Home   >   CSC-OpenAccess Library   >    Manuscript Information
A Bring Your Own Device Risk Assessment Model
Oonge S. Omboga, Muhambe, T. Mukisa , Ratemo, M. Cyprian
Pages - 15 - 34     |    Revised - 30-06-2021     |    Published - 01-08-2021
Volume - 12   Issue - 2    |    Publication Date - August 2021  Table of Contents
BYOD, Risk Assessment, Risk Assessment Models, Information Security.
Bring Your Own Device (BYOD), a technology where individuals or employees use their own devices on the organization’s network to perform tasks assigned to them by the organization has been widely embraced. The reasons for adoption are diverse in every organization. In spite of the security control strategies implemented by these organizations to safeguard their information resources, there has been an upsurge in information security breaches as a result of existing vulnerabilities in these systems and the legacy systems in use. Various approaches have been employed to deal with security challenges in BYOD, but according to literature, risk assessment has proved to be the first key step towards improving security of the BYOD environment in an enterprise. Risk assessment models have been proposed by various researchers, although, most are largely influenced by the degree of technological advancement and utilization as well as the working cultures within institutions. The existing models were largely developed in technologically advanced countries and thus do not fit well in developing countries. This study sought to develop flexible BYOD risk assessment model that can be adopted by varied institutions to secure their information resources. The study was carried out in Five (5) purposively selected state universities in Kenya. The research adopted a mixed research design approach with mixed sampling technique utilized to select the participants. Reliability and validity of data collection tools were evaluated and recommended by IT security and network experts. The qualitative and quantitative data was collected by interviewing experts and administering a questionnaire to sampled participants. The developed model was validated both statistically and by experts. The findings revealed that threats and vulnerabilities contributed to 39.9% and 69.2% respectively to the risk of the BYOD environment while Data Encryption (DE) and Software Updates (SU) came out strongly as intervening variables which have a major impact on the relationship between the dependent and independent variables.
1 Semantic Scholar 
2 refSeek 
3 BibSonomy 
4 Doc Player 
5 J-Gate 
6 Scribd 
7 SlideShare 
A. Alshamrani, “A survey on advanced persistent threats: Techniques, solutions, challenges, and research opportunities,” IEEE Communications Surveys & Tutorials, vol. 21, no. 2, pp. 1851-1877, 2019.
A. Barreiro, “Population and sample. Sampling techniques. Management Mathematics for European Schools,” , J. P.MaMaEusch, vol. c21, 2001.
A. Ghulam Nabi, “The Impact of Entrepreneurship Education in Higher Education: A Systematic Review and Research Agenda,” Academy of Management Learning and Education, vol. 16, no. 2, pp. 277-299, 2017.
A. Jan, H. Delcker, “MOBILE DEVICE USAGE IN HIGHER EDUCA,” in 13th International Conference on Cognition and Exploratory Learning in Digital Age (CELDA 2016), Mannheim, Germany, 2016.
A. Siani, “BYOD strategies in higher education: current knowledge, students’ perspectives, and challenges,” New Directions in the Teaching of Physical Sciences, vol. 12, no. 1, 2017.
B. Guttman, “An Introduction to Computer Security.” in The NIST Handbook, Fb&c Limited, 2018.
B. Maumita, “A New Business Challenge,” in Proceedings of The 5th International Symposium on Cloud and Service Computing (SC2 2015), IEEE CS Press, SmartCty, 2016.
B. Networks, 2012. [Online]. Available: https://campustechnology.com/Articles/2013/05/21/Report-85-Percent-of-Educational- Institutions-Allow-BYOD-Yet-Security-Lags-Behind.aspx . [Accessed 15 02 2021].
B. Patten, “Designing collaborative, constructionist and contextual applications for handheld devices,” Computers & Education, vol. 46, no. 1, pp. 294-308, 2006
B. Patten, “Designing collaborative, constructionist and contextual applications for handheld devices,” Computers & Education, vol. 46, no. 1, pp. 294-308, 2006.
C. group, “ Cyberthreat Defense Report,” CyberEdge, Annapolis, 2018.
C. Prashanth G. Rajivan, “Update now or later? Effects of experience, cost, and risk preference on update decisions,” journoal of cyber security, vol. 6, no. 1, 2020.
CISCO, “Cisco Bring Your Own Device: Device Freedom Without Compromising the IT Network.,” Cisco Press, San Jose, 2012.
D. Kiran, “A Comparative Analysis on Risk Assessment Information Security Models.,” International Journal of Computer Applications, vol. Volume 82, no. 9., pp. 0995-8887, 2013.
