Recommendations and privacy requirements for a bring-your-own-device user policy and agreement
Loading...
Authors
Wedel, Chad R.
Michalowicz, Andrew T.
Subjects
bring-your-own-device; BYOD; mobile device; personally owned mobile device; privacy; user policy; user agreement; United States Marine Corps; USMC; BYOD pilot program; BYOD case study; BYOD implementation; BYOD considerations; BYOD recommendations; BYOD technology; security controls; policy development; acceptable use policy; AUP; rules of behavior; RoB
Advisors
Clark, Paul C.
Date of Issue
2015-03
Date
March 2015
Publisher
Monterey, California: Naval Postgraduate School
Language
Abstract
The purpose of a bring-your-own-device (BYOD) program is to increase productivity as it allows individuals to access and manipulate data from non-traditional workplaces to support mission requirements. The United States Marine Corps(USMC) has started a pilot BYOD program, but a user policy for the USMC BYOD program has not yet been identified, despite the driving force that policy has on final implementation and potential acceptance. Therefore, this thesis answers the question, is it possible to develop a BYOD user policy for the USMC that minimizes risk for all parties while allowing for the intended flexibility? Three case studies were conducted on organizations that have implemented BYOD programs, comparing user policies and best practices to mitigate risks and address user privacy concerns. The case studies were also compared with governing Department of Defense instructions and National Institute of Standards and Technology guidance to identify a baseline of applicable security controls to formulate a viable user policy and agreement to support USMC security requirements. This thesis found that a clearly articulated user agreement tailored to the USMC’s technological solution can be written to support the successful implementation of its BYOD program to ensure the benefits outweigh the potential risks.
Type
Thesis
Description
Series/Report No
Department
Cyber Academic Group
Cyber Academic Group
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.