Synopsis: Security:

-Risk Leisure Consumption Through Skydiving, †Journal of Consumer Research, Volume 20 Issue 1, pp. 1-23

accurate forecasts on medium and long term and manage the risks The results of the questionnaire and interview deliver that the

Risk management Practice, Cambridge university Press, 2010 16 Vlerick Leuven Gent Management School, Global Entrepreneurship Monitor, Rapport voor Bel en Vlaanderen

and risk-taking, creates the fac -tors closely tied to an entrepreneurial firm (Covin and Slevin 1989;

existing products and services, proactiveness and calculated risk-taking, innovative marketing, and others as suggested by the innovation variable.

willingness to adjust their business as necessary in order to exploit them. The pro -active nature of firms to utilize opportunities was measured by action and decision

performance, risk and value Journal of Small Business Management, 39, 31†49 Mcevily, SK, & Chakravarthy, B. 2002).

) The role of family influence in strategic response to the threat of imitation. Entrepreneurship Theory and Practice, 32, 979†998

) Entrepreneurial risk taking in family firms. Family business Review, 18 (1), 23†40 Zahra, SA, Hayton, JC,

However, the risk is that vested interests from the most powerful regional stakeholders and lobbies may condition decision

Minimising the risks of lock in clientelism and corruption requires the design of adequate checks and balances limiting the risk of

pervasive incentives for public officials. These risks may be the consequence of a political system that fails to maintain high standards of efficiency,

that is unable to ensure a good quality of the public administration, and that is incapable of establishing a clear and transparent merit-based selection of

SMES and their dynamic nature, inherent risk-taking behaviour, and resulting innovation capacities serve as catalysts to (developing

risks, and are faster to react to change than large firms (Parida et al, 2012. All of these

share the risks/costs associated with new product/service development with partners Parida et al, 2012.

direct competitive threat either because they operate in different sectors or because the stage of joint innovation projects is several years ahead of market applications is

associated with lower coordination costs and a lower risk of opportunism (De Man and Roijakkers, 2009;

Risk of opportunistic behaviour/partner selection challenges Cost and risk-sharing Benefits of joint innovation need to be shared

companies to share some of the risks and costs associated with innovation with these partners.

that make use of their innovative strengths (e g. flexibility, risk-taking behaviour, etc and compensate for their resource shortages by embracing OI strategies feel they are

and the risk of opportunism is lower to the extent that small firms collaborate with other SMES

competitive threats. The final drawback mentioned by the firms in our sample is related to the high coordination costs associated with managing collaborative relations.

and their willingness to take risks are viewed as important drivers of innovation and economic growth in developing economies

risks associated with opportunistic behaviour on behalf of their partners. While the preferred OI partners of the SMES in our sample are suppliers, complementary partners

The alliance literature points out that the risk of opportunism is lower to the extent that

not pose competitive threats and thus circumvent the risk of opportunism 16 Acknowledgements The authors would like to acknowledge the contribution and support of the following

persons and institutions in making this study possible: Oradea Community Foundation Unicredit Tiriac Bank (Transylvania North Region), Smartfin Consulting, The

balancing control and trust in dealing with risk. Long range planning, 42,75-95 Marcati, A.,Guido, G. & Peluso, A m. 2008.

take action and put their leadership skills to the test with minimal risk, and quick

The risk is disadvantaged that communities become further marginalised from power and unable to attract the resources needed for effective social growth.

don†t act, the overall costs and risks of climate change will be equivalent to losing at least 5%of global GDP each year, now and forever.

of risks and impacts is taken into account, the estimates of damage could rise to 20%of GDP or more. †Stern later revised his estimate to 2%of GDP to

innovation in the EU 2020 strategy risks being seen as somewhat top down and omits many of the most exciting developments in the field such as user

the willingness to take risks and find creative ways of using underused assets Social enterprises are businesses with primarily social objectives whose

provides flexibility for employers and security for employees against labour market risks and holistic early years†provision in Reggio

Emilia, Italy -the third sector (for example, Emmaus in Europe or Dialogue Social Enterprise which tackles issues of disability and marginalisation in

by individual entrepreneurs engaged in risk and innovation Today most discussion of social innovation tends to adopt one of three main

The risks of change will appear great compared to the benefits of continuity. This applies as much

more the system appears to work, giving people security and prosperity the more its norms will become entrenched as part of peoples†very sense of

risk on providers, causing some organisations to reject opportunities to deliver services; too often contracts set unrealistic prices

safe as a result of the security measures used by the portal The market Increasingly, the boundaries between the private sector and the social sector

The cashless system also provides security for customers who would otherwise be forced to store their money at home

†safe space†for experimentation, creative thinking and risk taking. This is hugely important for anyone looking to bring ideas across the fragile

growth and risk-taking social ventures Venture philanthropists seek social as well as financial returns on investment

or localities to innovate together, sharing knowledge and risks (such as the 27th Region in France

