商品描述
Proliferation of Bring Your Own Device (BYOD) has instigated a widespread change, fast outpacing the security strategies deployed by organizations. The influx of these devices has created information security challenges within organizations, further exacerbated with employees' inconsistent adherence with BYOD security policy. To prevent information security breaches, compliance with BYOD security policy and procedures is vital. This book aims to investigate the factors that determine employees' BYOD security policy compliance by using mixed methods approach. Security policy compliance factors, BYOD practices and security risks were identified following a systematic review approach. Building on Organizational Control Theory, Security Culture and Social Cognitive Theory, a research framework positing a set of plausible factors determining BYOD security policy compliance was developed. Next, with a purposive sample of eight information security experts from selected public sector organizations, interviews and BYOD risk assessments analysis were performed to furnish in-depth insights into BYOD risks, its impact on organizations and recommend control measures to overcome them. This led to the suggestion of four control measures to mitigate critical BYOD security risks such as Security Training and Awareness (SETA), policy, top management commitment and technical countermeasures. The control measures were mapped into the research framework to be tested in the following quantitative phase. The proposed research framework was tested using survey results from 346 employees of three Critical National Information Infrastructure (CNII) agencies. Using Partial Least Squares - Structural Equation Modelling (PLS-SEM), the framework's validity and reliability were evaluated, and hypotheses were tested. Findings show that perceived mandatoriness, self-efficacy and psychological ownership are influential in predicting employees' BYOD security policy compliance. Specification of security policy is associated with perceived mandatoriness, while BYOD IT support and SETA are significant towards self-efficacy. Unexpectedly, security culture has been found to have no significant relationship to BYOD security policy compliance. Theoretical, practical, and methodological contributions were discussed and suggestions for future research were recommended. The analysis led to a number of insightful findings that contribute to the literature and the management, which are predominantly centered on traditional computing. In view of the ever-increasing BYOD threats to the security of government information, it is imperative that IT managers establish and implement effective policies to protect vital information assets. Consequently, the findings of this study may benefit policymakers, particularly in the public sector, in their efforts to increase BYOD security policy compliance among employees.
商品描述(中文翻譯)
隨著自帶設備(BYOD)的普及,組織的安全策略面臨著快速變化,這一變化的速度遠超過了組織所部署的安全策略。這些設備的湧入在組織內部造成了資訊安全挑戰,並因員工對BYOD安全政策的不一致遵守而進一步惡化。為了防止資訊安全漏洞,遵守BYOD安全政策和程序至關重要。本書旨在通過混合方法探討影響員工遵守BYOD安全政策的因素。通過系統性回顧方法,確定了安全政策遵守因素、BYOD實踐和安全風險。在組織控制理論、安全文化和社會認知理論的基礎上,開發了一個研究框架,提出了一組可能影響BYOD安全政策遵守的因素。接下來,通過對八位來自選定公共部門組織的信息安全專家的有目的樣本進行訪談和BYOD風險評估分析,提供了對BYOD風險、其對組織影響的深入見解,並建議控制措施以克服這些風險。這導致提出了四項控制措施,以減輕關鍵的BYOD安全風險,例如安全培訓與意識(SETA)、政策、最高管理層的承諾和技術對策。這些控制措施被映射到研究框架中,以便在隨後的定量階段進行測試。所提出的研究框架使用來自三個關鍵國家資訊基礎設施(CNII)機構346名員工的調查結果進行了測試。通過偏最小二乘法-結構方程模型(PLS-SEM),評估了框架的有效性和可靠性,並檢驗了假設。研究結果顯示,感知的強制性、自我效能和心理擁有感在預測員工遵守BYOD安全政策方面具有影響力。安全政策的具體化與感知的強制性相關,而BYOD IT支持和SETA對自我效能具有顯著影響。意外的是,安全文化與BYOD安全政策遵守之間並未發現顯著關係。討論了理論、實踐和方法論的貢獻,並建議了未來研究的方向。分析結果導致了一些有見地的發現,這些發現對文獻和管理有貢獻,主要集中在傳統計算領域。鑒於自帶設備對政府資訊安全的威脅日益增加,IT經理必須建立和實施有效的政策來保護重要的資訊資產。因此,本研究的發現可能對政策制定者,特別是在公共部門,增加員工對BYOD安全政策的遵守具有幫助。
作者簡介
Rathika Palanisamy Rathika Palanisamy holds the position of Principal Assistant Secretary in the Information Technology Division, Ministry of Finance, Malaysia. She completed her doctoral degree at the Department of Computer Systems and Technology, Faculty of Computer Science and Information Technology, University of Malaya, Malaysia in 2023. Her research contributes to understanding the complexities of BYOD implementation, emphasizing the need for comprehensive strategies that address both technical and human behavioral aspects to enhance security policy compliance in organizations. Her current research interests include Information Security Risk Management, Artificial Intelligence Security Governance and Integration of Information Security in Enterprise Architecture. Azah Anir Norman Azah Anir Norman is an associate professor and currently the Deputy Dean of Development, Faculty of Computer Science and Information Technology, University of Malaya (UM), Malaysia. She earned her undergraduate degree at Universiti Kebangsaan Malaysia (UKM) and her master's degree in electronic commerce security from Royal Holloway University of