D. Maguire, “Dealing with cyber security threats to universities and colleges,” 25 9 2019. [Online]. Available: https://www.jisc.ac.uk/blog/dealing-with-cyber-security-threats-to- universities-and-colleges-25-sep-2019. [Accessed 23 4 2021].
D. Milligan, “Business Risks and Security Assessment for Mobile Devices. In Proceedings of the 8th Conference on 8th WSEAS,” in Int. Conference on Mathematics and Computers in Business and Economics, Dallas, Texas, USA, 2007.
Dave, “Why an Information Security Risk Assessment is Important,” BANKERS EQUIPMENT SERVICE, 13 07 2020. [Online]. Available: https://www.bankersequipment.com/2018/07/26/why-an-information-security-risk- assessment-is-important/. [Accessed 08 04 2021].
E. Ounza, L. Samuel and O. Solomon, “Emerging Security Challenges due to Bring Your Own Device Adoption: A Survey of Universities in Kenya,” International Journal of Science and Research (IJSR), vol. 7, no. 1, 2018.
E. TUVEY, “Mobile security trends we expect to see in 2019,” wandera, 4 12 2018. [Online]. Available: https://www.wandera.com/mobile-security-trends-for-2019/. [Accessed 17 5 2021].
ENISA, “Inventory of Risk Management / Risk Assessment Tools.,” 01 07 2020. [Online]. Available:https://www.enisa.europa.eu/topics/threat-risk-management/risk- management/current-risk/risk-management-inventory/rm-ra-tools?b_start:int=20. [Accessed 09 04 2021].
G. Israel, “Determining Sample Size. University of Florida Cooperative Extension Service, Institute of Food and Agriculture Sciences, EDIS, Florida.,” University of Florida, vol. PEOD, no. 5, 1992.
H. Security, “Malicious Cyber Actors Target US Universities and Colleges.,” 16 01 2016. [Online]. [Accessed 5 4 2021].
I. Veljkovic and A. Budree, “Development of Bring-Your-Own-Device Risk Management Model: A Case Study from a South African Organisation.,” The Electronic Journal of Information Systems Evaluation, vol. 22, no. 1, pp. 1-14, 2019.
J. Aileen G. Bacudio, “AN OVERVIEW OF PENETRATION TESTING,” International Journal of Network Security & Its Applications (IJNSA), vol. 3, no. 6, 2011.
J. Cohen, Statistical Power Analysis for the Behavioral Sciences, NJ: Lawrence Erlbaum, Mahwah, 1988.
J. Grama, “Just in Time Research: Data Breaches in Higher Education,” EDUCAUSE Research, 2014.
J. Kim, “Burp suite: Automating web vulnerability scanning,” a Ph.D. dessertation Utica College, 2020.
J. Macus, “Is BYOD Trend Fading, Technivorz,” 11 8 2015. [Online]. Available: https://technivorz.com/is-byod-trend-fading. [Accessed 11 8 2020].
J. Roman, “(2012). BYOD: Get Ahead of the Risk. Retrieved May, 2, 2015.,” 11 1 2012. [Online]. Available: https://www.bankinfosecurity.com/byod-get-ahead-risk-a-4394. [Accessed 23 4 2021].
J. Roman, “BYOD: Get Ahead of the Risk,” Information Security Media Group, Princeton, 2012.
K Bechkoum, “university world news,” 18 7 2021. [Online]. Available: https://www.universityworldnews.com/post.php?story=20200717134543848. [Accessed 23 4 2021].
K. Adane, “Threat introduction by Bring your own Device(BYOD) Adoption in an Ethiopian Higher Learning Institution,” solutions to Security and Privacy, vol. 16, no. 2, pp. 7-29, 2020.
L. Greitzer, “Insider Threats: It's the HUMAN, Stupid!” in NCS '19: Proceedings of the Northwest Cybersecurity Symposium, 2019.
L. Irwin, “54% of universities reported a data breach in the past year,” IT governance, London, 2020.
L. Jason Andress, “Conduct Security Awareness and Training, in Building a Practical Information Security Program, 2017),,” 2017.
L. Scarfo., “New Security perspectives around BYOD.,” in Seventh International Conference on Broadband, Wireless computing, 2012.
L. Wilbanks, “Cyber Security Requirements for Institutions of Higher Education .,” NASFAA Presentation, 2016.
M. French, C. Guo, & J. Shim, “Current Status, Issues, and Future of Bring Your Own Device (BYOD).,” Communications of the Association for Information Systems, , vol. 10, pp. 192-197, 2014.
M. Jr, “Training employees how to recognize and defend against cyber-attacks is the most under spent sector of the cybersecurity industry,” cyber Risk aware, 2019.
M. Kashoda &. W. Timothy, “E-Readiness survey of Kenyan Universities (2013) report,” Kenya Education Network, Nairobi, 2014.
