This organisation is a large self-sustaining charity. They are currently piloting a new piece of software, which has been specifically developed for them. The Application is a multifaceted system that has been designed to aid the organisation in managing and providing complex care throughout the UK.
Intersect were approached by the organisation and the development company and ask to Risk Assess the potential use of BYO (Bring Your Own) Devices with the Application by their dispersed workforce.
Although there are obvious benefits to an organisation and its employees to allow the use of personal devices, organisations are faced with balancing security against usability. We ran this as a small project and followed our Project Life Cycle 3 Phased Approach.
Phase 1 – Analysis & Planning. This phase covers the scope, project planning, the high-level Timeline and other aspect associated with the running and management of a project.
Phase 2 – Investigation and Risk. We conducted a scenario-based assessment starting with information gathering. We met with the developing company, some pilot users and the IT Manager of the charity to gather information about the system, its infrastructure, interfaces, how it is accessed, current IT controls in the charity, users devices, users, access controls, current specific policies and procedures and resourcing.
Based on the information we then established the risks, by identifying the threats and vulnerabilities associated with this scenario. All information was entered into our Risk Assessment System and mitigation measures were established.
A Risk Report with our recommendations was presented to the organisation. This report allowed them to make an informed decision about using BYO Devices with the system in question. On this occasion they decided not to allow the use of BYO Devices, as the Risks outweighed the benefits.