Povzetek
Namen prispevka:
Mobilne naprave so stičišče različnih podatkov, ki izhajajo iz osebne in poslovne rabe. Zaradi enostavnosti rabe in izjemnih možnosti povezovanja so se pojavile številne varnostne grožnje. Te pretijo uporabnikom mobilnih naprav in povečujejo tveganje informacijskovarnostnih incidentov. V primeru odtujitve poslovnih podatkov, ki so na mobilni napravi, in zahtev po preiskavi, ne moremo več govoriti o »običajnem« zasegu in pregledu mobilne naprave – varovati moramo osebne podatke in ravnati na pravno predpisan način ohranjanja pričakovane zasebnosti.
Metode:
Dognanja temeljijo na pregledu virov ter analizi in interpretaciji rezultatov dvostopenjske raziskave (anketa in intervju) med uporabniki mobilnih naprav v 34 slovenskih organizacijah. Anketirani so bili zaposleni, ki pri svojem delu uporabljajo informacijsko-komunikacijske tehnologije, intervjuvanci pa odgovorni za informacijsko varnost v obravnavanih organizacijah.
Ugotovitve:
Raziskava kaže, da je meja med osebno in poslovno rabo pri rabi mobilnih naprav izginila, ob stalnem povečevanju groženj se povečuje tudi tveganje incidentov (izguba informacij, odtujitve mobilne naprave ipd.). Za varno rabo mobilnih naprav je treba spoštovati zakonodajo, informacijskovarnostna pravila, politike in standarde, ki jasno določajo, kako uporabljati mobilno napravo v povezavi s poslovnimi podatki. Ob incidentu sta pomembna odziv posameznika in organizacije ter postopek obravnave in preiskovanja.
Omejitve raziskave
Viri in primerljive raziskave, ki obravnavajo rabo mobilnih naprav, z njim povezane grožnje in varnostne incidente, so redki, organizacije pa ne prijavljajo tovrstnih incidentov.
Praktična uporabnost:
Mobilne naprave lahko zaradi varnostnih incidentov povzročijo škodo – tako uporabnikom kot organizacijam. Njihova raba pa predstavlja različna varnostna tveganja, predlagani so ukrepi za preprečevanje in obravnavo varnostnih incidentov.
Izvirnost:
Tematika o rabi mobilnih naprav v povezavi z varnostnimi incidenti je v začetni fazi razvoja, raziskave redke, predstavljene ugotovitve za slovenski prostor pa novost.
Ključne besede
informacijska varnost;mobilne naprave;grožnje;tveganja;varnostni incidenti;
Podatki
Jezik: |
Slovenski jezik |
Leto izida: |
2016 |
Tipologija: |
1.01 - Izvirni znanstveni članek |
Organizacija: |
UM FVV - Fakulteta za varnostne vede |
UDK: |
004.056 |
COBISS: |
3120618
|
ISSN: |
1580-0253 |
Matična publikacija: |
Varstvoslovje
|
Št. ogledov: |
368 |
Št. prenosov: |
37 |
Ocena: |
0 (0 glasov) |
Metapodatki: |
|
Ostali podatki
Sekundarni jezik: |
Angleški jezik |
Sekundarni naslov: |
The Impact of the Diversity of Information on the Seizure and Investigation of Mobile Devices in Organisations |
Sekundarni povzetek: |
Purpose:
Mobile devices carry various data originating from personal and business use of mobile devices. Due to their simple use and extreme possibilities of connecting, numerous security threats to mobile device users have arisen. These threats increase the risk of information security incidents. In case of loss of business data on mobile device, the seizure and inspection of a mobile device should be dealt in a specifically sensitive manner; personal data must be protected according to the reasonable expectation of privacy.
Design/Methods/Approach:
The results are based on the literature review, analysis and interpretation of results of a two-level research (survey and interview) among the users of mobile devices in 34 Slovenian organisations. The survey was conducted among the employees who use information communication technology with their work, whereas the interviewees were the ones who are responsible for information security in these organisations.
Findings:
The research shows that the boundary between personal and business use of mobile devices has disappeared and the constant rise of threats increases also the risk of security incidents (such as loss of data, loss of mobile device, etc.). In order to use mobile devices safely, respective legislation, rules of information security, politics and standards, which clearly define the appropriate use of mobile device in relation to business data, must be respected. When an incident does occur, the response of an individual and the organisation and the procedure of investigation are of importance.
Research Limitations / Implications:
Previous literature and similar researches, which deal with the use of mobile devices, connected threats and security incidents, are rare, whereas the organisations do not report such incidents.
Practical Implications:
Mobile devices can cause damage to the users and organisations via security incidents. Their use represents various security risks, therefore the article includes suggestions for prevention and dealing with security incidents.
Originality/Value:
The topic of using mobile devices in connection to security incidents is in the early stages of development, the research is rare and the findings are a novelty for Slovenia. |
Vrsta dela (COBISS): |
Znanstveno delo |
Strani: |
str. 84-97 |
Letnik: |
ǂLetn. ǂ18 |
Zvezek: |
ǂšt. ǂ1 |
Čas izdaje: |
2016 |
ID: |
11559917 |