In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
South African Information Security Multi-Conference (SAISMC 2010)
Title: A model to measure the maturity of smartphone security at software consultancies
Author(s): Stephen Flowerday, Sean Allam
Keywords: Smartphones, Mobile Computing, Information Security, Software Consultancies
Abstract: Smartphones are proliferating into the workplace at an ever-increasing rate. Similarly the information security threats that they pose are increasing. In an era of constant connectivity and availability, information is freed up of constraints of time and place. The risks introduced by smartphones are analysed through multiple cases studies, and a maturity measurement model is formulated. This model is based on recommendations from two leading information security frameworks, the COBIT 4.1 framework and ISO27002 code of practice. Ultimately, a combination of smartphone specific risks are integrated with key control recommendations to provide a set of key measurable security maturity components.
The empirical evidence is gathered using an in-depth questionnaire of 67 question statements adapted from each of the activities recommended by the COBIT 4.1 processes which target risk management as a primary objective. The opinions of 58 respondents are included as key components in the model. The solution addresses the concerns of not only policy makers, but also the employees subjected to security policies. Nurturing security awareness into organisational culture through reinforcement and employee acceptance is highlighted in this research paper. Software consultancies can use this model to mitigate risks, while harnessing the potential strategic advantages of mobile computing through smartphones. In addition, the critical components of a smartphone security solution are identified. As a result, a model is provided for software consultancies due to the intense reliance on information within these types of organisations. The model is applicable to any information intensive organisation.
Download count: 1647
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.