A Model to Measure the Maturity of Smartphone Security at Software Consultancies

Smartphones are proliferating into the workplace at an ever-increasing rate. Similarly the information security threats that they pose are increasing. In an era of constant connectivity and availability, information is freed up of constraints of time and place. The risks introduced by smartphones are analysed through multiple cases studies, and a maturity measurement model is formulated. This model is based on recommendations from two leading information security frameworks, the COBIT 4.1 framework and ISO27002 code of practice. Ultimately, a combination of Smartphone specific risks are integrated with key control recommendations to provide a set of key measurable security maturity components. The empirical evidence is gathered using an in-depth questionnaire of 67 question statements adapted from each of the activities recommended by the COBIT 4.1 processes which target risk management as a primary objective. The opinions of 58 respondents are included as key components in the model. The solution addresses the concerns of not only policy makers, but also the employees subjected to security policies. Nurturing security awareness into organisational culture through reinforcement and employee acceptance is highlighted in this research paper. Software consultancies can use this model to mitigate risks, while harnessing the potential strategic advantages of mobile computing through smartphones. In addition, the critical components of a Smartphone security solution are identified. As a result, a model is provided for software consultancies due to the intense reliance on information within these types of organisations. The model is applicable to any information intensive organisation.