BYOD stands for “Bring your own device” and is broadly used to describe an employer-led strategy that “lets employees use their personal device to work seamlessly across their user space and enterprise workspace” (Chang et al, 2014).

During a particular period in the author’s working career, he could use any device he owned and could operate from anywhere - particularly when working from home to access the corporate network through a software solution called Citrix Receiver installed on any of his devices.  Another example of BYOD is when visiting a different university - he was able to bring his personal laptop and mobile to lectures and connect to the Wi-Fi to access and collaborate with course material etc.

Generally, it is often more convenient to use one’s personal device across workloads, making it easier and more flexible to be location independent, for example working from home using the same laptop that is used in the office is a useful incentive/option for employees.

Additionally, organisational costs can be reduced, as the responsibility of purchasing and maintaining their personal hardware falls on the employee.  Furthermore, there is less need to educate employees on hardware and software configurations that are already familiar with. (Dower et al, 2016)

An interesting aspect to BYOD is its focus on employee empowerment, where it has implications for improving productivity, morale and commitment to work (Dower et al, 2016).

Furthermore, there is an increasing shift in some companies to capitalise on employees’ existing knowledge and experience, not only when making IT choices by managing their devices and applications, but also in developing and enhancing user-centric knowledge in general to the betterment of the organisational productivity. For example, BYOD has shown to improve innovation in the workplace, by promoting so-called “innovative behaviours”. (Koffer et. Al, 2015) and can also to distil trust between employers and employees (Cho et al)

However, with BYOD and its inherent usability comes increased security risk, as “BYOD users tend to choose usability over security” (Chang et al, 2014).

With increasing device diversity and uncertainty means that existing security mechanisms that control legitimate access, while preventing unauthorised access to networks, such as secure authentication, Firewalls, VPNs, Access Control Lists and identity management systems are as ever crucial (Dower et al, 2016).

With BYOD, there seems to be an increasing adoption of ‘outsourcing’ (Koffer et, al, 2015) of some the security burden of employers onto their employees. This is in exchange for the shared conveniences as described previously.

While this has shown that BYOD can have a positive influence on employer-employee trust relations (Cho and Ip, 2018) - it is in particular, the lure of the enhanced user experience and usability that is afforded by using IT consumables (Koffer et. Al, 2015).

There is a need to balance usability and security.

The outcomes of outsourcing security burden, however, is dependent on industry, regulatory requirements and type of “Knowledge worker” and where some industries may exhibit positive outcomes (Koffer et al, 2015), others do not, particularly where the proliferation of options in IT consumerization can be present serious security risks - for example in Hospitals (Wani et. Al, 2019).

Furthermore, BYOD can work against employers where “perceived ease of use (PEOU)” is a factor in BYOD adoption and the burden to follow BYOD policies can also be inhibiting, as described by their study of Perceived Severity (PE), Self-Efficacy (SE) and perceived cost (PC) for employees. (Cho et al, 2018)

The balance between security and ease of use is a slippery slope as access to poorly designed Consumer IT applications, can circumvent many of the previously mentioned “Identity, Authentication and Access Control Issues” (Wani, T et al, 2019, 3.1.1) where it has been further shown that in Hospitals in the UK and US, ”13% of devices owned by clinicians which contain patient data have no form of locking mechanism” and bad practises such as using shared passwords, using ‘save password’ to avoid repeated logins can “lead to PHI(Public Health Information) breaches”.

VPNs, firewalls and email filtering protect access to the network, though they are ‘biased’ to protect the internal network and miss other security threats such as malware, or leaked data from the insiders (Dower et. Al, 2016).  

Alternatively, policies like banning access to public cloud storage providers through a social contract between employers and employees might be effective in the latter case but are limited by how strongly that is enforced and can often seem draconian though can often be essential (Wani, T et al, 2019)

Comprehensive security solutions like MDM/MAM/MIM while offer enhanced degrees of protection, risk alienating adoption due to risk to employee trust and privacy concerns (Cho et. al), particularly the difficulty in distinguishing infected data in corporate or private data on devices and these “improved security measures come with a cost, which is usability” (Wani et al, 2019l)

IT consumerisation has changed the way people work and security policies will need react, adapt and change over time which means that “employees also need to be constantly updated about the latest security threats and control mechanisms” just like software needs to be. (T Wani et al, 2019)

Utilising increasingly intelligent, always-connected and adaptive technologies that communicate between themselves such as seen in routers (STP/OPSF) and security applications like the WSA through its access to the Talos starts to behave a lot like to people do.

Having multiple varieties of devices owned by a user via BYOD, each with different security profiles and standards and originating offsite, potentially from insecure networks, makes access to internal network resources like routers and servers from these devices risky.

