Enterprise Digital Security Strategies

Enterprise Digital Security Strategies that support Mobile Applications as the Primary Interface
with Customers and Employees-An Exploratory Study

[Name of the Writer]
[Name of the Institution]
Enterprise Digital Security Strategies
TABLE OF CONTENTS
Introduction..................................................................................................................................1
Background..................................................................................................................................2
Literature Review........................................................................................................................3
User/ Customer Management...........................................................................................5
Provisioning......................................................................................................................5
Management of access requests........................................................................................5
Aims and Objectives....................................................................................................................7
Research Question.......................................................................................................................7
Research Hypotheses...................................................................................................................7
Types of Security Threats............................................................................................................8
System breach...................................................................................................................9
Unauthorized access........................................................................................................11
Fraud...............................................................................................................................13
Brand reputation.............................................................................................................14
System downtime............................................................................................................14
Significance of the Research Study...........................................................................................15
Purpose of this Research Work..................................................................................................16
The Goal of Security Strategy...................................................................................................17
Outline of the research study.....................................................................................................19
Methodology..............................................................................................................................20
Sampling....................................................................................................................................21
Participants.....................................................................................................................21
Ethical Considerations...................................................................................................................21
Limitations and Key Assumptions.................................................................................................22
Research Plan..................................................................................................................22
Resources and Funding Required...................................................................................27
Bibliography..................................................................................................................................28

Introduction
The enterprises, today, require enhancing their security from traditional defensive
strategies towards a proactive stance that are aligned with the core objectives of the enterprises1.
Highly sophisticated approaches for managing security threats have become essential for the
companies to endow with a modified digital platform with increased cyber security. For the
enterprises to provide a refined experience to the customer, fallacy for the security compliances,
require moving towards the practical objectives. The acquiescence of the enterprise-level
objectives is essential to drive the performance and productivity, while the cyber security
strategies must go parallel with these core objectives.
(Source: http://www.intel.com/content/www/us/en/intelligent-systems/digitalsurveillance/digital-surveillance-intel-dss-enhances-video-security-solutions.html)
The exponential rise in the cyber security threats increases the significance of
reorganizing the security strategies, redefining the security objectives, and staying ahead of the
1
McMillan, E. N. Promoting The Use Of Intelligence And Intelligence Analysis As Complementary Components To Enhance Situation
Awareness In Cyber Security (2012).
cyber crimes2. It is imperative that mobile applications, their sophisticated design, complex
architecture, and appealing interfaces are the fundamental goals of application designing and
integration, along with the security as a major concern3. The cyber threats have been complex
and evolve consummated speedy impact on the mobile applications and its users. The enterprises
do not question their mobile application security, which is a primary connection between
customer and services, but they question the degree to which their applications are secure.
Today, the emerging new face of the world is highly connected, information-heavy,
startling the advance business landscape, which is mission-critical, unique in its view of
enterprise, and retaliating to surpass the increase in cyber threats. The astonishing growth in the
mobile application threats cannot be undermined or the enterprise will be suffering from the
security breaches. Some firms may have been breached; some have been dangerously oblivious
to the information security breach, while others have certainly organized their security strategies
efficiently4. It is the right time for enterprises to initiate a strategic cyber security program that
redraws the radical business landscape based on the operational, financial, and customer data
security, as well as deems over the role of informed leaders
Back ground
The digital security of an enterprise, considering the connection between customer and
service in the mobile application platform, refers to the conformity of rules and regulations,
given to enterprise by the law. The infringement of copyrights or any activity against data
2
Kelly, B. B. Investing in a Centralized Cybersecurity Infrastructure: Why Hacktivism Can and Should Influence Cybersecurity Reform. BUL
Rev., 92, 1663. (2012).
3
4
Ibid 2.
Crowell, W. P., Contos, B. T., DeRodeff, C., & Dunkel, D. (2011). Physical and Logical Security Convergence: Powered By Enterprise Security
Management: Powered By Enterprise Security Management. Syngress.
content that can be recognized under the violation of rules and security breaching can be
characterized as crime over the digital platform5.
The social and entrepreneur transformation have shifted the conventional ways of
managing information security. With the exponential advancement in the technology, the
vulnerabilities to hazard have also grown that are unpredictable and uncertainly for its impact on
the enterprise.
Cybercrimes have been a major security threat for the enterprises for which the
importance of digital security strategies has grown to protect the mobile applications and their
users6. The cybercrimes have been a concern for the private as well as public organizations and
results in the losses ranging to billions of dollars. The millions of dollars have been spend to
encounter the groups involved in these crimes, while the most effective solution to address the
cybercrime issues has been the well-organized set of security strategies. The digital interactions
on the mobile applications offer a wide range of cyberspaces granting the opportunities of
information misuse and other deviant activities that can influence the operations of the
enterprises7. Therefore, it is certain that enterprises require entailing the new goals to surpass the
challenges of security in the digital platform.
Literature Review
The cybercrimes and its devastating impact on the enterprises has been a well-researched
area of study. The literature evidences the vast range of strategic decisions, with respect to
security policies that can be beneficial for the enterprises to respond the threats from cyber
5
Gable, K. A. (2010). Cyber-Apocalypse Now: Securing the Internet Against Cyberterrorism and Using Universal Jurisdiction as a Deterrent.
Vand. J. Transnat'l L., 43, 57.
6
7
Kshetri, N. Cybercrime and cybersecurity in the Global South. Palgrave Macmillan. (2013).
Urhuogo, I., & Chandan, H. C. (2012). Information Systems Effectiveness: The Application of Corporate Social Responsibility Policy and Total
Quality Management Model. Journal of Business, 4(1), 181-196.
crimes. The design of mobile application endures the functions and features that facilitate the
customers and enterprises, with appropriate integration of tools, set of strategies, and welldefined objectives8. The integration of tools, connecting the customers and services, provided by
the enterprise, are significantly at the risk of security breach that can violate the confidentiality
and functionality prospects of the trusty enterprise and its dependable customers.
With the increasing need of the users turning to mobile device users, the need of coercing
the security efforts, along with the functional capabilities to addresses the demand of
competitiveness and addressing the security threats altogether9. The mobile application usage
encompasses the complex transactional and connective operations that are extensively complex
in their implementation of technology and design. These transactions are complicated by the
multiple users, systems, and devices, as well as involve multiple purposes of user-enterprise
interaction, which include financial accounts, supply chain, social networking, etc., personal and
private usage10. Considering each of these interaction, connection, and transaction, there is a
threat to the information including data theft, downtime, and system compromises. The
increasing threats of security are associated with the increasing number of customers, which is
also essential to enhance the productivity of the enterprise, however, realizing the strategic
redesigning an organization of security plan can substantially be beneficial for the enterprise.
The increasing number of users and systems to which they need access is leading to a
increasing number of digital identities that need to be managed. The management of identities
includes several aspects, such as account creation, allocation access rights, the treatment of
8
9
Prabhakar, H. (2012). Black Market Billions: How Organized Retail Crime Funds Global Terrorists. FT Press.
10
Singhal, M., Chandrasekhar, S., Ge, T., Sandhu, R. S., Krishnan, R., Ahn, G. J., & Bertino, E. (2013). Collaboration in Multicloud Computing
Environments: Framework and Security Issues. IEEE Computer, 46(2), 76-84.

requests for access and management of attribute related identities11. Organizations need a
solution that allows them to add and centrally manage the identities that will be used throughout
the IT environment.
User/ Customer Management

Several organizations have clients and partners seeking access or collaborate on online
portals12. The services can integrated with these applications to provide resource-based identity
management in the cloud, including self-service user, creating profiles, reset passwords and
distribution of user names forgotten.
Provisioning
Service providers automate the process of adding, modifying and delete user accounts,
including various tasks of users and role memberships that can be used to assign privileges on
the desired systems13. This service can be used to provision accounts in local and cloud-based
applications, or in both types of applications, in the case of a hybrid model.
Management of access requests

When a user needs access to applications enterprise, it typically contacts the IT
department or technical support to process its application, which can be costly and inefficient14.
The service providers allow these users to submit requests for online access. The cloud service
11
Baker, W., Hutton, A., Hylender, C. D., Pamula, J., Porter, C., & Spitler, M. (2011). 2011 data breach investigations report. Verizon RISK
Team, Available: www. verizonbusiness. com/resources/reports/rp_databreach-investigations-report-2011_en_xg. pdf, 1-72.
12
Walters, D. Market centricity and producibility: an opportunity for marketing and operations management to enhance customer
satisfaction.Journal of Manufacturing Technology Management, 25(2), 299-308 (2014).
13
Metzer, R. L., Grant, J. E., Jackson, W. T., Isaac, D. P., Mckennirey, M. J., & Bedford, K. L. (2014). U.S. Patent No. 8,726,351. Washington,
DC: U.S. Patent and Trademark Office (2014).
14
Gass, O., Krammer, C., & Maedche, A. ReGISA Web Application Platform-based University Research Group Information System (2011).
can then route the requests through approval workflow based on defined policies and when
appropriate provisions the user in these systems automatically.
Research Problem
The enterprises need to align their organizational objectives with the strategic goals of
digital security, in order to surpass the challenges of cybercrimes and enduring the customers
with enhanced experience of secure transactions and connectivity.
The security breaches and cybercrimes are threat to the mobile application users and the
business enterprises, for which the fundamental changes in the security strategies of the
enterprises operating on the digital platform can be exceptionally beneficial15. The mobile
application evolves an overwhelming amount of information, shuttled among social network,
customers, hosting location, and service provides databases. In the last two decades, the userinterface command lines have been grown exponential from simple to complex graphical
interfaces. The fast and increasingly changing digital platform has become a promising way for
the service providers to engage and involve users in the amazing experience of mobile
applications that has not restricted them for connectivity and accessibility.
With quick changes in speed and expandability of the digital applications, there has been
increase in the service users, as well as the number of functions, operations, and information
usage, with the increasing probability of security risk and cybercrimes16. The highly sophisticated
architecture of the mobile application is questioned for the security policy, strategy, and tools
used by the enterprise to protect and support its customers against security threats.
15
16
Flynn, L. International Implementation of Best Practices for Mitigating Insider Threat (2014).
Flynn, L. International Implementation of Best Practices for Mitigating Insider Threat (2014).
Aims and Objectives

The researcher aims to explore the strategic solutions for enterprise digital security.
Following are the proposed objectives of the study.
To exploit the literature on enterprise digital security for enhancing the understanding on
threats to mobile application users and enterprises
To analyze the set of strategies that can protect and support the application user and
enterprise
To explore the major challenges and issues associated with the implementation of new
security strategies
Research Question
The proposed questions for this research study are
What are threats that customers and service providers can experience in the digital platform?
How the security gaps can be addressed by the enterprise, strategically?
Are there any major challenges for the implementation of new security strategy? What are
they?
Research Hypotheses
The proposed research hypothesis
H1: The digital enterprises are vulnerable to security threats for which redefining and
reorganization of new security strategy is essential
H0: The redefining and reorganization of new security strategy is not essential to address the
digital security threats.
H2: The digital enterprises may experience challenges for the implementation of new security
strategy is essential
H0: The digital enterprises may not experience challenges for the implementation of new
security strategy is essential
H3: The digital enterprises require new security strategies that essentially are consistent with the
organizations core objectives
H0: The digital enterprises require new security strategies that are not essentially consistent with
the organizations core objectives
Types of Security Threats

The digital enterprises are challenged by a number of security threats that can be
categorized as operational, business, and brand threats17. These threats can insecure the mobile
applications, when there are gaps in identifying the risks, appropriately drawing strategies to
protect the applications against these threats, and gaps in the appropriate implementation of these
strategies.
The challenges brought to application developers includes applications running across
different operating system and devices, therefore, the emergence of diverse platform or
availability of different operating systems in the market is another confronting factor for the
digital enterprises18. Moreover, the challenge of building the applications that provide the
appropriate level of security at all mobile platforms is also critical, since, the different mobile
platforms vary in their ways to handle information storage and usage, network connectivity, and
other procedures.
17
Makki, S. K., & Rahman, M. S. An Authentication Middleware for Prevention of Information Theft. International Journal of Cyber-Security
and Digital Forensics (IJCSDF), (2013), 2(3), 18-26.
18
Richardson, T., & Thies, C. N. Secure Software Design. Jones & Bartlett Publishers. (2012).
It is imperative that mobile application developers cannot solely rely on the abstraction
layer, covering all the functions of mobile platforms, since, failing in one swoop, doesnt
essential refers the insecurity of abstraction layer, but means all layers of the application are
insecure.
The insecurity of the different layers of mobile application brings a set of challenges that
requires not only building the application, but maintaining it to address the three specific threats
of the mobile application security. The digital enterprise can be attacked the cybercriminals that
can be a treat to the business. The objectives of digital enterprise is to provide secure platform to
consumers, where they use the service and products, pay for it, and come again and again. The
enterprise that compromises on its objectives, fails, as the mobile application doesnt offers the
security, the user may not prefer to continue using that insecure application, in the presence of
secure options19. Therefore, the maintenance of security is also the matter of being in
competition. However, the digital enterprises may face the treats for service stability, product
quality, service delivery, and other risks that can affect the performance of an enterprise, and
thus, its overall success. Some of these threats include system breach, unauthorized access, fraud,
brand reputation, and system downtime.
System breach
The leverages offered by the mobile application including the logins, connections of
different networks, and transfer of data, substantially expose the mobile devices to security
threats20. In such case the application development is primarily responsible for the vulnerabilities
brought to the mobile devices via mobile application. The processes involved in the mobile
19
Chen, L., Franklin, J., & Regenscheid, A. Guidelines on Hardware-Rooted Security in Mobile Devices (Draft). NIST Special Publication,
(2012) 800, 164.
20
Dye, S. M., & Scarfone, K. A standard for developing secure mobile applications. Computer Standards & Interfaces, (2012), 36(3), 524-530.
10
application connections exposed to risks of hacking, if there are loopholes in the application
development. More importantly, the improper coding can increase the susceptibility of hackers
tapping and accessing the back-end of the applications, data, and services21. Once the hacker,
accesses the mobile application back-end, all the malicious actions can be taken against the
enterprise that can range from changing off-lining the application server to denial of service.
Moreover, the use of corporate data or information of the customer can be used by the hackers,
for their own purposes. The hacker can transact the functions and operation of the mobile
application in their favor by gaining access to their server; even can steal the business, or sale the
information on this server on black market.
(Source: http://about-threats.trendmicro.com/apac/security-roundup/2013/annual/cashing-in-ondigital-information/)
The accessibility to the application server can have serious disruptive impact on the
enterprise and substantial can compromise the existence of enterprise or brand22. Therefore, the
21
22
Javaid, M. A. Cyber Security: Challenges Ahead. (2013).

Jansen, W., & Grance, T. Guidelines on security and privacy in public cloud computing. NIST special publication, (2011). 800, 144.
11
proactive strategic measures taken at right time can considerably support the mobile application
at risk. There are some important considerations for the strategies to be made, associated with the
threats of system breach that are mentioned below.
The time required to identify the device(s) involved in the culprit
The time required to identify the vulnerabilities
The time required for the rectification of the problem
The time required to identify the cost of rectification
The identification of legal perspectives in case of device, server, or system breach
The identification of losses and time required for covering them such as restoration of
system, data recovery, recovery of costs, and notification to the victims, performing legal
formalities, etc.
Unauthorized access
Organizational networks to protect against mobile malware and unauthorized access, the
solutions allow administrators to configure security policies that provide the best contextsensitive authentication which in turn gives access to only trusted and authorized users devices23.
The solution also provides the first secure access gateway that helps protect reliably company
data on mobile devices. Authenticated users can search and view secure file shares allowed on
the intranet, as well as files in the Mobile Connect application. Administrators can create and
apply policies to manage mobile applications for the Mobile Connected application for checking
whether the displayed files can be opened in other applications, copied to the clipboard, printed
23
Alessandrini, C. Information Security: combining prevention and response paradigms against predictable and unpredictable risks. (2011).
12
or placed safely cache the Mobile Connect application24. This allows administrators to isolate the
occupational data of personal data stored on the device and reduces the risk of data loss.
(Source: http://enterprise.huawei.com/topic/byod_en/solution_byod_info_2.html)
Additionally, if the user credentials are revoked, the content stored in the Mobile Connect
application is locked and can no longer be accessed or viewed. Protecting networks and
enterprise resources against malware and unauthorized access of mobile devices with
authentication based on the context that grants access only to trusted devices and authorized
users is the primary purpose of security strategy. Configure policies to require key information
security of mobile devices such as the status of release or modification of the base system, the
device ID, the certificate status and operating system versions, before granting access25. The
24
Kumari, P., Pretschner, A., Peschla, J., & Kuhn, J. M. (2011, February). Distributed data usage control for web applications: a social network
implementation. In Proceedings of the first ACM conference on Data and application security and privacy (2011), (pp. 85-96)., ACM.
25
Zissis, D., & Lekkas, D. Addressing cloud computing security issues. Future Generation Computer Systems, (2012), 28(3), 583-592.
13
presence or absence of the security software, the client certificate and the device ID is also asked
to by the service providers. Devices that do not meet policy requirements must not be allowed to
access the network and the user will be notified of non-compliance.
Fraud
The current security techniques such as temporary passwords, confirmations via SMS
cards matrices, generators passwords that have been used by banks and electronic payment
systems to protect their clients are becoming rapidly obsolete. According to Gartner, innovative
methods of fraud prevention are essential because thieves are increasingly able to circumvent the

