题名

BYOD安全威脅之彙整與分類

并列篇名

The Aggregation and Classification of BYOD Security Threats

作者

陳昱仁;廖耕億;王齎諺

关键词

自攜設備(Bring Your Own Device) ; 安全威脅 ; 分類 ; Bring Your Own Device (BYOD) ; Security Threat ; Classification

期刊名称

資訊安全通訊

卷期/出版年月

23卷2期(2017 / 04 / 01)

页次

78 - 92

内容语文

繁體中文
中文摘要

行動設備日益普及,自攜設備(Bring Your Own Device, BYOD)議題逐漸受到重視,BYOD代表了企業行動模式的新階段,將有可能改變人們和企業未來的工作方式。在享有BYOD許多優勢的同時,其特性也帶來了不同以往的安全議題,而這些議題也是目前阻礙國內外企業採用BYOD政策之主因,因此本研究將現有的BYOD安全威脅和風險進行彙整與分類。本研究以現有行動安全相關組織與學者之安全威脅分類為基礎,將BYOD安全威脅主要分成「A.行動設備之安全威脅」、「B.企業內部之安全威脅」和「C.人員相關之安全威脅」3大類,再對其細分12項子類別,共39項風險。
英文摘要

With the popularity of mobile devices, the issue of BYOD (Bring Your Own Device) becomes more and more important. BYOD stands for a new stage of enterprise mobile mode, and it will change the working ways of people and enterprises in the future. Because of the characteristics of BYOD, it not only has many advantages, but also brings some security problems which differ from the past. These security problems are also the main reason that obstructs enterprises all over the world to apply BYOD policy. Therefore, we aggregate and classify existing BYOD security threats and risks in this study. Based on the security threat classification of existing mobile security-related organizations and scholars, this study divides BYOD security threats into three categories: "A. Security threats of mobile devices", "B. Security threats within the enterprise" and "C. Personnel-related security threats", and then subdivides into 12 subcategories, with a total of 39 BYOD security threats aggregated by this study.
主题分类 基礎與應用科學 > 資訊科學
参考文献
  1. Tse, D. W. K.(2014).A New Smartphone Privacy Protection Scheme based on Anti-theft Technology.Computer Audit Association,30
    連結:
  2. Microsoft TechNet Library, “MDM System Overview,” http://technet.microsoft.com/en-us/library/cc135589(TechNet.10).aspx, October 2008.
  3. IThome ,「TLS 加密協定竟然也不安全! 企業須審慎內部漏洞」,http://www.ithome.com.tw/promotion/93094,民國103 年
  4. K. Hess, “How to Evaluate Mobile Management Solutions,” Tom's IT PRO, http://www.tomsitpro.com/articles/evaluating-mobile-management-solutions,2-708-2.html, March 2014.
  5. P. Wagenseil, “Half of Used Cellphones Still Hold Personal Data,” NBC News, 2011.
  6. EC-Council, “Module 15. Hacking Mobile Platforms,” Ethical Hacking and Countermeasures, Certified Ethical Hacker version 9 (CEHv9) Exam 312-50, 2016..
  7. Adibi, S.(2014).Comparative Mobile Platforms Security Solutions.2014 IEEE 27th Canadian Conference of Electrical and Computer Engineering (CCECE)
  8. Chang, J. M.,Ho, P. C.,Chang, T. C.(2014).Securing BYOD.IEEE IT Professional,16(5),9-11.
  9. Cloud Security Alliance=CSA(2009).Security Guidance for Critical Areas of Focus in Cloud Computing V2.1.
  10. Ding, J. H.,Chien, R.,Hung, S. H.,Lin, Y. L.,Kuo, C. Y.,Hsu, C. H.,Chung, Y. C.(2014).A Framework of Cloud-based Virtual Phones for Secure Intelligent Information Management.International Journal of Information Management,34(3),329-335.
  11. Eslahi, M.,Naseri, M. V.,Hashim, H.,Tahir, N. M.,Saad, E. H. M.(2014).BYOD: Current State and Security Challenges.IEEE Symposium on Computer Applications & Industrial Electronics (ISCAIE)
  12. Han, D.,Zhang, C.,Fan, X.,Hindle, A.,Wong, K.,Stroulia, E.(2012).Understanding Android Fragmentation with Topic Analysis of Vendor-Specific Bugs.2012 19th IEEE Working Conference on Reverse Engineering (WCRE)
  13. John, M.(1991).Information Systems Security: A Comprehensive Model.Proceedings of the 14th National Computer Security Conference
  14. Juniper Networks Mobile Threat Center=MTC(2013).Juniper Networks Third Annual Mobile Threats Report: March 2012 through March 2013.
  15. Juniper Networks Mobile Threat Center=MTC(2012).2011 Mobile Threats Report.
  16. Kim, K. J.,Hong, S. P.(2014).Study on Enhancing Vulnerability Evaluations for BYOD Security.International Journal of Security and Its Applications,8(4),229-238.
  17. Miller, K. W.,Voas, J.,Hurlburt, G. F.(2012).BYOD: Security and Privacy Considerations.IT Professional,14(5),53-55.
  18. Morrow, B.(2012).BYOD Security Challenges: Control and Protect your Most Sensitive Data.Network Security,2012(12),5-8.
  19. Park, W. H.,Kim, D. H.,Kim, M. S.,Park, N.(2013).A Study on Trend and Detection Technology for Cyber Threats in Mobile Environment.2013 International Conference on IT Convergence and Security (ICITCS)
  20. Pilz, H.,Schindler, S.(2011).AV-TEST ReportAV-TEST Report,未出版
  21. Romer, H.(2014).Best Practices for BYOD Security.Computer Fraud & Security,2014(1),13-15.
  22. Samaras, V.,Daskapan, S.,Ahmad, R.,Ray, S. K.(2015).An Enterprise Security Architecture for Accessing SaaS Cloud Services with BYOD.Australasian Telecommunication Networks and Applications Conference
  23. Scarfo, A.(2012).New Security Perspectives around BYOD.Proceedings of the 2012 7th International Conference on Broadband, Wireless Computing, Communication and Applications
  24. Symantec(2012).2011 Internet Security Threat Report.
  25. Titze, D.,Stephanow, P.,Schutte, J.(2013).A Configurable and Extensible Security Service Architecture for Smartphones.2013 27th International Conference on Advanced Information Networking and Applications Workshops (WAINA)
  26. Wang, Y.,Wei, J.,Vangury, K.(2014).Bring Your Own Device Security issues and challenges.2014 IEEE 11th Consumer Communications and Networking Conference (CCNC)
  27. Zhou, Y.,Jiang, X.(2012).Dissecting Android Malware: Characterization and Evolution.2012 IEEE Symposium on Security and Privacy (SP2012)
print cancel