Enabling SSH on these devices, which by incorporating encryption, trust over an untrusted medium and allowing secure authorisation and authentication to take place can increases the security of the device and adds mobility, flexibility and convenience to the network administrators when wanting to connect and access network devices, for example from home on their personal device, in response to a network incident out of hours.

This, when coupled per-user, role-based access controls that limit the authenticated user’s resultant functionality to within the remit of employee role(authorisation). 

References  

Downer, K. and Bhattacharya, M. (2016) ‘BYOD Security: A New Business Challenge’.

Wani, T., Mendoza, A. and Gray, K. (2019) ‘BYOD in Hospitals-Security Issues and Mitigation Strategies’, in Proceedings of the Australasian Computer Science Week Multiconference. ACM, pp. 1–10. doi: 10.1145/3290688.3290729.

Cho, V. and Ip, W. . (2018) ‘A Study of BYOD adoption from the lens of threat and coping appraisal of its security policy’, Enterprise Information Systems. Taylor & Francis, 12(6), pp. 659–673. doi: 10.1080/17517575.2017.1404132.

Köffer, S. et al. (2015) ‘Innovation Through BYOD?’, Business & Information Systems Engineering. Wiesbaden: Springer Fachmedien Wiesbaden, 57(6), pp. 363–375. doi: 10.1007/s12599-015-0387-z.

Chang, J., Pao-Chung Ho and Teng-Chang Chang (2014) ‘Securing BYOD’, IT Professional. IEEE, 16(5), pp. 9–11. doi: 10.1109/MITP.2014.76.

Since I finished my Digital Forensics Course (wrote the exam on the 24th Oct), I've moved on to a new course on Network Security. 

So far,  I've already been disassembling networking protocols using Wireshark from almost every layer within the OSI network stack. This is a similar thing I had to do when designing/debugging the networking protocol I designed in my broker a while back when sending TCP/IP packets back and forth between the client, server and broker, though this formalises the theory somewhat.

I've been always interested in the technical aspects of network routing but now, I'm able to incorporate principles of network design, routing and security into my study which is great. We're using a build of ArchLinux provided by Cisco as part of their CCNA CyberOps and CCNA Security modules, which the course is based primarily on.

I say primarily because I still have to write essays and reports alongside being graded by the CCNA exam subsystem, so there is no chance to escape being assessed on all the material.

I made great progress recently in my understanding of IP routes and routing in general, particularly with regards to layer 3 IP address and subnet calculations and Layer 2 routing is also something I've come to appreciate so far, particularly the Spanning Tree Protocol.

I've also been learning about elements of the Game Design process which is actually quite fun and more recently we've started learning about Unity a 3D C# game engine which makes things ridiculously easy to create a 3D game. It also shows how much is involved in creating a game engine. I'm only touching the surface with my own prototype which is rudimentary at best.

I've been working on my Game pitch for a game I've designed called Mazer. Designing games is a very creative process, something I've not really experienced before and while it's new and interesting, it's also quite tricky because it's not just about development/programming.

I've got to give a presentation on my design-pitch next week. I'm prepared, I've designed a pretty cool game which I think with a little blood, sweat and toil, I can pull off.

It's basically a mix between Pac-man, space invaders, a puzzle/jigsaw and a maze. Here's the presentation/pitch for far:

11/08/2019: I gave the presentation yesterday. It was a bit nerve-wracking talking up in front of the people but I did ok, which for a creative exercise like this - I'm happy with as public speaking is not usual for me.

I've now got to write up a game design spec and then produce a prototype. I've been designing Mazer in my spare time using my C++ game engine prototype but for assessment, I'll be using unity which means I'll need to port my maze generation code into C#, which should be easy. More about that below.

I'm interested now in learning more about quantitative research approaches and sampling techniques, in view of exploiting stuff I've not learnt about before. For example, basic statistics describing populations and central tendency via standard deviation, dispersion and variance might be vastly improved upon using aspects of theory testing via statistical inference which I've not got much experience with. So I'd like to learn more about that.

On Friday(my day off) and Saturday, I spend time reading about the different research strategies including Design and creation (I'll probably use this predominantly for developing my Game idea), Experiments, Case Studies, Interviews, Observation and general Questionnaires in obtaining sample research data.

On the game development front, I've had to cut back on my 3D ambitions and branch off new code base that focuses solely on 2D graphics for Mazer because mazer is basically a 2D maze-shooter-puzzle.

I've implemented a rudimentary algorithm which is not based on the well-known Prims algorithm but my own (dangerous!) 'it-makes-sense-in-my-brain' algorithm to create sub pockets of mazes.