M. Turek, “Employees Say Smartphones Boost Productivity by 34 Percent: Frost & Sullivan Research,” 3 8 2016. [Online]. Available: https://insights.samsung.com/2016/08/03/employees-say-smartphones-boost-productivity- by-34-percent-frost-sullivan-research . [Accessed 23 4 2021].
N. Mikaeilvand, “New Framework for Comparing Information Security Risk Assessment Methodologies.,” Australian Journal of Basic and Applied Science, vol. 5, no. 9, pp. 160-166, 2011.
N. Mikaeilvand., “New Framework for Comparing Information Security Risk Assessment Methodologies.,” Australian Journal of Basic and Applied Sciences, vol. 5, no. 9, pp. 160- 166, 2011.
O. Dogerlioglu, ““Bring your own device” policies: Perspectives of both employees and organizations,” Knowledge Management & E-Learning, vol. 11, no. 2, pp. 233-246, 2019.
O. Education., “Cybersecurity Considerations for Institutions of Higher Education,” 2017. [Online]. Available: https://rems.ed.gov/docs/Cybersecurity_Considerations_for_Higher_ed_Fact_Sheet_508C.p df. [Accessed 4 4 2021].
P. COOKE, “BYOD trends of the past and future,” software2, 01 07 2020. [Online]. Available: https://www.software2.com/resource-centre/byod/byod-trends. [Accessed 08 04 2021].
P. Pavel Andreev, “Validating Formative Partial Least Squares (PLS) Models: Methodological Review and Empirical Illustration.,” in Thirtieth International Conference on Information Systems, Phoenix, Arizona., 2009.
R. &. F. De Kock, “Mobile device usage in higher education institutions in South,” Information Security for South Africa (ISSA), pp. 27-34, 8 2016.
R. Meulen, R. Janess., “Mobile Communication Devices by Region and Country, 4Q13 . Technical Report,” Gartner, Stamford, 2013.
R. Ogie, “Bring your own device: an overview of risk assessment.,” IEEE Consumer Electronics Magazine, vol. 5, no. 1, pp. 114--119, 2016.
S. Dahlstrom, “The Consumerization of Technology and the Bringing your Own Everything (BYOT) Era of Higher Education,,” education report, 2013.
S. Frank, L. Greitzer, “Positioning your organization to respond to insider threats,” IEEE Engineering Management Review, vol. 47, no. 2, pp. 75-83, 2019.
S. Gajar, “Bring Your Own Device (Byod): Security Risks and Mitigating strateegies,” Journal of Global Research in Computer science, pp. 62-70, 2013.
S. Lencer, “Auditing the BYOD program: the growing business use of personal smartphones and other devices raises new security risks,” Institute of Internal Auditors, Inc., vol. 70, no. 1, p. 23+, 2013.
S. Sengupta, “A survey of moving target defenses for network,” IEEE Communications Surveys & Tutorials, 2020.
T. Nataliya W. Shevchenko, “Threat Modeling: A Summary of Available Methods.,” Software Engineering Institute | Carnegie Mellon University, 2018.
T. Yamane, Statistics, An Introductory Analysis, 2nd Ed., New York: Harper and Row, 1967.
V. Combs, “Google: Most people still have terrible password habits,” tech republic, 4 6 2019. [Online]. Available: https://www.techrepublic.com/article/google-most-people-still-have- terrible-password-habits/). [Accessed 22 3 2021].
W. Creswell, Research Design: Qualitative, Quantitative, and Mixed Methods Approaches, sage, 2014.
W. Creswell, Research design: Qualitative, quantitative, and mixed methods approaches., Sage publications., 2013.
Y. Ratchford, “BYOD-Insure: A security assessment model for enterprise BYOD.” in Fifth Conference on Mobile and Secure Services (MobiSecServ), 2019.
Z. OS, Zain O and R. Kadir, “Security-Based BYOD Risk Assessment Metamodelling Approach.,” in Twenty First Pacific Asia Conference on Information Systems, LANGKWAI, 2017.
Z. Yan, “10 technology trends to watch in the COVID-19 pandemic,” 21 4 2020. [Online]. Available: https://www.weforum.org/agenda/2020/04/10-technology-trends-coronavirus- covid19-pandemic-robotics-telehealth/. [Accessed 04 04 2021].
Mr. Oonge S. Omboga
School of Computing Department of Information Technology, Maseno University, Maseno, P.O. Box 333-40105 - Kenya
Dr. Muhambe, T. Mukisa
School of Computing Department of Information Technology, Maseno University, Maseno, P.O. Box 333-40105 - Kenya
Dr. Ratemo, M. Cyprian
Department of Information Technology, Kisii University, Kisii, P.O. Box 408 – 40200 - Kenya