Enterprise Mobile Security: The development of a Mobile Risk Assessment Method (M-RAM)

Abstract

Mobile solutions seem to outpace the control and governance within enterprise organizations. The acceptance of smartphones and tablets in business has gone at such high pace that organizations are not able to oversee the risks of their mobile usage. Traditional risk assessment methods do not consider mobility despite that enterprise organizations struggle with managing mobile risks. This study aims to fill this gap by introducing a Mobile Risk Assessment Method (M-RAM). The method is based on an extensive systematic literature review and 22 interviews with mobile security managers from external organizations as well as mobile security experts. The final artifact exists out of three components, (1) a risk assessment process that is customized for mobility, (2) involved entities that oppose risks and (3) attention areas that can contain vulnerabilities as well as mitigating controls. Moreover, the study provides an approach to conduct the M-RAM artifact and successfully validates this approach by conducting a case study.