{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T09:18:56Z","timestamp":1773479936135,"version":"3.50.1"},"reference-count":56,"publisher":"Emerald","issue":"4","license":[{"start":{"date-parts":[[2017,10,9]],"date-time":"2017-10-09T00:00:00Z","timestamp":1507507200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2017,10,9]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title><jats:p>This paper\u2019s purpose is to provide a current best practice approach that can be used to identify and manage bring your own device (BYOD) security and privacy risks faced by organisations that use mobile devices as part of their business strategy. While BYOD deployment can provide work flexibility, boost employees\u2019 productivity and be cost cutting for organisations, there are also many information security and privacy issues, with some widely recognised, and others less understood. This paper focuses on BYOD adoption, and its associated risks and mitigation strategies, investigating how both information security and privacy can be effectively achieved in BYOD environments.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title><jats:p>This research paper used a qualitative research methodology, applying the case study approach to understand both organisational and employee views, thoughts, opinions and actions in BYOD environments.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Findings<\/jats:title><jats:p>This paper identifies and understands BYOD risks, threats and influences, and determines effective controls and procedures for managing organisational and personal information resources in BYOD.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Research limitations\/implications<\/jats:title><jats:p>The scope of this paper is limited to the inquiry and findings from organisations operating in Australia. This paper also suggests key implications that lie within the ability of organisations to adequately develop and deploy successful BYOD management and practices.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title><jats:p>This paper expands previous research investigating BYOD practices, and also provides a current best practice approach that can be used by organisations to systematically investigate and understand how to manage security and privacy risks in BYOD environments.<\/jats:p><\/jats:sec>","DOI":"10.1108\/ics-03-2016-0025","type":"journal-article","created":{"date-parts":[[2017,8,21]],"date-time":"2017-08-21T19:14:54Z","timestamp":1503342894000},"page":"475-492","source":"Crossref","is-referenced-by-count":23,"title":["A systematic approach to investigating how information security and privacy can be achieved in BYOD environments"],"prefix":"10.1108","volume":"25","author":[{"given":"Abubakar Garba","family":"Bello","sequence":"first","affiliation":[]},{"given":"David","family":"Murray","sequence":"additional","affiliation":[]},{"given":"Jocelyn","family":"Armarego","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"key":"key2020120605570986500_ref001","unstructured":"Absalom, R. (2012), International Data Privacy Legislation Review: A Guide for BYOD Policies, Ovum Consulting, IT006, 234, pp. 3-5."},{"key":"key2020120605570986500_ref002","volume-title":"From Intentions to Actions: A Theory of Planned Behavior","year":"1985"},{"key":"key2020120605570986500_ref003","unstructured":"Alcatel-Lucent (2013), Kindsight Security Labs: Malware Report \u2013 Q4 2013, availbale at: www.alcatel-lucent.com\/solutions\/kindsight-security (accessed 26 July 2014)."},{"key":"key2020120605570986500_ref004","unstructured":"Andrew, T.Y. and Yang, A.T. (2013), \u201cRisk management in the Era of BYOD\u201d, Paper presented at the Symposium on Usable Privacy and Security (SOUPS)."},{"key":"key2020120605570986500_ref005","unstructured":"Ashford, W. (2012), \u201cNearly half of firms supporting BYOD report data breaches\u201d, available at: www.computerweekly.com\/news\/2240161202\/Nearly-half-of-firms-supporting-BYOD-report-data-breaches (accessed 27 July 2014)."},{"key":"key2020120605570986500_ref006","article-title":"Privacy fact sheet 17: Australian privacy principles","year":"2014"},{"key":"key2020120605570986500_ref007","volume-title":"Qualitative Data Analysis with NVivo","year":"2013"},{"issue":"3","key":"key2020120605570986500_ref008","doi-asserted-by":"crossref","first-page":"369","DOI":"10.2307\/248684","article-title":"The case research strategy in studies of information systems","volume":"11","year":"1987","journal-title":"MIS Quarterly"},{"key":"key2020120605570986500_ref009","volume-title":"Transforming Qualitative Information: Thematic Analysis and Code Development","year":"1998"},{"key":"key2020120605570986500_ref010","unstructured":"Bradley, J., Loucks, J., Macaulay, J., Medcalf, R. and Buckalew, L. (2013), \u201cBYOD: a global perspective, harnessing employee-led innovation\u201d, Cisco IBSG Horizons."