Towards A Quantitative Risk Evaluation Model for Risk-Aware Access Control In Pervasive Environment

Abstract

The use mobile devices by employees to perform both official and personal tasks popularly referred to as Bring Your Own Device (BYOD) has manifested in many sectors of human endeavours, whether the devices are authorised by employers or otherwise. BYOD strategy increases employees productivity, improves employees work experience and enhance business agility. However the strategy exposes crucial organisation resources to various threats, culminating to risks which might jeopardise the benefits of BYOD. Thus there is need for risk evaluation model that could be used by risk-aware access control to grant or deny access request based on inherent risk factors surrounding the request. This paper presents a conceptual approach for modelling a quantitative risk evaluator to mitigate security risks of BYOD strategy. Thus, implementation of the model will enhance access control in BYOD environment and minimize the security risks associated with adopting the strategy.