• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
IT Mobile Devices and Control Issues
 

IT Mobile Devices and Control Issues

on

  • 1,491 views

 

Statistics

Views

Total Views
1,491
Views on SlideShare
1,491
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    IT Mobile Devices and Control Issues IT Mobile Devices and Control Issues Presentation Transcript

    • Mobile Devices: Control Issues
      Thomas TszWai Au
    • Definition of Mobile Devices
      Mobile phones with computer-like functionality or smartphones
      Laptops, netbooks, tablet computers
      Portable digital assistants (PDAs)
      Portable universal serial bus (USB) devices for storage and for connectivity
      Radio frequency identification (RFID) devices for data storage, identification and asset management
      Infrared-enabled (IrDA) devices
    • Definition of Mobile Devices
      Mobile phones with computer-like functionality or smartphones
      Laptops, netbooks, tablet computers
      Portable digital assistants (PDAs)
      Portable universal serial bus (USB) devices for storage and for connectivity
      Radio frequency identification (RFID) devices for data storage, identification and asset management
      Infrared-enabled (IrDA) devices
    • Definition of Mobile Devices
      Mobile phones with computer-like functionality or smartphones
      Laptops, netbooks, tablet computers
      Portable digital assistants (PDAs)
      Portable universal serial bus (USB) devices for storage and for connectivity
      Radio frequency identification (RFID) devices for data storage, identification and asset management
      Infrared-enabled (IrDA) devices
    • Definition of Mobile Devices
      Mobile phones with computer-like functionality or smartphones
      Laptops, netbooks, tablet computers
      Portable digital assistants (PDAs)
      Portable universal serial bus (USB) devices for storage and for connectivity
      Radio frequency identification (RFID) devices for data storage, identification and asset management
      Infrared-enabled (IrDA) devices
    • Definition of Mobile Devices
      Mobile phones with computer-like functionality or smartphones
      Laptops, netbooks, tablet computers
      Portable digital assistants (PDAs)
      Radio frequency identification (RFID) devices for data storage, identification and asset management
      Infrared-enabled (IrDA) devices
      • Portable universal serial bus (USB) devices for storage and for connectivity
    • Definition of Mobile Devices
      Mobile phones with computer-like functionality or smartphones
      Laptops, netbooks, tablet computers
      Portable digital assistants (PDAs)
      Portable universal serial bus (USB) devices for storage and for connectivity
      Radio frequency identification (RFID) devices for data storage, identification and asset management
      Infrared-enabled (IrDA) devices
    • Definition of Mobile Devices
      Mobile phones with computer-like functionality or smartphones
      Laptops, netbooks, tablet computers
      Portable digital assistants (PDAs)
      Portable universal serial bus (USB) devices for storage and for connectivity
      Radio frequency identification (RFID) devices for data storage, identification and asset management
      Infrared-enabled (IrDA) devices
    • Current Environment
      Business Performance Management (BPM) Study:
      25% of all mobile devices used in the organizations are contain vital applications and information
      40% of the organizations do not manage mobile data tracking, backup, and archiving for regulatory purposes
      Only 32.4% of small businesses ($100 million in revenue and under) implement formal mobile compliance policies
      Source: Refer to references
    • Current Environment
      Business Performance Management (BPM) Study:
      40% of the organizations do not manage mobile data tracking, backup, and archiving for regulatory purposes
      Only 32.4% of small businesses ($100 million in revenue and under) implement formal mobile compliance policies
      • 25% of all mobile devices used in the organizations are contain vital applications and information
      Source: Refer to references
    • Current Environment
      Business Performance Management (BPM) Study:
      25% of all mobile devices used in the organizations are contain vital applications and information
      Only 32.4% of small businesses ($100 million in revenue and under) implement formal mobile compliance policies
      • 40% of the organizations do not manage mobile data tracking, backup, and archiving for regulatory purposes
      Source: Refer to references
    • Current Environment
      Business Performance Management (BPM) Study:
      25% of all mobile devices used in the organizations are contain vital applications and information
      40% of the organizations do not manage mobile data tracking, backup, and archiving for regulatory purposes
      Only 32.4% of small businesses ($100 million in revenue and under) implement formal mobile compliance policies
      Source: Refer to references
    • Current Environment
      Findings from 22nd AICPA Top Technology Initiative Survey and India Study:
      90% said the biggest challenge confronting IT professionals is the control and use of mobile devices
      No companies reported that improving data security is among their board’s top three priorities
      6% said they have an IT or data security committee
      47% said they have a Chief Information Security Officer
      50% have not implemented policies or systems to mitigate the threat
      Source: Refer to references
    • Current Environment
      Findings from 22nd AICPA Top Technology Initiative Survey and India Study:
      90% said the biggest challenge confronting IT professionals is the control and use of mobile devices
      6% said they have an IT or data security committee
      47% said they have a Chief Information Security Officer
      50% have not implemented policies or systems to mitigate the threat
      • No companies reported that improving data security is among their board’s top three priorities
      Source: Refer to references
    • Current Environment
      Findings from 22nd AICPA Top Technology Initiative Survey and India Study:
      90% said the biggest challenge confronting IT professionals is the control and use of mobile devices
      No companies reported that improving data security is among their board’s top three priorities
      47% said they have a Chief Information Security Officer
      50% have not implemented policies or systems to mitigate the threat
      • 6% said they have an IT or data security committee
      Source: Refer to references
    • Current Environment
      Findings from 22nd AICPA Top Technology Initiative Survey and India Study:
      90% said the biggest challenge confronting IT professionals is the control and use of mobile devices
      No companies reported that improving data security is among their board’s top three priorities
      6% said they have an IT or data security committee
      47% said they have a Chief Information Security Officer
      50% have not implemented policies or systems to mitigate the threat
      Source: Refer to references
    • Current Environment
      Findings from 22nd AICPA Top Technology Initiative Survey and India Study:
      90% said the biggest challenge confronting IT professionals is the control and use of mobile devices
      No companies reported that improving data security is among their board’s top three priorities
      6% said they have an IT or data security committee
      47% said they have a Chief Information Security Officer
      • 50% have not implemented policies or systems to mitigate the threat
      Source: Refer to references
    • Benefits
      Increased workforce productivity
      Improved customer service
      Improved turnaround times for problem resolutions
      Response to customer problems and questions
      Increased business process efficiency
      Improved employee security and safety
      Improved employee retention
      Source: ISACA – Securing Mobile Devices
    • Benefits
      Increased workforce productivity
      Improved customer service
      Improved turnaround times for problem resolutions
      Response to customer problems and questions
      Increased business process efficiency
      Improved employee security and safety
      Improved employee retention
      Source: ISACA – Securing Mobile Devices
    • Benefits
      Increased workforce productivity
      Improved customer service
      Improved turnaround times for problem resolutions
      Response to customer problems and questions
      Increased business process efficiency
      Improved employee security and safety
      Improved employee retention
      Source: ISACA – Securing Mobile Devices
    • Benefits
      Increased workforce productivity
      Improved customer service
      Response to customer problems and questions
      Increased business process efficiency
      Improved employee security and safety
      Improved employee retention
      • Improved turnaround times for problem resolutions
      Source: ISACA – Securing Mobile Devices
    • Benefits
      Increased workforce productivity
      Improved customer service
      Improved turnaround times for problem resolutions
      Response to customer problems and questions
      Increased business process efficiency
      Improved employee security and safety
      Improved employee retention
      Source: ISACA – Securing Mobile Devices
    • Benefits
      Increased workforce productivity
      Improved customer service
      Improved turnaround times for problem resolutions
      Response to customer problems and questions
      Improved employee security and safety
      Improved employee retention
      • Increased business process efficiency
      Source: ISACA – Securing Mobile Devices
    • Benefits
      Increased workforce productivity
      Improved customer service
      Improved turnaround times for problem resolutions
      Response to customer problems and questions
      Increased business process efficiency
      Improved employee retention
      • Improved employee security and safety
      Source: ISACA – Securing Mobile Devices
    • Benefits
      Increased workforce productivity
      Improved customer service
      Improved turnaround times for problem resolutions
      Response to customer problems and questions
      Increased business process efficiency
      Improved employee security and safety
      Improved employee retention
      Source: ISACA – Securing Mobile Devices
    • Risks
      Types of Risks:
      Financial
      Financial losses
      Legal & Regulatory
      Stolen confidential information
      Inaccurate reporting
      Vulnerabilities
      Loss, theft, and corruption of data or device
    • Risks
      Types of Risks:
      Financial
      Financial losses
      Legal & Regulatory
      Stolen confidential information
      Inaccurate reporting
      Vulnerabilities
      Loss, theft, and corruption of data or device
    • Risks
      Types of Risks:
      Financial
      Financial losses
      Legal & Regulatory
      Stolen confidential information
      Inaccurate reporting
      Vulnerabilities
      Loss, theft, and corruption of data or device
    • Risks
      Types of Risks:
      Financial
      Financial losses
      Legal & Regulatory
      Stolen confidential information
      Inaccurate reporting
      Vulnerabilities
      Loss, theft, and corruption of data or device
    • Risk Mitigation
      Update existing or create new mobile device strategies while considering the organizational culture, technology and governance as it will help ensure risks are appropriately accounted for and managed.
      Establish policies to support the mobile device strategy’s goals while leveraging available technology and mitigating risks.
      When introducing a mobile device, ensure it fits the corporate strategy and objectives by using a proven framework(i.e. COBIT).
      Source: ISACA – Securing Mobile Devices
    • Mobile Device Strategy
      Should be tailored to address risks specific to the company.
      Consider the company’s:
      Technology
      Culture
      Governance
    • Mobile Device Policy
      Define allowable device types
      Defining the nature of services accessible through the devices
      Identifying the way people use the devices
      Integrating all enterprise-issued devices into an asset management program
      Describing the authentication and encryption needed on the devices
      Outlining the tasks for which employees may use the devices and the types of applications that are allowed
      Clarifying how data should be securely stored and transmitted
      Simple to implement and support
      Centrally managed by the company itself
      Flexible for administering users and devices
      Focused on hindering loss or theft
      Auditable in all of its parts
      Tested and verified in disaster response
      Attentive to possible external threats
      Source: ISACA – Securing Mobile Devices
    • Proven Frameworks (COBIT)
      Implementation is aligned with corporate strategy and objectives
      Value adding
      Risks are addressed
      Fits the corporate culture
      Compatible with users of the company
      Compatible with the technical architecture of the company
      External factors are considered
      Sufficient support with appropriate resources
      Monitored with appropriate performance metrics
      Source: ISACA – Securing Mobile Devices
    • Proven Frameworks (COBIT)
      Implementation is aligned with corporate strategy and objectives
      Value adding
      Risks are addressed
      Fits the corporate culture
      Compatible with users of the company
      Compatible with the technical architecture of the company
      External factors are considered
      Sufficient support with appropriate resources
      Monitored with appropriate performance metrics
      Source: ISACA – Securing Mobile Devices
    • Proven Frameworks (COBIT)
      Implementation is aligned with corporate strategy and objectives
      Value adding
      Risks are addressed
      Fits the corporate culture
      Compatible with users of the company
      Compatible with the technical architecture of the company
      External factors are considered
      Sufficient support with appropriate resources
      Monitored with appropriate performance metrics
      Source: ISACA – Securing Mobile Devices
    • Proven Frameworks (COBIT)
      Implementation is aligned with corporate strategy and objectives
      Value adding
      Risks are addressed
      Fits the corporate culture
      Compatible with users of the company
      Compatible with the technical architecture of the company
      External factors are considered
      Sufficient support with appropriate resources
      Monitored with appropriate performance metrics
      Source: ISACA – Securing Mobile Devices
    • Proven Frameworks (COBIT)
      Implementation is aligned with corporate strategy and objectives
      Value adding
      Risks are addressed
      Fits the corporate culture
      Compatible with users of the company
      Compatible with the technical architecture of the company
      External factors are considered
      Sufficient support with appropriate resources
      Monitored with appropriate performance metrics
      Source: ISACA – Securing Mobile Devices
    • Proven Frameworks (COBIT)
      Implementation is aligned with corporate strategy and objectives
      Value adding
      Risks are addressed
      Fits the corporate culture
      Compatible with users of the company
      Compatible with the technical architecture of the company
      External factors are considered
      Sufficient support with appropriate resources
      Monitored with appropriate performance metrics
      Source: ISACA – Securing Mobile Devices
    • Proven Frameworks (COBIT)
      Implementation is aligned with corporate strategy and objectives
      Value adding
      Risks are addressed
      Fits the corporate culture
      Compatible with users of the company
      Compatible with the technical architecture of the company
      External factors are considered
      Sufficient support with appropriate resources
      Monitored with appropriate performance metrics
      Source: ISACA – Securing Mobile Devices
    • Proven Frameworks (COBIT)
      Implementation is aligned with corporate strategy and objectives
      Value adding
      Risks are addressed
      Fits the corporate culture
      Compatible with users of the company
      Compatible with the technical architecture of the company
      External factors are considered
      Sufficient support with appropriate resources
      Monitored with appropriate performance metrics
      Source: ISACA – Securing Mobile Devices
    • Proven Frameworks (COBIT)
      Implementation is aligned with corporate strategy and objectives
      Value adding
      Risks are addressed
      Fits the corporate culture
      Compatible with users of the company
      Compatible with the technical architecture of the company
      External factors are considered
      Sufficient support with appropriate resources
      Monitored with appropriate performance metrics