London in the UK in 2004. She completed her Ph.D. from the University of Malaya (UM) in 2014. She specializes in information security management systems (ISMS), secure applications for ICT, privacy and human elements in security, information security governance, security on social platforms, and e-commerce security. She is also very interested in topics pertaining to Islamic ICT (such as Halal and Quran Authentication), Design Thinking, and Teaching & Learning Innovations. Azah Norman published numerous academic papers in reputable ISI and SCOPUS publications in the fields of information security governance, information security management, information security systems, information security & trust, information security & privacy, information security education awareness, information security & assurance, and information security policy & governance. Before entering the academic world, she worked as a Consultant at MSC Trustgate.com, a subsidiary of MDEC and a partner of VeriSign Inc. in the USA. In Trustgate, she provided Internet Security implementation consultation to numerous top 500 companies. Prior to becoming the consultant at Trustgate, she worked at VeriSign Inc. in Silicon Valley, San Jose, California, in 2001. As a specialist in information security management systems, she is also part of an expert in the working group WG/G/5-1 Information Security Management System, Department of Standards, Malaysia, and the International Organisation for Standardisation (ISO). She belongs to the Association of Information Systems (AIS) and the MyAIS (AIS Malaysia Chapter), an organization that promotes excellence and knowledge progress in the field of information systems research and practice. She is also a secretary at the Cybersecurity Academia Malaysia Association (CSAM), a national association that promotes cybersecurity teaching, awareness, and research in Malaysia. She received a prestigious award from the Royal Academy of Engineering of the United Kingdom (RAENG) as the Leader of Innovation in 2018. Miss Laiha Mat Kiah Miss Laiha Mat Kiah received her PhD degree in Information Security from Royal Holloway, University of London, United Kingdom in 2007, and since then she has been an academic and an active researcher at the Faculty of Computer Science & Information Technology, Universiti Malaya (UM), Kuala Lumpur, Malaysia. Her fundamental discipline is Computer Science, and her area of expertise is Cyber Security (and its related topics). She was promoted to the full Professorship in 2015, and is an active member of Malaysia Board of Technologists (Ts.), Malaysian Society for Cryptology Research (MSCR), IEEE as Senior Member, and EC Council member. Her main research interest will always be in the Security aspect of Computing and Technology fields with variation of applications in multi and/or trans disciplinary projects. This is evidenced by her publications and research projects in which she is/was the principal investigator (PI) as well as co-PIs. As a professional technologist (Ts.), keeping up with the current trend and demand of ever evolving Computing Technology field is crucial to ensure the quality and the impact of her research work. Current research interests include Cyber Security, Blockchain Technology, IoT and Health Information Exchange. Tutut Herawan Tutut Herawan is an associate professor at the Department of Information Systems, Faculty of Computer Science and Information Technology, University of Malaya. His mathematics Erdos number is 4. He was named on the Top 2% World Scientists Ranking by Stanford University and Elsevier BV, since 2019-present. He received a PhD degree in information technology in 2010 from Universiti Tun Hussein Onn Malaysia. He has more than 17 years experience as academic staff and has supervised several Master & PhD students. He is an associate editor of Malaysian Journal of Computer Science (ISI WoS) & Springer Nature of Computer Science. He is also an editorial member of International Journal of Knowledge and Systems Science, IGI Global (Scopus), and editor-advisory board member of the book series Information Systems Engineering and Management (ISEM) of Springer Nature. He has edited five Springer-series books (Presently editing three books of Springer Nature in Tourism Entrepreneurship and Technology) and published more than 330 articles in various book chapters, international journals, and conference proceedings (with Scopus h-index 35 and ISI h-index 28). He has actively served as a chair, co-chair, program committee member and co-organizer for numerous international conferences/workshops. His research area includes applied mathematics in computer science, data science and big data, data engineering, information systems, decision support systems, data mining and knowledge discovery from databases, soft computing, and information technology for tourism.
