Information security concerns around enterprise bring your own device adoption in South African higher education institutions

Abstract

The research carried out in this thesis is an investigation into the information security concerns around the use of personally-owned mobile devices within South African universities. This concept, which is more commonly known as Bring Your Own Device or BYOD has raised many data loss concerns for organizational IT Departments across various industries worldwide. Universities as institutions are designed to facilitate research and learning and as such, have a strong culture toward the sharing of information which complicates management of these data loss concerns even further. As such, the objectives of the research were to determine the acceptance levels of BYOD within South African universities in relation to the perceived security risks. Thereafter, an investigation into which security practices, if any, that South African universities are using to minimize the information security concerns was carried out by means of a targeted online questionnaire. An extensive literature review was first carried out to evaluate the motivation for the research and to assess advantages of using Smartphone and Tablet PC's for work related purposes. Thereafter, to determine security concerns, other surveys and related work was consulted to determine the relevant questions needed by the online questionnaire. The quantity of comprehensive academic studies concerning the security aspects of BYOD within organizations was very limited and because of this reason, the research took on a highly exploratory design. Finally, the research deliberated on the results of the online questionnaire and concluded with a strategy for the implementation of a mobile device security strategy for using personally-owned devices in a work-related environment.