Discuss About The Employee Security Risk In Organizational Settings?
In current organization and corporation aspect, mobile devices are more consumer-oriented and the devices are susceptible to changes the way of business. The computing power in business entirely casts influence over allowing consumers and employees to replace traditional end-user computing device with laptop (Al Ayubi et al., 2016). The BYOD concept increase security concerns and puts every organization in verge of multiple risks and threats. Organizations in different sectors such as banking, retailing, information technology, financial, and online clientele, have significant level of consideration for incorporating BYOD into business. The organizations need to deal with new level of security considerations and data threats with personal and corporate data. The risk management over personal and business data should consider appropriate level of risk mitigation planning (Faulds et al., 2016). Therefore, the complications in this situation should devise a policy as protection of data, staffs, and customer is critical for any business to grow with its potential to the fullest. Ownership of data is becoming more of an issue within business that operates in regulated market.
Several organizations have planned to implement “Bring Your Own Device” (BYOD) policy so that employees can be allowed to utilize their favorite devices with bringing down costs to accommodate devices. The BYOD policy-based work model is expected to complicate the data control and policies for organizations that can increase importance of having well-developed policy (Laudon & Laudon, 2016). Successful implementation of mobile device policy can incorporate BYOD initiative into business. The entire life cycle of project can be covered with BYOD initiatives as well. The project and outcomes can be achieved with utilization of discipline of project management; however, the PMP strategy is not expected to provide guarantee though, the PMP strategy can increase chances of meeting all planned outcomes (Rittinghouse & Ransome, 2016). The project management tools are necessary for Altium Limited organization to successfully implement BYOD project inside IT department and development workforce. Every project is ephemeral with pre-defined start and derived end date; the projects do not completely depend over on-going work activities and responsibilities (Steelman, Lacity & Sabherwal, 2016). In this Altium Limited organizational aspect, the BYOD project is part of planned deliverables and a defined period.
The assumptions are considered to conduct the project within the boundary or the entire work process. The major assumptions in the project are mentioned as following:
However, some risk concerns exist in the project as in data security risks, authentication problems, and putting personal and corporate data at stake by having vulnerabilities in personal devices.
BYOD project has some major impacts on the implementation process; the Altium Limited organization should follow this section to realize whether the organization can meet business requirements or not. BYOD project influences are included in this section so that significant benefits of BYOD project can be addressed (Martinez, Borycki & Courtney, 2017). The review of project impacts are considered and mentioned as following:
Saving of Expenditure: Initially, the assumption about BYOD project is that the project have ability to being down expenditure as the employees are using their personal devices in case of using organization provided devices (Peltier, 2016). However, recent statistics from study revealed that 67% of the European IT professionals felt that BYOD could increase cost and to some extent, this conception could be right. It is clear that BYOD policy is major part for starting a business case; though these costs required to be specified and offset costs against other advantages (Tanimoto et al., 2017). Therefore, the question arises how the cost increased; the discussion pinpointed the reasons here.
Firstly, there is vocal minority that will require BYOD scheme for several employees who does not want to be involved in these initiatives. The employees over median incomes are not agreed to be involved in the scheme as they are unprepared and they refuse to bear any cost for personal device (Filkins et al., 2016). This represents that in case someone wants to start a company based program then the employer need to provide adequate financial support and incentive for buying personal device. Furthermore, when money is provided to the employees are part of income tax, therefore, privately purchased device cost will be increased with non-reclaimable sales tax (VAT) (Trewin et al., 2016). Hence, the actual cost will be considered exponentially more than the organization has bought; if both costs are compared side-by-side. In similar perspective, the Smartphone Allowance is between AU$30 to AU$50 and this expense can be more rather than corporate negotiations.
Secondly, the increased Wi-Fi coverage is another reason for growing BYOD policy scheme and at the same time, the organization needs to provide better Wi-Fi coverage than before due to BYOD initiatives (Russell, 2016; Lobelo et al., 2016). When employees are capable of bringing personal devices such as laptops, phone, and tablet using IP addresses; then the existing network should be upgraded. This issue has tendency to occur in educational institutions where numerous students need Wi-Fi coverage; however, Altium Limited organization needs to consider this issue as well.
Finally, due to security risks in BYOD policy, the organization needs to consider Mobile Device Management (MDM) with security solution. The security solution should be able to catalogue the devices, and the security policies should be applied (Shedden et al., 2016). Once, a device is either lost or stolen; the devices should be wiped clean or devices should be locked before the data is visible to unauthorized persons.
