Högskolan i Skövde

his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Combining ISMS with strategic management: The case of BYOD
University of Skövde, School of Informatics. University of Skövde, The Informatics Research Centre. (Information Systems)
2015 (English)In: Information Systems 2015: Proceedings of the 8th IADIS International Conference / [ed] Miguel Baptista Nunes, Pedro Isaias, Philip Powell, IADIS Press, 2015, p. 161-168Conference paper, Published paper (Refereed)
Abstract [en]

Bring Your Own Device (BYOD) (where employees use their private devices for work) causes problems for organisations since their management systems are seldom designed for this purpose. If BYOD is not adequately regulated, many security and privacy issues may result. This paper proposes an analysis-design-action framework for designing a suitable security management strategy by combining Johnson and Scholes’ strategic management model with the ISO/IEC 27000-series.

Place, publisher, year, edition, pages
IADIS Press, 2015. p. 161-168
Keywords [en]
ISO/IEC 27000-series, BYOD, Information Security Management, Strategic Management
National Category
Information Systems
Research subject
Information Systems
Identifiers
URN: urn:nbn:se:his:diva-10931Scopus ID: 2-s2.0-84944035669ISBN: 978-989-8533-33-3 (print)OAI: oai:DiVA.org:his-10931DiVA, id: diva2:811620
Conference
8th IADIS International Conference on Information Systems 2015, 14–16 March, Madeira, Portugal
Note

The full-text published here is a reprint from a paper published in the Proceedings of the 8th IADIS International Conference on Information Systems 2015, IADIS, http://www.iadis.org.

Available from: 2015-05-12 Created: 2015-05-12 Last updated: 2020-08-10Bibliographically approved
In thesis
1. Mobile Device Strategy: A management framework for securing company information assets on mobile devices
Open this publication in new window or tab >>Mobile Device Strategy: A management framework for securing company information assets on mobile devices
2016 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

The problem addressed by this research is a demand for increased flexibility in access to organisational information, driven by the increasing popularity of mobile devices. Employees increasingly bring private devices to work (Bring Your Own Device, BYOD) or use work devices for private purposes (Choose Your Own Device, CYOD). This puts managers in a difficult position, since they want the benefits of mobility, without exposing organisational data to further risk. The research focuses on management (particularly information security management) issues in the design and implementation of strategies for mobile devices.  There are two objectives. The first is to identify existing information security management strategies for mobile and dual-use devices. The second is to develop a framework for analysing, evaluating and implementing a mobile device strategy.

The overall research strategy is inspired by Design Science; where the mission is to develop an artefact, in this case a framework, which will help to solve a practical problem. Methods include literature review, theoretical development, and the collection and analysis of qualitative data through interviews with executives. The main result of this work is the framework, which deals with the complete process, including analysis, design and implementation of a mobile device management strategy. It helps researchers to understand necessary steps in analysing phenomenon like BYOD and gives practitioners guidance in which analyses to conduct when working on strategies for mobile devices. The framework was developed primarily through theoretical work (with inspiration from the mobile security and strategic management literature, and the ISO/IEC 27000 standard), and evaluated and refined through the empirical studies. The results include twelve management issues, a research agenda, argumentation for CYOD and, guidance for researchers and practitioners.

Place, publisher, year, edition, pages
Skövde: University of Skövde, 2016. p. 76
Series
Dissertation Series ; 15 (2016)
Keywords
Strategic Management, Mobile device, Information security, information security management, information management, BYOD, CYOD, mobile strategy, mobile device strategy, management framework
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-13125 (URN)978-91-982690-5-5 (ISBN)
Presentation
2016-11-29, G207, Högskolan i Skövde, Skövde, 13:00 (English)
Opponent
Supervisors
Funder
Knowledge Foundation
Available from: 2016-12-05 Created: 2016-11-22 Last updated: 2023-01-03Bibliographically approved
2. Managing information security for mobile devices in small and medium-sized enterprises: Information management, Information security management, mobile device
Open this publication in new window or tab >>Managing information security for mobile devices in small and medium-sized enterprises: Information management, Information security management, mobile device
2020 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The rapid proliferation of mobile devices makes mobile security a weak point in many organisations’ security management. Though there are a number of frameworks and methods available for improving security management, few of these target mobile devices, and most are designed for large organisations. Small and medium size organisations are known to be vulnerable to mobile threats, and often subject to the same legal requirements as larger organisations. However, they typically lack the resources and specialist competences necessary to use the available frameworks.

This thesis describes an Action Design Research project to devise and test a low cost, low learning curve method for improving mobile security management. The project is conducted together with a small Swedish consulting company and evaluated in several other companies. In order to solve the challenge that SMEs faces; three objectives have been set:

1. Identify existing solutions at a strategic level to managing information that is accessible with mobile devices and their suitability for SMEs.

2. Develop a framework to support SMEs to manage information in a secure way on mobile devices.

3. Evaluate the framework in practice.

The results show that simple theoretical models can be integrated with well-known analysis techniques to inform managers and provide practical help for small companies to improve mobile security practice. The most important contribution to both science and practice is a structured approach for managers to deal with mobile devices, or for that matter other technology advances that do not fit into the existing management system. The journey to the final solution also produced several smaller contributions to science, for example insights from C-suites about strategies and work with mobile devices, differences and similarities between CYOD (choose your own device) and BYOD (bring your own device), the role of security policies in organisations, and twelve identified management issues with mobile devices.

Place, publisher, year, edition, pages
Skövde: University of Skövde, 2020. p. 228
Series
Dissertation Series ; 32
Keywords
Information management, Information security management, mobile device
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-18889 (URN)978-91-984918-4-5 (ISBN)
Public defence
2020-09-11, G109, Högskolevägen 1, Skövde, 13:00 (English)
Opponent
Supervisors
Funder
Knowledge Foundation
Available from: 2020-08-10 Created: 2020-08-10 Last updated: 2020-08-20Bibliographically approved

Open Access in DiVA

Combining ISM with strategic management - the case of BYOD(160 kB)1612 downloads
File information
File name FULLTEXT01.pdfFile size 160 kBChecksum SHA-512
c341950067f50af314f33269d4748d66767c1b51deb63d2bc4d2da497bf7c8a88242b64bdbee4552f3fe849f304602f219b52a5b1caf2b7ef3c3cbbe5ee32ab2
Type fulltextMimetype application/pdf

Scopus

Authority records

Brodin, Martin

Search in DiVA

By author/editor
Brodin, Martin
By organisation
School of InformaticsThe Informatics Research Centre
Information Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 1612 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 4616 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf