M-RAM: a Mobile Risk Assessment Method for Enterprise Mobile Security

Joey Janssen; Marco Spruit

M-RAM: a Mobile Risk Assessment Method for Enterprise Mobile Security

Joey Janssen, Marco Spruit

Research output: Book/Report › Report › Academic

Abstract

Mobile solutions seem to outrun the control and governance
within enterprise organizations. The acceptance of smartphones and tablets in business has gone at such a high pace that organizations are no
longer able to oversee the risks of their mobile usage. Traditional risk
assessment methods do not consider usage of mobile devices— mobility—despite the fact that enterprise organizations struggle with managing
mobile risks. We aim to fill this gap by introducing a Mobile Risk Assessment Method (M-RAM). The method is based on an evaluation of
industry standard risk methods and 22 interviews with mobile security
experts. Three components compose the method: (1) a risk assessment
process that is customized for mobility, (2) involved entities that oppose
risks, and (3) attention areas that can contain vulnerabilities as well as
controls. Moreover, the study provides a practical work program to conduct the M-RAM and validates the approach by conducting a case study.

Original language	English
Place of Publication	Utrecht
Publisher	UU BETA ICS Departement Informatica
Number of pages	14
Publication status	Published - 2019

Publication series

Name	Technical Report Series
No.	UU-CS-2019-009
ISSN (Print)	0924-3275

Keywords

mobile risks
enterprise mobility
mobile devices
risk management
mobile security
risk assessment

Access to Document

2019-009Final published version, 801 KB

Cite this

@book{7f34f99cdc854319bcf7bd2ba02378d8,

title = "M-RAM: a Mobile Risk Assessment Method for Enterprise Mobile Security",

abstract = "Mobile solutions seem to outrun the control and governancewithin enterprise organizations. The acceptance of smartphones and tablets in business has gone at such a high pace that organizations are nolonger able to oversee the risks of their mobile usage. Traditional riskassessment methods do not consider usage of mobile devices— mobility—despite the fact that enterprise organizations struggle with managingmobile risks. We aim to fill this gap by introducing a Mobile Risk Assessment Method (M-RAM). The method is based on an evaluation ofindustry standard risk methods and 22 interviews with mobile securityexperts. Three components compose the method: (1) a risk assessmentprocess that is customized for mobility, (2) involved entities that opposerisks, and (3) attention areas that can contain vulnerabilities as well ascontrols. Moreover, the study provides a practical work program to conduct the M-RAM and validates the approach by conducting a case study. ",

keywords = "mobile risks, enterprise mobility, mobile devices, risk management, mobile security, risk assessment",

author = "Joey Janssen and Marco Spruit",

year = "2019",

language = "English",

series = "Technical Report Series",

publisher = "UU BETA ICS Departement Informatica",

number = "UU-CS-2019-009",

}

TY - BOOK

T1 - M-RAM: a Mobile Risk Assessment Method for Enterprise Mobile Security

AU - Janssen, Joey

AU - Spruit, Marco

PY - 2019

Y1 - 2019

N2 - Mobile solutions seem to outrun the control and governancewithin enterprise organizations. The acceptance of smartphones and tablets in business has gone at such a high pace that organizations are nolonger able to oversee the risks of their mobile usage. Traditional riskassessment methods do not consider usage of mobile devices— mobility—despite the fact that enterprise organizations struggle with managingmobile risks. We aim to fill this gap by introducing a Mobile Risk Assessment Method (M-RAM). The method is based on an evaluation ofindustry standard risk methods and 22 interviews with mobile securityexperts. Three components compose the method: (1) a risk assessmentprocess that is customized for mobility, (2) involved entities that opposerisks, and (3) attention areas that can contain vulnerabilities as well ascontrols. Moreover, the study provides a practical work program to conduct the M-RAM and validates the approach by conducting a case study.

AB - Mobile solutions seem to outrun the control and governancewithin enterprise organizations. The acceptance of smartphones and tablets in business has gone at such a high pace that organizations are nolonger able to oversee the risks of their mobile usage. Traditional riskassessment methods do not consider usage of mobile devices— mobility—despite the fact that enterprise organizations struggle with managingmobile risks. We aim to fill this gap by introducing a Mobile Risk Assessment Method (M-RAM). The method is based on an evaluation ofindustry standard risk methods and 22 interviews with mobile securityexperts. Three components compose the method: (1) a risk assessmentprocess that is customized for mobility, (2) involved entities that opposerisks, and (3) attention areas that can contain vulnerabilities as well ascontrols. Moreover, the study provides a practical work program to conduct the M-RAM and validates the approach by conducting a case study.

KW - mobile risks

KW - enterprise mobility

KW - mobile devices

KW - risk management

KW - mobile security

KW - risk assessment

M3 - Report

T3 - Technical Report Series

BT - M-RAM: a Mobile Risk Assessment Method for Enterprise Mobile Security

PB - UU BETA ICS Departement Informatica

CY - Utrecht

ER -

M-RAM: a Mobile Risk Assessment Method for Enterprise Mobile Security

Abstract

Publication series

Keywords

Access to Document

Fingerprint

Cite this