old techniques.
(Source: http://www.darkreading.com/attacks-and-breaches/voice-proximity-key-tocutting-e-payment-fraud/d/d-id/1127761)
14
15
For this reason, the market requires innovative solutions to ensure that transactions are
secure26. The digital enterprises require technology to protect their customers from the threats
and minimize the costs associated with the repayment of stolen money.
Brand reputation
The brand reputation can be affected significantly, once the hacker accesses the system of
an enterprise and starts the malicious activity27. The activities performed by the hacker, which
can influence the brand reputation include the following
The misuse of corporate data
The misuse of personal information of the customers to influence them or contacting them to
influence their perception about the brand
The inappropriate handling of information that leads to safety issues for the customers, for
which the customers may consider the digital enterprise responsible
System downtime
The cybercrimes can lead to the system downtime. As the hacker achieves access to the
remote sever, hacker can extensively cause manipulations within the system of an enterprise28.
The system to continue running smoothly, the strategy that detects the presence of hacker or
manipulation activity, well before the threatening activity occurs and causes hardware or
software failure.
26
27
28
Ibid 25
Fatima, A. E-banking security issuesIs there a solution in biometrics. Journal of Internet Banking and Commerce, (2011). 16(2), 2011-08.
Rege, A. Cybercrimes against the electricity infrastructure: exploring hacker and industry perceptions (2012).
16
Significance of the Research Study

Companies must constantly improve their security strategies for changing technology and
anticipate the security threats proactively to make the existing infrastructure and systems more
protective for the customers. These changes have an influence on the applications that run on
multiple devices in terms of the need for greater security and changes in interfaces, to make them
more secure and user friendly, a constant integration of new features and security initiatives is
essential29. To address all of these problems, server as a platform on which all these changes can
be reactively and proactively monitored and implemented with the use of best practices obtained
from previous implementations can implemented. Enterprises that outsource or depend on other
enterprises for various solutions are based on the systems or platforms that offer centralized
control to monitor performance, to obtain feedback and respond to feedback.
(Source: http://pn.ispirt.in/uniken-delivering-secure-digital-experience/)
This platform can establish practices recommended in terms of collaboration and take
advantage of all that experience to enhance constantly the process and thus keep companies
29
Ibid 2
17
updated regarding infrastructure, technology and processes30. Thus, a mobile enterprise

application platform can function in an environment of application development, and on this
platform, mobile applications can be tested, deployed and managed. The security of mobile
devices is a major concern, especially as more and more functions and business processes are
enabled for them. Mobile application provides access to information and the ability to complete
important transactions virtually, such as it is connected to the physical network. However, with
the increasing need for mobilization and management applications, service providers and
solutions need the appropriate strategies to achieve their desired objectives of mobile application
security.
Purpose of this Research Work

Companies need to focus on their security strategy due to the availability of a variety of
mobile devices and increasing demand for new mobile applications in the market. The
enterprises need to use a set of features that allows the transformation efficiently, creating a
mobility with new elements that also furnishes the security requirements for the various device
types31. Thus, enterprises need to provide services on mobile applications to their customers in a
friendly interface, rich in information and exposing the backend securely to mobile applications.
One of the main aspects of enterprise mobility is allowing employees and customers have access
to the information they need, anywhere, and without any security threats. Creating and managing
the applications security should be the main focus to achieve success of enterprises. The
mobility is changing every aspect of digital world, since this offers unprecedented opportunities
30
31
Ibid 2.
Duong, T., Koehler, B., Liew, T., Mower, C., & Venkatraman, S. IBM MobileFirst Strategy Software Approach. (2014).
18
as well as new challenges32. Companies face challenges in terms of security and mobile device
management. Many of them do not have the ability to secure and expand adequately access to
various consumer devices, including iPhone and iPad, putting at risk the data and the systems of
corporate communications. The wide range of strategic solutions for mobile devices in the
corporate environment helps organizations adhere to consumer technology, allowing users to use
their equipment, but enforcing governance policies and protect corporate data while ensuring
visibility and control over all mobile platforms. These solutions give administrators the ability to
define and centrally distribute security policies for wireless devices.
The Goal of Security Strategy