•Pro-innovation models of audit which are proportionate about risk and able to judge programmes in the round, with a portfolio of potential

risk and reward •Reporting tools †for example, 2-3 year reports on innovation performance by key public agencies, using some rough metrics such as

sufficiently outside to take risks and mobilise partners in flexible ways In this section we summarise some of the enablers and barriers to innovation

government that inhibit risk taking, experimentation and innovation. There are barriers and obstacles in the form of cost-based budgeting and

more supportive of experimentation and risk taking. There are also a series of policies which have been introduced across Europe to make government

example 14-16 year olds in a particular area at risk of crime or unemployment

shares the risk for a bundle of interventions, with finance raised from the market, with investors taking on some of the risk for non-achievement of

social outcomes; action through a special purpose vehicle (potentially combining public sector, private sector and third sector) to manage a series of

reward community-led innovation in response to the threats posed by climate change. The Big Green Challenge, aimed at the not-for-profit sector is the first

mitigating risks, the structure of a tournament helped to refine and clarify ideas Police Act Wiki, New zealand

architecture, software, and information security. The process goes through stages of review and discussion, research for art preferences, evaluation

Matters of national security and defence, for example will inevitably remain closed from public discussion. However, citizens do

place excessive risk on providers, causing some organisations to reject opportunities to deliver services; too often contracts set unrealistic prices

For the public sector, the traditional risk averse and cautious organisational cultures of public sector bureaucracies remain a major barrier.

the clearer rewards for risk, as well as more developed techniques for managing innovation Civil society and the grant economy have long been rich sources of social

and find it hard to spread risk. Similarly, the informal household economy plays a critical role in developing social

inability to secure risk-taking growth capital poses a key obstacle to the long -term sustainability and growth of the sector.

risk-taking growth capital in particular †which is critical to enabling them to move from start-up to the next level of development. cxxv

deliver public services often need to overcome a perceived reputational risk about their ability to deliver competitive tender contracts outside traditional

risk on providers, causing some organisations to reject opportunities to deliver services; too often contracts set unrealistic prices

greater risks than banks, investees must be able to repay the loan element of their investment. cxxxii

3. Implementation (health risks, management risks, staff benefits 4. Cost effectiveness (cost savings, scalability, wider economic gains

and risk evaluation are necessary. Given the range of funding requirements we do not propose a

addressing the critical gaps in risk-taking capital for social enterprise, Skoll Centre for Social Entrepreneurship Working Paper, Said Business school, University of Oxford

Addressing the critical gaps in risk-taking capital for social enterprise. Skoll Centre for Social

Addressing the critical gaps in risk-taking capital for social enterprise, Skoll Centre for Social

physical) insecurity cliv Hoegen, M. 2009) Statistics and the qual ity of life: Measuring progress †a world beyond GDP

clv Flyvbjerg, B.,Bruzelius, N.,&rothengatter, W. 2003) Megaprojects and Risk: An Anatomy of Ambition.

Comparative risk assessment and env ironmental decision-making pp. 15-54. Springer, Netherlands clxvii Ibid clxviii Baltussen, R. & Niessen, L. 2006.

maintaining security while allowing greater freedom of movement and freeing up financial and staff resources.

shouldering the burden of risk. Indeed, with competitions, it is the participants who are expected to foot the financial risk.

In the social economy, however, there are arguments for sharing, rather than shifting the risk. This can be achieved through a stage-gate process, where

participants increase the level of investment as they pass through the various stages. This is how NESTA€ s Big Green Challenge was organised

and reward community-led innovation in response to the threats posed by climate change. The Big Green Challenge, aimed at the not-for-profit

mitigate the risks of flooding and provide local residents with cheap, renewable energy. Through hydro, wind and

systems for risk management These will be translated into an economic or business plan, which details the service or initiative, how it will be provided, by whom, with what inputs, how

shares, and seek subordinated loans from sources ready to share early risk without demanding a counterbalancing share in the project†s equity

specialised social finance organisations, sometimes seeking security usually from property), and sometimes lending against contracts

and risks are reduced. They sometimes have an advantage over venture capital funding in that they can tap investors

reliable risk) or whether they will be used to finance innovation (see also method 368 151) Venture philanthropy uses many of the tools of venture funding to

and risk-taking social ventures. It plays an important role in diversifying capital markets for nonprofits and social

and impact †by increasing capacity, reducing risk, or by facilitating adaptation to changing markets and environments.

brings a number of benefits such as distribution of risk and financing But it can only work

capacities, the diffusion of risk, and increasing efficiency and standards A recent example is Age UK, resulting from the merger Of age Concern

return for security; disclosing private information (in return for more personalised services; giving time (for example, as a school governor

& Jerry†s franchises to help train at-risk youth. †Stanford Social Innovation Review. †Summer, 2003

Incumbents tend to deflect threats, or to reinterpret radical new ideas in ways that fit existing power structures.

and Sure Start providing intensive support for children to reduce risk factors. Where these succeed they create a political constituency for

Innovation in the public sector always risks being a marginal add-on †small -scale in terms of funds, commitment of people and political capital.

