded, today 85 % believe that their mobile is a central part of their life. Despite the major focus on mobile devices and increased budgets, there are still many organisations missing a strategy for mobile devices. This article investigates the most important steps to take when implementing a mobile device strategy by conducting an empirical study with interviews with CIO or equivalent roles in 13 organisations with 50 to 15 000 employees. The result is an improved framework for mobile device implementation.

Place, publisher, year, edition, pages
International Business Information Management Association (IBIMA), 2016
Keywords
Information Management, Mobile Device, BYOD, CYOD
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-12228 (URN)000381172300142 ()2-s2.0-84984664024 (Scopus ID)978-0-9860419-6-9 (ISBN)
Conference
The 27th International Business Information Management Association Conference, IBIMA 2016, Milan, Italy, May 4-5, 2016
Available from: 2016-05-11 Created: 2016-05-11 Last updated: 2019-03-06Bibliographically approved
Brodin, M. (2016). Mobile Device Strategy: A management framework for securing company information assets on mobile devices. (Licentiate dissertation). Skövde: University of Skövde
Open this publication in new window or tab >>Mobile Device Strategy: A management framework for securing company information assets on mobile devices
2016 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

The problem addressed by this research is a demand for increased flexibility in access to organisational information, driven by the increasing popularity of mobile devices. Employees increasingly bring private devices to work (Bring Your Own Device, BYOD) or use work devices for private purposes (Choose Your Own Device, CYOD). This puts managers in a difficult position, since they want the benefits of mobility, without exposing organisational data to further risk. The research focuses on management (particularly information security management) issues in the design and implementation of strategies for mobile devices.  There are two objectives. The first is to identify existing information security management strategies for mobile and dual-use devices. The second is to develop a framework for analysing, evaluating and implementing a mobile device strategy.

The overall research strategy is inspired by Design Science; where the mission is to develop an artefact, in this case a framework, which will help to solve a practical problem. Methods include literature review, theoretical development, and the collection and analysis of qualitative data through interviews with executives. The main result of this work is the framework, which deals with the complete process, including analysis, design and implementation of a mobile device management strategy. It helps researchers to understand necessary steps in analysing phenomenon like BYOD and gives practitioners guidance in which analyses to conduct when working on strategies for mobile devices. The framework was developed primarily through theoretical work (with inspiration from the mobile security and strategic management literature, and the ISO/IEC 27000 standard), and evaluated and refined through the empirical studies. The results include twelve management issues, a research agenda, argumentation for CYOD and, guidance for researchers and practitioners.

Place, publisher, year, edition, pages
Skövde: University of Skövde, 2016. p. 76
Series
Dissertation Series ; 15 (2016)
Keywords
Strategic Management, Mobile device, Information security, information security management, information management, BYOD, CYOD, mobile strategy, mobile device strategy, management framework
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-13125 (URN)978-91-982690-5-5 (ISBN)
Presentation
2016-11-29, G207, Högskolan i Skövde, Skövde, 13:00 (English)
Opponent
Supervisors
Funder
Knowledge Foundation
Available from: 2016-12-05 Created: 2016-11-22 Last updated: 2023-01-03Bibliographically approved
Brodin, M. (2015). Combining ISMS with strategic management: The case of BYOD. In: Miguel Baptista Nunes, Pedro Isaias, Philip Powell (Ed.), Information Systems 2015: Proceedings of the 8th IADIS International Conference. Paper presented at 8th IADIS International Conference on Information Systems 2015, 14–16 March, Madeira, Portugal (pp. 161-168). IADIS Press
Open this publication in new window or tab >>Combining ISMS with strategic management: The case of BYOD
2015 (English)In: Information Systems 2015: Proceedings of the 8th IADIS International Conference / [ed] Miguel Baptista Nunes, Pedro Isaias, Philip Powell, IADIS Press, 2015, p. 161-168Conference paper, Published paper (Refereed)
Abstract [en]

Bring Your Own Device (BYOD) (where employees use their private devices for work) causes problems for organisations since their management systems are seldom designed for this purpose. If BYOD is not adequately regulated, many security and privacy issues may result. This paper proposes an analysis-design-action framework for designing a suitable security management strategy by combining Johnson and Scholes’ strategic management model with the ISO/IEC 27000-series.

Place, publisher, year, edition, pages
IADIS Press, 2015
Keywords
ISO/IEC 27000-series, BYOD, Information Security Management, Strategic Management
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-10931 (URN)2-s2.0-84944035669 (Scopus ID)978-989-8533-33-3 (ISBN)
Conference
8th IADIS International Conference on Information Systems 2015, 14–16 March, Madeira, Portugal
Note

The full-text published here is a reprint from a paper published in the Proceedings of the 8th IADIS International Conference on Information Systems 2015, IADIS, http://www.iadis.org.

Available from: 2015-05-12 Created: 2015-05-12 Last updated: 2020-08-10Bibliographically approved
Organisations

Search in DiVA

Show all publications