Tuesday, May 5, 2020
Employee Security Risk In Organizational Settings â⬠Free Samples
Question: Discuss About The Employee Security Risk In Organizational Settings? Answer: Introducation In current organization and corporation aspect, mobile devices are more consumer-oriented and the devices are susceptible to changes the way of business. The computing power in business entirely casts influence over allowing consumers and employees to replace traditional end-user computing device with laptop (Al Ayubi et al., 2016). The BYOD concept increase security concerns and puts every organization in verge of multiple risks and threats. Organizations in different sectors such as banking, retailing, information technology, financial, and online clientele, have significant level of consideration for incorporating BYOD into business. The organizations need to deal with new level of security considerations and data threats with personal and corporate data. The risk management over personal and business data should consider appropriate level of risk mitigation planning (Faulds et al., 2016). Therefore, the complications in this situation should devise a policy as protection of data, staffs, and customer is critical for any business to grow with its potential to the fullest. Ownership of data is becoming more of an issue within business that operates in regulated market. Several organizations have planned to implement Bring Your Own Device (BYOD) policy so that employees can be allowed to utilize their favorite devices with bringing down costs to accommodate devices. The BYOD policy-based work model is expected to complicate the data control and policies for organizations that can increase importance of having well-developed policy (Laudon Laudon, 2016). Successful implementation of mobile device policy can incorporate BYOD initiative into business. The entire life cycle of project can be covered with BYOD initiatives as well. The project and outcomes can be achieved with utilization of discipline of project management; however, the PMP strategy is not expected to provide guarantee though, the PMP strategy can increase chances of meeting all planned outcomes (Rittinghouse Ransome, 2016). The project management tools are necessary for Altium Limited organization to successfully implement BYOD project inside IT department and development workforce. E very project is ephemeral with pre-defined start and derived end date; the projects do not completely depend over on-going work activities and responsibilities (Steelman, Lacity Sabherwal, 2016). In this Altium Limited organizational aspect, the BYOD project is part of planned deliverables and a defined period. The project deliverables are mentioned as per project initiatives and objectives; the deliverables included all activities in a short overview. First and primary activity for BYOD project should be to prepare Bring Your Own Device (BYOD) policy. The policy should be documented with clear understanding about the policy guidelines, all aspects that should be obeyed from employees and how the policy should work (Kearns, 2016). The project management can follow Plan-Do-Check-Act (PDCA) cycle over the entire lifecycle. Next activity that should be included into the list of deliverable is to declare the BYOD policy and the policy should be clearly described among all employees so that they can easily follow the guidelines and maintain the rules. Furthermore, the project deliverable is to provide necessary training and start a pilot project (Sadgrove, 2016). The aim of the pilot project is to start the policy for some period to assess the employees as in whether they are capable of following the policy guidelines and rules or not. In case, any employee failed to follow the policy guideline; they should be trained for a certain time. Furthermore, the project deliverable should be to activate the BYOD policy into the workflow of Altium Limited organization. The assumptions are considered to conduct the project within the boundary or the entire work process. The major assumptions in the project are mentioned as following: The employees should understand the BYOD policy importance and should attempt to follow the guidelines and rules (Singh, Chan Zulkefli, 2017). The BYOD policy should written with considering all aspects and depicting individual guidelines as well. The policy should be incorporated into existing work process of Altium Limited organization without hampering the overall profitability and stability of workflow (Sebescen Vitak, 2017). However, some risk concerns exist in the project as in data security risks, authentication problems, and putting personal and corporate data at stake by having vulnerabilities in personal devices. Security Posture BYOD project has some major impacts on the implementation process; the Altium Limited organization should follow this section to realize whether the organization can meet business requirements or not. BYOD project influences are included in this section so that significant benefits of BYOD project can be addressed (Martinez, Borycki Courtney, 2017). The review of project impacts are considered and mentioned as following: Saving of Expenditure: Initially, the assumption about BYOD project is that the project have ability to being down expenditure as the employees are using their personal devices in case of using organization provided devices (Peltier, 2016). However, recent statistics from study revealed that 67% of the European IT professionals felt that BYOD could increase cost and to some extent, this conception could be right. It is clear that BYOD policy is major part for starting a business case; though these costs required to be specified and offset costs against other advantages (Tanimoto et al., 2017). Therefore, the question arises how the cost increased; the discussion pinpointed the reasons here. Firstly, there is vocal minority that will require BYOD scheme for several employees who does not want to be involved in these initiatives. The employees over median incomes are not agreed to be involved in the scheme as they are unprepared and they refuse to bear any cost for personal device (Filkins et al., 2016). This represents that in case someone wants to start a company based program then the employer need to provide adequate financial support and incentive for buying personal device. Furthermore, when money is provided to the employees are part of income tax, therefore, privately purchased device cost will be increased with non-reclaimable sales tax (VAT) (Trewin et al., 2016). Hence, the actual cost will be considered exponentially more than the organization has bought; if both costs are compared side-by-side. In similar perspective, the Smartphone Allowance is between AU$30 to AU$50 and this expense can be more rather than corporate negotiations. Secondly, the increased Wi-Fi coverage is another reason for growing BYOD policy scheme and at the same time, the organization needs to provide better Wi-Fi coverage than before due to BYOD initiatives (Russell, 2016; Lobelo et al., 2016). When employees are capable of bringing personal devices such as laptops, phone, and tablet using IP addresses; then the existing network should be upgraded. This issue has tendency to occur in educational institutions where numerous students need Wi-Fi coverage; however, Altium Limited organization needs to consider this issue as well. Finally, due to security risks in BYOD policy, the organization needs to consider Mobile Device Management (MDM) with security solution. The security solution should be able to catalogue the devices, and the security policies should be applied (Shedden et al., 2016). Once, a device is either lost or stolen; the devices should be wiped clean or devices should be locked before the data is visible to unauthorized persons. There are not only negative aspects of the BYOD policy; some positive aspects are visible with BYOD policy as well. The positive aspects are listed as following: The organization can offer top-up values to the employees so that they can buy better devices for helping to improve productivity and work performance (Souppaya Scarfone, 2016). The employee ownership of device may convey that the devices can last longer as employees will take care of their devices. The organization can have better profit in support section, as the support goes down at significant level. For instance, employees can perform the upgrade of iOS device typically and therefore, no intervention from employer is required (Reid Pechenkina, 2016). The employer does not need to be involved in the support work when BYOD scheme is activated; employee forum and discussion works much better and reducing cost as well. Increment in Productivity: Productivity is another important part of BYOD business case that acts as primary driver. Primary reason is that BYOD can bring increment in productivity. In spite of 30 minutes of email interaction that every employee needs to do before starting work and that mails were sent after their previous shift hours (Dorsemaine et al., 2017). Now, in BYOD scheme, the employees can check and view the emails at their home, on the way to office or while sitting at home on following evening. This reason increases work hours inside office at conservative estimate of 10%. Whereas, if this is viewed in another aspect; employees can take advantage of BYOD with having personal devices for Twitter and Facebook during work hours (Gillon, 2017; Dawson, 2016). However, those employees will be easily identified when they will seek for more time in other ways. BYOD can improve daily productivity of workforce by providing technology to people without having access to technology at all. Meeting Employees Satisfaction at work: BYOD is identified as tool for attracting and retaining employees taking younger staffs at work. Recent studies have presented that 20-30 year aged employees conveyed that 50% of them consider BYOD as a right not a privilege (Martinelli Milosevic, 2016). Therefore, as year goes around, if BYOD is not implemented; some bright employees may leave the workforce soon. Understanding Customer needs and requirements: The retail organizations are utilizing consumer devices in stores. The BYOD can provide better situations for presenting marketing materials (Goldes et al., 2017). Retail employees can check about available products and customer can get instant information about inventory. Flexibility in Operation: The operational flexibility may be overlooked however, for some reasons, it is most important part of BYOD scheme. Firstly, employees can be forced to do work from home or can be provided with proper accommodation so that they can work from home at situations of industrial actions, bad or unfavorable weather, and even terrorism (M'manga et al., 2017). BYOD includes the aspect of unplanned home working so that lost time can be used with workforce. Secondly, in any industry, in presence of several mergers and acquisitions, BYOD policy can help the employees by treating new company devices as under BYOD guidelines. The organization can incorporate BYOD standards with mergers as well. Finally, the organization within higher growth of business can speed up new employee outputs with BYOD policy (Vithanwattana, Mapp George, 2017). In similar point of view, employer can have short-term workers over BYOD policy so that time spent can be reduced rather spending time over provisioning new devices. Threats, Vulnerabilities and Consequences Assessment Dove (2016) opined that during project lifecycle, the risks may occur are often identified as allowing project manager for recognize and treat them as risks. The risks can cast influence over project in terms of cost, time, deliverable quality, and morale. The risk management planning included definition as the project definition, monitoring, and controlling risks through the project. Risk assessment and management plan deals with accepting risk into planning, tracking and updating risk plan along with removing risk form the plan (Halford, 2016). The escalation of risk can be made when it is necessary. Maintaining existing risk plan allows project manager to set out expectations for multiple stakeholders and sponsors, allowing team to focus over project work along with providing support when expectation fails. Factors that can affect the risk management and the factors are identified as either internal or external as policies, project objectives, politics, industry trends, historical factors, company direction, economics, social issues and others (Zahadat, 2016; Muzammal et al., 2016). BYOD risk management plan can recognize associated risks along with project and its deliverables. However, it is viewed that not every risk is negative; some risks can be positive and therefore, can increase benefits for the project. Risk Identification Risk identification is an important process where project manager gathers threat and related concern as in what could go wrong in this particular project. In this risk identification process, the project team performs identification based on risk aspects, its consequences, and likely occurrence of risks. Risk assessment provides the working team an opportunity to identify better ways to address project objectives and deliverables (Vorakulpipat et al., 2017). The risk identification can be performed with categorizing them based on risk contexts. Risk categorization can be performed for BYOD project; however, some categories should be omitted from the risk identification process. The ecological or structural risks should be omitted from BYOD project risk identification due to project nature; other areas are significant concern for the project in Altium Limited ("About Altium | Innovative PCB Design, ECAD / MCAD Collaboration EDA Software", 2017). The resulting risks are included in a table for creating risk register along with teamwork for identification and tracking them in the project. Risk Register ID Risk Trigger Event Cause Impact Owner Response plan BYOD1 Time off for primary employees Vacation calendar Employee requires time off Scheduled vacation Medium Project manager Identify additional internal resource to backfill the position BYOD2 Legal counsel as they are not reviewing policies in time Legal obligations or court appearances To gather the legal resources, court appearances or legal obligations are required Higher priority should be provided for legal instances High Project manager Can escalate the situation towards project sponsor BYOD3 Regulations or law change while considering data security on devices Regulators can pass the new or existing additional regulations to pertain data security Regulators pass laws to protect consumers Regulators pass new regulations or laws that pertains data security High Project manager Maps new regulations along with existing project controls, incorporate change management if required. BYOD4 There were no technical solutions for meeting the BYOD policy Technology solutions fail to meet compliance demands Technology is less matured Technical solutions cannot meet compliance guidelines and demands as well Medium Project manager Additional resources compensating control can be added BYOD5 Primary employee separation Primary employees should work with over extended commitments Organizations are working for more productivity with lesser people Employee are looking for job making employee not happy about company Medium Project manager The risk owner should try to consider employees and compensate with devices during the project implementation (such as iPad) BYOD6 Completion of work package before the planned date Completed work Employees are working over assignments after the work hours due to having interest of doing work Employee are obsessed with new devices and spend time exploring new applications and technology Low Project manager Project manager should leverage early compensation and perform fast tracking of activities Table 1: Risk Register and Management (Source: Created by author) Qualitative Risk Analysis The qualitative risk analysis should identify the factors that can influence different risks that are considered within project deliverables and probability of occurrence. Qualitative risk analysis sets priority for further analysis, identifying how separate risks are influential about project deliverables (Al Ayubi et al., 2016). The identification and focusing on higher priority risks, the team can emphasize over the identified risks. The outcomes from qualitative risk analysis will be helpful for team to complete qualitative risk analysis. BYOD project recognized some risks that are related with staff commitments and staff not fulfilling project commitments in time. The project will be continued within summer season that is considered for several vacations and popular for the same (Faulds et al., 2016). While task scheduling is considered, the project plan have considered some additional time within tasks accounting primary staffs with vacations. Most critical part risk is identif ied in qualitative risk analysis is scheduling legal documents and reviews (Laudon Laudon, 2016). While the in-house legal review of document is considered as milestone that one team cannot outsource to outside of the firm. Then the team can keep track of work schedules and consider legal commitments with escalating towards the project sponsor. Quantitative Risk Analysis Every risk that is identified should be considered for qualitative risk analysis for putting priority against them. On the other hand, quantitative risk analysis is not part of every project and it cannot be applied for BYOD project (Steelman, Lacity Sabherwal, 2016). The quantitative risk analysis utilizes numerical or quantitative rating associated with developing probabilistic analysis of the risks. The quantitative risk analysis needs to consider quality data, proper project mode and prioritized project risk lists (Kearns, 2016; Sadgrove, 2016). The quantitative risk analysis can lead to realistic costs, schedule, and scoping project targets. Project has faced limited deliverables and scope; this particular analysis would be essential for providing adequate benefits without any required effort. Risk Response Planning The risk responses are planned to identify the actions that should be taken for reducing threats and taking advantages of explored opportunities while risk analysis process is conducted. The risk register and management plan is considered for using inputs from risk responses. Two types of threats can exist such as negative and positive risks (Singh, Chan Zulkefli, 2017). Identified risks in risk register are generally negative and steering committee has agreed to provide combination of acceptance towards dealing with the risks. The project team have identified that only one positive risk can exploit; the main positive risk that is identified as earlier completion of work package before the planned date (Martinez, Borycki Courtney, 2017). The team did not consider this particular risk as negative risk. The considered committee accepted the risks of possible delay in work as legal team could take more time and priorities. Positive risk of finishing work can allow team for crashing do wn the activities if possible. Procurement Planning Procurement planning is another process for identification of products and services that project require for purchasing from outsider vendor. As BYOD is an internal project considering internal resources only, therefore, no specific requirement of purchasing products or service is required (Tanimoto et al., 2017). Project may face or incur some expenses in this duration, the senior executives could consider budget to consider operating expenses. Data Security As potential risks are identified in the Altium Limited organization scenario for consideration in Australian IT Sector. The growing trend in several other organizations and industries; BYOD can be considered to follow data security risks mitigation. The Altium Limited should consider the starting of allowance towards employees to work over their personal devices (Peltier, 2016; Filkins et al., 2016). The organization should choose to consider the data security on first priority, as IT sectors are evitable to work with large amount of data. The data security risks are considered as following: Access Risks: The access risk pertains in organizational profile as per the BYOD scheme. In current organization and corporation aspect, mobile devices are more consumer-oriented and the devices are susceptible to changes the way of business (Trewin et al., 2016). The computing power in business entirely casts influence over allowing consumers and employees to replace traditional end-user computing device with laptop. The BYOD concept increase security concerns and puts every organization in verge of multiple risks and threats (Russell, 2016). Organizations in different sectors such as banking, retailing, information technology, financial, and online clientele, have significant level of consideration for incorporating BYOD into business. Authentication Risks: The authentication risk exists for BYOD policy as per individual devices pose authentication threat. The organizations need to deal with new level of security considerations and data threats with personal and corporate data (Shedden et al., 2016). The risk management over personal and business data should consider appropriate level of risk mitigation planning. Therefore, the complications in this situation should devise a policy as protection of data, staffs, and customer is critical for any business to grow with its potential to the fullest (Reid Pechenkina, 2016). Ownership of data is becoming more of an issue within business that operates in regulated market. Corporate Data Risks: The corporate data risks exist for insider threats in Altium Limited organization. Several organizations have planned to implement Bring Your Own Device (BYOD) policy so that employees can be allowed to utilize their favorite devices with bringing down costs to accommodate devices (Dorsemaine et al., 2017). The BYOD policy-based work model is expected to complicate the data control and policies for organizations that can increase importance of having well-developed policy. Successful implementation of mobile device policy can incorporate BYOD initiative into business. Personal Data Risks: Personal data risks may exist for BYOD scheme, as the employees may not be able to keep personal data secured. The organizations and corporations should incorporate a policy to allow utilization of BYOD devices in order to protect their personal data, employee details and customer information (Gillon, 2017; Dawson, 2016). Here, in this report, Altium Limited organization required to implement BYOD policy in their business in order to improve business growth and gradual increment of profitability. Personal data is considered to be major asset for any individual employee; however, the employees should consider locking personal devices with proper and secure passwords. Conclusion To address all aspects of BYOD solution implementation; the researcher have chosen organization scenario of Altium Limited Australian organization. The mobile device is alike of having using dual-core processor in individual pocket. The businesses are becoming entirely centered towards BYOD policies to manage the individual devices in business activities and process. In the era of dynamic workload and considering all constraints of workforce, the primary consideration of accommodation is defined to be BYOD scheme. However, for faster growing organization as Altium Limited, the scheme is favorable to provide employees to use personal devices into organization premises. BYOD can provide benefits to Altium Limited work culture with prompt operations. Therefore, the chosen organization case scenario is justified along with widespread operations and management in different countries, clients, and several services. References Al Ayubi, S. U., Pelletier, A., Sunthara, G., Gujral, N., Mittal, V., Bourgeois, F. C. (2016). A Mobile App Development Guideline for Hospital Settings: Maximizing the Use of and Minimizing the Security Risks of" Bring Your Own Devices" Policies.JMIR mHealth and uHealth,4(2). About Altium | Innovative PCB Design, ECAD / MCAD Collaboration EDA Software. (2017).Altium.com. Retrieved 18 September 2017, from https://www.altium.com/company/about-altium/about-us Dawson, P. (2016). Five ways to hack and cheat with bring?your?own?device electronic examinations.British Journal of Educational Technology,47(4), 592-600. Dorsemaine, B., Gaulier, J. P., Wary, J. P., Kheir, N., Urien, P. (2017, June). A New Threat Assessment Method for Integrating an IoT Infrastructure in an Information System. InDistributed Computing Systems Workshops (ICDCSW), 2017 IEEE 37th International Conference on(pp. 105-112). IEEE. Dove, J. (2016). Evaluation of the suitability of the mobility common criteria protection profiles for enterprise mobility management. Faulds, M. C., Bauchmuller, K., Miller, D., Rosser, J. H., Shuker, K., Wrench, I., ... Mills, G. H. (2016). The feasibility of using bring your own device(BYOD) technology for electronic data capture in multicentre medical audit and research.Anaesthesia,71(1), 58-66. Filkins, B. L., Kim, J. Y., Roberts, B., Armstrong, W., Miller, M. A., Hultner, M. L., ... Steinhubl, S. R. (2016). Privacy and security in the era of digital health: what should translational researchers know and do about it?.American journal of translational research,8(3), 1560. Gillon, K. (2017). Technology and business risks.The Routledge Companion to Accounting and Risk, 261. Goldes, S., Schneider, R., Schweda, C. M., Zamani, J. (2017, June). Building a Viable Information Security Management System. InCybernetics (CYBCONF), 2017 3rd IEEE International Conference on(pp. 1-6). IEEE. Halford, C. D. (2016).Implementing Safety Management Systems in Aviation. Routledge. Kearns, G. S. (2016). Countering mobile device threats: A mobile device security model.Journal of Forensic Investigative Accounting,8(1). Laudon, K. C., Laudon, J. P. (2016).Management information system. Pearson Education India. Lobelo, F., Kelli, H. M., Tejedor, S. C., Pratt, M., McConnell, M. V., Martin, S. S., Welk, G. J. (2016). The wild wild west: A framework to integrate mhealth software applications and wearables to support physical activity assessment, counseling and interventions for cardiovascular disease risk reduction.Progress in cardiovascular diseases,58(6), 584-594. Martinelli, R. J., Milosevic, D. Z. (2016).Project management toolbox: tools and techniques for the practicing project manager. John Wiley Sons. Martinez, K., Borycki, E., Courtney, K. L. (2017). Bring Your Own Device and Nurse Managers Decision Making.CIN: Computers, Informatics, Nursing,35(2), 69-76. M'manga, A., Faily, S., McAlaney, J., Williams, C. (2017). Folk Risk Analysis: Factors Influencing Security Analysts Interpretation of Risk. Muzammal, S. M., Shah, M. A., Zhang, S. J., Yang, H. J. (2016). Conceivable security risks and authentication techniques for smart devices: A comparative evaluation of security practices.International Journal of Automation and Computing,13(4), 350-363. Peltier, T. R. (2016).Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press. Reid, D., Pechenkina, E. (2016). Bring-Your-Own-Device or Prescribed Mobile Technology? Investigating Student Device Preferences for Mobile Learning.Mobile learning futures: Sustaining quality research and practice in mobile learning. Rittinghouse, J. W., Ransome, J. F. (2016).Cloud computing: implementation, management, and security. CRC press. Russell, C. (2016). Assessing the risk of transformative technologies.Computer Fraud Security,2016(7), 15-19. Sadgrove, K. (2016).The complete guide to business risk management. Routledge. Sebescen, N., Vitak, J. (2017). Securing the human: Employee security vulnerability risk in organizational settings.Journal of the Association for Information Science and Technology,68(9), 2237-2247. Shedden, P., Ahmad, A., Smith, W., Tscherning, H., Scheepers, R. (2016). Asset Identification in Information Security Risk Assessment: A Business Practice Approach.CAIS,39, 15. Singh, M. M., Chan, C. W., Zulkefli, Z. (2017). Security and Privacy Risks Awareness for Bring Your Own Device (BYOD) Paradigm.INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS,8(2), 53-62. Souppaya, M., Scarfone, K. (2016). Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security.NIST Special Publication,800, 46. Steelman, Z. R., Lacity, M., Sabherwal, R. (2016). Charting Your Organization's Bring-Your-Own-Device Voyage.MIS Quarterly Executive,15(2). Tanimoto, S., Totsuka, S., IwashitMeeting Employees Satisfaction at workConference on Network-Based Information Systems(pp. 737-749). Springer, Cham. Trewin, S., Swart, C., Koved, L., Singh, K. (2016, May). Perceptions of Risk in Mobile Transaction. InSecurity and Privacy Workshops (SPW), 2016 IEEE(pp. 214-223). IEEE. Vithanwattana, N., Mapp, G., George, C. (2017). Developing a comprehensive information security framework for mHealth: a detailed analysis.Journal of Reliable Intelligent Environments, 1-19. Vorakulpipat, C., Sirapaisan, S., Rattanalerdnusorn, E., Savangsuk, V. (2017). A Policy-Based Framework for Preserving Confidentiality in BYOD Environments: A Review of Information Security Perspectives.Security and Communication Networks,2017. Zahadat, N. (2016).Mobile security: A systems engineering framework for implementing bring your own device (BYOD) security through the combination of policy management and technology(Doctoral dissertation, The George Washington University).
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.