Information Security Management Plan for Using Mobile Devices in Enterprise

• Main Authors: Kuo-Hui Lu, 呂國輝
• Other Authors: Tzong-Chen Wu
• Format: Others
• Language: zh-TW
• Published: 2015
• Online Access: http://ndltd.ncl.edu.tw/handle/88528475034487867923

碩士 === 國立臺灣科技大學 === 資訊管理系 === 103 === The rapid advancement of information and communication technology has dramatically expanded the scope of application for mobile devices today. In addition to their typical usage for communication, due to the powerful data processing power that modern mobile devices have and the vast number of functional applications available on the market, mobile devices have been used more and more extensively by users to handle various day-to-day tasks. Many corporations have perceived mobile devices as a tool that enhances productivity, because such devices can be used to send e-mails, plan itineraries, perform internal administrations and even display relevant corporate management information. According to a study conducted by Gartner in 2014 on the current status and future of mobile devices, it is estimated that by 2017, more than 50% of the corporations around the world will utilize employees’ mobile devices as their data processing equipment. Thanks to the mobile devices that employees have in their possession, corporations will benefit from advantages such as enhanced mobile productivity, improved employee satisfaction and lowered management costs for corporate IT equipment with regards to their operations. However, the report also pointed out that approximately 15% of corporations worldwide would forbid employees to use their personal devices for corporate operation related activities due to considerations of information security. While new information technology has brought business opportunities to corporations, along with the opportunities have come related risks. Turning the risks into opportunities and capitalizing on the strengths of information technology to boost a company’s overall performance have become vital issues of corporate management that must be addressed. In this study, qualitative research methods have been applied for the collection and analyses of relevant literature on ISO/IEC 27001:2013, NIST SP 800-53 Revision 4 and mobile device information security management in order to present a list of key points on corporate information security management planning for mobile devices. The hypotheses presented in the study were also verified by means of case study on specific information security management planning that had been adopted by businesses.