作者簡介(中文翻譯)
拉提卡·帕拉尼薩米 拉提卡·帕拉尼薩米擔任馬來西亞財政部資訊科技部的首席助理秘書。她於2023年在馬來亞大學計算機科學與資訊科技系獲得博士學位。她的研究有助於理解BYOD(自帶設備)實施的複雜性,強調需要全面的策略來解決技術和人類行為方面的問題,以增強組織的安全政策遵從性。她目前的研究興趣包括資訊安全風險管理、人工智慧安全治理以及資訊安全在企業架構中的整合。 阿扎·安尼爾·諾曼 阿扎·安尼爾·諾曼是副教授,目前擔任馬來亞大學(UM)計算機科學與資訊科技系的發展副院長。她在馬來西亞國立大學(UKM)獲得本科學位,並於2004年在英國倫敦皇家霍洛威大學獲得電子商務安全碩士學位。她於2014年在馬來亞大學(UM)獲得博士學位。她專注於資訊安全管理系統(ISMS)、ICT的安全應用、安全平台上的隱私與人類因素、資訊安全治理、社交平台的安全以及電子商務安全。她對於伊斯蘭ICT(如清真和古蘭經認證)、設計思維以及教學與學習創新等主題也非常感興趣。阿扎·諾曼在資訊安全治理、資訊安全管理、資訊安全系統、資訊安全與信任、資訊安全與隱私、資訊安全教育意識、資訊安全與保證以及資訊安全政策與治理等領域的知名ISI和SCOPUS期刊上發表了多篇學術論文。在進入學術界之前,她曾在MSC Trustgate.com擔任顧問,該公司是馬來西亞數位經濟公司(MDEC)的子公司,也是美國VeriSign Inc.的合作夥伴。在Trustgate,她為多家《財富》500強公司提供網路安全實施諮詢。在成為Trustgate的顧問之前,她於2001年在加州聖荷西的VeriSign Inc.工作。作為資訊安全管理系統的專家,她也是馬來西亞標準局WG/G/5-1資訊安全管理系統工作組的成員,以及國際標準化組織(ISO)的專家。她是資訊系統協會(AIS)和MyAIS(AIS馬來西亞分會)的成員,該組織促進資訊系統研究和實踐領域的卓越和知識進步。她還是馬來西亞網路安全學術協會(CSAM)的秘書,該協會是一個促進馬來西亞網路安全教學、意識和研究的全國性組織。她於2018年獲得英國皇家工程院(RAENG)頒發的創新領導者獎。 賴哈·馬特·基亞 賴哈·馬特·基亞於2007年在英國倫敦皇家霍洛威大學獲得資訊安全博士學位,自那時起,她一直在馬來亞大學(UM)計算機科學與資訊科技系擔任學術職位並積極從事研究。她的基本學科是計算機科學,專業領域是網路安全(及其相關主題)。她於2015年晉升為正教授,並且是馬來西亞技術專家委員會(Ts.)、馬來西亞密碼學研究學會(MSCR)、IEEE的高級會員以及EC Council的成員。她的主要研究興趣始終集中在計算和技術領域的安全方面,並在多學科和/或跨學科項目中應用。這在她的出版物和研究項目中得到了證明,她是多個項目的首席研究員(PI)及共同研究員(co-PI)。作為一名專業技術專家(Ts.),跟上不斷演變的計算技術領域的當前趨勢和需求對於確保她的研究工作的質量和影響至關重要。當前的研究興趣包括網路安全、區塊鏈技術、物聯網和健康資訊交換。 圖圖·赫拉萬 圖圖·赫拉萬是馬來亞大學計算機科學與資訊科技系的副教授。他的數學Erdos數為4。自2019年至今,他被斯坦福大學和Elsevier BV列入全球前2%的科學家排名。他於2010年在馬來西亞敦胡先翁大學獲得資訊技術博士學位。他擁有超過17年的學術工作經驗,並指導過多名碩士和博士生。 他是《馬來西亞計算機科學期刊》(ISI WoS)和Springer Nature計算機科學的副編輯。他還是《國際知識與系統科學期刊》(IGI Global,Scopus)的編輯成員,以及Springer Nature的《資訊系統工程與管理》(ISEM)系列書籍的編輯顧問委員會成員。他編輯了五本Springer系列書籍(目前正在編輯三本有關旅遊創業和技術的Springer Nature書籍),並在各種書籍章節、國際期刊和會議論文集中發表了超過330篇文章(Scopus h-index 35和ISI h-index 28)。他積極擔任多個國際會議/研討會的主席、共同主席、程序委員會成員和共同組織者。他的研究領域包括計算機科學中的應用數學、數據科學和大數據、數據工程、資訊系統、決策支持系統、數據挖掘和數據庫中的知識發現、軟計算以及旅遊資訊技術。
