Högskolan i Skövde

his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Improving mobile security management in SME’s: the MSME framework
University of Skövde, School of Informatics. University of Skövde, Informatics Research Environment. (Informationssystem (IS), Information Systems)
University of Skövde, School of Informatics. University of Skövde, Informatics Research Environment. (Informationssystem (IS), Information Systems)ORCID iD: 0000-0002-7858-9471
2020 (English)In: Journal of Information System Security, ISSN 1551-0123, E-ISSN 1551-0808, Vol. 16, no 1, p. 47-75Article in journal (Refereed) Published
Abstract [en]

The rapid proliferation of mobile devices makes mobile security a weak point in many organisations’ security management. Though there are a number of frameworks and methods available for improving security management, few of these target mobile devices, and most are designed for large organisations. Small and medium size organisations are known to be vulnerable to mobile threats, and often subject to the same legal requirements as larger organisations (for example the European General Data Protection Regulation). However they typically lack the resources and specialist competences necessary to use the available commercial frameworks. This article describes an Action Design Research project to devise and test a low cost, low learning curve framework for improving mobile security management. The project is conducted together with a small Swedish consulting company with the pseudonym Novukon. The results show that simple theoretical models can be integrated with well-known analysis techniques to inform managers and provide practical help for small companies to improve mobile security practice. A set of nine design principles are included to guide further research.

Place, publisher, year, edition, pages
Journal of Information System Security (JISSec) , 2020. Vol. 16, no 1, p. 47-75
Keywords [en]
Mobile security, Action Design Research project, Mobile threats
National Category
Information Systems
Research subject
Information Systems
Identifiers
URN: urn:nbn:se:his:diva-18539Scopus ID: 2-s2.0-85087352310OAI: oai:DiVA.org:his-18539DiVA, id: diva2:1442156
Available from: 2020-06-16 Created: 2020-06-16 Last updated: 2020-08-27Bibliographically approved
In thesis
1. Managing information security for mobile devices in small and medium-sized enterprises: Information management, Information security management, mobile device
Open this publication in new window or tab >>Managing information security for mobile devices in small and medium-sized enterprises: Information management, Information security management, mobile device
2020 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The rapid proliferation of mobile devices makes mobile security a weak point in many organisations’ security management. Though there are a number of frameworks and methods available for improving security management, few of these target mobile devices, and most are designed for large organisations. Small and medium size organisations are known to be vulnerable to mobile threats, and often subject to the same legal requirements as larger organisations. However, they typically lack the resources and specialist competences necessary to use the available frameworks.

This thesis describes an Action Design Research project to devise and test a low cost, low learning curve method for improving mobile security management. The project is conducted together with a small Swedish consulting company and evaluated in several other companies. In order to solve the challenge that SMEs faces; three objectives have been set:

1. Identify existing solutions at a strategic level to managing information that is accessible with mobile devices and their suitability for SMEs.

2. Develop a framework to support SMEs to manage information in a secure way on mobile devices.

3. Evaluate the framework in practice.

The results show that simple theoretical models can be integrated with well-known analysis techniques to inform managers and provide practical help for small companies to improve mobile security practice. The most important contribution to both science and practice is a structured approach for managers to deal with mobile devices, or for that matter other technology advances that do not fit into the existing management system. The journey to the final solution also produced several smaller contributions to science, for example insights from C-suites about strategies and work with mobile devices, differences and similarities between CYOD (choose your own device) and BYOD (bring your own device), the role of security policies in organisations, and twelve identified management issues with mobile devices.

Place, publisher, year, edition, pages
Skövde: University of Skövde, 2020. p. 228
Series
Dissertation Series ; 32
Keywords
Information management, Information security management, mobile device
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-18889 (URN)978-91-984918-4-5 (ISBN)
Public defence
2020-09-11, G109, Högskolevägen 1, Skövde, 13:00 (English)
Opponent
Supervisors
Funder
Knowledge Foundation
Available from: 2020-08-10 Created: 2020-08-10 Last updated: 2020-08-20Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Scopushttp://www.jissec.org/Contents/V16/N1/V16N1-Brodin.html

Authority records

Brodin, MartinRose, Jeremy

Search in DiVA

By author/editor
Brodin, MartinRose, Jeremy
By organisation
School of InformaticsInformatics Research Environment
In the same journal
Journal of Information System Security
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 299 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf