Your SlideShare is downloading. ×
IT Mobile Devices and Control Issues
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

IT Mobile Devices and Control Issues

1,330
views

Published on

Published in: Education, Technology, Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,330
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Mobile Devices: Control Issues
    Thomas TszWai Au
  • 2. Definition of Mobile Devices
    Mobile phones with computer-like functionality or smartphones
    Laptops, netbooks, tablet computers
    Portable digital assistants (PDAs)
    Portable universal serial bus (USB) devices for storage and for connectivity
    Radio frequency identification (RFID) devices for data storage, identification and asset management
    Infrared-enabled (IrDA) devices
  • 3. Definition of Mobile Devices
    Mobile phones with computer-like functionality or smartphones
    Laptops, netbooks, tablet computers
    Portable digital assistants (PDAs)
    Portable universal serial bus (USB) devices for storage and for connectivity
    Radio frequency identification (RFID) devices for data storage, identification and asset management
    Infrared-enabled (IrDA) devices
  • 4. Definition of Mobile Devices
    Mobile phones with computer-like functionality or smartphones
    Laptops, netbooks, tablet computers
    Portable digital assistants (PDAs)
    Portable universal serial bus (USB) devices for storage and for connectivity
    Radio frequency identification (RFID) devices for data storage, identification and asset management
    Infrared-enabled (IrDA) devices
  • 5. Definition of Mobile Devices
    Mobile phones with computer-like functionality or smartphones
    Laptops, netbooks, tablet computers
    Portable digital assistants (PDAs)
    Portable universal serial bus (USB) devices for storage and for connectivity
    Radio frequency identification (RFID) devices for data storage, identification and asset management
    Infrared-enabled (IrDA) devices
  • 6. Definition of Mobile Devices
    Mobile phones with computer-like functionality or smartphones
    Laptops, netbooks, tablet computers
    Portable digital assistants (PDAs)
    Radio frequency identification (RFID) devices for data storage, identification and asset management
    Infrared-enabled (IrDA) devices
    • Portable universal serial bus (USB) devices for storage and for connectivity
  • Definition of Mobile Devices
    Mobile phones with computer-like functionality or smartphones
    Laptops, netbooks, tablet computers
    Portable digital assistants (PDAs)
    Portable universal serial bus (USB) devices for storage and for connectivity
    Radio frequency identification (RFID) devices for data storage, identification and asset management
    Infrared-enabled (IrDA) devices
  • 7. Definition of Mobile Devices
    Mobile phones with computer-like functionality or smartphones
    Laptops, netbooks, tablet computers
    Portable digital assistants (PDAs)
    Portable universal serial bus (USB) devices for storage and for connectivity
    Radio frequency identification (RFID) devices for data storage, identification and asset management
    Infrared-enabled (IrDA) devices
  • 8. Current Environment
    Business Performance Management (BPM) Study:
    25% of all mobile devices used in the organizations are contain vital applications and information
    40% of the organizations do not manage mobile data tracking, backup, and archiving for regulatory purposes
    Only 32.4% of small businesses ($100 million in revenue and under) implement formal mobile compliance policies
    Source: Refer to references
  • 9. Current Environment
    Business Performance Management (BPM) Study:
    40% of the organizations do not manage mobile data tracking, backup, and archiving for regulatory purposes
    Only 32.4% of small businesses ($100 million in revenue and under) implement formal mobile compliance policies
    • 25% of all mobile devices used in the organizations are contain vital applications and information
    Source: Refer to references
  • 10. Current Environment
    Business Performance Management (BPM) Study:
    25% of all mobile devices used in the organizations are contain vital applications and information
    Only 32.4% of small businesses ($100 million in revenue and under) implement formal mobile compliance policies
    • 40% of the organizations do not manage mobile data tracking, backup, and archiving for regulatory purposes
    Source: Refer to references
  • 11. Current Environment
    Business Performance Management (BPM) Study:
    25% of all mobile devices used in the organizations are contain vital applications and information
    40% of the organizations do not manage mobile data tracking, backup, and archiving for regulatory purposes
    Only 32.4% of small businesses ($100 million in revenue and under) implement formal mobile compliance policies
    Source: Refer to references
  • 12. Current Environment
    Findings from 22nd AICPA Top Technology Initiative Survey and India Study:
    90% said the biggest challenge confronting IT professionals is the control and use of mobile devices
    No companies reported that improving data security is among their board’s top three priorities
    6% said they have an IT or data security committee
    47% said they have a Chief Information Security Officer
    50% have not implemented policies or systems to mitigate the threat
    Source: Refer to references
  • 13. Current Environment
    Findings from 22nd AICPA Top Technology Initiative Survey and India Study:
    90% said the biggest challenge confronting IT professionals is the control and use of mobile devices
    6% said they have an IT or data security committee
    47% said they have a Chief Information Security Officer
    50% have not implemented policies or systems to mitigate the threat
    • No companies reported that improving data security is among their board’s top three priorities
    Source: Refer to references
  • 14. Current Environment
    Findings from 22nd AICPA Top Technology Initiative Survey and India Study:
    90% said the biggest challenge confronting IT professionals is the control and use of mobile devices
    No companies reported that improving data security is among their board’s top three priorities
    47% said they have a Chief Information Security Officer
    50% have not implemented policies or systems to mitigate the threat
    • 6% said they have an IT or data security committee
    Source: Refer to references
  • 15. Current Environment
