BYOD-Insure: A Security Assessment Model for Enterprise BYOD

As organizations continue allowing employees to use their personal mobile devices to access the organizations' networks and the corporate data, a phenomenon called ‘Bring Your Own Device’ or BYOD, proper security controls need to be adopted not only to secure the corporate data but also the organizations themselves. Current literature and research have focused on specific areas or solutions regarding BYOD. This paper proposes a comprehensive security assessment model, BYOD-Insure, that assesses the security of an organization's BYOD posture. The model aims to identify security vulnerabilities in organizations that allow BYODs and answers the question how an organization can mitigate security risks associated with BYOD, in order to protect its corporate data? The paper demonstrates the use of BYOD-Insure by presenting an example where a hypothetical organization's management security posture is assessed. The assessment results are measurable and provide practical recommendations in order to mitigate the inherent risks of BYOD and thus strengthen an organization's security posture. The model is also extendible, adaptable, and flexible. The results are easily visualized using Kiviat's diagrams.