Systematic Literature Review on Organizational Cyber Security Deficiency in Mitigating Mobile Device Risk

Abstract

The use of mobile devices by employees to access organizational Information Systems (IS) is common nowadays, and it can be seen from the trend to the formalization of Bring Your Own Device (BYOD) and remote working settings. However, allowing IS resources to be accessed by mobile devices that enable work flexibility across time, location, and network also increased the cybersecurity risk and vulnerabilities towards organizational resources, including network, system, and data. Therefore, this paper presents a systematic literature review on this context to explore the cybersecurity deficiency and mitigating techniques proposed for mobile device risk mitigation in organizational IS. Following the Systematic Literature Review protocol, 31 research articles are selected and reviewed using Thematic Analysis. Three themes were set to classify the output presented by the selected articles according to the context of Security Control, Cybersecurity Pillars, and Information System Management (ISM). This thematic analysis has successfully integrated various terms and narratives. Through analysis, nine security controls have been identified, with the most frequent concern being on Cybersecurity systems and Mobile Device profiling. The authors also discovered that deficiency in the Process factor is mostly discussed compared to the People and Technology factor, which also called for improvement in the ISM Planning phase. This study is beneficial in understanding the organizational cybersecurity deficiency in mitigating the risk of mobile devices and providing a reference for the significant security control in the context of the discussed environment.