317) Appropriate risk management. Public agencies tend to be fearful of risk. The challenge is to manage risk,

not eliminate it. Risk can be managed across a portfolio of projects that span the high return/high risk

1 148 THE OPEN BOOK OF SOCIAL INNOVATION end, as well as medium and low return agendas.

A balanced view of risk is vital †some innovations spread too slowly but others spread too fast

without adequate evaluation and assessment, particularly when they win the backing of leaders. A commitment to evaluation and evidence, and

staged development of new approaches, helps reduce risk 318) Formation and training to integrate innovation into personal

development, training, and culture. Some need to become specialists in spotting, developing and growing ideas.

generally, innovation, including a licence to take appropriate risks should be part of personal development plans

innovation rather than a barrier to healthy risk-taking 1 SUPPORT IN THE PUBLIC SECTOR 155

351) Socialising risk. New forms of social insurance for long term care †for example, to create incentives for providers to develop innovative

social impact elements of an investment †and reducing risk 359) Local bonds, including Tax Increment Financing (TIF) and Business

366) Layered investments combining tranches with different rates of risk /return and different sources of capital (philanthropic, public, private

can handle high levels of risk, and do need not the certainty of returns of the

they face limited access to risk and growth capital, and to highly specialist technical knowledge,

report on risk and innovation 1 the UK Government scientific adviser, Mark Walport, states that â€oedebates

about risk are also debates about values, ethics and choices †and fairness, or who benefits

Managing Risk, Not Avoiding It The Government office for Science, London 2. Ayres, C. J. 2012.

and hence are exposed to the risk of becoming â€oelocked -in†to a specific technology, used by one contractor but not by others

consultants, SMES tend to avoid the legal risks of engaging in cross-border commerce Readily available basic legal information,

European SMES therefore risk missing important economic opportunities E-business Fourth phase: e-business (from 1999) Internet technology has gone far beyond a

questions on reliability and security of technology Elements, like the employees resistance to the change, the non-support from the

organizations, is required a further stage in ICT technology adoption which exploits the dynamic interaction (with cooperation and competition) of several players in order to

cannot be given the users an adequate guarantee on critical aspects like trust, security fair processing, integrity, confidentiality,

The risk to this dependence is one of the obstacles, which delays the small organizations in embracing ICT technologies,

From Innovation Emergency to Economic growth. Innovation Lecture, The hague, 26 march 2012 (downloaded on 8 april 2012 from

or market entry, to reduce risk of development or market entry, to achieve scale economies in production,

threat of protectionism in some Member States Has there been sufficient involvement of stakeholders in the Europe 2020 strategy?

%ï to ensure at least 20 million fewer people are at risk of poverty or social exclusion

ï Improve the security of energy supply, by working for the diversification of both domestic and external energy sources

-nesses both as security and privacy issues; digital identity will be discussed also as with regard to brand management in the actual digital ecosystems, and the con

2. 2. 2 Advantages and Risks in Cloud computing Outsourcing Projects...28 2. 2. 3 Managing Changes and Organizational Issues...

4. 3. 3 Marketing Intelligence and Risk Analysis...73 4. 4 Social Listening Challenges...77

5. 2 Advantages and Risks Associated with IT Consumerization...90 5. 2. 1 Advantages and Opportunities

5. 2. 2 Challenges and Risks of the Consumerization of IT...92 5. 3 Steps for IT Consumerization...

7. 2 Privacy and Security Drivers and Challenges...134 7. 3 Digital Brand Management...138

4 Mapreduce exploit, on the one hand, (i) a map function, specified by the user to process a key

health risk •Continuous process monitoring: e g.,, to identify variations in costumer senti -ments towards a brand or a specific product/service or to exploit sensor data to

identify potential threats or opportunities related to human resources, customers competitors, etc As a consequence, we believe that the distinction between DDSS and Big data

, improving risk analysis and fraud management, to utility and manufacturing, with a focus on information provided by sensors and internet of

Threat Analysis Credit scoring Fraud detection Tax evasion control Reduction in consumption of public utilities â€

general management, risk management, customer experience management, brand Create emotional ties Empathic use of information Business Agility

electric utilities, hospitals to exploit GE€ s Big data expertise, generating big savings, likewise. Thus, human resources and talent management are key issues to

perspectives on value, risk, and cost IEEE Comput 46: 32†38 24. Tallon BPP, Scannell R (2007) Information life cycle.

3. Performance assurance and quality, which would be achieved by the vendor by utilizing better technologies

which allows the company to transfer the risk of failure to the vendor, especially when the company does not have required the experience

6. Data security. The infrastructure provider tries to achieve best data security by meeting the following two objectives (1) confidentiality, for secure data access

and transfer, and (2) auditability, for attesting whether the security settings of the application have been altered or not.

However, this factor forms big chal -lenge for all stakeholders in cloud computing. This happens because of the

2. 2. 2 Advantages and Risks in Cloud computing Outsourcing Projects Cloud computing is like any other new development in IT,

and risks. According to 8, there are many benefits for utilizing a third party cloud computing service provider for the implementing company.

8 suggests there are s number of risks when adopting cloud computing services. These risks are summarized as follows

1. The customer service quality at the company might be affected with this change, which could happen because the support managers and engineers

The risks and impact of IT outsourcing also have to be considered. Gai and Li 10, for example suggest that security problem could arise because of poorly

executed protocols and authentication process as well as the lack of security standards that govern cloud computing. The importance of the security issues is

also addressed by many other authors such as Srinisvasan et al. 11. In their research they classify the concerns about the security into two main categories

2. 2 Strategic and Managerial Challenges and Opportunities 29 A. Architectural and Technological Aspects, and includes the following points

1. Logical storage segregation and multi-tenancy security This risk might happen when some clients and their own competitors share the

same physical storage location, which could result in private data exposure. In such a case, the Cloud Service Provider CSP should ensure proper data isolation to

handle such sensitive situation 2. Identity management As the traditional identity and access management is still facing challenges

from different aspects such as security, privacy, provisioning of service as well as VMS, etc. hence, more considerations should thought of when considering it for

This risk can be very dangerous based on the fact that the provider does not reveal information such as, e g.,

This risk can lead to situations like financial impact, brand damage and productivity loss 4. Virtualization issues

servers introduces considerable security concerns. Associating multiple servers with one host removes the physical separation between servers,

increasing the risk of undesirable cooperation of one application (of one VM) with others on the same

significant threats to the holistic view of cloud computing 5. Cryptography and key management The need for appropriate and, up-to-date cryptography systems with efficient

The well-developed information security governance processes should exhibit the following characteristics •scalable •repeatable

of the CSP and internal design details which would lead to major security concerns for CSP as well as customers like cyberattacks and illegitimate control over user

accounts 8. Cloud and CSP migration Transforming to the cloud or moving from one CSP to another involves two

and comprises risks related to data security and portability •Level 2: Cloud migration, which will happen during the change from one CSP to

another and comprises risks about data migration security and about making sure that the old CSP, will delete customer†s data on its cloud servers

Therefore, the following SLA Security Quali -ties (SSQS) are important for any customer who wants to transform to cloud

•agreements on security related issues •up-to-date technology improvement by the CSP •governance and regulatory compliance maintenance with respect to the coun

Other examples of the risks include the low controllability over the service, data ownership and loss of data since it is provided by a third party service provider

The previous mentioned risks and challenges have to be considered by the transforming company which needs to be able to deal with them by having backup

regarding the security issues. Finally, they have to ensure that the contract will have involved the provider in dealing

such as security issues 13. On the other side, 14 suggests that the service supplier can enhance the quality of the service it provides by using an execution

operations, security, compliance, etc. Furthermore, infrastructure implies physical assets (second column of Table 2. 1) such as facilities, compute, and network and

-porate data and security and system performance. However, private cloud is usually not as large-scale as public cloud,

concerns about security and data sovereignty. In contrast to previous model, the public cloud is open for use by the general public i e.,

however, security concerns may be considerably different for the cloud services such as applications, storage, and other resources that are made

SLAS), security standards, backup strategies, customer support, downtime history and pricing policy. Thus, this choice has to be built upon a careful decision and a

Security/Privacy Backup system System update Maintain service Education training Facility Reliability Specialisation Compatibility Link/Connection

such as staffing, communication, organizational rules and risk assessment. This step faces challenges such as clearly defining business and technical requirements

highlight the importance of considering the socio-technical factors and the risks accompany this migration before the firms transform their IT system to the cloud

gained as well as the risks that are inherited in this transformation The second case study, which is presented by Levine

Ministry of Public Administration and Security, Korea Customs service, Ministry 42 2 Cloud computing of Construction and Transportation, the National Tax Service, and the National

and risks are very important in the transformation to the cloud computing environment. This situation is even more imperative

the risk related to the data protection and security, which is a very important factor that needs to be considered.

This Chapter provides a description about the risks accompanying cloud com -puting and how to manage them.

benefits and risks associated with cloud computing. These case studies show that many issues have to be considered before commencing with the transition to this

2. Carroll M, Van der Merwe A, Kotzã P (2011) Secure cloud computing benefits, risks and controls.

and security, pp 142†146. doi: 10.1109/MINES. 2012.240 11. Srinivasan MK, Sarukesi K, Rodrigues P, Manoj M, Revathy P (2012) State-of-the-art cloud

computing security taxonomies†classification of security challenges in the present cloud. In Proceedings of international conference on advanced computing and communications and

system security, pp 280†284 15. Atkinson P (2005) Managing resistance to change. Manag Serv 49:14

•Security, strictly connected to performance issues, but focused on the challenges of guarantying the privacy of data and the trustworthiness of mobile applications

with regard to costs of functionalities, user experience, and data security. Taking these issues into account, we overview the main characteristics of three types of

data privacy and security Software solutions to support applications management on devices Development Integration Security Performance

Fig. 3. 3 Digital management solutions 56 3 Mobile Services The native development model is specific for a single device