},{"key":"key2020120605570986500_ref011","first-page":"142","article-title":"Proactive insider threat detection through graph learning and psychological context","volume-title":"IEEE Symposium on Security and Privacy Workshops (SPW)","year":"2012"},{"issue":"16","key":"key2020120605570986500_ref012","doi-asserted-by":"crossref","first-page":"1825","DOI":"10.1023\/A:1005721401993","article-title":"Predicting unethical behavior: a comparison of the theory of reasoned action and the theory of planned behavior","volume":"17","year":"1998","journal-title":"Journal of Business Ethics"},{"key":"key2020120605570986500_ref013","article-title":"Understanding organizational security culture","year":"2002"},{"key":"key2020120605570986500_ref014","volume-title":"BYOD: A Perilous Path","year":"2012"},{"key":"key2020120605570986500_ref015","unstructured":"Clarke, J., Hidalgo, M.G., Lioy, A., Petkovic, M., Vishik, C. and Ward, J. (2012a), Consumerization of IT: Top risks and opportunities, Responding to the evolving threat environment, ENISA report."},{"key":"key2020120605570986500_ref016","unstructured":"Clarke, J., Hidalgo, M.G., Lioy, A., Marinos, L., Petkovic, M., Vishik, C. and Ward, J. (2012b), Consumerization of IT: Risk Mitigation Strategies and Good Practices, Responding to the Emerging Threat Environment, ENISA report."},{"issue":"1","key":"key2020120605570986500_ref017","article-title":"Information privacy: culture, legislation and user attitudes","volume":"14","year":"2006","journal-title":"Australasian Journal of Information Systems"},{"issue":"8","key":"key2020120605570986500_ref018","first-page":"26","article-title":"Embracing BYOD","volume":"23","year":"2012","journal-title":"SC Magazine"},{"key":"key2020120605570986500_ref019","volume-title":"Emergent BYOD Security Challenges and Mitigation Strategy","year":"2013"},{"key":"key2020120605570986500_ref020","first-page":"189","article-title":"BYOD: current state and security challenges","volume-title":"IEEE Symposium on Computer Applications and Industrial Electronics (ISCAIE)","year":"2014"},{"key":"key2020120605570986500_ref021","volume-title":"Belief, Attitude, Intention and Behavior: An Introduction to Theory and Research","year":"1975"},{"key":"key2020120605570986500_ref022","first-page":"105","article-title":"Building management commitment through security councils, or security council critical success factors","volume-title":"Information Security Management Handbook","year":"2007"},{"key":"key2020120605570986500_ref023","volume-title":"Survey Research Methods","year":"2009"},{"issue":"1","key":"key2020120605570986500_ref024","first-page":"10","article-title":"Current status, issues, and future of bring your own device (BYOD)","volume":"35","year":"2014","journal-title":"Communications of the Association for Information Systems"},{"issue":"2","key":"key2020120605570986500_ref025","first-page":"189","article-title":"A policy-based framework for managing information security and privacy risks in BYOD environments","volume":"4","year":"2015","journal-title":"International Journal of Emerging Trends & Technology in Computer Science"},{"issue":"1","key":"key2020120605570986500_ref026","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1080\/15536548.2015.1010985","article-title":"Review of the information security and privacy challenges in bring your own device (BYOD) environments","volume":"11","year":"2015","journal-title":"Journal of Information Privacy and Security"},{"issue":"3","key":"key2020120605570986500_ref027","doi-asserted-by":"crossref","first-page":"361","DOI":"10.1111\/1468-2427.00146","article-title":"The genesis of the high technology milieu: a study in complexity","volume":"22","year":"1998","journal-title":"International Journal of Urban and Regional Research"},{"key":"key2020120605570986500_ref028","first-page":"62","article-title":"Bring your own device (BYOD): security risks and mitigating strategies","volume":"4","year":"2013","journal-title":"Journal of Global Research in Computer Science"},{"key":"key2020120605570986500_ref029","first-page":"9","article-title":"Established BYOD management policies needed","year":"2012"},{"key":"key2020120605570986500_ref030","article-title":"The need for BYOD mobile device security awareness and training","volume-title":"Americas Conference on Information Systems","year":"2013"},{"key":"key2020120605570986500_ref031","unstructured":"Imperva (2013), Imperva\u2019s Hacker Intelligence Summary Report: The Anatomy of an Anonymous Attack, Redwood Shores, CA, available at: www.imperva.com\/docs\/hii_the_anatomy_of_an_anonymous_attack.pdf (accessed 3 May 2013)."},{"key":"key2020120605570986500_ref032","first-page":"297","article-title":"Data collection strategies in mixed methods research","volume-title":"Handbook of Mixed Methods in Social and Behavioral Research","year":"2003"},{"key":"key2020120605570986500_ref033","first-page":"70","article-title":"Comply or die","volume-title":"Is Dead: Long Live Security-Aware Principal Agents Financial Cryptography and Data Security","year":"2013"},{"key":"key2020120605570986500_ref034","article-title":"Investigating the influence of security, privacy, and legal concerns on employees\u2019 intention to use BYOD mobile devices","volume-title":"Nineteenth Americas Conference on Information Systems","year":"2013"},{"key":"key2020120605570986500_ref035","volume-title":"Designing Qualitative Research","year":"2010"},{"key":"key2020120605570986500_ref036","unstructured":"Masin, J. (2013), \u201cPeer-To-Peer (P2P) file sharing risks\u201d, AppFolio, available at: www.securedocs.com\/blog\/2013\/02\/peer-to-peer-p2p-file-sharing-risks\/ (accessed 7 May 2013)."