Authors: Oluwaseun Akeju; Sergey Butakov; Shaun Aghili
Addresses: Concordia University of Edmonton, 7128 Ada Boulevard, Edmonton AB, Canada ' Concordia University of Edmonton, 7128 Ada Boulevard, Edmonton AB, Canada ' Concordia University of Edmonton, 7128 Ada Boulevard, Edmonton AB, Canada
Abstract: The presented research looks into information security and privacy risk related to using mobile and embedded devices for learning in the K-12 environment. Bring Your Own Device (BYOD) program and Internet of Things (IoT) for learning are the two focus areas discussed in this paper. The NIST privacy risk management framework (NIST-8062) template was used to illustrate the privacy impact factors K-12 ecosystem participants should consider while developing BYOD/IoT programs. The key factors involved in the decisions include reputation costs, direct business costs and non-compliance costs. Key security issues and risks such as network access, server and end-user device malware, application risks, and privacy risks were identified. The analysis of the risks suggested to recommend some good practices derived from various documents suggested by ISACA, IIA, SANS, and NIST. The proposed good practices were subsequently incorporated into BYOD guide for the K-12 system in two Canadian provinces (Alberta and Manitoba) in an attempt to increase its effectiveness in terms of addressing relevant risks. Although the good practices compiled in this research are proposed to be incorporated into the Alberta and Manitoba's BYOD guide for K-12 schools, the same process is applicable to any similar K-12 environment.
Keywords: bring your own device; BYOD; internet of things; IoT; information security; risk assessment; information privacy; K-12; good practices.
International Journal of Internet of Things and Cyber-Assurance, 2018 Vol.1 No.1, pp.22 - 39
Available online: 22 Feb 2018 *Full-text access for editors Access for subscribers Free access Comment on this article