his.sePublications
Change search
Link to record
Permanent link

Direct link
BETA
Brodin, Martin
Publications (9 of 9) Show all publications
Brodin, M. (2019). A Framework for GDPR Compliance for Small- and Medium-Sized Enterprises. European Journal for Security Research, 4(2), 243-264
Open this publication in new window or tab >>A Framework for GDPR Compliance for Small- and Medium-Sized Enterprises
2019 (English)In: European Journal for Security Research, ISSN 2365-0931, E-ISSN 2365-1695, Vol. 4, no 2, p. 243-264Article in journal (Refereed) Published
Abstract [en]

The EU’s General Data Protection (GDPR) is an EU regulation that affects everyone in the EU and all organisations outside the EU that wants to do business with the EU. GDPR introduces tougher requirements for processing personal data, which may be difficult for many small- and medium-sized enterprises (SMEs) to follow without major adjustments. This work uses design science to develop a framework for SMEs to adapt to GDPR. The framework was empirically evaluated in three different types of organisations, resulting of GDPR compliance according to their Data Protection Officers. It was also theoretical evaluated against scientific literature including the identified implications of GDPR. In this paper the framework is presented, from initial analysis and design to implementation and future work, with advice on how to work with each part to achieve compliance. The paper also highlights some of the most important changes in GDPR compared to its predecessor, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (DIR95).

Place, publisher, year, edition, pages
Springer, 2019
Keywords
General Data Protection Regulation, GDPR, Information management, SME, SMEs, information security
National Category
Information Systems
Research subject
INF303 Information Security; Information Systems
Identifiers
urn:nbn:se:his:diva-17874 (URN)10.1007/s41125-019-00042-z (DOI)
Available from: 2019-11-11 Created: 2019-11-11 Last updated: 2019-11-11Bibliographically approved
Brodin, M. (2017). Mobile Device Strategy: From a Management Point of View. Journal of Mobile Technologies, Knowledge and Society, 2017, Article ID 593035.
Open this publication in new window or tab >>Mobile Device Strategy: From a Management Point of View
2017 (English)In: Journal of Mobile Technologies, Knowledge and Society, ISSN 2155-4811, E-ISSN 2155-4811, Vol. 2017, article id 593035Article in journal (Refereed) Published
Abstract [en]

In recent years, mobile devices have become an indispensable part of working life. However, in many cases the same device is also used privately, which has blurred the line between personal and company data. This situation needs to be analysed, and a long-term strategy implemented for organisations not to lose control of their data. This article is based on interviews with executives and a theoretical framework for managing mobile devices. Empirical input from practice is used to update the framework to help organisations to better respond to emerging trends for mobile devices.

Place, publisher, year, edition, pages
International Business Information Management Association (IBIMA), 2017
Keywords
Information Management, Mobile Device Strategy, BYOD, CYOD
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-13348 (URN)10.5171/2017.593035 (DOI)
Projects
IPSI
Available from: 2017-01-31 Created: 2017-01-31 Last updated: 2018-01-25Bibliographically approved
Brodin, M. (2017). Security strategies for managing mobile devices in SMEs: A theoretical evaluation. In: Proceedings of the 8th International Conference on Information, Intelligence, Systems & Applications (IISA): . Paper presented at The 8th International Conference on Information Intelligence Systems Applications 2017, Larnaca, Cyprus, August 27-30, 2017 (pp. 89-94). IEEE
Open this publication in new window or tab >>Security strategies for managing mobile devices in SMEs: A theoretical evaluation
2017 (English)In: Proceedings of the 8th International Conference on Information, Intelligence, Systems & Applications (IISA), IEEE, 2017, p. 89-94Conference paper, Published paper (Refereed)
Abstract [en]

With mobile devices connecting personal and business lives together creating opportunities for both employees and employers the need for a longtime mobile strategy increases. The scientific literature provides four different approaches which are analyzed together with an approach from a governmental agency. As basis for the analysis is identified security challenges which are adopted to a SMEs environment. The conclusion is that most of the framework manage the security challenges well, but only two take benefits with mobile devices into account.