      Source: ISACA – Securing Mobile Devices
    • Proven Frameworks (COBIT)
      Implementation is aligned with corporate strategy and objectives
      Value adding
      Risks are addressed
      Fits the corporate culture
      Compatible with users of the company
      Compatible with the technical architecture of the company
      External factors are considered
      Sufficient support with appropriate resources
      Monitored with appropriate performance metrics
      Source: ISACA – Securing Mobile Devices
    • Implications – Chartered Accountants (CAs)
      CAs assess internal controls to determine the appropriate audit approach.
      Mobile devices pose risks to internal controls failing to achieve:
      Reliability on financial reporting
      Efficiency and effectiveness of its operations
      Compliance with laws and regulations
    • Implications – Chartered Accountants
      Procedures:
      Ensure that mobile device management software is running the latest approved software and patches
      Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.
      Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device
      Evaluate the use of security monitoring software and processes
      Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.
      Evaluate procedures in place for tracking end user trouble tickets
      Ensure that appropriate security policies are in place for your mobile devices
      Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen
      Evaluate whether effective change management processes exist
      Source: Davis, C., & Schiller, M.
    • Implications – Chartered Accountants
      Procedures:
      Ensure that mobile device management software is running the latest approved software and patches
      Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.
      Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device
      Evaluate the use of security monitoring software and processes
      Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.
      Evaluate procedures in place for tracking end user trouble tickets
      Ensure that appropriate security policies are in place for your mobile devices
      Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen
      Evaluate whether effective change management processes exist
      Source: Davis, C., & Schiller, M.
    • Implications – Chartered Accountants
      Procedures:
      Ensure that mobile device management software is running the latest approved software and patches
      Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.
      Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device
      Evaluate the use of security monitoring software and processes
      Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.
      Evaluate procedures in place for tracking end user trouble tickets
      Ensure that appropriate security policies are in place for your mobile devices
      Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen
      Evaluate whether effective change management processes exist
      Source: Davis, C., & Schiller, M.
    • Implications – Chartered Accountants
      Procedures:
      Ensure that mobile device management software is running the latest approved software and patches
      Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.
      Evaluate the use of security monitoring software and processes
      Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.
      Evaluate procedures in place for tracking end user trouble tickets
      Ensure that appropriate security policies are in place for your mobile devices
      Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen
      Evaluate whether effective change management processes exist
      • Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device
      Source: Davis, C., & Schiller, M.
    • Implications – Chartered Accountants
      Procedures:
      Ensure that mobile device management software is running the latest approved software and patches
      Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.
      Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device
      Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.
      Evaluate procedures in place for tracking end user trouble tickets
      Ensure that appropriate security policies are in place for your mobile devices
      Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen
      Evaluate whether effective change management processes exist
      • Evaluate the use of security monitoring software and processes
      Source: Davis, C., & Schiller, M.
    • Implications – Chartered Accountants
      Procedures:
      Ensure that mobile device management software is running the latest approved software and patches
      Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.
      Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device
      Evaluate the use of security monitoring software and processes
      Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.
      Evaluate procedures in place for tracking end user trouble tickets
      Ensure that appropriate security policies are in place for your mobile devices
      Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen
      Evaluate whether effective change management processes exist
      Source: Davis, C., & Schiller, M.
    • Implications – Chartered Accountants
      Procedures:
      Ensure that mobile device management software is running the latest approved software and patches
      Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.
      Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device
      Evaluate the use of security monitoring software and processes
      Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.
      Evaluate procedures in place for tracking end user trouble tickets
      Ensure that appropriate security policies are in place for your mobile devices
      Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen
      Evaluate whether effective change management processes exist
      Source: Davis, C., & Schiller, M.
    • Implications – Chartered Accountants
      Procedures:
      Ensure that mobile device management software is running the latest approved software and patches
      Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.
      Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device
      Evaluate the use of security monitoring software and processes
      Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.
      Evaluate procedures in place for tracking end user trouble tickets
      Ensure that appropriate security policies are in place for your mobile devices
      Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen
      Evaluate whether effective change management processes exist
      Source: Davis, C., & Schiller, M.
    • Implications – Chartered Accountants
      Procedures:
      Ensure that mobile device management software is running the latest approved software and patches
      Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.
      Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device
      Evaluate the use of security monitoring software and processes
      Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.
      Evaluate procedures in place for tracking end user trouble tickets
      Ensure that appropriate security policies are in place for your mobile devices
      Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen
      Evaluate whether effective change management processes exist
      Source: Davis, C., & Schiller, M.
    • Implications – Chartered Accountants
      Procedures:
      Ensure that mobile device management software is running the latest approved software and patches
      Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.
      Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device
      Evaluate the use of security monitoring software and processes
      Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.
      Evaluate procedures in place for tracking end user trouble tickets
      Ensure that appropriate security policies are in place for your mobile devices
      Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen
      • Evaluate whether effective change management processes exist
      Source: Davis, C., & Schiller, M.
    • Implications – Chartered Accountants (CAs)
      Consider the following items when confirming operational efficiency:
      Policy
      Antivirus updates
      Encryption
      Secure transmission
      Device management
      Access control
      Awareness training
      Risk
    • Implications – Chartered Accountants (CAs)
      Consider the following items when confirming operational efficiency:
      Policy
      Antivirus updates
      Encryption
      Secure transmission
      Device management
      Access control
      Awareness training
      Risk
    • Implications – Chartered Accountants (CAs)
      Consider the following items when confirming operational efficiency:
      Policy
      Antivirus updates
      Encryption
      Secure transmission
      Device management
      Access control
      Awareness training
      Risk
    • Implications – Chartered Accountants (CAs)
      Consider the following items when confirming operational efficiency:
      Policy
      Antivirus updates
      Encryption
      Secure transmission
      Device management
      Access control
      Awareness training
      Risk
    • Implications – Chartered Accountants (CAs)
      Consider the following items when confirming operational efficiency:
      Policy
      Antivirus updates
      Encryption
      Secure transmission
      Device management
      Access control
      Awareness training
      Risk
    • Implications – Chartered Accountants (CAs)
      Consider the following items when confirming operational efficiency:
      Policy
      Antivirus updates
      Encryption
      Secure transmission
      Device management
      Access control
      Awareness training
      Risk
    • Implications – Chartered Accountants (CAs)
      Consider the following items when confirming operational efficiency:
      Policy
      Antivirus updates
      Encryption
      Secure transmission
      Device management
      Access control
      Awareness training
      Risk
    • Implications – Chartered Accountants (CAs)
      Consider the following items when confirming operational efficiency:
      Policy
      Antivirus updates
      Encryption
      Secure transmission
      Device management
      Access control
      Awareness training
      Risk
    • Implications – Chartered Accountants (CAs)
      Consider the following items when confirming operational efficiency:
      Policy
      Antivirus updates
      Encryption
      Secure transmission
      Device management
      Access control
      Awareness training
      Risk
    • Conclusion
      Mobile devices has definitely enhanced availability, productivity, and efficiency of business processes.
      However, the device and its data can be lost, corrupted, damaged, or stolen which may do harm to the exact items it was originally enhancing.
      Many executives recognize there is a risk associated with these devices, but do not implement sufficient controls to mitigate the risks.
      Recommendation:
      Develop a strategy to manage mobile devices
      Develop policies to support the strategy
      Use proven frameworks to assess IT technology when using or introducing new devices
    • References
      All music used were attained from: http://www.partnersinrhyme.com/pir/free_music_loops.shtml
      AICPA. (2011, February 15). Surging Business Use of Mobile Devices is Top Business IT Challenge; AICPA Survey. Retrieved May 5, 2011, from AICPA: http://www.aicpa.org/PRESS/PRESSRELEASES/2011/Pages/2011TopTechnologySurvey.aspx
      Blank, P. (2010, July 2). Compliance concerns delay banks introducing iPhone trading. Retrieved May 5, 2011, from Finextra: http://www.finextra.com/community/fullblog.aspx?blogid=4236
      Brenner, B. (2006, October 20). Infected iPods a threat to corporate networks. Retrieved May 5, 2011, from SearchSecurityChannel.com: http://searchsecurity.techtarget.com/news/1225559/Infected-iPods-a-threat-to-corporate-networks
      Cobb, M. (2009, January 8). Can USB compromise the security of an embedded mobile device? Retrieved May 5, 2011, from SearchSecurity.com: http://searchsecurity.techtarget.com/answer/Can-USB-compromise-the-security-of-an-embedded-mobile-device
      Computer Security Update. (2007, January 1). Mobile Devices Expose Firms to Compliance/Security Risks. Computer Security Update: Vol. 8. Issue. 1.
      COSO. (n.d.). Internal Control - Integrated Framework. Retrieved June 30, 2011, from COSO.org: http://www.coso.org/IC-IntegratedFramework-summary.htm
      Davis, C., & Schiller, M. (2011, April 12). 10 Steps for Auditing Mobile Computing Security. Retrieved May 5, 2011, from Enterprise Systems: http://esj.com/Articles/2011/04/12/IT-Auditing-Mobile-Security.aspx?p=1
      Expert Names Top 10 Audit Issues of 2009. (2009). Retrieved May 5, 2011, from InternetNews.com: http://www.internetnews.com/government/article.php/3819156/Expert-Names-Top-10-Audit-Issues-of-2009.htm
      Fell, J. (2011, April 19). Mobile devices and the law: What are the legal issues? Retrieved May 5, 2011, from computing.co.uk: http://www.computing.co.uk/ctg/feature/2044628/mobile-devices-law
    • References
      Gupta, U. (2011, June 6). How Effective are Mobile Security Policies? Retrieved June 8, 2011, from Bank Info Security: http://blogs.bankinfosecurity.asia/posts.php?postID=967
      Hernacki, B. (2006). Improving Bluetooth Security: What IT Managers and Mobile Device Users Can do. Information Security Journal. Vol 15. Issue 4. , 39-42.
      ISACA. (n.d.). COBIT - IT Governance Framework. Retrieved June 30, 2011, from ISACA: http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx
      ISACA. (2011, June 1). ISACA Survey: IT Leaders in India Believe Mobile Devices Pose Serious Risk to Enterprises. Retrieved June 7, 2011, from Asia Pulse Pty Ltd.: http://proquest.umi.com.proxy.lib.uwaterloo.ca/pqdweb?index=5&did=2363825061&SrchMode=2&sid=2&Fmt=3&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1307655836&clientId=16746
      ISACA. (2010). Securing Mobile Devices. An ISACA Emerging Technology White Paper , 1-10.
      Juniper Networks. (2011, January). Mobile Device Security - Emerging Threats, Essential Strategies: Key Capabilities for Safeguarding Mobile Devices and Corporate Assets. Retrieved May 5, 2011, from Juniper Networks: http://www.juniper.net/us/en/local/pdf/whitepapers/2000372-en.pdf
      Levick, R. S. (2011, May 3). Sony's Cyberattack and How Companies Fail in Data Security. Retrieved May 5, 2011, from FastCompany.com: http://www.fastcompany.com/1751318/directors-are-disengaged-on-data-security
      Parizo, E. (2008, April 7). HP: Would you like some malware with your server? Retrieved May 5, 2011, from IT Knowledge Exchange: http://itknowledgeexchange.techtarget.com/security-bytes/hp-would-you-like-some-malware-with-your-server/
      Vijayan, J. (2011, March 29). BP employee loses laptop containing data on 13,000 oil spill claimants. Retrieved May 5, 2011, from ComputerWorld: http://www.computerworld.com/s/article/9215316/BP_employee_loses_laptop_containing_data_on_13_000_oil_spill_claimants
      White, M. (2010, June 30). Drunk oil trader banned and fined. Retrieved May 5, 2011, from finextra: http://www.finextra.com/news/fullstory.aspx?newsitemid=21554