A Study on Organizational IT Security in Mobile Software Ecosystems Literature

Information security is a key topic for most organizations. With the digital revolution, smartphones have become popular not only for personal use but also within organizations where many employees use them for business purposes. As smartphones are increasingly present in organizations, it is necessary to understand what recommendations the literature provides for the safe use of such devices, helping organizations to protect themselves from threats. ISO 27000 is a well-known standard for information security in a business context. It provides a set of controls that must be observed to ensure more secure organizational information. Therefore, the goal of this study is to identify which controls presented in ISO 27000, more specifically ISO 27001, are present in the Mobile Software Ecosystem (MSECO) literature. To do so, we conducted a systematic mapping review supplemented by a snowballing process to identify studies in the field of MSECO that have addressed any subject that is present in ISO 27001. We found that 34 out of the 114 ISO 27001 controls are covered by the MSECO literature. Also, some of the ISO sections (e.g., Asset Management) have not yet been explored in the MSECO literature. Our results can inspire future and further studies on the topic of MSECO information security.