•Exploit any internal skills already acquired on a particular technology suitable to be adopted for the mobile applications development on the chosen device (s

mitigates the risk of relying on a single vendor •The approach while providing a better

Finally, ensuring the security of the data (see Fig. 3. 3) is by far one of the most

Accordingly, security can be addressed through the adoption of different types of enabling solutions. We discuss them in what follows,

summary, they focus on risks and challenges for company data privacy and security by Bring Your Own Device (BYOD) and IT Consumerization emergent

phenomena (see for details the Chap. 5 of this book As for Application Streaming solutions, they can be considered a kind of

Table 3. 6 Solutions suitable to enable device security management Solutions Benefits Drawbacks Mobile device management •Simple to install

hand, they improve security and control, ensuring the virtual separation of personal and business data as well as operating systems (the former managed by the mobile

practices that focus on increasing user awareness about the privacy, and security related, e g.,, to the access and unauthorized disclosure of corporate data as well as

, Wordnet 20, reducing the potential threat described above. Under this point of view, ontologies enable Web documents annotation,

4. 3. 3 Marketing Intelligence and Risk Analysis Key words for new strategies such as ††open solution†â€, ††information accessibil

-tions is influenced by the ability to properly develop security policies. Thinking about mobile banking, it seems to be evident the potential threat related to security

issues, considering, on the one hand, data interception; on the other hand, the possibility of losing the device by the user/costumer

attacked by malware and other threats. In order to effectively react to these challenges is highly important to define security policies able to identify in

advance any kind of vulnerability. These policies do not have to be general but Table 4. 1 Classification process:

strategic actions and key questions Strategic actions Key questions Take decisions for a particular sentence or

Trying to manage the security issues actively, involving in an integrated way IT, Marketing and Human

crucial role in the risk analysis process (using, for example, sentiment analysis and opinion mining in order to forecast

Furthermore, the additional threat is that illegal behaviors such as ††cyberbulling†â€, ††stalking†â€, ††phishing†â€, ††scam†â€, ††marketing

has shown the risk to privacy related to vanity queries, in which a user issues a query for his or her own name 31

identify, evaluate and face the impact of external risks that rise up from social networks and 2. 0 technologies.

identify potential threats, evaluate the impact and undertake initiatives in order to eliminate or reduce the potential threats.

Precautionary actions (through marketing intelligence tools) can create the conditions through which firms can control the

in order to prevent and control risks through marketing intel -ligence tools, these have to use advanced and appropriate metrics.

in order to translate potential risks into quantified data, further efforts are required to design and develop frameworks

and applications to recognize potential threats into a text. One of the most inter -esting approach could be described the one by 32,

that is focused on the risks identification in messages or texts, trying to support the decision making process

of the risk is the uncertainty. This means that more than one result can occur. A

risk associated statements or messages After this first step, the potential threats are classified on the base of their

impact (positive, negative or positive†negative. Examples of these two steps are offered in Table 4. 3. The approach described is structured in two core steps

(or can be associated to a risk •evaluate which kind of impact this risk can have

External Risks Legislation Competitors†activities Market Socioeconomic context Suppliers and partners Internal Risks Compliance Business processes

Operations Marketing Intelligence activities Reduce external factors impact Prevent risks and criticalities Fig. 4. 1 Risks areas and

factors Statement Firm Valueuncertainty Future Timing Risk Impact Fig. 4. 2 Model for recognize risks associated

statements. Adapted from 32 76 4 Social Listening In order to facilitate the automatic learning activity, all the sentences are

converted into a numerical representation, which can refer to single words, sen -tences with two or three words,

or part-of-speech (POS) tags. POS are used usually in order to catch syntactic aspects, while for semantic aspects usually tools such as

e g.,, General Inquirer have been used (http://www. wjh. harvard. edu/*inquirer /Finally, statistical approaches are used for machine learning such as Support

order to predict potential risks, but it perfectly shows all the threats and challenges that the marketing intelligence has to face

in order to be effective in the new competitive landscape 4. 4 Social Listening Challenges Nowadays the techniques and technologies for sentiment analysis and opinion

Table 4. 3 Statements and risk impact examples Statements Risk impact ††Although lots of analysts predicted that the defibrillator market would have

increased by 20%yearly, due to the population ageing most of the analysts now predict less than 10%of increase yearly†â€

to find a way to reduce this threat before people lose their trust on online reviews

elements such as potential threats, business opportunities, etc. adding, therefore information about the competitive landscape Consider now, for example, the Cintas Corporation case study,

promotional products, security products, fireproof protection services, and docu -ment management services. Therefore, the strategic plan team has constantly to

and enhancing the monitoring and risk management performance •adopt procedures as opened as possible (less sequential

Proceedings 2009 IEEE International Conference Intelligent Security Informatics. IEEE Press, Richardson, Texas, USA, pp 266†268

the security of their financial information. Pew Internet and American Life Project Report 23. Bansal M, Cardie C, Lee L (2008) The power of negative thinking:

5. 2 Advantages and Risks Associated with IT Consumerization Consumerization of IT represents both a challenge for the business, and an