The security strategies of the digital enterprises providing services or product through
mobile applications are based on:
Allow the applicant access, both by direct means the network systems, or nodes identified as
targets, to ensure the necessary access for conducting operations in the digital platform.
Accessing hardware and software, by direct means in the remote environment, with ensuring
the effectiveness of the actions of security threat
Accessing, collecting and exploiting information identified as a target of the adversary, for
direct or remote means, in order to detect, deter, deny and defeat actions and freedom of
action of the opponent33.
Enable the ability to aggregate, manage, decode, analyze, and report on all data collected in
the management systems, in order to support operations on the mobile application
32
Dannhauer, A., Huang, M. Z., Idstein, P., Kaplinger, T., Katory, H., Kirsch, C., ... & Hanson, S. Extending Your Business to Mobile Devices
with IBM Worklight. IBM Redbooks. (2013)
33
Smith, D. S. Securing Cyberspace: Approaches to Developing an Effective Cyber-security Strategy. ARMY WAR COLL CARLISLE
BARRACKS PA.(2011)
19
Provide security capabilities, in order to detect, deter, deny and defeat actions of threats and
endorse actions against the hacker or cyber criminals.
Providing capacity based on sensors for automated detection network of interruption, in order
to detect, deter, deny and defeat the attacks the opponent's actions, integrating defense in
depth, to ensure action and against the hackers at the desired time, to the remote location34.
Attack (deny, degrade, disrupt, deceive or destroy) the networks involve in the threatening
activity and its critical information infrastructure in order to detect, deter, deny and defeat the
actions of the hackers and cyber criminal.
Attack (deny, degrade, disrupt, deceive or destroy) processors and controllers integrated in
the equipment and systems of the hacker or criminal, in order to detect, deter, deny and
defeat their actions, integrating defense strategy35
Provide situational awareness of the hacker and to raise general awareness of the situation by
the conducting safety operations
Understanding the objectives of hacker and mapping their specific network structures in
order to ensure the success of operations against crimes.
Following, locating and predicting the criminal activities in digital platform, in order to
ensure the success of security strategy
Attack the hackers information resources in order to deter or deceive him and support the
achievement of the overall objectives defined of the security strategy36
Mitigate or prevent the hackers defense measures, in order achieve maximum hold on
hackers infrastructure, in order to effectively support the conducts of security
34
Rice, M., Guernsey, D., & Shenoi, S. Using deception to shield cyberspace sensors. In Critical Infrastructure Protection V (pp. 3-18). Springer
Berlin Heidelberg.. (2011).
35
36
Ibid 34
Gendron, A. Cyber threats and multiplier effects, (2013) 19(2), 178-198.
20
(Source: http://netsanity.nl/verdasys.htm)
Outline of the research study
This research report comprises of five chapters, each of these have certain goals that have
been given below
The first chapter is introduction that entails the research background, objectives, aim,
purpose, significance, questions, and hypotheses, of the research study. The second chapter is
literature review, which provides an overview of the research work on digital security, mobile
applications, and digital enterprises. The researcher explores the types of threats, their impact on
digital enterprise, and exploration security strategy through past studies. The third chapter is
methodology, which provides information about the proposed will be critical discussed and
research plan has been provided. The appropriateness of the research tools and approaches that
are proposed by the researcher will be explained in this chapter. The limitation, delimitations,
and assumptions for the study will be elaborated. The fourth chapter is data analysis, which
comprises of performing an exploration of the security strategy by qualitative and tabular means.
The analysis for this study will be supported by the literature. The last chapter is conclusion,
21
which gives the implications, recommendations, results, and conclusion of the research report.
The information provided in this chapter will not be new, while based on the researchers
knowledge of literature and data analysis.
Methodology
The mixed approach will used in this study. According to Bernard and Ryan37, the mixed
approach is characterized as the advance tool for carrying out the research work. The researchers
following the mixed approach are facilitated by qualitative and quantitative techniques in a
single study. The qualitative techniques of the mixed approach will be utilized to explore the
security strategies of the digital enterprises, through literature, past researchers, and studies. The
qualitative approach will also be used in collecting new information from the research
participants. The quantitative techniques will be used to achieve the results in tabular for
developing the set of strategies. At some points in the study, the qualiatative and quantitative
approaches will combine to provide appropraite understanding of the concepts, such as the
qualitative data will support the interpretation of quantitative data.
The proposed research design is based on the primary and secondary data collection and
analysis in this study. The primary data will be analyzed for its consistency with the past
researches and studies. The secondary data will assist in gaining new understanding when
studied with primary data. The various databases on internet will be data collection sources. The
primary data collection tool will be developed using secondary data. For the process of analyzing
the primary data, secondary information will be used.
37
Bernard, H. R and Ryan, G. W. Analyzing qualitative data: Systematic approaches. Los Angeles, (2010). CA: Sage.
22
Sampling
The researcher will be using the purposive method for sample participants. The proposed
number of participants for interviews is twenty. The purposive sampling aims to select
participants on the basis of achieve the research objectives of the study. The sample population
of the primary data collection is the IT managers of digital enterprises.
Participants
There will be 10 respondents of the interviews. The respondents will be given the
information document and informed consent by the researcher. These documents will provide the
information about privacy and confidentiality terms as well as summarize the objectives of the
study to the respondents. The individuals who will be willing to give interview would sign the
documents. However, the time and location for the interview will be managed according to the
mutual consultation of the researcher and respondents. The information about the digital
enterprise or respondents identity will not be disclosed, while the data achieved in text format
will be e-mailed to them, after the researcher has finalized the information attained from
interviews, to avoid any misconduct.
Ethical Considerations
Seidman38 has suggested that the ethical aspects, confidentiality, and moral obligation are
primary concerns, while conducting the research study. Therefore, these concerns will be
considered for the processes of collecting, selecting, and interpreting data. The ethical concerns
in the research study are often associated with the confidentiality of the respondents. Thus,
researcher ensures the information about the respondents personal or professional constraints
38
Seidman, I. Interviewing as qualitative research: A guide for researchers in education and the social sciences. (2012).
23
will not be disclosed, while the selection of studies is based on the relevance with research topic.
It has been noted that biasness in the selection of respondents is another concern for primary data
collection; therefore, the researcher assures that the individuals will be selected for interviews
based in their position as IT manager. The biasness and other ethical aspects will be avoided to
protect the relevance of the study.
Limitations and Key Assumptions

The fundamental limitation of this research work is the research topic, therefore,
objectives, questions, and hypotheses. The second major limitation is the broadness of the
research topic, since the proposed research topic is not specifically well-researched but, the
security of mobile applications, digital enterprise strategies, and cybercrimes are well studied
areas of research. The cost for conducting the interviews and time required will be another major
concern.
Research Plan
Project
Research
Steps /
objective/
Sept
Oct
Phases
question/
hypotheses
Projected
The Proposal deliverables of
the study and
goals are
Nov.
Dec
Jan
Feb
Marc
Apri
May
Chapter 1:
defined
To exploit the
Introduction
literature on
(Write up)
enterprise
digital security
for enhancing
the
understanding
on threats to
mobile
application
users and
enterprises
To analyze the
Chapter 2:
set of strategies
Literature
that can protect
review
and support the
(Write up)
application
user and
Chapter 2:
enterprise
To explore the
Literature
major
review
challenges and
(Write up)
issues
associated with
24

the
implementatio
n of new
security
Chapter 3:
strategies
Defining the
Methodolog
approaches to
y (Write up)
be used to
achieve
objectives
Chapter 4:
What are
Data
threats that
analysis
customers and
(Write up)
service
providers can
experience in
the digital
platform?
How the
security gaps
can be
addressed by
the enterprise,
25

strategically?
Are there any
major
challenges for
the
implementatio
n of new
security
strategy? What
are they?
H1: The digital
Chapter 4:
enterprises are
Data
vulnerable to
analysis
security threats
(Write up)
for which
redefining and
reorganization
of new security
strategy is
essential
H2: The digital
enterprises
may
experience
26

challenges for
the
implementatio
n of new
security
strategy is
essential
H3: The digital
enterprises
require new
security
strategies that
essentially are
consistent with
the
organizations
Chapter 4:
core objectives
To explore the
Data
strategic
analysis
solutions for
(Write up)
enterprise
digital security
Chapter 5:
Outlining the
27

Conclusion
security
(Write up)
strategy for
28
the digital
enterprise
Submit
Thesis
Resources and Funding Required
The resources and funding required to conduct the research study include the expenditure
on paper work, access to libraries and digital databases, and costs for interviewing the
respondents. Although the participation of interviews will be voluntary, there can be costs for
travel or hiring an individual, who conducts an interview of researchers part.
29
Bibliography
Alessandrini, C. Information Security: combining prevention and response paradigms against