There are not only negative aspects of the BYOD policy; some positive aspects are visible with BYOD policy as well. The positive aspects are listed as following:
Increment in Productivity: Productivity is another important part of BYOD business case that acts as primary driver. Primary reason is that BYOD can bring increment in productivity. In spite of 30 minutes of email interaction that every employee needs to do before starting work and that mails were sent after their previous shift hours (Dorsemaine et al., 2017). Now, in BYOD scheme, the employees can check and view the emails at their home, on the way to office or while sitting at home on following evening. This reason increases work hours inside office at conservative estimate of 10%. Whereas, if this is viewed in another aspect; employees can take advantage of BYOD with having personal devices for Twitter and Facebook during work hours (Gillon, 2017; Dawson, 2016). However, those employees will be easily identified when they will seek for more time in other ways. BYOD can improve daily productivity of workforce by providing technology to people without having access to technology at all.
Meeting Employees Satisfaction at work: BYOD is identified as tool for attracting and retaining employees taking younger staffs at work. Recent studies have presented that 20-30 year aged employees conveyed that 50% of them consider BYOD as a right not a privilege (Martinelli & Milosevic, 2016). Therefore, as year goes around, if BYOD is not implemented; some bright employees may leave the workforce soon.
Understanding Customer needs and requirements: The retail organizations are utilizing consumer devices in stores. The BYOD can provide better situations for presenting marketing materials (Goldes et al., 2017). Retail employees can check about available products and customer can get instant information about inventory.
Flexibility in Operation: The operational flexibility may be overlooked however, for some reasons, it is most important part of BYOD scheme.
Firstly, employees can be forced to do work from home or can be provided with proper accommodation so that they can work from home at situations of industrial actions, bad or unfavorable weather, and even terrorism (M’manga et al., 2017). BYOD includes the aspect of unplanned home working so that lost time can be used with workforce.
Secondly, in any industry, in presence of several mergers and acquisitions, BYOD policy can help the employees by treating new company devices as under BYOD guidelines. The organization can incorporate BYOD standards with mergers as well.
Finally, the organization within higher growth of business can speed up new employee outputs with BYOD policy (Vithanwattana, Mapp & George, 2017). In similar point of view, employer can have short-term workers over BYOD policy so that time spent can be reduced rather spending time over provisioning new devices.
Dove (2016) opined that during project lifecycle, the risks may occur are often identified as allowing project manager for recognize and treat them as risks. The risks can cast influence over project in terms of cost, time, deliverable quality, and morale. The risk management planning included definition as the project definition, monitoring, and controlling risks through the project. Risk assessment and management plan deals with accepting risk into planning, tracking and updating risk plan along with removing risk form the plan (Halford, 2016). The escalation of risk can be made when it is necessary. Maintaining existing risk plan allows project manager to set out expectations for multiple stakeholders and sponsors, allowing team to focus over project work along with providing support when expectation fails. Factors that can affect the risk management and the factors are identified as either internal or external as policies, project objectives, politics, industry trends, historical factors, company direction, economics, social issues and others (Zahadat, 2016; Muzammal et al., 2016). BYOD risk management plan can recognize associated risks along with project and its deliverables. However, it is viewed that not every risk is negative; some risks can be positive and therefore, can increase benefits for the project.
Risk identification is an important process where project manager gathers threat and related concern as in what could go wrong in this particular project. In this risk identification process, the project team performs identification based on risk aspects, its consequences, and likely occurrence of risks. Risk assessment provides the working team an opportunity to identify better ways to address project objectives and deliverables (Vorakulpipat et al., 2017). The risk identification can be performed with categorizing them based on risk contexts. Risk categorization can be performed for BYOD project; however, some categories should be omitted from the risk identification process. The ecological or structural risks should be omitted from BYOD project risk identification due to project nature; other areas are significant concern for the project in Altium Limited (“About Altium | Innovative PCB Design, ECAD / MCAD Collaboration & EDA Software”, 2017). The resulting risks are included in a table for creating risk register along with teamwork for identification and tracking them in the project.
|
Risk Register |
|||||||
|
ID |
Risk |
Trigger |
Event |
Cause |
Impact |
Owner |
Response plan |
|
BYOD1 |
Time off for primary employees |
Vacation calendar |
Employee requires time off |
Scheduled vacation |
Medium |
Project manager |
Identify additional internal resource to backfill the position |
|
BYOD2 |
Legal counsel as they are not reviewing policies in time |
Legal obligations or court appearances |
To gather the legal resources, court appearances or legal obligations are required |
Higher priority should be provided for legal instances |
High |
Project manager |
Can escalate the situation towards project sponsor |
|
BYOD3 |
Regulations or law change while considering data security on devices |
Regulators can pass the new or existing additional regulations to pertain data security |
Regulators pass laws to protect consumers |
Regulators pass new regulations or laws that pertains data security |
High |
Project manager |
Maps new regulations along with existing project controls, incorporate change management if required. |
|
BYOD4 |
There were no technical solutions for meeting the BYOD policy |
Technology solutions fail to meet compliance demands |
Technology is less matured |
Technical solutions cannot meet compliance guidelines and demands as well |
Medium |
Project manager |
Additional resources compensating control can be added |
|
BYOD5 |
Primary employee separation |
Primary employees should work with over extended commitments |
Organizations are working for more productivity with lesser people |
Employee are looking for job making employee not happy about company |
Medium |
Project manager |
The risk owner should try to consider employees and compensate with devices during the project implementation (such as iPad) |
|
BYOD6 |
Completion of work package before the planned date |
Completed work |
Employees are working over assignments after the work hours due to having interest of doing work |
Employee are obsessed with new devices and spend time exploring new applications and technology |
Low |
Project manager |
Project manager should leverage early compensation and perform fast tracking of activities |
Table 1: Risk Register and Management
(Source: Created by author)
The qualitative risk analysis should identify the factors that can influence different risks that are considered within project deliverables and probability of occurrence. Qualitative risk analysis sets priority for further analysis, identifying how separate risks are influential about project deliverables (Al Ayubi et al., 2016). The identification and focusing on higher priority risks, the team can emphasize over the identified risks. The outcomes from qualitative risk analysis will be helpful for team to complete qualitative risk analysis. BYOD project recognized some risks that are related with staff commitments and staff not fulfilling project commitments in time. The project will be continued within summer season that is considered for several vacations and popular for the same (Faulds et al., 2016). While task scheduling is considered, the project plan have considered some additional time within tasks accounting primary staffs with vacations. Most critical part risk is identified in qualitative risk analysis is scheduling legal documents and reviews (Laudon & Laudon, 2016). While the in-house legal review of document is considered as milestone that one team cannot outsource to outside of the firm. Then the team can keep track of work schedules and consider legal commitments with escalating towards the project sponsor.
Every risk that is identified should be considered for qualitative risk analysis for putting priority against them. On the other hand, quantitative risk analysis is not part of every project and it cannot be applied for BYOD project (Steelman, Lacity & Sabherwal, 2016). The quantitative risk analysis utilizes numerical or quantitative rating associated with developing probabilistic analysis of the risks. The quantitative risk analysis needs to consider quality data, proper project mode and prioritized project risk lists (Kearns, 2016; Sadgrove, 2016). The quantitative risk analysis can lead to realistic costs, schedule, and scoping project targets. Project has faced limited deliverables and scope; this particular analysis would be essential for providing adequate benefits without any required effort.
The risk responses are planned to identify the actions that should be taken for reducing threats and taking advantages of explored opportunities while risk analysis process is conducted. The risk register and management plan is considered for using inputs from risk responses. Two types of threats can exist such as negative and positive risks (Singh, Chan & Zulkefli, 2017). Identified risks in risk register are generally negative and steering committee has agreed to provide combination of acceptance towards dealing with the risks. The project team have identified that only one positive risk can exploit; the main positive risk that is identified as earlier completion of work package before the planned date (Martinez, Borycki & Courtney, 2017). The team did not consider this particular risk as negative risk. The considered committee accepted the risks of possible delay in work as legal team could take more time and priorities. Positive risk of finishing work can allow team for crashing down the activities if possible.
Procurement planning is another process for identification of products and services that project require for purchasing from outsider vendor. As BYOD is an internal project considering internal resources only, therefore, no specific requirement of purchasing products or service is required (Tanimoto et al., 2017). Project may face or incur some expenses in this duration, the senior executives could consider budget to consider operating expenses.