Management & Security inside the Firewall Moving from Moving to Always on, anywhere Freedom to participate

Boundary-less security and manageability Fig. 5. 1 IT Consumerization transformation. Adapted from 5 5. 2 Advantages and Risks Associated with IT Consumerization 91

has gained an important role in increasing workforce creativity and ability to find/use tools for their business tasks and continuous learning.

security policy and security governance, a trend that is irreversible and will lead in the middle term to the falling of traditional security models. 2

•Data Management opportunities: successful implementation of the IT consu -merization requires strong architecture that could result in better data man

5. 2. 2 Challenges and Risks of the Consumerization of IT The increasing number of employees†private devices used in workplace is pre

Security Forum (ISF), 12, has analyzed the challenges, trends and solutions for IT consumerization: according to this analysis, many of the issues that are related

the same security standards and policies on those personal devices. Also, besides the misuse of the personal device legal matters that concern the ownership of

-tion†s security response planning, that addresses how the people use the devices and what protection software they have as well as the provisioning and support

security issues related to them •Fourth segment is about the issues related to software and apps used on the

which is an information security specialist has cooperated with Carnegie mellon University, in a report entitled †Mobility and

considered as a bigger security threat, since the lost smartphone can contain sig -nificant amounts of sensitive corporate data.

European Network and Information security Agency (ENISA), has provided a categorization for the risks associated with the consumerization of IT.

These categories and the risks assessed under each one of them are summarized as follows 5. 2 Advantages and Risks Associated with IT Consumerization 93

Category 1: Risks Related to Costs The risks under this category are 1. Increased risk of loss of value in cases when employees bring bad reputation to

the organization†s name or brand by uncontrolled use of consumerized services /devices such as, e g.,

, Dropbox 2. The increased variety and complexity of personal and mobile devices as well as different operating systems and applications that all requiring management will

lead to increased costs 3. The possibility of losing mobile devices would likely increase when the

organization uses more of these equipment, which means more costs 4. Additional spending might happen to ensure that the security requirements do

not prevent appropriate consumerization or encourage inappropriate use of consumer devices Category 2: Risks Related to Legal and Regularity Issues

The risks under this category are 1. Corporate governance and compliance control over employee-owned devices

will not be optimal 2. Since the consumerized personal devices may be owned and operated entirely by the end users, it will be difficult for enterprises to enforce their own policies

which may result in risks related to the intervention of busi -nesses in the private life and property of employees

Risks Affecting Data (Confidentiality, Integrity and Privacy The risks under this category are 1. the possibility of losing corporate data because of unauthorized sharing and

usage of information on employees†devices by the services running on them 2. the possibility of losing corporate data as a result of access by unknown users

3. the risk of losing corporate data as a result of difficulty in applying security measures and policies on application-rich mobile devices, especially when the

4. increased risk of the corporate data being hacked due to external attack The following table (Table 5. 1) summarizes

-tioned risks into primary and secondary categories. It provides cross-functional information for those interested primarily in one kind of risk who may need to

consider the relationship between certain type of risk and others. For example, it is expected that businesses dealing with privacy issues,

might also be interested in risks related to data loss 94 5 IT Consumerization Moreover, more cost oriented businesses might also be interested in legal

-related risks. In the table, the X symbol represents the primary category and the X) symbol represents the secondary category.

Additionally, the table provides explanations on why some risks are falling into one or more secondary categories

5. 3 Steps for IT Consumerization Companies have to rethink their strategies to seize the opportunities associated

Table 5. 1 Primary and secondary classification/dependencies of identified risks Category (cat & risk (R

Category Comment Costs Legal and regularity Data Cat (1) R (1) X (X)( X) Secondary categories due to effects on compliance and

5. 2 Advantages and Risks Associated with IT Consumerization 95 consumerization in order to see it as an opportunity rather than a problem.

However, such procedures can conflict with the enterprise†s IT SECURITY policies 13 As mentioned before, cloud computing is the IT service that makes this even

address some of the inherent security issues associated with the Bring You Own Device BYOD strategy, in particular

2. To update security model: the decision makers in the business need to develop a security model for employee-owned devices.

This means shifting focus into a broader vision. In other words, instead of focusing solely on securing hardware

security, manageability, productivity, performance and ease of use 14 5. 4 Business Scenarios for IT Consumerization

Security Model 3 Decide on OS and devices 4 Plan Deployment 5 Stay current with

security restrictions 5. 4. 2 Bring Your Own Media Tablet A business manager handles hectic schedules and endless lists of tasks and

-erations with regard to licensing, security, and privacy exist. Moreover, the ability of the users for being self-supporting

has to evaluate the benefits and risks of such a strategy, before applying it 16

and mitigate the risks involved 104 5 IT Consumerization with the adoption of this strategy;

the privacy and security risks involved in using certain software applications Legal considerations. It is crucial to consider the different legal and privacy

security standards of the enterprise firewall and can be integrated with other systems at the enterprise that are managed by a company†s own IT department.