Place, publisher, year, edition, pages
IEEE, 2017
Series
International Conference on Information, Intelligence, Systems & Applications (IISA), ISSN 2379-3732
Keywords
BYOD, CYOD, Mobile devices, SME, information management, information security management, security strategy
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-14966 (URN)10.1109/IISA.2017.8316387 (DOI)000454859600016 ()2-s2.0-85047927810 (Scopus ID)978-1-5386-3732-6 (ISBN)978-1-5386-3731-9 (ISBN)
Conference
The 8th International Conference on Information Intelligence Systems Applications 2017, Larnaca, Cyprus, August 27-30, 2017
Available from: 2018-03-16 Created: 2018-03-16 Last updated: 2019-03-05Bibliographically approved
Brodin, M. (2016). BYOD vs. CYOD: What is the difference?. In: Miguel Baptista Nunes, Pedro Isaías, Philip Powell (Ed.), Proceedings of the 9th IADIS International Conference: Information Systems 2016. Paper presented at 9th IADIS International Conference Information Systems, 9-11 April 2016, Vilamoura, Portugal (pp. 55-62). IADIS Press
Open this publication in new window or tab >>BYOD vs. CYOD: What is the difference?
2016 (English)In: Proceedings of the 9th IADIS International Conference: Information Systems 2016 / [ed] Miguel Baptista Nunes, Pedro Isaías, Philip Powell, IADIS Press, 2016, p. 55-62Conference paper, Published paper (Refereed)
Abstract [en]

During the last years mobile devices have become very popular to use both for work and pleasure. Different strategies have evolved to increase productivity and to satisfy the employees. In this paper, we look at the two most popular strategies and look at the strengths and weaknesses of those. This is done by a systematic literature review and semi-structured interviews with CIO’s or equivalent roles. We conclude that BYOD and CYOD comes with similar strengths, but CYOD brings a little fewer security risks.

Place, publisher, year, edition, pages
IADIS Press, 2016
Keywords
BYOD, CYOD, Information Management, Mobile Devices, Mobile strategy, Smartphone, Bring Your Own Device
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-12153 (URN)2-s2.0-84976351093 (Scopus ID)978-989-8533-50-0 (ISBN)978-1-5108-2369-3 (ISBN)
Conference
9th IADIS International Conference Information Systems, 9-11 April 2016, Vilamoura, Portugal
Available from: 2016-04-18 Created: 2016-04-18 Last updated: 2019-03-04Bibliographically approved
Brodin, M. (2016). Management of Mobile Devices: How to Implement a New Strategy. In: Khalid S. Soliman (Ed.), Proceedings of The 27th International Business Information Management Association Conference: Innovation Management and Education Excellence Vision 2020: From Regional Development Sustainability to Global Economic Growth. Paper presented at The 27th International Business Information Management Association Conference, IBIMA 2016, Milan, Italy, May 4-5, 2016 (pp. 1261-1268). International Business Information Management Association (IBIMA)
Open this publication in new window or tab >>Management of Mobile Devices: How to Implement a New Strategy
2016 (English)In: Proceedings of The 27th International Business Information Management Association Conference: Innovation Management and Education Excellence Vision 2020: From Regional Development Sustainability to Global Economic Growth / [ed] Khalid S. Soliman, International Business Information Management Association (IBIMA), 2016, p. 1261-1268Conference paper, Published paper (Refereed)
Abstract [en]

Since smartphones entered the market the need for them has exploded, today 85 % believe that their mobile is a central part of their life. Despite the major focus on mobile devices and increased budgets, there are still many organisations missing a strategy for mobile devices. This article investigates the most important steps to take when implementing a mobile device strategy by conducting an empirical study with interviews with CIO or equivalent roles in 13 organisations with 50 to 15 000 employees. The result is an improved framework for mobile device implementation.

