|
| | HYOD (employer’s devices) | BYOD (employee’s devices) |
|
| Information security governance | (i) Standardized devices
(ii) Tightly coupled
(iii) Focus on corporate control
(iv) Fully controllable | (i) Diverse devices
(ii) Loosely coupled
(iii) Focus on flexibility and agility
(iv) Partially controllable, require user awareness |
|
| Operations | (i) Full centralized management
(ii) Standard hardware
(iii) Standard software
(iv) Acceptable use policy | (i) User is responsible for their own devices
(ii) Hardware of their choice
(iii) Standard and user’s software
(iv) Acceptable use policy and BYOD policy |
|
| Personnel | (i) Lesser level of employee technical ability
(ii) Central support
(iii) Lower cost for personnel training due to standard devices | (i) Higher level of employee technical ability
(ii) Central support and self-service
(iii) Higher cost for personnel training due to diverse devices |
|
| Information and data flow | (i) Centrally provisioned and secured information
(ii) Easier to comply with rules and audit
(iii) Easier to implement access control to limit information leakage | (i) Centrally provisioned, distributed security
(ii) Harder to comply with rules and audit
(iii) Harder to implement access control to limit information leakage
(iv) Remote information wiping is required |
|
| Application | (i) Standard and corporate applications
(ii) Controllable vulnerabilities and data leakage | (i) Standard, corporate, and user’s applications
(ii) Harder to control vulnerabilities and data leakage, sandboxed or container management
(iii) Focus on open standards |
|
| System | (i) Centralized control of access to applications, systems, and information | (i) Centralized control of infrastructure, distributed control of applications and information |
|