-ronment that brings new security and compliance challenges, IT must balance flexible user choice with secure, cost-effective management standards across the

top risks and opportunities responding to the evolving threat environment. ENISA, Heraklion, pp 1†18

5. 10 Summary 109 8. Copeland R, Crespi N (2012) Analyzing consumerization†should enterprise business

Security CF & ISF (2011. Advises on consumerisation. Comput Fraud Secur 20 (3: 20†23

DMSS commonly provide storage, versioning, metadata, security, as well as indexing and retrieval capabilities The issues that accompany the use of such systems are the security, data

integrity and quality, standards that govern the way these systems work, user compatibility, and the way the workflow is configured pre in such software

capacity, the speed of the internet and issues related to security Finally, the Chapter has discussed case studies,

-based character recognition via web security measures. Science (80-)321: 1465†1468 25. Verma A, Singh A (2010) Webinar†education through digital collaboration.

security and privacy issues. Furthermore, digital identity will be discussed also with regard to brand management in current digital ecosystems, and the conse

and security related to this openness and ††instability††6 of digital competition are worth mentioning.

As for privacy and security factors, we are going to consider the technological perspectives that often prevail in their discussion,

7. 2 Privacy and Security Drivers and Challenges Chapter 5 ON IT consumerization has shown some of the main risks associated to

the BYOD emerging trend in organization. In particular, the Chapter has shown that the decision makers need to develop security models for employee-owned

devices, addressing key concerns such as, e g.,, managing diverse mobile plat -forms, protecting information across different and heterogeneous mobile devices

of privacy of data and security of its own information infrastructure. Apart from IT consumerization, other phenomena such as the diffusion and pervasivity of social

Considering cybercrime, as reported by Paul Hyman on the Communications of the ACM (CACM) 8 on March 2013, security companies evaluations about the

costs of the cybercrime worldwide were $110 billion every year according to Symantec Corp.;while approximately $1 trillion according to Mc afee Inc

However, apart from the presence of no standard mechanism for accounting for losses or the failure to detect losses,

identity-related motivations security experts see as constraints and causes for a limited accuracy of costs estimations 8

estimates of the scale of the risk of cybercrime 8. According to a report titled †Measuring the cost of cybercrime†9, presented in 2012 by an international team

cybercrime often exceed the cost of the threat itself 10. The analyses and the consequent evaluation presented in the report have followed the framework shown

considering all the main types of cybercrime, such as, e g.,, online payment and banking fraud, fake antivirus, patent-infringing pharmaceuticals

As for the main constructs of the framework, apart from the above cited cy -bercrimes and their supporting infrastructures, the others were defined by 9 as

Crime††9, p. 4. For example, the revenue of a phishing advertised by email spam is the sum of the money withdrawn from the accounts of the subject that is

victim of the phishing activity •Direct losses are ††the monetary equivalent of losses, damage, or other suffering

cybercrime action; deferred purchases or not having access to money 9 •Indirect losses are ††the monetary equivalent of the losses and opportunity costs

imposed on society by the fact that a certain cybercrime is carried out, no matter whether successful or not and independent of a specific instance of that cy

including security products, security services, such as, e g.,, training, regulations and/or law enforcement, etc •Cost to society is ††the sum of direct losses, indirect losses,

7. 2 Privacy and Security Drivers and Challenges 135 As for the report findings, one of the main suggestions concerned the fact that

indirect costs of cybercrimes on business are several times higher than the direct costs. Furthermore, as pointed out by Ross Anderson, one the researchers of the

would be far more effective than telling the public to fit an anti-phishing toolbar or purchase antivirus software††10, p. 1. Thus, a conclusion from the study is that

public and private spending should be focused less on defense of computer crime i e. antivirus, firewalls etc.

and more on policies and methods for finding and punishing the criminals However, another relevant point resulting from studies such as the one pre

Cybercrimes Supporting Infrastructure Cost to society Fig. 7. 1 A framework for evaluating the costs of

cybercrime. Adapted from 9 136 7 Digital Business Identity the state of art on business information systems, an interesting solution for

/monetary security/risk/and compliance, business processes, and supporting pro -cesses and infrastructure. Coherently with the BSC concept, the perspectives

for the financial monetary perspective can be estimated the costs for security incidents (e g.,, on the basis of historic or benchmark data;

while for the security /risk/and compliance perspective they can be the mapping of users and accounts in

the different systems (for having an ††account density††representation), or the achievable quality of audit logs (content,

Security, Risk, and Compliance Supporting Processes and Infrastructure Financial/Monetary Decision Support /Tactical Layer Risk management (Financial, IT

accounting, controlling, audit Process description and modelling frameworks IT G ov er na nc e

7. 2 Privacy and Security Drivers and Challenges 137 as well as cultural factors in the outer context.