predictable and unpredictable risks. (2011).
Baker, W., Hutton, A., Hylender, C. D., Pamula, J., Porter, C., & Spitler, M. 2011 data breach
investigations report. Verizon RISK Team, Available: www. verizonbusiness. (2011).
com/resources/reports/rp_databreach-investigations-report-2011_en_xg. pdf, 1-72.
Bernard, H. R and Ryan, G. W. Analyzing qualitative data: Systematic approaches. Los Angeles,
(2010). CA: Sage.
Chen, L., Franklin, J., & Regenscheid, A. Guidelines on Hardware-Rooted Security in Mobile
Devices (Draft). NIST Special Publication, (2012) 800, 164.
Crowell, W. P., Contos, B. T., DeRodeff, C., & Dunkel, D. Physical and Logical Security
Convergence: Powered By Enterprise Security Management: Powered By Enterprise
Security Management. Syngress. (2011).
Dannhauer, A., Huang, M. Z., Idstein, P., Kaplinger, T., Katory, H., Kirsch, C., ... & Hanson, S.
Extending Your Business to Mobile Devices with IBM Worklight. IBM Redbooks. (2013)
Duong, T., Koehler, B., Liew, T., Mower, C., & Venkatraman, S. IBM MobileFirst Strategy
Software Approach. (2014).
Dye, S. M., & Scarfone, K. A standard for developing secure mobile applications. Computer
Standards & Interfaces, (2012), 36(3), 524-530.
Fatima, A. E-banking security issuesIs there a solution in biometrics. Journal of Internet
Banking and Commerce, (2011). 16(2), 2011-08.
30
Gable, K. A. Cyber-Apocalypse Now: Securing the Internet Against Cyberterrorism and Using
Universal Jurisdiction as a Deterrent. Vand. J. Transnat'l L., 43, 57. (2010).
Gass, O., Krammer, C., & Maedche, A. ReGISA Web Application Platform-based University
Research Group Information System. (2011).
Gendron, A. Cyber threats and multiplier effects, (2013) 19(2), 178-198.
Jansen, W., & Grance, T. Guidelines on security and privacy in public cloud computing. NIST
special publication, (2011). 800, 144.
Javaid, M. A. Cyber Security: Challenges Ahead. (2013).
Kelly, B. B. Investing in a Centralized Cybersecurity Infrastructure: Why Hacktivism Can and
Should Influence Cybersecurity Reform. BUL Rev., 92, 1663. (2012).
Kumari, P., Pretschner, A., Peschla, J., & Kuhn, J. M. (2011, February). Distributed data usage
control for web applications: a social network implementation. In Proceedings of the first
ACM conference on Data and application security and privacy (2011), (pp. 85-96).,
ACM.
McMillan, E. N. Promoting The Use Of Intelligence And Intelligence Analysis As
Complementary Components To Enhance Situation Awareness In Cyber Security. (2012).
Metzer, R. L., Grant, J. E., Jackson, W. T., Isaac, D. P., Mckennirey, M. J., & Bedford, K. L.
(2014). U.S. Patent No. 8,726,351. Washington, DC: U.S. Patent and Trademark Office.
Prabhakar, H. Black Market Billions: How Organized Retail Crime Funds Global Terrorists. FT
Press. (2012).
Rege, A. Cybercrimes against the electricity infrastructure: exploring hacker and industry
perceptions (2012).
31
Rice, M., Guernsey, D., & Shenoi, S. Using deception to shield cyberspace sensors. In Critical
Infrastructure Protection V (pp. 3-18). Springer Berlin Heidelberg.. (2011).
Richardson, T., & Thies, C. N. (2012). Secure Software Design. Jones & Bartlett Publishers.
Seidman, I. Interviewing as qualitative research: A guide for researchers in education and the
social sciences. (2012).
Singhal, M., Chandrasekhar, S., Ge, T., Sandhu, R. S., Krishnan, R., Ahn, G. J., & Bertino, E.
(2013). Collaboration in Multicloud Computing Environments: Framework and Security
Issues. IEEE Computer, 46(2), 76-84.
Smith, D. S. Securing Cyberspace: Approaches to Developing an Effective Cyber-security
Strategy. ARMY WAR COLL CARLISLE BARRACKS PA.(2011)
Smyth, S., & Carleton, R. Measuring the Extent of Cyber-Fraud: A Discussion Paper on Potential
Methods and Data Sources. (2011).
Urhuogo, I., & Chandan, H. C. Information Systems Effectiveness: The Application of Corporate
Social Responsibility Policy and Total Quality Management Model. Journal of Business,
(2012). 4(1), 181-196.
Walters, D. Market centricity and producibility: an opportunity for marketing and operations
management to enhance customer satisfaction.Journal of Manufacturing Technology
Management, (2014). 25(2), 299-308.
Zissis, D., & Lekkas, D. Addressing cloud computing security issues. Future Generation
Computer Systems, (2012), 28(3), 583-592.

Enterprise Digital Security Strategies

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Enterprise Digital Security Strategies

Uploaded by

Copyright:

Available Formats

Enterprise Digital Security Strategies that support Mobile Applications as the Primary Interface

with Customers and Employees-An Exploratory Study