Journal of Information Security and Cryptography (Enigma)

The concern of companies to keep sensitive data protected from improper access and information leaking has grown a lot. The constant cases of industrial espionage and information leakage regarding companies are an evidence of the need to apply strict information security policies, improve data protection and allow an auditing track. With the evolution of technology, the usage of personal mobile devices increased in organizations (BYOD - Bring Your Own Device), which allows the employees to use their own mobile devices at work. This paper addresses the current challenges faced by IT companies and teams in protecting access to this kind of information, and what strategies are used to mitigate, to track leaks, and reduce the misuse of documents in the organization. Considering the scenario evaluated, a framework with good Information Security practices based on the ISO 27002:2005 and the practical controls of the Center of Internet Security (CIS) is proposed, associating good practices with the needs of BYOD’s culture. The framework suggested in this paper reinforces the necessity for a standardization of the rules of information security in the process of adoption of BYOD’s culture, following the life cycle of the user with his personal mobile device in the company.