, cybercrime and for Enterprise Identity Management. Besides the inner context of an organization, the Chapter has pointed out how digital business

8. Hyman P (2013) Cybercrime: it†s serious, but exactly how serious? Commun ACM 56:

2012) Measuring the cost of cybercrime. Elev. Annu Work Econ Inf Secur (WEIS12 Berlin, DE, June 25†26

Anderson R How much does cybercrime cost? http://www. cam. ac. uk/research/news /how much-does-cybercrime-cost

11. Birch D (2007) Digital identity management technological, business and social implications Gower Publishing, Aldershot

systems and their performance and risk management. This Chapter aims to offer an overview of digital governance as a comprehensive perspective ON IT governance

performance and managing decisions for value generation as well as the risks that are associated with its practices.

good governance to solve key drawbacks and risks, likewise. Thus, good digital governance enables groups to make effective decisions,

Table 8. 1 Governance benefits for risks associated to key decision making areas Key decision making areas Risks Governance benefits

Identifying the relevant decisions Misdirected effort Good governance allows to identify the decisions that have a real impact on

strategic alignment, value delivery, risk management, resource management and 152 8 Digital Governance performance management. Another example is produced the one by the IT Gov

Value Delivery and Risk management Related Critical Success Factors 7. Consolidate, communicate and enforce policies and guidelines for cost-effective acquisition

selected enterprise had significant gaps in its security policies and programs exemplified by the lack of consistency across technologies, systems, and processes

serious security issue as various consultants and subcontractors were working with highly confidential citizens†data.

Consequently, the vulnerability assessment considered the four major security issues mentioned below 1. protection of sensitive personal data

2. the division responsible about application services lacks with regard to con -sistency to audit data analysis history

to validate that their security programs and initiatives were working well In summary, there was lack of analytics and reporting systems on the use of

IT governance structure and practices with a focus on security and compliance over the long-term (since security variables are actually challenging and are

continually changing. The use of COBIT framework in this case study has proved that it can effectively solve these challenges, providing quality outcomes, likewise

Security is a focal point and challenge of any digital and IT governance implementation; therefore, companies have to put

The risk of an enterprise not knowing the identity of its business partners is increased by e-commerce transactions

more concerned with IT governance due to their inherent risks. These threats require the adoption of strong controls, policies, and management practices

Therefore, each and every organization should have a thorough measure that reflects the risks, as well as the benefits of a project.

Organizations can achieve the best out of such situations by implementing effective IT governance practices 23

guarantee security and integrity of business information, ensure availability and continuity of business operations, protect assets

-related business risks. There is also an increasing pressure ON IT to automate and sustain compliance with regulations.

involvement of an organization†s IT professionals as well as its security profes -sionals. Finally, to be truly effective,

on Internet security, pp 144†149 23. Iskandar M, Akma N, Salleh M (2010) IT governance in airline industry:

i e. the first offer of securities to the public by a company on a regulated market) to bankruptcy in less than a year.

implement a business model able to deal with and exploit such characteristics of the digital economy Table 9. 7 compares the essential features of the processes of transformation of

as well as the phenomenon of piracy and illegal downloading of music content which make it extremely difficult to capture the value originating from online

features, emotional costs due to the uncertainty and operational risks associated with the products and technologies in use.

models that are most popular among Web 2. 0 companies, which exploits the peculiarities of the information economy, is the so-called ††freemium††(combi

innovation, and since the innovation process involves higher costs and risks, the incentive to innovate is,

outside the company, reducing the costs and risks of research and significantly Table 9. 9 Comparison between closed and open innovation

reducing and sharing the risks and improving competitive performance, likewise 9. 6 Summary This Chapter has provided an overview of the digital innovation impact on Business

Billguard 5 is a personal finance security system scanning credit card activity daily for hidden charges, billing errors, forgotten subscriptions, scams and fraud

team is composed of data scientists, mathematicians, security experts and industry specialist, supported by the investments of some of the founders and CEOS of

with consequences ON IT policies as for security, disclosure of data, and privacy Taking the digital trends challenges into account, Fig. 11.1 summarizes the

, policies for privacy and security of data and infor -mation flows; on the other hand, promoting it in terms of brand in an

Cybercrime, 134†136,143 D Data, 4 Data deluge, 4 Decision 2. 0, 67 Degree centrality, 69

Security standards, 29,34 Semantic Analysis, 200 Sentence-level sentiment analysis, 70 Sentiment analysis, 67,69, 71,72, 75,77, 85

SLA security qualities (SSQS), 31 SOAP, 25 Social influence, 51,54 Social listening, 67,68, 72,78, 80,85

2. 2. 2 Advantages and Risks in Cloud computing Outsourcing Projects 2. 2. 3 Managing Changes and Organizational Issues

4. 3. 3 Marketing Intelligence and Risk Analysis 4. 4†Social Listening Challenges 4. 5†Social Sensing

5. 2†Advantages and Risks Associated with IT Consumerization 5. 2. 1 Advantages and Opportunities of IT Consumerization

5. 2. 2 Challenges and Risks of the Consumerization of IT 5. 3†Steps for IT Consumerization

7. 2†Privacy and Security Drivers and Challenges 7. 3†Digital Brand Management 7. 4†Case studies

< Back - Next >

Overtext Web Module V3.0 Alpha
Copyright Semantic-Knowledge, 1994-2011