Pregled bibliografske jedinice broj: 934732
Proactive security metrics for Bring Your Own Device (BYOD) in ISO 27001 supported environments
Proactive security metrics for Bring Your Own Device (BYOD) in ISO 27001 supported environments // Proceedings of 24th Telecommunications Forum (TELFOR)
Beograd, Srbija, 2016. str. 41-44 (predavanje, međunarodna recenzija, cjeloviti rad (in extenso), znanstveni)
CROSBI ID: 934732 Za ispravke kontaktirajte CROSBI podršku putem web obrasca
Naslov
Proactive security metrics for Bring Your Own Device (BYOD) in ISO 27001 supported environments
Autori
Hadjarević, Kermal ; Pat, Allen ; Spremić, Mario
Vrsta, podvrsta i kategorija rada
Radovi u zbornicima skupova, cjeloviti rad (in extenso), znanstveni
Izvornik
Proceedings of 24th Telecommunications Forum (TELFOR)
/ - , 2016, 41-44
Skup
24th Telecommunications Forum (TELFOR)
Mjesto i datum
Beograd, Srbija, 22.11.2016. - 23.11.2016
Vrsta sudjelovanja
Predavanje
Vrsta recenzije
Međunarodna recenzija
Ključne riječi
Information security ; Measurement ; ISO Standards ; Malware ; Mobile handsets
Sažetak
Bring Your Own Device (BYOD) policy introduces new types of security risks [1], [2] brought with personal device on production network that this policy allows. These personal devices have to be reviewed for security weaknesses, risks, and tested more rigorously than other devices in the system that allows BYOD policy. This is because these personal devices usually can have different operating systems, application installed, patched or not, infected with malware, that could increase security risks and have negative impact on information security of system where they are brought. In this paper we presented a case of penetration testing against BYOD in organization and other organizational potentially vulnerable services that could help attacker to escalate their malicious activities. In the paper [3] two metrics, were proposed for BYOD which are vulnerability and uncertainty. Other researchers such as [4] presented other relevant metrics and standards such as NIST [5] introduced the approach in BYOD policy management, or a Policy-Based Framework presented by [6]. We explored possibilities in creating holistic metrics creation- based on ISO 27002:2013 [7] standard and more specifically to section 6. Organization of information security and subsection 6.2 Mobile devices and teleworking. Our approach to information security metrics is based on ISO 27004:2009 [8] international standard.
Izvorni jezik
Engleski
Znanstvena područja
Informacijske i komunikacijske znanosti
