Developing a Mobile Device Management (MDM) Security Metamodel for Bring Your Own Devices (BYOD) in Hospitals

Abstract

With cybercrime on the rise, the healthcare environment has been listed as the top 5 of the most targeted industries for information security breaches. This is due to the current migration from physical to Electronic Health Records (EHR). The challenges of controlling the database costs also continue to escalate. As a result, measures such as Bring Your Own Device (BYOD) policies are commonly utilized to minimize costs and create convenience for hospital staff to use a device they are more comfortable with. However, BYOD can be used as a major entry point for gaining access to Health Information Systems (HIS) by cyber attackers/hackers despite the struggles of many hospitals to put in place effective mobile security policies. Several researches have been done to show on how to create effective mobile device BYOD strategies by using device management, data security, medical applications, information technology, education, policy, guidelines and a few others. But there is still a lack of literature about BYOD policy development in hospitals especially when it comes to Mobile Device Management (MDM), policy evaluation, and mobile device evaluation. To help address this issue, an MDM security metamodels has been proposed to help bridge this gap of knowledge between security professionals and shareholders within the healthcare environment. With awareness to the proposed solution, the elementary stage is to identify any existing MDM models that have been created for BYOD in healthcare and use the metamodel to represent some of the important existing concepts. Therefore, the context of this research paper aims to concentrate on improving existing BYOD security policies through the awareness of these existing MDM concepts that are represented through a metamodel syntax. This paper aims to discuss important MDM security concepts from various sources that have been used in healthcare, create a MDM security metamodel prototype called MDMSec ver 1.0 for the healthcare sector, using a selected metamodeling process, and lastly, to validate the prototype metamodel through two validation techniques.