Bring Your Own Device System: Positives and Cons

Table of Material (Hop to)

Introduction

Advantage of using BYOD

Risks of by using a BYOD System

How to build a Secure BYOD policy

1. Carry out a survey

2. How can employees use their device on the cooperate network

Suggested BYOD Policy

Access Control/ Acceptable Use

Roles and responsibilities

Devices and Support

Security

Termination of employment

ISO benchmarks to follow

Benefits of using ISO 27002

Reference list

Bibliography

Introduction

Calathumpian Group is facing a major information integrity concern, the CEO is concern about the way cooperate information are treated. The company is allows BYOD (Bring Your Own Device) system meaning employees may use their personal laptop computers, smartphones or tablets on the place of work for his or her daily workload and connect to the corporate network (Webopedia. com 2015).

Advantage of using BYOD

  • Maximise gain reducing workers hardware cost
  • The purpose of all company is to increase profit while minimising bills, BYOD allows minimum-zero technology cost since there is absolutely no purchase cost for employees working device and maintenance cost for the devices.
  • Improve employees performance
    • BYOD increases employee's performance and efficiency at the job as by permitting them to use their personal devices with which they use also for recreational or home goal, they developed automatism that increase their production. Tasks and operations are completed faster (Labor force 2014).
    • Reduce hardware alienation
      • BYOD keeps employees comfortable in their working environment, since they learn how to operate with the work devices. For example: for a fresh employee, it's easier to work with a device he/she has learned than cooperate devices as they have to be trained.
      • Risks of by using a BYOD System

        • Software incompatibility
        • Employees working on different editions of Operating-system or software tools can cause information being not accessible or shared. This isn't efficient and restrict data access.
      • Distractions
        • Employees will often have their favourite apps, game titles or series present on their notebook computers or smartphones, these entertainment may distract employees throughout their working hours thus reducing their performance. For example: employees checking out their Facebook bill every 20 minutes.
          • Security
          • Security is the significant problem with BYOD systems, as it puts your entire cooperate data in risk. As all employees will certainly use their devices beyond your workplace, if they are infected by way of a disease or targeted with a hacker and hook up to the cooperate network, the complete network will be affected and important data may be corrupted, taken or deleted.

          How to build a Secure BYOD policy

          1. Carry out a survey

          I order to build an effective BYOD policy, we must analysis what type of devices are being applied to the cooperate network. A survey done by the Forrester's Forrsights Labor force Employee demonstrates smartphones and tablets are among the most used device on the place of work, the laptop being the most used device, as illustrated on the image 1, (InfoSec Institute 2013).

          2. How will employees use their device on the cooperate network

          We have to analyse what functions are done by employees on the network, this will enables the BYOD plan to match the business operations. For example: Are they using skype to hook up international suppliers, what software applications are being used, what mobile application is using the Wireless system to operate. This analysis will developed acceptance requirements and limits for the BYOD plan.

          Suggested BYOD Policy

          In order to solve the situation Calathumpian Group is facing we will developed a BYOD Coverage that may be executed in the organisation's system. The survey will contain insurance plan about acceptance use, User responsibilities, Cooperate IT Tasks, Devices and Support, Privacy Policy and Security Insurance policy, we will keep the report easy and simple to understand to make the execution of the Insurance policy system better.

          Calathumpian's employees must consent to the following regulations to be able to hook up their devices to the cooperate network. If they neglect to abide to the guidelines the company reserves the right to disconnect those to the network and press further charges. These policies are implemented for the well-running of the company by enforcing security and protect cooperate data.

          The template of Megan Berry (2015) will be utilized to build up the BYOD coverage, it is easy and very detailed template (Itmanagerdaily. com 2015).

          Access Control/ Acceptable Use

          • Activities that are effective to the business enterprise are believed as suitable.
          • Certain websites will be clogged on the network for the employees during working hours, only before and after the working hours that these websites will be accessible. This will encourage employees to be on time. Such websites relates to
          • Social Systems (Facebook, Twitter, Instagram, Yahoo +, etc. . . )
          • Video Video games related website
          • Betting website
          • Pornographic
          • Torrents
          • Streaming websites
        • The network is only going to allow a restricted amount of program to make use of internet or allowed connection to the network, this will decrease the dangers of propagating trojans on other connected devices.
        • Mobile programs that are allowed on the network are : messages, messaging applications (such as WhatsApp, Viber, Messaging, Skype), system updates
        • Mobile software that are obstructed includes : iTunes, Yahoo Play, Apps Store, Mobile Games and Social media apps
        • Roles and responsibilities

          Dividing duties in the company really helps to maintain a certain hierarchy and regulate how must do what and when. To be able to solve the problem Calathumpian Group is facing, tasks and responsibilities must be carried out so the employees knows what are expected from them. In this case a structured IT department is necessary.