Place, publisher, year, edition, pages
International Business Information Management Association (IBIMA), 2016
Keywords
Information Management, Mobile Device, BYOD, CYOD
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-12228 (URN)000381172300142 ()2-s2.0-84984664024 (Scopus ID)978-0-9860419-6-9 (ISBN)
Conference
The 27th International Business Information Management Association Conference, IBIMA 2016, Milan, Italy, May 4-5, 2016
Available from: 2016-05-11 Created: 2016-05-11 Last updated: 2019-03-06Bibliographically approved
Brodin, M. (2016). Mobile Device Strategy: A management framework for securing company information assets on mobile devices. (Licentiate dissertation). Skövde: University of Skövde
Open this publication in new window or tab >>Mobile Device Strategy: A management framework for securing company information assets on mobile devices
2016 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

The problem addressed by this research is a demand for increased flexibility in access to organisational information, driven by the increasing popularity of mobile devices. Employees increasingly bring private devices to work (Bring Your Own Device, BYOD) or use work devices for private purposes (Choose Your Own Device, CYOD). This puts managers in a difficult position, since they want the benefits of mobility, without exposing organisational data to further risk. The research focuses on management (particularly information security management) issues in the design and implementation of strategies for mobile devices.  There are two objectives. The first is to identify existing information security management strategies for mobile and dual-use devices. The second is to develop a framework for analysing, evaluating and implementing a mobile device strategy.

The overall research strategy is inspired by Design Science; where the mission is to develop an artefact, in this case a framework, which will help to solve a practical problem. Methods include literature review, theoretical development, and the collection and analysis of qualitative data through interviews with executives. The main result of this work is the framework, which deals with the complete process, including analysis, design and implementation of a mobile device management strategy. It helps researchers to understand necessary steps in analysing phenomenon like BYOD and gives practitioners guidance in which analyses to conduct when working on strategies for mobile devices. The framework was developed primarily through theoretical work (with inspiration from the mobile security and strategic management literature, and the ISO/IEC 27000 standard), and evaluated and refined through the empirical studies. The results include twelve management issues, a research agenda, argumentation for CYOD and, guidance for researchers and practitioners.

Place, publisher, year, edition, pages
Skövde: University of Skövde, 2016. p. 76
Series
Dissertation Series ; 15 (2016)
Keywords
Strategic Management, Mobile device, Information security, information security management, information management, BYOD, CYOD, mobile strategy, mobile device strategy, management framework
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-13125 (URN)978-91-982690-5-5 (ISBN)
Presentation
2016-11-29, G207, Högskolan i Skövde, Skövde, 13:00 (English)
Opponent
Supervisors
Funder
Knowledge Foundation
Available from: 2016-12-05 Created: 2016-11-22 Last updated: 2019-01-22Bibliographically approved
Brodin, M. (2015). Combining ISMS with strategic management: The case of BYOD. In: Miguel Baptista Nunes, Pedro Isaias, Philip Powell (Ed.), Information Systems 2015: Proceedings of the 8th IADIS International Conference. Paper presented at 8th IADIS International Conference on Information Systems 2015, 14–16 March, Madeira, Portugal (pp. 161-168). IADIS Press
Open this publication in new window or tab >>Combining ISMS with strategic management: The case of BYOD
2015 (English)In: Information Systems 2015: Proceedings of the 8th IADIS International Conference / [ed] Miguel Baptista Nunes, Pedro Isaias, Philip Powell, IADIS Press, 2015, p. 161-168Conference paper, Published paper (Refereed)
Abstract [en]

Bring Your Own Device (BYOD) (where employees use their private devices for work) causes problems for organisations since their management systems are seldom designed for this purpose. If BYOD is not adequately regulated, many security and privacy issues may result. This paper proposes an analysis-design-action framework for designing a suitable security management strategy by combining Johnson and Scholes’ strategic management model with the ISO/IEC 27000-series.

