25-6-2025 –, Slingerland Studio (studio 1)
Taal: English
In this talk, I will present practical findings and recommendations for implementing Mobile Device Management (MDM) and Mobile Application Management (MAM) policies within higher education institutions. The goal: to create security measures that are not only effective, but also accepted and supported by end users.
Based on the interviews conducted during my research at SURF, I explain how aligning security requirements with user experiences can significantly increase acceptance and reduce resistance. During the session, I’ll share actionable suggestions for improving policy design, selecting appropriate security controls, and refining implementation procedures—all tailored to the specific needs and context of educational environments.
Werk je (of heb je interesse) in IT security policy? Dan kan je deze talk echt niet missen!
Werk je bij een WO/HBO instelling en je wil horen over gebruiksvriendelijke security maatregels? Deze hebben ook met jou te maken! Sluit je aan en deel gerust je mening!
Aangezien ik mijn scriptiedefensie toch in het Engels moet houden, zal ik deze presentatie ook in het Engels doen.
Many organizations struggle to get employees to adopt security tools and policies. When these are seen as hindering, complicated, or are poorly explained, users may avoid them altogether—sometimes turning to “shadow IT,” which increases security risks. This is particularly evident for the policies that revolve around devices the faculty and staff use for their work (such as a laptop or a mobile phone).
My research focused on how IT Security Departments in higher education can increase user acceptance of MDM/MAM policies and controls by involving users in the design of security rules. After talking to end-users, the key insight regard:
1) Communication: when communication is improved and users' needs are taken into account, adoption increases. So, talk to the users, explain the risks and how they can contribute to their mitigation!
2) Security tailored to the context and the information to be protected.
3) Warn the users if they are doing something wrong and steer them in the right direction
4) Streamlining request processes, if the user needs to wait more than a week, chances are they'll turn to shadow IT
5) Balanced security controls for information management.
In the talk, I will dive into these aspects and provide practical ways forward.
Paolo Maggioni is an Information Security Officer at JBT Marel, with a strong focus on business continuity and on human-centered approaches to information security. He holds a BSc in Security Studies from Leiden University and is currently completing his Master’s in Information Science at Radboud University. Paolo is currently writing his thesis at SURF, within the Security Awareness and Organisatie Team. He holds four ISO certifications, reflecting his expertise in information security, business continuity, crisis management, and risk governance.