          IT Security Manager

          Since the CEO of the Group may not be more comfortable with IT department anticipated to his years, it is better to choose some who's qualified because of this job. The IT Security administrator will be in charge for the creation and maintenance of the BYOD plan. This involves the risk management, security management and enforcing the BYOD policy.

          Human tool manager

          The HR director will be accountable for the understanding of the BYOD policy inside the business. His job is to ensure that the employees understand their dedication.

          IT department

          This department will provide help for the employees regarding the BYOD policy. For instance: when a worker terminate his agreement with the business, the IT department is responsible for the deletion of practical information regarding the company. They are also in charge of the execution of hardware guidelines such as: block websites and some mobile software, antivirus configuration (Auto check out on electricity on), maintenance of the network and other processes.

          All employees

          All employees must abide to the set of rules and regulations within the BYOD coverage, not respecting it will cause sanctions from the company as they are putting the business's information at dangers.

          Devices and Support

          • Mobile operating-system such as IPhone (4, 4S, 5, 6), Android devices (KitKat and Lollipop), Blackberry and Glass windows telephone are allowed only.
          • Android tablets and IPad are allowed
          • The IT office is not accountable for any device software or hardware failure
          • The IT department has the right to take the macintosh personal computer address of every device connected to the network, for security purpose. The mac address can help the IT office to apply certain restriction to specific employees

          Security

          • To prevent unauthorised usage of devices, employees must use strong passwords to safeguard their devices. A solid passwords is categories as
          • Having at least 8 characters
          • Combination of lower and upper case letter
          • Must include at least two digits
          • Cannot contain symbols
        • Employees must change their passwords every 60 weeks
        • Every time an employee leave his work place, he/she must automatically lock his/her device to avoid unauthorised access.
        • Employees must encrypt their information such as e-mail, documents and other files
        • Employee must hand over their devices to the IT team to be able to hook up to the network
        • Termination of employment

          In order to prevent cooperate information to be accessible when an employee leaves the organisation for a particular reason, the later must present the device applied to the network for inspection. The IT office will be accountable for that (Shrm. org 2015), they'll delete all company related data on these devices.

          ISO standards to follow

          "A typical is a doc that delivers requirements, specifications, recommendations or characteristics that can be used regularly to ensure that materials, products, procedures and services are fit for their purpose. We shared over 19500 International Standards that may be purchased from the ISO store or from our users Tools and techniques "(Iso. org 2015)

          In this circumstance the ISO standard that best suit the challenge of Calathumpian Group is the ISO/IEC 27002, which give attention to information security management. This expectations helps to maintain information such as worker details, cooperate financial survey or other cooperate related information.

          Benefits of using ISO 27002

          1. Risk management
          1. Find potential risk
          2. Helps to get rid of them
        • Security policies
        • Information security management
        • Resource management
        • HR security
        • Physical security
        • Communications management
        • Access control
        • Incident response management (SearchSecurity. co. UK 2015)
        • Tools and Techniques

          Incident Response

          Reference list

          InfoSec Institute, . 2013. 'Importance OF ANY BYOD Plan For Companies - Infosec Institute'.

          http://resources. infosecinstitute. com/byod-policy-for-companies/.

          Itmanagerdaily. com, . 2015. 'BYOD Insurance plan Template'.

          http://www. itmanagerdaily. com/byod-policy-template/.

          SearchSecurity. co. UK, . 2015. 'What Is ISO 27001? - Explanation From Whatis. Com'.

          http://searchsecurity. techtarget. co. uk/definition/ISO-27001.

          Shrm. org, . 2015. 'Electronic Devices: Bring Your Own Device (BYOD) Insurance policy'.

          http://www. shrm. org/templatestools/samples/policies/pages/bringyourowndevicepolicy. aspx.

          Webopedia. com, . 2015. 'What Is Bring Your Own Device (BYOD)? Webopedia'.

          http://www. webopedia. com/TERM/B/BYOD. html.

          Workforce, The. 2014. 'The Pros And Cons Of Bring-Your-Own-Device (BYOD) For A Mobile Field

          Workforce - MSI Data'. MSI Data. http://www. msidata. com/pros-and-cons-of-byod-in-mobile-field-workforce.

          Bibliography

          1 | Page

          Ошибка в функции вывода объектов.