The net effect is a maze-like construction, as Mazer is not really a traditional maze, as it requires you blow your way walls via procedurally generated pseudo-sub-mazes(pockets) in order to make your way towards a destination(see the presentation for the game idea).

So, unlike prim's algorithm and other's like it, I don't need a maze that has a solution (But I'll need two solutions paths for the enemy patrol routes), but something that the player can be trapped in and blow themselves out of!

Here is what my 'Pockets of destruction' algorithm does so far:

Granted, it doesn't look like much now but it proves that the algorithm can generate these kinds of open-closed room systems that I'm after. That little white dot in the middle, well that's the player.

I'm working on the collision detection now as my player can just go through walls like a ghost, which is not part of the game!

My "pockets of destruction" maze algorithm (for now, it basically plops a series of squares down and randomly removes walls):

	auto screenWidth=800;
	auto screenHeight=600;	
	auto roomWidth = 25;
	auto maxRows = screenWidth/roomWidth;
	auto maxColumns = screenHeight/roomWidth;
	
	 vector<shared_ptr<Room>> mazeGrid;
	 stack<shared_ptr<Room>> roomStack;

	for(int y = 0; y < maxColumns; y++)
	{
		for(int x = 0; x < maxRows; x++)
		{
			auto gameObject = shared_ptr<Room>(new Room(x*roomWidth, y*roomWidth, roomWidth));			
			mazeGrid.push_back(gameObject);			
		}
	}

	auto totalRooms = mazeGrid.size();	
	
	for(int i = 0; i < totalRooms; i++)
	{
		auto currentRoom = mazeGrid[i];
		auto nextIndex = i + 1;
		auto prevIndex = i - 1;

		if(nextIndex >= totalRooms)
			break;

		auto nextRoom = mazeGrid[nextIndex];
		auto row = abs(i / maxColumns);		
		auto lastCol = (row+1 * maxColumns)-1;
		auto col = maxColumns - (lastCol-i);

		bool withinRowsRange = row >= 0 && i <= maxRows;
		bool withinColsRange = i >= 0 && i <= maxColumns-1;
		
		int roomAboveIndex = i - maxColumns;
		int roomBelowIndex = i + maxColumns;
		int roomLeftIndex = i - 1;
		int roomRightIndex = i + 1;

		bool canRemoveAbove = roomAboveIndex >= 0;
		bool canRemoveBelow = roomBelowIndex < totalRooms; 
		bool canRemoveLeft = col-1 >= 1;
		bool canRemoveRight = col+1 <= maxColumns;

		vector<int> removableSides;
				
		if(canRemoveAbove && currentRoom->IsWalled(TopSide) && mazeGrid[roomAboveIndex]->IsWalled(BottomSide))
			removableSides.push_back(TopSide);
		if(canRemoveBelow  && currentRoom->IsWalled(BottomSide) && mazeGrid[roomBelowIndex]->IsWalled(TopSide))
			removableSides.push_back(BottomSide);
		if(canRemoveLeft  && currentRoom->IsWalled(LeftSize) && mazeGrid[roomLeftIndex]->IsWalled(RightSide))
			removableSides.push_back(LeftSize);
		if(canRemoveRight  && currentRoom->IsWalled(RightSide) && mazeGrid[roomRightIndex]->IsWalled(LeftSize))
			removableSides.push_back(RightSide);
	        // Choose a random element wall to remove from possible choices
		int randSideIndex = rand() % removableSides.size();
		
		switch(removableSides[randSideIndex])
		{
		case 1:
			currentRoom->removeWall(TopSide);
			nextRoom->removeWall(BottomSide);
			continue;
		case 2:
			currentRoom->removeWall(RightSide);
			nextRoom->removeWall(LeftSize);
			continue;
		case 3:
			currentRoom->removeWall(BottomSide);
			nextRoom->removeWall(TopSide);
			continue;
		case 4:
			currentRoom->removeWall(LeftSize);				
			auto prev = mazeGrid[prevIndex];
			prev->removeWall(RightSide);
			continue;
		}
		
	}
	
	/* Queue each generated game object to be added to the current scene */
	for(auto gameObject : mazeGrid)
	{
	std::shared_ptr<GameObject> cpe = std::dynamic_pointer_cast<Room>(gameObject);
	auto event = std::shared_ptr<AddGameObjectToCurrentSceneEvent>(new AddGameObjectToCurrentSceneEvent(&cpe));
		
		EventManager::GetInstance().RegisterEvent(event);
	}

Still got a long way to go, and still needs to be ported to C# for prototyping but its a start.

Oh, and in other far better news - we won the Rugby World Cup, which really made my day :-)

So proud of them.

I even wore my Springbok rugby jersey at half time (Transported back to my 9-year old self)

I attended a talk recently about creativity. This was with direct reference to undertaking a dissertation or thesis in further academic study. The key aspect discussed was that of creating a new and useful outcome that contributes to the field in which you are in. 

In summary any thing new does not really have to mean the same idea I.e creating a not-been-created-before thing, instead it can merely represent an unpreviously done thing. I think this is key because I for one, usually regard ‘new’ as something like an invention, or theory or something that is ground breaking. It doesn’t have to be this extreme and indeed that is not the limiting definition or outcome of what ‘new’ is to be. 

A newer view, in my opinion of the term ‘new’ encapsulates a more diverse representation of n new, and that is ‘creativity’ and ‘originality’. Doing something in a new way, particularly in a way or in a situation that has not been seen or done before is worthy of being classed as ‘new’. Framing a new means of thinking about a problem, cross referencing it with something not every considered with it before is new. These kinds of creative approaches to research are important and do enrich what went before - because you’re providing a means that hasn’t been done before - its almost an invention in itself - a previously not considered and innovative approach to aspects of your research is something that hasn’t been done before!

In this way, looking at it this way shows that their is enormous scope for research and creativity helps in looking for those gaps that have not been done before.

Here are some examples:

• Asking questions that bring in a consideration that’s not yet been documented 
• A way in which you cross-reference your research or compare it to similar research
• The way you undergone the research process that predisposes you to insights that others would not have had
• Combination of different perspectives that illustrate interesting and new insights to your study

And as it happens, you can achieve this variety of endeavour, by being yourself and what I mean by that, is by being who you are and representing your characteristics on the research you are undertaking because you are unique and you’ll have interests and insights that should be integrated into how you undertake your research. That by default will do a few things:

1. Allow you to follow your interests in different and seemingly peripheral things and integrate those into your research and thus making it unique to you and thus a definition of ‘new and unique’ which is what you want.
2. By investigating those aspects that are close to your heart and characteristics will provide your with motivation as this process will be interesting
3. You’ll discover interesting things about your research because you are genuinely interested in doing so as it relates to your own relatable ideas.
4. It will be more fun

It’s really real - being yourself with all your weirdness and uniqueness already by default precludes you to applying those aspects to your study. So perusing this is so important and being original then is a function of being yourself, and that’s easy right?

If the person you are enjoys thinking about abstract concepts, enjoys sports and enjoys social gaming nights - there are wired and wonderful ways that you with your ways of thinking can frame and apply yourself to research just by being yourself and asking questions that you might be interested in.

This brings me to my next topic which is motivation, which I believe you have by default when its to do with the things you like and enjoy and the things that make you unique and who you are. What I’m saying is that its not difficult to be motivated if you apply your ideas and interests to your research. Also, I’ve been reading the notes and recommended reading from this talk and a lot of it its trying to be formal in applying ways to be creative and thus by definition perhaps ‘new’ and original when in fact this stuff comes for free and is more organic if you’re up for doing the research in a way that interests you and thus will simulate creativity by default.

In this way, you cannot force creativity and try to learn it so that you can ‘apply’ it to something. Also if you’re not motivated, you really cannot apply creativity to something. What you can do is put yourself in a state of mind that allows your to enjoy yourself and facilitate perhaps a creative atmosphere or environment where you can easily play with your own interesting ideas and thoughts. So these can be seen as trigger mechanisms for creativity, ways to explore ad reflect on your own uniqueness. 

Some examples are brainstorming your ideas, spreading them out on a mind map or just thinking about them in a place that allows you to think differently about them - perhaps think while your in a library, then think while your in a neighbours(new) garden or even while watching a scorcher match or going for a walk. In effect, what your doing is giving yourself room to enjoy your own ideas in different ways, places perhaps to stimulate those ideas with peripheral ideas that stem directly from your surrounds or that come from observations that you make and perhaps having new types of observations of new types of things that interest your can influence your existing interests.

Having said that, you can’t force that either - you just must do what you feel is what you want to do and in doing so, you’re living out your own motivations.

So being interested and motivated and being yourself is already unique and creativity is an extension of that and you don’t have to invent it, if can just be a function of who you are.

What you can do with formal views of creativity is introduce them to your already interested mind. These views are things like asking different questions, thinking laterally, ways for striking new perspectives on what you’re doing etc. For example using the 5W+1H and SCAMPER and ENTRE methods. They wont help you become interested or fascinated or motivate you; you need that by default. They work when you’re already there and need more support. 

So as audio salve once said, ‘Be yourself for that’s all that you can be’ and I think that pretty much means enjoy what you enjoy and if that sounds like you need someone else to give you permission to enjoy what who enjoy - then you’re wrong. You can always enjoy what you enjoy!