Place, publisher, year, edition, pages
IADIS Press, 2015
Keywords
ISO/IEC 27000-series, BYOD, Information Security Management, Strategic Management
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-10931 (URN)2-s2.0-84944035669 (Scopus ID)978-989-8533-33-3 (ISBN)
Conference
8th IADIS International Conference on Information Systems 2015, 14–16 March, Madeira, Portugal
Note

The full-text published here is a reprint from a paper published in the Proceedings of the 8th IADIS International Conference on Information Systems 2015, IADIS, http://www.iadis.org.

Available from: 2015-05-12 Created: 2015-05-12 Last updated: 2019-06-14Bibliographically approved
Brodin, M., Rose, J. & Åhlfeldt, R.-M. (2015). Management issues for Bring Your Own Device. In: Kostantinos Lambrinoudakis, Vincenzo Morabito & Marinos Themistocleous (Ed.), Proceedings of 12th European, Mediterranean & Middle Eastern Conference on Information Systems 2015 (EMCIS2015): . Paper presented at European, Mediterranean & Middle Eastern Conference on Information Systems 2015 (EMCIS2015), 1-2 June, Athens, Greece. European, Mediterranean & Middle Eastern Conference on Information Systems (EMCIS)
Open this publication in new window or tab >>Management issues for Bring Your Own Device
2015 (English)In: Proceedings of 12th European, Mediterranean & Middle Eastern Conference on Information Systems 2015 (EMCIS2015) / [ed] Kostantinos Lambrinoudakis, Vincenzo Morabito & Marinos Themistocleous, European, Mediterranean & Middle Eastern Conference on Information Systems (EMCIS) , 2015Conference paper, Published paper (Refereed)
Abstract [en]

Bring Your Own Device (BYOD) is an emerging research area focusing on the organisational adoption of (primarily mobile) devices used for both private and work purposes. There are many information security related problems concerning the use of BYOD and it should therefore be considered an issue of strategic importance for senior managers. This paper presents a systematic literature analysis using a BYOD strategic management framework to assess developing research trends. The analysis reveals early work in the analysis and design aspects of BYOD strategies, but a lack of research in operationalizing (planning, implementation and evaluating) strategy – the action phase. The resulting research agenda identifies twelve management issues for further research and four overall research directions that may stimulate future research.

Place, publisher, year, edition, pages
European, Mediterranean & Middle Eastern Conference on Information Systems (EMCIS), 2015
Keywords
BYOD Bring Your Own Device, information security management, strategic management
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-11004 (URN)1 2 (Local ID)978-960-6897-08-5 (ISBN)1 2 (Archive number)1 2 (OAI)
Conference
European, Mediterranean & Middle Eastern Conference on Information Systems 2015 (EMCIS2015), 1-2 June, Athens, Greece
Note

Received the Best Paper Award

Available from: 2015-06-08 Created: 2015-06-08 Last updated: 2019-01-23Bibliographically approved
Amorim, J. A., Hendrix, M., Andler, S. F., Llinas, J., Gustavsson, P. M. & Brodin, M. (2013). Cyber Security Training Perspectives. In: : . Paper presented at 2013 Annual Computer Security Applications Conference (ACSAC), New Orleans, December 9–13, 2013.
Open this publication in new window or tab >>Cyber Security Training Perspectives
Show others...
2013 (English)Conference paper, Poster (with or without abstract) (Refereed)
Abstract [en]

Building comprehensive cyber security strategies to protect people, infrastructure and assets demands research on methods and practices to reduce risks. Once the methods and practices are identified, there is a need to develop training for the manystakeholders involved, from security experts to the end user. In thispaper, we discuss new approaches for training, which includes the development of serious games for training on cyber security. The identification of the theoretical framework to be used for situation and threat assessment receives special consideration.

Keywords
Cyber Security, Information Fusion, Serious Games, Training
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:his:diva-10363 (URN)
Conference
2013 Annual Computer Security Applications Conference (ACSAC), New Orleans, December 9–13, 2013
Available from: 2014-12-09 Created: 2014-12-09 Last updated: 2019-05-21Bibliographically approved
Organisations

Search in DiVA

Show all publications