Risk Management of Enterprise Mobility including Bring Your Own Device (BYOD)
Download ACSC Protect: Risk Management of Enterprise Mobility including Bring Your Own Device (BYOD) (PDF), June 2013
Read ACSC Protect: Risk Management of Enterprise Mobility including Bring Your Own Device (BYOD) (HTML), June 2013
Published June 2013
Enterprise mobility enables employees to perform work in specified business-case scenarios using devices such as smartphones, tablets and laptops, while leveraging technologies that facilitate remote access to data. A well-designed enterprise mobility strategy can create opportunities for organisations to securely improve customer service delivery, business efficiency and productivity. Some of these opportunities might permit employees to use their personally-owned devices, referred to as Bring Your Own Device (BYOD).
This document provides senior business representatives with a list of enterprise mobility considerations including business cases, regulatory obligations and legislation, available budget and personnel resources, as well as risk tolerance. Additionally, risk management controls are provided for cyber security practitioners.
This document aims to assist readers to understand and help mitigate the significant risks associated with using devices for work-related purposes that have the potential to expose sensitive data. Risks can be partially mitigated through a policy outlining the permitted use of devices, including the required behaviour expected from employees, which is complemented by technical risk management controls to enforce the policy and detect violations. Organisations must decide whether applying the chosen risk management controls would result in an acceptable level of residual risk.
This document complements advice in the Australian Government Information Security Manual, ASD Protect publication BYOD Considerations for Executives and ASD device-specific hardening guides.
Organisations or individuals with questions regarding this advice can contact the ACSC by emailing firstname.lastname@example.org or calling 1300 CYBER1 (1300 292 371).