},{"issue":"12","key":"key2020120605570986500_ref037","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1145\/219663.219683","article-title":"Values, personal information privacy, and regulatory approaches","volume":"38","year":"1995","journal-title":"Communications of the ACM"},{"key":"key2020120605570986500_ref038","volume-title":"Qualitative Data Analysis: An Expanded Sourcebook","year":"1994"},{"issue":"5","key":"key2020120605570986500_ref039","doi-asserted-by":"crossref","first-page":"53","DOI":"10.1109\/MITP.2012.93","article-title":"BYOD: Security and privacy considerations","volume":"14","year":"2012","journal-title":"IT Professional"},{"key":"key2020120605570986500_ref040","article-title":"Introducing BYOD in an organisation: the risk and customer services viewpoints","volume-title":"1st Namibia Customer Service Awards & Conference","year":"2014"},{"key":"key2020120605570986500_ref041","volume-title":"IBM SPSS for Introductory Statistics: Use and Interpretation","year":"2012"},{"issue":"12","key":"key2020120605570986500_ref042","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1016\/S1353-4858(12)70111-3","article-title":"BYOD security challenges: control and protect your most sensitive data","volume":"2012","year":"2012","journal-title":"Network Security"},{"key":"key2020120605570986500_ref043","article-title":"Published. IT consumerization\u2013a theory and practice review","volume-title":"AMCIS 2012 Proceedings","year":"2012"},{"key":"key2020120605570986500_ref044","volume-title":"Security and Privacy Controls for Federal Information Systems and Organizations","author":"NIST","year":"2013"},{"key":"key2020120605570986500_ref045","volume-title":"Review of the 2002 Security Guidelines","author":"OECD","year":"2012"},{"key":"key2020120605570986500_ref046","volume-title":"Analysis of Security Controls for BYOD (Bring Your Own Device)","year":"2013"},{"issue":"1","key":"key2020120605570986500_ref047","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1016\/S1361-3723(14)70007-7","article-title":"Best practices for BYOD security","volume":"2014","year":"2014","journal-title":"Computer Fraud & Security"},{"key":"key2020120605570986500_ref048","volume-title":"Organizational Culture and Leadership","year":"2010"},{"key":"key2020120605570986500_ref049","first-page":"191","article-title":"Information Security Culture: The Socio-Cultural Dimension in Information Security Management","volume-title":"Proceedings of the IFIP TC11 17th International Conference on Information Security: Visions and Perspectives","year":"2002"},{"key":"key2020120605570986500_ref050","first-page":"4","article-title":"security attacks taxonomy on bring your own devices (BYOD) model","year":"2014","journal-title":"International Journal of Mobile Network Communications & Telematics"},{"issue":"4","key":"key2020120605570986500_ref051","doi-asserted-by":"crossref","first-page":"12","DOI":"10.1016\/S1353-4858(13)70050-3","article-title":"The security implications of BYOD","volume":"2013","year":"2013","journal-title":"Network Security"},{"issue":"3","key":"key2020120605570986500_ref052","doi-asserted-by":"crossref","first-page":"647","DOI":"10.2307\/256087","article-title":"A survey of employee perceptions of information privacy in organizations1","volume":"25","year":"1982","journal-title":"Academy of Management Journal"},{"key":"key2020120605570986500_ref053","volume-title":"Statistics: An Introductory Analysis","year":"1967"},{"key":"key2020120605570986500_ref054","volume-title":"Applications of Case Study Research","year":"2003"},{"key":"key2020120605570986500_ref055","volume-title":"Case Study Research: Design and Methods","year":"2009"},{"key":"key2020120605570986500_ref056","first-page":"1393","article-title":"Published. Understanding User\u2019s Behaviors in Coping with Security Threat of Mobile Devices Loss and Theft","volume-title":"System Science (HICSS), 2012 45th Hawaii International Conference","year":"2012"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-03-2016-0025\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-03-2016-0025\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:22:44Z","timestamp":1753406564000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/25\/4\/475-492\/201122"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,10,9]]},"references-count":56,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2017,10,9]]}},"alternative-id":["10.1108\/ICS-03-2016-0025"],"URL":"https:\/\/doi.org\/10.1108\/ics-03-2016-0025","relation":{},"ISSN":["2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2017,10,9]]}}}