| 1. |
- Brodin, Martin
(författare)
-
Managing information security for mobile devices in small and medium-sized enterprises : Information management, Information security management, mobile device
- 2020
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- The rapid proliferation of mobile devices makes mobile security a weak point in many organisations’ security management. Though there are a number of frameworks and methods available for improving security management, few of these target mobile devices, and most are designed for large organisations. Small and medium size organisations are known to be vulnerable to mobile threats, and often subject to the same legal requirements as larger organisations. However, they typically lack the resources and specialist competences necessary to use the available frameworks.This thesis describes an Action Design Research project to devise and test a low cost, low learning curve method for improving mobile security management. The project is conducted together with a small Swedish consulting company and evaluated in several other companies. In order to solve the challenge that SMEs faces; three objectives have been set:1. Identify existing solutions at a strategic level to managing information that is accessible with mobile devices and their suitability for SMEs.2. Develop a framework to support SMEs to manage information in a secure way on mobile devices.3. Evaluate the framework in practice.The results show that simple theoretical models can be integrated with well-known analysis techniques to inform managers and provide practical help for small companies to improve mobile security practice. The most important contribution to both science and practice is a structured approach for managers to deal with mobile devices, or for that matter other technology advances that do not fit into the existing management system. The journey to the final solution also produced several smaller contributions to science, for example insights from C-suites about strategies and work with mobile devices, differences and similarities between CYOD (choose your own device) and BYOD (bring your own device), the role of security policies in organisations, and twelve identified management issues with mobile devices.
|
|
| 2. |
- Brodin, Martin
(författare)
-
Mobile Device Strategy : A management framework for securing company information assets on mobile devices
- 2016
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- The problem addressed by this research is a demand for increased flexibility in access to organisational information, driven by the increasing popularity of mobile devices. Employees increasingly bring private devices to work (Bring Your Own Device, BYOD) or use work devices for private purposes (Choose Your Own Device, CYOD). This puts managers in a difficult position, since they want the benefits of mobility, without exposing organisational data to further risk. The research focuses on management (particularly information security management) issues in the design and implementation of strategies for mobile devices. There are two objectives. The first is to identify existing information security management strategies for mobile and dual-use devices. The second is to develop a framework for analysing, evaluating and implementing a mobile device strategy.The overall research strategy is inspired by Design Science; where the mission is to develop an artefact, in this case a framework, which will help to solve a practical problem. Methods include literature review, theoretical development, and the collection and analysis of qualitative data through interviews with executives. The main result of this work is the framework, which deals with the complete process, including analysis, design and implementation of a mobile device management strategy. It helps researchers to understand necessary steps in analysing phenomenon like BYOD and gives practitioners guidance in which analyses to conduct when working on strategies for mobile devices. The framework was developed primarily through theoretical work (with inspiration from the mobile security and strategic management literature, and the ISO/IEC 27000 standard), and evaluated and refined through the empirical studies. The results include twelve management issues, a research agenda, argumentation for CYOD and, guidance for researchers and practitioners.
|
|
| 3. |
- Brodin, Martin
(författare)
-
A Framework for GDPR Compliance for Small- and Medium-Sized Enterprises
- 2019
-
Ingår i: European Journal for Security Research. - : Springer. - 2365-0931 .- 2365-1695. ; 4:2, s. 243-264
-
Tidskriftsartikel (refereegranskat)abstract
- The EU’s General Data Protection (GDPR) is an EU regulation that affects everyone in the EU and all organisations outside the EU that wants to do business with the EU. GDPR introduces tougher requirements for processing personal data, which may be difficult for many small- and medium-sized enterprises (SMEs) to follow without major adjustments. This work uses design science to develop a framework for SMEs to adapt to GDPR. The framework was empirically evaluated in three different types of organisations, resulting of GDPR compliance according to their Data Protection Officers. It was also theoretical evaluated against scientific literature including the identified implications of GDPR. In this paper the framework is presented, from initial analysis and design to implementation and future work, with advice on how to work with each part to achieve compliance. The paper also highlights some of the most important changes in GDPR compared to its predecessor, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (DIR95).
|
|
| 4. |
- Brodin, Martin, et al.
(författare)
-
Mobile information security management for small organisation technology upgrades : the policy-driven approach and the evolving implementation approach
- 2020
-
Ingår i: International Journal of Mobile Communications. - : InderScience Publishers. - 1470-949X .- 1741-5217. ; 18:5, s. 598-618
-
Tidskriftsartikel (refereegranskat)abstract
- Information security management researchers are often focused on the information security policy, its implementation and evaluation as the primary means of ensuring that organisations protect their valuable data. However, information security is usually nested with a variety of other concerns (for instance technology upgrades, information access, efficiency and sustainability issues, employee satisfaction), so this policy-driven approach is seldom operated in isolation. We investigate the approach as implied in the mobile information security literature, provide a literature-inspired characterisation and use it to analyse an iPad implementation for politicians in a Swedish municipality. The analysis provides only a partial explanation for security work in this kind of small organisation technology upgrade, so we develop a complementary approach: the evolving implementation approach. A suggestion is made for how the two approaches can be reconciled, and implications for both practitioners and researchers derived.
|
|
| 5. |
- Brodin, Martin, et al.
(författare)
-
Management issues for Bring Your Own Device
- 2015
-
Ingår i: Proceedings of 12th European, Mediterranean & Middle Eastern Conference on Information Systems 2015 (EMCIS2015). - : European, Mediterranean & Middle Eastern Conference on Information Systems (EMCIS). - 9789606897085
-
Konferensbidrag (refereegranskat)abstract
- Bring Your Own Device (BYOD) is an emerging research area focusing on the organisational adoption of (primarily mobile) devices used for both private and work purposes. There are many information security related problems concerning the use of BYOD and it should therefore be considered an issue of strategic importance for senior managers. This paper presents a systematic literature analysis using a BYOD strategic management framework to assess developing research trends. The analysis reveals early work in the analysis and design aspects of BYOD strategies, but a lack of research in operationalizing (planning, implementation and evaluating) strategy – the action phase. The resulting research agenda identifies twelve management issues for further research and four overall research directions that may stimulate future research.
|
|
| 6. |
- Brodin, Martin
(författare)
-
Combining ISMS with strategic management : The case of BYOD
- 2015
-
Ingår i: Information Systems 2015. - : IADIS Press. - 9789898533333 ; , s. 161-168
-
Konferensbidrag (refereegranskat)abstract
- Bring Your Own Device (BYOD) (where employees use their private devices for work) causes problems for organisations since their management systems are seldom designed for this purpose. If BYOD is not adequately regulated, many security and privacy issues may result. This paper proposes an analysis-design-action framework for designing a suitable security management strategy by combining Johnson and Scholes’ strategic management model with the ISO/IEC 27000-series.
|
|
| 7. |
- Brodin, Martin
(författare)
-
Security strategies for managing mobile devices in SMEs : A theoretical evaluation
- 2017
-
Ingår i: Proceedings of the 8th International Conference on Information, Intelligence, Systems & Applications (IISA). - : IEEE. - 9781538637326 - 9781538637319 ; , s. 89-94
-
Konferensbidrag (refereegranskat)abstract
- With mobile devices connecting personal and business lives together creating opportunities for both employees and employers the need for a longtime mobile strategy increases. The scientific literature provides four different approaches which are analyzed together with an approach from a governmental agency. As basis for the analysis is identified security challenges which are adopted to a SMEs environment. The conclusion is that most of the framework manage the security challenges well, but only two take benefits with mobile devices into account.
|
|
