Högskolan i Skövde

his.sePublications
Planned maintenance
A system upgrade is planned for 10/12-2024, at 12:00-13:00. During this time DiVA will be unavailable.
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Managing information security for mobile devices in small and medium-sized enterprises: Information management, Information security management, mobile device
University of Skövde, School of Informatics. University of Skövde, Informatics Research Environment. Actea Consulting AB. (Information Systems)
2020 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The rapid proliferation of mobile devices makes mobile security a weak point in many organisations’ security management. Though there are a number of frameworks and methods available for improving security management, few of these target mobile devices, and most are designed for large organisations. Small and medium size organisations are known to be vulnerable to mobile threats, and often subject to the same legal requirements as larger organisations. However, they typically lack the resources and specialist competences necessary to use the available frameworks.

This thesis describes an Action Design Research project to devise and test a low cost, low learning curve method for improving mobile security management. The project is conducted together with a small Swedish consulting company and evaluated in several other companies. In order to solve the challenge that SMEs faces; three objectives have been set:

1. Identify existing solutions at a strategic level to managing information that is accessible with mobile devices and their suitability for SMEs.

2. Develop a framework to support SMEs to manage information in a secure way on mobile devices.

3. Evaluate the framework in practice.

The results show that simple theoretical models can be integrated with well-known analysis techniques to inform managers and provide practical help for small companies to improve mobile security practice. The most important contribution to both science and practice is a structured approach for managers to deal with mobile devices, or for that matter other technology advances that do not fit into the existing management system. The journey to the final solution also produced several smaller contributions to science, for example insights from C-suites about strategies and work with mobile devices, differences and similarities between CYOD (choose your own device) and BYOD (bring your own device), the role of security policies in organisations, and twelve identified management issues with mobile devices.

Place, publisher, year, edition, pages
Skövde: University of Skövde , 2020. , p. 228
Series
Dissertation Series ; 32
Keywords [en]
Information management, Information security management, mobile device
National Category
Information Systems
Research subject
Information Systems
Identifiers
URN: urn:nbn:se:his:diva-18889ISBN: 978-91-984918-4-5 (print)OAI: oai:DiVA.org:his-18889DiVA, id: diva2:1457137
Public defence
2020-09-11, G109, Högskolevägen 1, Skövde, 13:00 (English)
Opponent
Supervisors
Funder
Knowledge FoundationAvailable from: 2020-08-10 Created: 2020-08-10 Last updated: 2020-08-20Bibliographically approved
List of papers
1. Management issues for Bring Your Own Device
Open this publication in new window or tab >>Management issues for Bring Your Own Device
2015 (English)In: Proceedings of 12th European, Mediterranean & Middle Eastern Conference on Information Systems 2015 (EMCIS2015) / [ed] Kostantinos Lambrinoudakis, Vincenzo Morabito, Marinos Themistocleous, European, Mediterranean & Middle Eastern Conference on Information Systems (EMCIS) , 2015Conference paper, Published paper (Refereed)
Abstract [en]

Bring Your Own Device (BYOD) is an emerging research area focusing on the organisational adoption of (primarily mobile) devices used for both private and work purposes. There are many information security related problems concerning the use of BYOD and it should therefore be considered an issue of strategic importance for senior managers. This paper presents a systematic literature analysis using a BYOD strategic management framework to assess developing research trends. The analysis reveals early work in the analysis and design aspects of BYOD strategies, but a lack of research in operationalizing (planning, implementation and evaluating) strategy – the action phase. The resulting research agenda identifies twelve management issues for further research and four overall research directions that may stimulate future research.

