About the Book
Proliferation of Bring Your Own Device (BYOD) has instigated a widespread change, fast outpacing the security strategies deployed by organizations. The influx of these devices has created information security challenges within organizations, further exacerbated with employees’ inconsistent adherence with BYOD security policy. To prevent information security breaches, compliance with BYOD security policy and procedures is vital. This book aims to investigate the factors that determine employees' BYOD security policy compliance by using mixed methods approach. Security policy compliance factors, BYOD practices and security risks were identified following a systematic review approach. Building on Organizational Control Theory, Security Culture and Social Cognitive Theory, a research framework positing a set of plausible factors determining BYOD security policy compliance was developed. Next, with a purposive sample of eight information security experts from selected public sector organizations, interviews and BYOD risk assessments analysis were performed to furnish in-depth insights into BYOD risks, its impact on organizations and recommend control measures to overcome them. This led to the suggestion of four control measures to mitigate critical BYOD security risks such as Security Training and Awareness (SETA), policy, top management commitment and technical countermeasures. The control measures were mapped into the research framework to be tested in the following quantitative phase. The proposed research framework was tested using survey results from 346 employees of three Critical National Information Infrastructure (CNII) agencies. Using Partial Least Squares – Structural Equation Modelling (PLS-SEM), the framework's validity and reliability were evaluated, and hypotheses were tested. Findings show that perceived mandatoriness, self-efficacy and psychological ownership are influential in predicting employees’ BYOD security policy compliance. Specification of security policy is associated with perceived mandatoriness, while BYOD IT support and SETA are significant towards self-efficacy. Unexpectedly, security culture has been found to have no significant relationship to BYOD security policy compliance. Theoretical, practical, and methodological contributions were discussed and suggestions for future research were recommended. The analysis led to a number of insightful findings that contribute to the literature and the management, which are predominantly centered on traditional computing. In view of the ever-increasing BYOD threats to the security of government information, it is imperative that IT managers establish and implement effective policies to protect vital information assets. Consequently, the findings of this study may benefit policymakers, particularly in the public sector, in their efforts to increase BYOD security policy compliance among employees.
Table of Contents:
Introduction.- Bring Your Own Device.- Theoretical Framework and Hypotheses Development.- Research Methodology.- Analysis, Results and Discussion.- Conclusion and Future Work.
About the Author :
Rathika Palanisamy Rathika Palanisamy holds the position of Principal Assistant Secretary in the Information Technology Division, Ministry of Finance, Malaysia. She completed her doctoral degree at the Department of Computer Systems and Technology, Faculty of Computer Science and Information Technology, University of Malaya, Malaysia in 2023. Her research contributes to understanding the complexities of BYOD implementation, emphasizing the need for comprehensive strategies that address both technical and human behavioral aspects to enhance security policy compliance in organizations. Her current research interests include Information Security Risk Management, Artificial Intelligence Security Governance and Integration of Information Security in Enterprise Architecture. Azah Anir Norman Azah Anir Norman is an associate professor and currently the Deputy Dean of Development, Faculty of Computer Science and Information Technology, University of Malaya (UM), Malaysia. She earned her undergraduate degree at Universiti Kebangsaan Malaysia (UKM) and her master's degree in electronic commerce security from Royal Holloway University of London in the UK in 2004. She completed her Ph.D. from the University of Malaya (UM) in 2014. She specializes in information security management systems (ISMS), secure applications for ICT, privacy and human elements in security, information security governance, security on social platforms, and e-commerce security. She is also very interested in topics pertaining to Islamic ICT (such as Halal and Quran Authentication), Design Thinking, and Teaching & Learning Innovations. Azah Norman published numerous academic papers in reputable ISI and SCOPUS publications in the fields of information security governance, information security management, information security systems, information security & trust, information security & privacy, information security education awareness, information security & assurance, and information security policy & governance. Before entering the academic world, she worked as a Consultant at MSC Trustgate.com, a subsidiary of MDEC and a partner of VeriSign Inc. in the USA. In Trustgate, she provided Internet Security implementation consultation to numerous top 500 companies. Prior to becoming the consultant at Trustgate, she worked at VeriSign Inc. in Silicon Valley, San Jose, California, in 2001. As a specialist in information security management systems, she is also part of an expert in the working group WG/G/5-1 Information Security Management System, Department of Standards, Malaysia, and the International Organisation for Standardisation (ISO). She belongs to the Association of Information Systems (AIS) and the MyAIS (AIS Malaysia Chapter), an organization that promotes excellence and knowledge progress in the field of information systems research and practice. She is also a secretary at the Cybersecurity Academia Malaysia Association (CSAM), a national association that promotes cybersecurity teaching, awareness, and research in Malaysia. She received a prestigious award from the Royal Academy of Engineering of the United Kingdom (RAENG) as the Leader of Innovation in 2018. Miss Laiha Mat Kiah Miss Laiha Mat Kiah received her PhD degree in Information Security from Royal Holloway, University of London, United Kingdom in 2007, and since then she has been an academic and an active researcher at the Faculty of Computer Science & Information Technology, Universiti Malaya (UM), Kuala Lumpur, Malaysia. Her fundamental discipline is Computer Science, and her area of expertise is Cyber Security (and its related topics). She was promoted to the full Professorship in 2015, and is an active member of Malaysia Board of Technologists (Ts.), Malaysian Society for Cryptology Research (MSCR), IEEE as Senior Member, and EC Council member. Her main research interest will always be in the Security aspect of Computing and Technology fields with variation of applications in multi and/or trans disciplinary projects. This is evidenced by her publications and research projects in which she is/was the principal investigator (PI) as well as co-PIs. As a professional technologist (Ts.), keeping up with the current trend and demand of ever evolving Computing Technology field is crucial to ensure the quality and the impact of her research work. Current research interests include Cyber Security, Blockchain Technology, IoT and Health Information Exchange. Tutut Herawan Tutut Herawan is an associate professor at the Department of Information Systems, Faculty of Computer Science and Information Technology, University of Malaya. His mathematics Erdos number is 4. He was named on the Top 2% World Scientists Ranking by Stanford University and Elsevier BV, since 2019-present. He received a PhD degree in information technology in 2010 from Universiti Tun Hussein Onn Malaysia. He has more than 17 years experience as academic staff and has supervised several Master & PhD students. He is an associate editor of Malaysian Journal of Computer Science (ISI WoS) & Springer Nature of Computer Science. He is also an editorial member of International Journal of Knowledge and Systems Science, IGI Global (Scopus), and editor-advisory board member of the book series Information Systems Engineering and Management (ISEM) of Springer Nature. He has edited five Springer-series books (Presently editing three books of Springer Nature in Tourism Entrepreneurship and Technology) and published more than 330 articles in various book chapters, international journals, and conference proceedings (with Scopus h-index 35 and ISI h-index 28). He has actively served as a chair, co-chair, program committee member and co-organizer for numerous international conferences/workshops. His research area includes applied mathematics in computer science, data science and big data, data engineering, information systems, decision support systems, data mining and knowledge discovery from databases, soft computing, and information technology for tourism.
