Smarttelefonsäkerhet : En studie kring studenters användning av inbyggda säkerhetsfunktioner i smarta telefoner / Smartphone security : A study about students' usage of built-in security features in smartphones

Younan, Karam

January 2016

Smartphones combine telephony services with data services in a single device. In 2007, Apple released a new generation of phones run by iOS operating system, called iPhones. Android phones were developed by Google and were released the following year. Smartphones use has increased a lot and they have become one of the most common devices that are being used in most of companies nowadays. The concept BYOD stands for Bring Your Own Device, means that employees may use their own smartphones at work. This makes using the built-in security features in smartphones particularly important, not only to protect employees’ private information but also to protect their corporate information. Early research has shown that threats and attacks have also increased on smartphones. Hackers have focused their attacks on smartphones more than before. And have created mobile-based viruses, malware and spyware that target vulnerable smartphones. Smartphone users nowadays do not have much control of their smartphones security according to previous researches. However, smartphones manufacturers constantly add new built-in security features with each new version of operating system to protect them from various threats. Smartphone manufacturers may use the acquired final data to improve their products’ security and increase the use of mobile built-in security features. The current study researches students’ interaction and use of the built-in security features available in smartphones run by both Android and iOS operating systems. The study does not divide students into smaller groups; it rather focuses on all students as one group. Although this study was conducted in the University of Skovde in Sweden, its conclusion can be applied to a bigger population regardless of location. Today's students are tomorrow’s employees and managers who will have the responsibility to protect their companies’ proprietary and sensitive information. Therefore, it is critical that they understand and implement all up-to-date procedures to protect their smartphones and their companies. A quantitative study is conducted through a survey in order to reach as many participants as possible. Lime Survey tool is utilized to create surveys and to gather data. Statistics and diagrams are also used to demonstrate results to readers. A total of 201 participants completed the entire study, 134 participants answered the Android survey and 67 answered the iOS survey. The current survey results have shown, through a model that converts participants’ answers into a flow chart, that the use of the built-in security features varies among participating students. The use of these built-in security features was low in general. More than half of all participants do not use certain functions at all. The general low use of the built-in security features can be attributed to many reasons. This survey showed that the main reason of that was the lack of participants’ knowledge of these built-in security features. Several solutions exist for this lack of knowledge of participants, but they do not fall within the scope of this study therefore not discussed herein.

Smarttelefon

Smarttelefonsäkerhet

Android

iOS

Inbygga säkerhetsfunktioner

Computer and Information Sciences

Data- och informationsvetenskap

Informationssäkerhet i arkitekturbeskrivningar : En studie i hur säkerhetsfunktioner kan beskrivas med hjälp av vyer

Flod, Linus

January 2012

Information security is an essential part of all information systems; especially in large organizations and companies dealing with classified material. Every large information system has an architecture that includes many parts that together form an Enterprise Architecture. The aim of this thesis is to study how to describe several security functions in an Enterprise Architecture and also how to ensure accountability between requirements and the implementation of the security functions. The description is for stakeholders on a conceptual level rather than a technical level. The study has been carried out by comparing the theoretical framework that has been formed by a study of the literature, and the empirical framework that has been formed by a group discussion and interviews with Information Security Consultants from Combitech AB. The process of the study was to obtain a theoretical background about Enterprise Architectures and then generate prototypes that could be tested in the interviews. The tests gave suggestions regarding how to change the prototypes to find the optimal way to describe security functions on a conceptual level. The final result of this study is to use integrated views for each security function. The integrated view should include: an identifier, a brief description of the security function, the requirements and a picture or use case. For the accountability, the requirements are numbered and displayed in the picture, in this way the stakeholder can see how the requirements are fulfilled.

Computer Sciences

Datavetenskap (datalogi)

Journalsystemet TakeCare : En studie av funktioner utifrån ett informationssäkerhets- och användarperspektiv / The health record system TakeCare : A study of functions based on a user and information security perspective

Aspnor, Ida, Sandell, Elin

January 2012

Sedan införandet av datoriserade patientjournalsystem och sammanhållen journalföring har det riktats kritik mot hälso- och sjukvårdens hantering av patientinformation. Det råder delade meningar om det är användare eller systemen som felar. Syftet med undersökningen är att inspektera utvalda funktioner i journalsystemet TakeCare som utvecklats för att upprätthålla patient- och informationssäkerhet. Genom att jämföra funktionerna med Socialstyrelsens uppsatta informationssäkerhetskrav har uppsatsen som mål att hitta var de påtalade problemen kan uppstå. Genom att fråga användare kring deras uppfattning om systemet är avsikten att få en förståelse av om problemet ligger i de tekniska funktionerna eller i hanteringen av systemet. Metoder som använts under arbetet är e-postintervjuer och ett studiebesök på Stockholms läns landstings IT-avdelning i form av en intervju och presentation av TakeCare. Vi har sett att det finns funktioner som tar hänsyn till samtliga informationssäkerhetskrav samt att användarna anser att de kan hantera systemet, men trots det kritiseras informationshanteringen inom sjukvården. Utifrån vår undersökning anser vi att problem uppstår när obehöriga tar beslutet att ta del av information, vilket inte är ett resultat av systemets tillkortakommande. Vi anser att vårdpersonal har ansvar för patientens säkerhet oavsett om det gäller hantering av systemet eller vård av patienten. / Since the introduction of computerized health record systems and unified record-keeping, the health care management of patient information has been criticized. There are divided opinions about whether or not the users or the systems that is imperfect. The survey aims to inspect selected features of the health record system TakeCare developed to maintain patient and information security. By comparing the functions to information security requirements established by Socialstyrelsen, the paper aims to find where the noted problems can arise. By asking users about their view, we intend to find an understanding for whether the problems occur in the technical functions or in the use of the system. Used methods are e-mail interviews and a study visit to Stockholm County Council's department for IT in form of an interview and presentation of TakeCare. We have observed that there are functions that take information security requirements into account and that the users believe they can manage the system, but nevertheless health care’s way of handling information is criticized. Based on our study, we believe that the problem occurs when an unauthorized person makes the decision to take part of information, which is not a result of the system's shortcomings. We believe that health care professionals are responsible for the patient’s safety, whether it's usage of the system or care of the patient.

Information structure

information management

security features

availability

unified record-keeping

Take Care

IT in health care

health informatics.

Informationsstruktur

informationshantering

säkerhetsfunktioner

tillgänglighet

sammanhållen journalföring

TakeCare

IT i vården

hälsoinformatik.

Information Systems