Place, publisher, year, edition, pages
European, Mediterranean & Middle Eastern Conference on Information Systems (EMCIS), 2015
Keywords
BYOD Bring Your Own Device, information security management, strategic management
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-11004 (URN)2-s2.0-85084023843 (Scopus ID)1 2 (Local ID)978-960-6897-08-5 (ISBN)1 2 (Archive number)1 2 (OAI)
Conference
European, Mediterranean & Middle Eastern Conference on Information Systems 2015 (EMCIS2015), 1-2 June, Athens, Greece
Note

Received the Best Paper Award

Available from: 2015-06-08 Created: 2015-06-08 Last updated: 2020-08-10Bibliographically approved
2. Combining ISMS with strategic management: The case of BYOD
Open this publication in new window or tab >>Combining ISMS with strategic management: The case of BYOD
2015 (English)In: Information Systems 2015: Proceedings of the 8th IADIS International Conference / [ed] Miguel Baptista Nunes, Pedro Isaias, Philip Powell, IADIS Press, 2015, p. 161-168Conference paper, Published paper (Refereed)
Abstract [en]

Bring Your Own Device (BYOD) (where employees use their private devices for work) causes problems for organisations since their management systems are seldom designed for this purpose. If BYOD is not adequately regulated, many security and privacy issues may result. This paper proposes an analysis-design-action framework for designing a suitable security management strategy by combining Johnson and Scholes’ strategic management model with the ISO/IEC 27000-series.

Place, publisher, year, edition, pages
IADIS Press, 2015
Keywords
ISO/IEC 27000-series, BYOD, Information Security Management, Strategic Management
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-10931 (URN)2-s2.0-84944035669 (Scopus ID)978-989-8533-33-3 (ISBN)
Conference
8th IADIS International Conference on Information Systems 2015, 14–16 March, Madeira, Portugal
Note

The full-text published here is a reprint from a paper published in the Proceedings of the 8th IADIS International Conference on Information Systems 2015, IADIS, http://www.iadis.org.

Available from: 2015-05-12 Created: 2015-05-12 Last updated: 2020-08-10Bibliographically approved
3. Mobile Device Strategy: From a Management Point of View
Open this publication in new window or tab >>Mobile Device Strategy: From a Management Point of View
2017 (English)In: Journal of Mobile Technologies, Knowledge and Society, E-ISSN 2155-4811, Vol. 2017, article id 593035Article in journal (Refereed) Published
Abstract [en]

In recent years, mobile devices have become an indispensable part of working life. However, in many cases the same device is also used privately, which has blurred the line between personal and company data. This situation needs to be analysed, and a long-term strategy implemented for organisations not to lose control of their data. This article is based on interviews with executives and a theoretical framework for managing mobile devices. Empirical input from practice is used to update the framework to help organisations to better respond to emerging trends for mobile devices.

Place, publisher, year, edition, pages
International Business Information Management Association (IBIMA), 2017
Keywords
Information Management, Mobile Device Strategy, BYOD, CYOD
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-13348 (URN)
Projects
IPSI
Note

10.5171/2017.593035

Available from: 2017-01-31 Created: 2017-01-31 Last updated: 2024-05-02Bibliographically approved
4. Security strategies for managing mobile devices in SMEs: A theoretical evaluation
Open this publication in new window or tab >>Security strategies for managing mobile devices in SMEs: A theoretical evaluation
2017 (English)In: Proceedings of the 8th International Conference on Information, Intelligence, Systems & Applications (IISA), IEEE, 2017, p. 89-94Conference paper, Published paper (Refereed)
Abstract [en]

With mobile devices connecting personal and business lives together creating opportunities for both employees and employers the need for a longtime mobile strategy increases. The scientific literature provides four different approaches which are analyzed together with an approach from a governmental agency. As basis for the analysis is identified security challenges which are adopted to a SMEs environment. The conclusion is that most of the framework manage the security challenges well, but only two take benefits with mobile devices into account.