As potential risks are identified in the Altium Limited organization scenario for consideration in Australian IT Sector. The growing trend in several other organizations and industries; BYOD can be considered to follow data security risks mitigation. The Altium Limited should consider the starting of allowance towards employees to work over their personal devices (Peltier, 2016; Filkins et al., 2016). The organization should choose to consider the data security on first priority, as IT sectors are evitable to work with large amount of data. The data security risks are considered as following:
Access Risks: The access risk pertains in organizational profile as per the BYOD scheme. In current organization and corporation aspect, mobile devices are more consumer-oriented and the devices are susceptible to changes the way of business (Trewin et al., 2016). The computing power in business entirely casts influence over allowing consumers and employees to replace traditional end-user computing device with laptop. The BYOD concept increase security concerns and puts every organization in verge of multiple risks and threats (Russell, 2016). Organizations in different sectors such as banking, retailing, information technology, financial, and online clientele, have significant level of consideration for incorporating BYOD into business.
Authentication Risks: The authentication risk exists for BYOD policy as per individual devices pose authentication threat. The organizations need to deal with new level of security considerations and data threats with personal and corporate data (Shedden et al., 2016). The risk management over personal and business data should consider appropriate level of risk mitigation planning. Therefore, the complications in this situation should devise a policy as protection of data, staffs, and customer is critical for any business to grow with its potential to the fullest (Reid & Pechenkina, 2016). Ownership of data is becoming more of an issue within business that operates in regulated market.
Corporate Data Risks: The corporate data risks exist for insider threats in Altium Limited organization. Several organizations have planned to implement “Bring Your Own Device” (BYOD) policy so that employees can be allowed to utilize their favorite devices with bringing down costs to accommodate devices (Dorsemaine et al., 2017). The BYOD policy-based work model is expected to complicate the data control and policies for organizations that can increase importance of having well-developed policy. Successful implementation of mobile device policy can incorporate BYOD initiative into business.
Personal Data Risks: Personal data risks may exist for BYOD scheme, as the employees may not be able to keep personal data secured. The organizations and corporations should incorporate a policy to allow utilization of BYOD devices in order to protect their personal data, employee details and customer information (Gillon, 2017; Dawson, 2016). Here, in this report, Altium Limited organization required to implement BYOD policy in their business in order to improve business growth and gradual increment of profitability. Personal data is considered to be major asset for any individual employee; however, the employees should consider locking personal devices with proper and secure passwords.
Conclusion
To address all aspects of BYOD solution implementation; the researcher have chosen organization scenario of Altium Limited Australian organization. The mobile device is alike of having using dual-core processor in individual pocket. The businesses are becoming entirely centered towards BYOD policies to manage the individual devices in business activities and process. In the era of dynamic workload and considering all constraints of workforce, the primary consideration of accommodation is defined to be BYOD scheme. However, for faster growing organization as Altium Limited, the scheme is favorable to provide employees to use personal devices into organization premises. BYOD can provide benefits to Altium Limited work culture with prompt operations. Therefore, the chosen organization case scenario is justified along with widespread operations and management in different countries, clients, and several services.
References
Al Ayubi, S. U., Pelletier, A., Sunthara, G., Gujral, N., Mittal, V., & Bourgeois, F. C. (2016). A Mobile App Development Guideline for Hospital Settings: Maximizing the Use of and Minimizing the Security Risks of” Bring Your Own Devices” Policies. JMIR mHealth and uHealth, 4(2).
About Altium | Innovative PCB Design, ECAD / MCAD Collaboration & EDA Software. (2017). Altium.com. Retrieved 18 September 2017, from https://www.altium.com/company/about-altium/about-us
Dawson, P. (2016). Five ways to hack and cheat with bring?your?own?device electronic examinations. British Journal of Educational Technology, 47(4), 592-600.
Dorsemaine, B., Gaulier, J. P., Wary, J. P., Kheir, N., & Urien, P. (2017, June). A New Threat Assessment Method for Integrating an IoT Infrastructure in an Information System. In Distributed Computing Systems Workshops (ICDCSW), 2017 IEEE 37th International Conference on (pp. 105-112). IEEE.
Dove, J. (2016). Evaluation of the suitability of the mobility common criteria protection profiles for enterprise mobility management.
Faulds, M. C., Bauchmuller, K., Miller, D., Rosser, J. H., Shuker, K., Wrench, I., … & Mills, G. H. (2016). The feasibility of using ‘bring your own device’(BYOD) technology for electronic data capture in multicentre medical audit and research. Anaesthesia, 71(1), 58-66.
Filkins, B. L., Kim, J. Y., Roberts, B., Armstrong, W., Miller, M. A., Hultner, M. L., … & Steinhubl, S. R. (2016). Privacy and security in the era of digital health: what should translational researchers know and do about it?. American journal of translational research, 8(3), 1560.
Gillon, K. (2017). Technology and business risks. The Routledge Companion to Accounting and Risk, 261.
Goldes, S., Schneider, R., Schweda, C. M., & Zamani, J. (2017, June). Building a Viable Information Security Management System. In Cybernetics (CYBCONF), 2017 3rd IEEE International Conference on (pp. 1-6). IEEE.
Halford, C. D. (2016). Implementing Safety Management Systems in Aviation. Routledge.
Kearns, G. S. (2016). Countering mobile device threats: A mobile device security model. Journal of Forensic & Investigative Accounting, 8(1).
Laudon, K. C., & Laudon, J. P. (2016). Management information system. Pearson Education India.
Lobelo, F., Kelli, H. M., Tejedor, S. C., Pratt, M., McConnell, M. V., Martin, S. S., & Welk, G. J. (2016). The wild wild west: A framework to integrate mhealth software applications and wearables to support physical activity assessment, counseling and interventions for cardiovascular disease risk reduction. Progress in cardiovascular diseases, 58(6), 584-594.
Martinelli, R. J., & Milosevic, D. Z. (2016). Project management toolbox: tools and techniques for the practicing project manager. John Wiley & Sons.
Martinez, K., Borycki, E., & Courtney, K. L. (2017). Bring Your Own Device and Nurse Managers’ Decision Making. CIN: Computers, Informatics, Nursing, 35(2), 69-76.
M’manga, A., Faily, S., McAlaney, J., & Williams, C. (2017). Folk Risk Analysis: Factors Influencing Security Analysts’ Interpretation of Risk.
Muzammal, S. M., Shah, M. A., Zhang, S. J., & Yang, H. J. (2016). Conceivable security risks and authentication techniques for smart devices: A comparative evaluation of security practices. International Journal of Automation and Computing, 13(4), 350-363.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.
Reid, D., & Pechenkina, E. (2016). Bring-Your-Own-Device or Prescribed Mobile Technology? Investigating Student Device Preferences for Mobile Learning. Mobile learning futures: Sustaining quality research and practice in mobile learning.
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation, management, and security. CRC press.
Russell, C. (2016). Assessing the risk of transformative technologies. Computer Fraud & Security, 2016(7), 15-19.
Sadgrove, K. (2016). The complete guide to business risk management. Routledge.
Sebescen, N., & Vitak, J. (2017). Securing the human: Employee security vulnerability risk in organizational settings. Journal of the Association for Information Science and Technology, 68(9), 2237-2247.
Shedden, P., Ahmad, A., Smith, W., Tscherning, H., & Scheepers, R. (2016). Asset Identification in Information Security Risk Assessment: A Business Practice Approach. CAIS, 39, 15.
Singh, M. M., Chan, C. W., & Zulkefli, Z. (2017). Security and Privacy Risks Awareness for Bring Your Own Device (BYOD) Paradigm. INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 8(2), 53-62.
Souppaya, M., & Scarfone, K. (2016). Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security. NIST Special Publication, 800, 46.
Steelman, Z. R., Lacity, M., & Sabherwal, R. (2016). Charting Your Organization’s Bring-Your-Own-Device Voyage. MIS Quarterly Executive, 15(2).
Tanimoto, S., Totsuka, S., IwashitMeeting Employees Satisfaction at workConference on Network-Based Information Systems (pp. 737-749). Springer, Cham.
Trewin, S., Swart, C., Koved, L., & Singh, K. (2016, May). Perceptions of Risk in Mobile Transaction. In Security and Privacy Workshops (SPW), 2016 IEEE(pp. 214-223). IEEE.
Vithanwattana, N., Mapp, G., & George, C. (2017). Developing a comprehensive information security framework for mHealth: a detailed analysis. Journal of Reliable Intelligent Environments, 1-19.
Vorakulpipat, C., Sirapaisan, S., Rattanalerdnusorn, E., & Savangsuk, V. (2017). A Policy-Based Framework for Preserving Confidentiality in BYOD Environments: A Review of Information Security Perspectives. Security and Communication Networks, 2017.
Zahadat, N. (2016). Mobile security: A systems engineering framework for implementing bring your own device (BYOD) security through the combination of policy management and technology (Doctoral dissertation, The George Washington University).
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download