mobile phone security survey - for my thesis

dade

Lads and Ladies of Boards

I'm part of a group of final year students in Trinity College completing an Honours Degree in Business and Information technology. As part of this we have chosen for our thesis the subject of Information Breaches and the security risks posted specifically around mobile devices like laptops, Mobile phones and portable storage devices.

We are looking for people to assist in our research project by simply completing the survey on the link below, it should only take 5 to 10 minutes of your time.

We do not know of any risks to you if you decide to participate in this survey and we guarantee that your responses will not identify you personally (we do not record participants IP addresses nor ask for names and email addresses etc). We promise not to share any personally identifiable information with anyone outside my research group unless specifically forced by law.



http://www.surveymonkey.com/s.aspx?sm=V5mYbV_2fbyI_2f6E3Sz_2f15IkA_3d_3d


I know there are some spelling errors on the survey, unfortunately the where noticed too late to change

Sam Vimes

that link just thanks me for completing the survey and the done button tries to close the page

dade

bugger

try this one

http://www.surveymonkey.com/s.aspx?sm=V5mYbV_2fbyI_2f6E3Sz_2f15IkA_3d_3d

strecker

You 'promise' - ah, go on then...

Sam Vimes

dade wrote: »

bugger

try this one

http://www.surveymonkey.com/s.aspx?sm=V5mYbV_2fbyI_2f6E3Sz_2f15IkA_3d_3d

that works, you should edit it into your first post

dade

you sir are a genius

Sam Vimes

dade wrote: »

you sir are a genius

oh stop

Random

Right, done now. Hope it helps.

There's a lot of questions there that really wouldn't be answered by your average employee .. might look into trimming down the survey a bit.

dade

Random wrote: »

Right, done now. Hope it helps.

There's a lot of questions there that really wouldn't be answered by your average employee .. might look into trimming down the survey a bit.

that's fine if they don't answer them, not all Will know some of the demographics but that's cool. again as with the plans already in place or put in place again if hey don't know that's cool coz we can still dray some implications from it ie companies just disregard the loss or do not communicate security policies when they change to their employees

thanks you lot for filling it in, in the last 24 hrs you have managed to double the number of respondents.

Sully

Survey should have been done a bit better dude. It shouldnt ask questions not relevant (for example if I saw no, had no data breach - why ask me about the breach?!). Plus a laptop bag is a laptop bag regardless of what brand is on it

Seems to be a lot of repetition in terms of questions also.

Why not ask about anti virus on the mobile?!

dade

Sully wrote: »

Survey should have been done a bit better dude. It shouldnt ask questions not relevant (for example if I saw no, had no data breach - why ask me about the breach?!).

when the survey was tested the logic behind the first question on each page was set that if they said no it moved to the next page/device. it worked fine the times i tried it with test data. something screwy happened to the logic after that but can't be changed because the survey was already answered.

surveymoneky isn't that powerful a tool IMO i couldn't set the logic like i wanted it so had to work the best way i could,

Sully wrote: »

Plus a laptop bag is a laptop bag regardless of what brand is on it

coz you can get laptop bags that don't look like laptop bags that's why, i use one myself. Dell are also advertising them in a recent leaflet they posted out. the purpose of them is to reduce opportunistic theft as teh bag looks nothing like a laptopb bad for example

http://accessories.euro.dell.com/sna/productdetail.aspx?c=ie&l=en&s=dhs&cs=iedhs1&sku=460-10360 its a messanger bag

or this one a backpack
http://accessories.euro.dell.com/sna/productdetail.aspx?c=ie&l=en&s=dhs&cs=iedhs1&sku=A0568841

http://accessories.euro.dell.com/sna/productdetail.aspx?c=ie&l=en&s=dhs&cs=iedhs1&sku=A1662732


or the ladies tote bag
http://accessories.euro.dell.com/sna/productdetail.aspx?c=ie&l=en&s=dhs&cs=iedhs1&sku=460-10224


there are more from other manufacturers, soem are even less obvious than these

Sully wrote: »

Seems to be a lot of repetition in terms of questions also.

Why not ask about anti virus on the mobile?!

coz there's three of us working on the thesis, one of the other lads researched security on phones, one on USB and i did laptops, that's what he came up with for his questions.

ozymandius

Completed (mostly) the survey. Some comments for you, meant as constructive criticism and from someone who has been through what you are currently undergoing.

Did you do a pre-survey on a small test group - just to iron out inconsistancies and spelling?

Spelling, grammar and punctuation is important. It's the kind of thing that makes people just stop mid-survey. If you can't be bothered - neither can I kind of thing.

Why distinguish between mobile phone, iPhone, Blackberry - they all do the same thing. They're all mp3 players too.

Survey monkey is plenty powerful. It certainly can handle the logic to skip ahead based on first question's response. Your supervisor will likely know this, so careful what you say in the report. Don't blame the tools.

IIRC surveymonkey does, in fact, collect IPs. Be careful what you promise.

All the best for the next couple of months. Still being put to sleep by the gruesome twosome thespians; DL and ML?

.

dade

ozymandius wrote: »

Did you do a pre-survey on a small test group - just to iron out inconsistancies and spelling?

Spelling, grammar and punctuation is important. It's the kind of thing that makes people just stop mid-survey. If you can't be bothered - neither can I kind of thing..

the three of us ran through it ourselves, but i guess we should have picked a sample group. rookie mistake on our part, but something we could probably add into our methodology or personal reflection as part of the learning experience. we initially used a postal survey but after a month only had about 10 responses out of 60 and that was with giving them stamped addressed envelopes to respond so all then had to do was fill it in, lick the flap and send it back so we decided on an on line one to increase responses

ozymandius wrote: »

Why distinguish between mobile phone, iPhone, Blackberry - they all do the same thing. They're all mp3 players too...

on the demographics I think we distinguished because IIRC iPhones are not fully encrypted while blackberries are. also the BES server allows you to kill the device from a your office if you have one.

ozymandius wrote: »

Survey monkey is plenty powerful. It certainly can handle the logic to skip ahead based on first question's response. Your supervisor will likely know this, so careful what you say in the report. Don't blame the tools.

yeah maybe it was a case of me not being able to figure out the logic. I do remember setting it up so that if you said no for example to the have you had a breach on a laptop that it should have jumped to the phones page and so on. the only general repetition was the last two pages - this was put in to see if people had policies in place prior to a breach and to see if they actually implemented a policy after one (which is the case of where i work)

ozymandius wrote: »

IIRC surveymonkey does, in fact, collect IPs. Be careful what you promise.

but I'm pretty sure we do not have access to this data so we will not collect them. but i hear what you're saying

ozymandius wrote: »

All the best for the next couple of months. Still being put to sleep by the gruesome twosome thespians; DL and ML?

.

DL just moved on form our course head to continue her research. M is there still it was a pain of a lecture the two of them couldn't see the point of it really.

where you in BIT?

ozymandius

As I said comments meant positively.

DL just moved on ... to continue her research

I'm sure that's a euphemism for something 'Bout time.

where you in BIT?

IS

Good luck.

dade

ozymandius wrote: »

As I said comments meant positively.

.

and much appreciated first survey I've ever had to do so the lessons learned etc will be remembered

BrianD

dade wrote: »

when the survey was tested the logic behind the first question on each page was set that if they said no it moved to the next page/device. it worked fine the times i tried it with test data. something screwy happened to the logic after that but can't be changed because the survey was already answered.

surveymoneky isn't that powerful a tool IMO i couldn't set the logic like i wanted it so had to work the best way i could,




coz you can get laptop bags that don't look like laptop bags that's why, i use one myself. Dell are also advertising them in a recent leaflet they posted out. the purpose of them is to reduce opportunistic theft as teh bag looks nothing like a laptopb bad for example

http://accessories.euro.dell.com/sna/productdetail.aspx?c=ie&l=en&s=dhs&cs=iedhs1&sku=460-10360 its a messanger bag

or this one a backpack
http://accessories.euro.dell.com/sna/productdetail.aspx?c=ie&l=en&s=dhs&cs=iedhs1&sku=A0568841

http://accessories.euro.dell.com/sna/productdetail.aspx?c=ie&l=en&s=dhs&cs=iedhs1&sku=A1662732


or the ladies tote bag
http://accessories.euro.dell.com/sna/productdetail.aspx?c=ie&l=en&s=dhs&cs=iedhs1&sku=460-10224


there are more from other manufacturers, soem are even less obvious than these



coz there's three of us working on the thesis, one of the other lads researched security on phones, one on USB and i did laptops, that's what he came up with for his questions.

Dade, the survey is a bit cumbersome and I started it but kind of got lost half way through.

Surveymonkey is a good tool and I use it myself. You can set the survey up so that if you answer 'No' it skips you onto the next relevant question.

Also, In the question about connecting devices to a network, you could put in 'not applicable'. Also how would somebody connect a mobile to a network?

Just my two cents!

Keano

Done.

Actually would love to show this survey to a certain company as they seem to let employees connect anything to their computers.

Random

OP - any chance you'd share some of the results with us as you get them in?

dade

BrianD wrote: »

Dade, the survey is a bit cumbersome and I started it but kind of got lost half way through.

Surveymonkey is a good tool and I use it myself. You can set the survey up so that if you answer 'No' it skips you onto the next relevant question.!

lesson learned on taht one i tell ya only got those involved in designing it to test it not sample users

BrianD wrote: »

Also how would somebody connect a mobile to a network?
!

Wi-Fi maybe?

Random wrote: »

OP - any chance you'd share some of the results with us as you get them in?

survey closes on teh 14th and we'll be analysing teh results, I'll see what i can do on the figures

dade

just some stats back on this for people that are interested. thanks again for the help in comleting it

81 usable responses in total.

Laptops
laptops lost or stolen 27.16%
Clearly Identifiable bag 59.09%
Encrypted 36.36%
up to dat AV 95.45%
patch management 90.91%
Customer Data 50.00%
Recovered 4.55%

Phones
Phone lost or stolen 34.57%
password in addition to PIN 71.43%
encrypted 42.86%
report and lock out device 92.86%
recover 7.14%

USB
USB lost or stolen 19.75%
encrypted 25.00%
contained confidential data 37.50%
recovered 6.25%



Experienced a breach
Had a breach on one or all devices 37.04%
plan in place to deal with breach 46.67%
company only data lost during breach 36.67%
did nothing after breach 16.67%
alerted customer 13.33%
alerted data protection comm. 3.33%
since implemented steps 30.00%


Did not experience a breach
of those that did not experience a breach
42.00% had a plan in place to deal with it
36.00% had no plan in place to deal with it

Multiple device losses
lost laptop & phone 13.58%
lost laptop & USB 16.05%
Lost Phone & USB 8.64%
Lost all three 8.64%