Place, publisher, year, edition, pages
IEEE, 2017
Series
International Conference on Information, Intelligence, Systems & Applications (IISA), ISSN 2379-3732
Keywords
BYOD, CYOD, Mobile devices, SME, information management, information security management, security strategy
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-14966 (URN)10.1109/IISA.2017.8316387 (DOI)000454859600016 ()2-s2.0-85047927810 (Scopus ID)978-1-5386-3732-6 (ISBN)978-1-5386-3731-9 (ISBN)
Conference
The 8th International Conference on Information Intelligence Systems Applications 2017, Larnaca, Cyprus, August 27-30, 2017
Available from: 2018-03-16 Created: 2018-03-16 Last updated: 2020-08-10Bibliographically approved
5. Mobile information security management for small organisation technology upgrades: the policy-driven approach and the evolving implementation approach
Open this publication in new window or tab >>Mobile information security management for small organisation technology upgrades: the policy-driven approach and the evolving implementation approach
2020 (English)In: International Journal of Mobile Communications, ISSN 1470-949X, E-ISSN 1741-5217, Vol. 18, no 5, p. 598-618Article in journal (Refereed) Published
Abstract [en]

Information security management researchers are often focused on the information security policy, its implementation and evaluation as the primary means of ensuring that organisations protect their valuable data. However, information security is usually nested with a variety of other concerns (for instance technology upgrades, information access, efficiency and sustainability issues, employee satisfaction), so this policy-driven approach is seldom operated in isolation. We investigate the approach as implied in the mobile information security literature, provide a literature-inspired characterisation and use it to analyse an iPad implementation for politicians in a Swedish municipality. The analysis provides only a partial explanation for security work in this kind of small organisation technology upgrade, so we develop a complementary approach: the evolving implementation approach. A suggestion is made for how the two approaches can be reconciled, and implications for both practitioners and researchers derived.

Place, publisher, year, edition, pages
InderScience Publishers, 2020
Keywords
information management, mobile devices, implementation, device strategy, IS management
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-18538 (URN)10.1504/IJMC.2020.10023760 (DOI)000576967200006 ()
Available from: 2020-06-16 Created: 2020-06-16 Last updated: 2020-10-29Bibliographically approved
6. Improving mobile security management in SME’s: the MSME framework
Open this publication in new window or tab >>Improving mobile security management in SME’s: the MSME framework
2020 (English)In: Journal of Information System Security, ISSN 1551-0123, E-ISSN 1551-0808, Vol. 16, no 1, p. 47-75Article in journal (Refereed) Published
Abstract [en]

The rapid proliferation of mobile devices makes mobile security a weak point in many organisations’ security management. Though there are a number of frameworks and methods available for improving security management, few of these target mobile devices, and most are designed for large organisations. Small and medium size organisations are known to be vulnerable to mobile threats, and often subject to the same legal requirements as larger organisations (for example the European General Data Protection Regulation). However they typically lack the resources and specialist competences necessary to use the available commercial frameworks. This article describes an Action Design Research project to devise and test a low cost, low learning curve framework for improving mobile security management. The project is conducted together with a small Swedish consulting company with the pseudonym Novukon. The results show that simple theoretical models can be integrated with well-known analysis techniques to inform managers and provide practical help for small companies to improve mobile security practice. A set of nine design principles are included to guide further research.

Place, publisher, year, edition, pages
Journal of Information System Security (JISSec), 2020
Keywords
Mobile security, Action Design Research project, Mobile threats
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-18539 (URN)2-s2.0-85087352310 (Scopus ID)
Available from: 2020-06-16 Created: 2020-06-16 Last updated: 2020-08-27Bibliographically approved

Open Access in DiVA

fulltext(4462 kB)1772 downloads
File information
File name FULLTEXT02.pdfFile size 4462 kBChecksum SHA-512
7cfcd7c9fb5fe8205890d53d95a90ee0eb0fad4ace56e812c50dae3ac0db6fee4a7c3b9715df1c6b5606be81a4609a361576c19c2c6287cc2089900ff74168b5
Type fulltextMimetype application/pdf

Authority records

Brodin, Martin

Search in DiVA

By author/editor
Brodin, Martin
By organisation
School of InformaticsInformatics Research Environment
Information Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 1783 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 2290 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf