Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of UKEssays.com.
Table of Contents (Jump to)
Calathumpian Group is facing a major information integrity issue, the CEO is concern about the way cooperate information are treated. The company is allows BYOD (Bring Your Own Device) system which means that employees can use their personal laptops , smartphones or tablets on the workplace for their daily workload and to connect to the corporate network (Webopedia.com 2015).
- Maximise profit by reducing personnel hardware cost
- The purpose of all organisation is to maximise profit while minimising expenses, BYOD allows minimum-zero technology cost since there is no purchase cost for employees working device and maintenance cost for the devices.
- Improve employees performance
- BYOD improves employee’s performance and efficiency at work as by allowing them to use their personal devices with which they use also for recreational or home purpose, they developed automatism that increase their productivity. Tasks and operations are completed faster (Workforce 2014).
- Reduce hardware alienation
- BYOD helps to keep employees comfortable in their working environment, since they know how to operate with their work devices. For example: for a new employee, it’s better to work with a device he/she knows than cooperate devices as they will have to be trained.
- Software incompatibility
- Employees working on different versions of OS or software tools can cause information being not accessible or shared. This is not efficient and restrict data access.
- Employees usually have their favourite apps, games or series present on their laptops or smartphones, these entertainment may distract employees during their working hours thus reducing their performance. For example: employees checking their Facebook account every 20 minutes.
- Security is the major problem with BYOD systems, as it puts all your cooperate data in risk. As all employees will certainly use their devices outside the workplace, if they are infected by a virus or targeted by a hacker and connect to the cooperate network, the whole network will be affected and important data may be corrupted, stolen or deleted.
I order to build an effective BYOD policy, we have to analysis what type of devices are being used on the cooperate network. A survey done by the Forrester’s Forrsights Workforce Employee shows that smartphones and tablets are among the most used device on the workplace, the laptop being the most used device, as illustrated on the image 1, (InfoSec Institute 2013).
We have to analyse what processes are done by employees on the network, this will enables the BYOD policy to match the business operations. For example: Are they using skype to connect foreign suppliers, what software applications are being used, what mobile application is using the WIFI system to operate. This analysis will help to developed acceptance criteria and limitations for the BYOD policy.
Calathumpian’s employees must agree to the following policies in order to connect their devices to the cooperate network. If they fail to abide to the policies the company reserves the right to disconnect them to the network and press further charges. These policies are implemented for the well-running of the organisation by enforcing security and protect cooperate data.
The template of Megan Berry (2015) will be used to develop the BYOD policy, it is simple and very comprehensive template (Itmanagerdaily.com 2015).
- Activities that are productive to the business are considered as acceptable.
- Certain websites will be blocked on the network for the employees during working hours, only before and after the working hours that these websites will be accessible. This will encourage employees to be on time. Such websites relates to
- Social Networks (Facebook, Twitter, Instagram, Google +, etc…)
- Video Games related website
- Betting website
- Streaming websites
- The network will only allow a limited amount of software tool to use internet or allowed connection to the network, this will decrease the risks of propagating viruses on other connected devices.
- Mobile apps that are allowed on the network are : emails , messaging apps (such as WhatsApp , Viber , Messaging , Skype) , system updates
- Mobile apps that are blocked includes : iTunes , Google Play , Apps Store , Mobile Games and Social networking apps
Dividing responsibilities in the company helps to maintain a certain hierarchy and determine how should do what and when. In order to solve the problem Calathumpian Group is facing, roles and responsibilities must be implemented so that the employees knows what are expected from them. In this case a structured IT department is needed.
IT Security Manager
Since the CEO of the Group might not be comfortable with IT department due to his age, it is better to choose some who is qualified for this job. The IT Security manager will be in charge for the creation and maintenance of the BYOD policy. This involves the risk management, security management and enforcing the BYOD policy.
Human resource manager
The HR manager will be responsible for the comprehension of the BYOD policy inside the company. His job is to ensure that the employees understand their commitment.
This department will provide help for the employees regarding the BYOD policy. For example: when an employee terminate his contract with the company, the IT department is responsible for the deletion of sensible information regarding the company. They are also responsible for the implementation of hardware policies such as: block websites and some mobile application, antivirus configuration (Auto scan on power on), maintenance of the network and other processes.
All employees must abide to the set of rules and regulations present in the BYOD policy, not respecting it will cause sanctions from the organisation as they are putting the company’s information at risks.
- Mobile operating system such as IPhone (4, 4S, 5, 6), Android devices (KitKat and Lollipop), Blackberry and Windows phone are allowed only.
- Android tablets and IPad are allowed
- The IT department is not responsible for any device software or hardware failure
- The IT department has the right to take the mac address of every device connected to the network, for security purpose. The mac address will help the IT department to apply certain restriction to specific employees
- To prevent unauthorised access to devices, employees must use strong passwords to protect their devices. A strong passwords is categories as
- Having at least 8 characters
- Combination of lower and upper case letter
- Must include at least two digits
- Cannot contain symbols
- Employees must change their passwords every 60 weeks
- Every time an employee leave his work place, he/she must automatically lock his/her device to prevent unauthorised access.
- Employees must encrypt their information such as emails , documents and other files
- Employee must hand over their devices to the IT department in order to connect to the network
In order to prevent cooperate information to be accessible when an employee leaves the organisation for a particular reason, the later must present the device used on the network for inspection. The IT department will be responsible for that (Shrm.org 2015), they will delete all company related data on the device.
“A standard is a document that provides requirements, specifications, guidelines or characteristics that can be used consistently to ensure that materials, products, processes and services are fit for their purpose. We published over 19500 International Standards that can be purchased from the ISO store or from our members Tools and techniques “(Iso.org 2015)
In this case the ISO standard that best suit the problem of Calathumpian Group is the ISO/IEC 27002, which focus on information security management. This standards helps to maintain information such as employee details, cooperate financial report or other cooperate related information.
- Risk management
- Find potential risk
- Helps to eliminate them
- Security policies
- Information security management
- Resource management
- HR security
- Physical security
- Communications management
- Access control
- Incident response management (SearchSecurity.co.UK 2015)
Tools and Techniques
InfoSec Institute,. 2013. ‘Importance Of A BYOD Policy For Companies – Infosec Institute’.
Itmanagerdaily.com,. 2015. ‘BYOD Policy Template’.
SearchSecurity.co.UK,. 2015. ‘What Is ISO 27001? – Definition From Whatis.Com’.
Shrm.org,. 2015. ‘Electronic Devices: Bring Your Own Device (BYOD) Policy’.
Webopedia.com,. 2015. ‘What Is Bring Your Own Device (BYOD)? Webopedia’.
Workforce, The. 2014. ‘The Pros And Cons Of Bring-Your-Own-Device (BYOD) For A Mobile Field
Workforce – MSI Data’. MSI Data. http://www.msidata.com/pros-and-cons-of-byod-in-mobile-field-workforce.
1 | Page
Cite This Work
To export a reference to this article please select a referencing stye below:
Related ServicesView all
DMCA / Removal Request
If you are the original writer of this essay and no longer wish to have your work published on the UKDiss.com website then please: