A Policy-Based Framework for Managing Information Security and Privacy Risks in BYOD Environments

In a world where consumerisation of IT has driven individuals to acquire and use the latest technologies, an influx of employee personally owned devices has populated corporate environments. This phenomenon is known as Bring Your Own Device (BYOD). Managing organisational information resources has become increasingly complex with the concept of BYOD. Despite the perceived benefits of work flexibility, increased productivity, and efficiency of employees, BYOD raises many concerns relating to information security and privacy that can lead to confidential information loss. This prompts the demand for effective mobile device management tools, policies, standards and procedures. With most BYOD solutions failing to meet the requirement for holistic management of BYOD, this paper proposes a policy-based solution framework that organisations can adopt to achieve information security and privacy in BYOD environments.