Technological improvements, declining costs and mandates to suppliers from large entities such as Wal-Mart and the Department of Defense are driving investments in RFID and other location aware systems (LAS). Expected benefits from LAS investments include improvements in supply chain integration and streamlined operations. However, LAS may introduce a number of new information security vulnerabilities into organizations that must be carefully considered. LAS are highly decentralized and mobile, yet must connect to existing transactional systems to function. Decentralized, mobile applications are especially difficult to secure, and connections between LAS and internal applications can put those systems at risk too. The additional complexity of overall systems architectures also makes identifying security risks more challenging. We assert that current guidelines for information security are increasingly insufficient for organizations with highly decentralized systems and that more attention to how systems are employed is needed. We demonstrate this point with logical process models that illustrate how two different uses of one LAS technology result in different information security risks.
Ray, Amy W. and Ray, Julian J., "Security Risk Assessment of Decentralized, Mobile Applications: An Analysis of Location Aware Systems" (2005). AMCIS 2005 Proceedings. 445.