Proactive security metrics for Bring Your Own Device (BYOD) in ISO 27001 supported environments (CROSBI ID 660968)
Prilog sa skupa u zborniku | izvorni znanstveni rad | međunarodna recenzija
Podaci o odgovornosti
Hadjarević, Kermal ; Pat, Allen ; Spremić, Mario
engleski
Proactive security metrics for Bring Your Own Device (BYOD) in ISO 27001 supported environments
Bring Your Own Device (BYOD) policy introduces new types of security risks [1], [2] brought with personal device on production network that this policy allows. These personal devices have to be reviewed for security weaknesses, risks, and tested more rigorously than other devices in the system that allows BYOD policy. This is because these personal devices usually can have different operating systems, application installed, patched or not, infected with malware, that could increase security risks and have negative impact on information security of system where they are brought. In this paper we presented a case of penetration testing against BYOD in organization and other organizational potentially vulnerable services that could help attacker to escalate their malicious activities. In the paper [3] two metrics, were proposed for BYOD which are vulnerability and uncertainty. Other researchers such as [4] presented other relevant metrics and standards such as NIST [5] introduced the approach in BYOD policy management, or a Policy-Based Framework presented by [6]. We explored possibilities in creating holistic metrics creation- based on ISO 27002:2013 [7] standard and more specifically to section 6. Organization of information security and subsection 6.2 Mobile devices and teleworking. Our approach to information security metrics is based on ISO 27004:2009 [8] international standard.
Information security ; Measurement ; ISO Standards ; Malware ; Mobile handsets
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
Podaci o prilogu
41-44.
2016.
nije evidentirano
objavljeno
Podaci o matičnoj publikaciji
Proceedings of 24th Telecommunications Forum (TELFOR)
Podaci o skupu
24th Telecommunications Forum (TELFOR)
predavanje
22.11.2016-23.11.2016
Beograd, Srbija