    Findings from 22nd AICPA Top Technology Initiative Survey and India Study:
    90% said the biggest challenge confronting IT professionals is the control and use of mobile devices
    No companies reported that improving data security is among their board’s top three priorities
    6% said they have an IT or data security committee
    47% said they have a Chief Information Security Officer
    50% have not implemented policies or systems to mitigate the threat
    Source: Refer to references
  • 16. Current Environment
    Findings from 22nd AICPA Top Technology Initiative Survey and India Study:
    90% said the biggest challenge confronting IT professionals is the control and use of mobile devices
    No companies reported that improving data security is among their board’s top three priorities
    6% said they have an IT or data security committee
    47% said they have a Chief Information Security Officer
    • 50% have not implemented policies or systems to mitigate the threat
    Source: Refer to references
  • 17. Benefits
    Increased workforce productivity
    Improved customer service
    Improved turnaround times for problem resolutions
    Response to customer problems and questions
    Increased business process efficiency
    Improved employee security and safety
    Improved employee retention
    Source: ISACA – Securing Mobile Devices
  • 18. Benefits
    Increased workforce productivity
    Improved customer service
    Improved turnaround times for problem resolutions
    Response to customer problems and questions
    Increased business process efficiency
    Improved employee security and safety
    Improved employee retention
    Source: ISACA – Securing Mobile Devices
  • 19. Benefits
    Increased workforce productivity
    Improved customer service
    Improved turnaround times for problem resolutions
    Response to customer problems and questions
    Increased business process efficiency
    Improved employee security and safety
    Improved employee retention
    Source: ISACA – Securing Mobile Devices
  • 20. Benefits
    Increased workforce productivity
    Improved customer service
    Response to customer problems and questions
    Increased business process efficiency
    Improved employee security and safety
    Improved employee retention
    • Improved turnaround times for problem resolutions
    Source: ISACA – Securing Mobile Devices
  • 21. Benefits
    Increased workforce productivity
    Improved customer service
    Improved turnaround times for problem resolutions
    Response to customer problems and questions
    Increased business process efficiency
    Improved employee security and safety
    Improved employee retention
    Source: ISACA – Securing Mobile Devices
  • 22. Benefits
    Increased workforce productivity
    Improved customer service
    Improved turnaround times for problem resolutions
    Response to customer problems and questions
    Improved employee security and safety
    Improved employee retention
    • Increased business process efficiency
    Source: ISACA – Securing Mobile Devices
  • 23. Benefits
    Increased workforce productivity
    Improved customer service
    Improved turnaround times for problem resolutions
    Response to customer problems and questions
    Increased business process efficiency
    Improved employee retention
    • Improved employee security and safety
    Source: ISACA – Securing Mobile Devices
  • 24. Benefits
    Increased workforce productivity
    Improved customer service
    Improved turnaround times for problem resolutions
    Response to customer problems and questions
    Increased business process efficiency
    Improved employee security and safety
    Improved employee retention
    Source: ISACA – Securing Mobile Devices
  • 25. Risks
    Types of Risks:
    Financial
    Financial losses
    Legal & Regulatory
    Stolen confidential information
    Inaccurate reporting
    Vulnerabilities
    Loss, theft, and corruption of data or device
  • 26. Risks
    Types of Risks:
    Financial
    Financial losses
    Legal & Regulatory
    Stolen confidential information
    Inaccurate reporting
    Vulnerabilities
    Loss, theft, and corruption of data or device
  • 27. Risks
    Types of Risks:
    Financial
    Financial losses
    Legal & Regulatory
    Stolen confidential information
    Inaccurate reporting
    Vulnerabilities
    Loss, theft, and corruption of data or device
  • 28. Risks
    Types of Risks:
    Financial
    Financial losses
    Legal & Regulatory
    Stolen confidential information
    Inaccurate reporting
    Vulnerabilities
    Loss, theft, and corruption of data or device
  • 29. Risk Mitigation
    Update existing or create new mobile device strategies while considering the organizational culture, technology and governance as it will help ensure risks are appropriately accounted for and managed.
    Establish policies to support the mobile device strategy’s goals while leveraging available technology and mitigating risks.
    When introducing a mobile device, ensure it fits the corporate strategy and objectives by using a proven framework(i.e. COBIT).
    Source: ISACA – Securing Mobile Devices
  • 30. Mobile Device Strategy
    Should be tailored to address risks specific to the company.
    Consider the company’s:
    Technology
    Culture
    Governance
  • 31. Mobile Device Policy
    Define allowable device types
    Defining the nature of services accessible through the devices
    Identifying the way people use the devices
    Integrating all enterprise-issued devices into an asset management program
    Describing the authentication and encryption needed on the devices
    Outlining the tasks for which employees may use the devices and the types of applications that are allowed
    Clarifying how data should be securely stored and transmitted
    Simple to implement and support
    Centrally managed by the company itself
    Flexible for administering users and devices
    Focused on hindering loss or theft
    Auditable in all of its parts
    Tested and verified in disaster response
    Attentive to possible external threats
    Source: ISACA – Securing Mobile Devices
  • 32. Proven Frameworks (COBIT)
    Implementation is aligned with corporate strategy and objectives
    Value adding
    Risks are addressed
    Fits the corporate culture
    Compatible with users of the company
    Compatible with the technical architecture of the company
    External factors are considered
    Sufficient support with appropriate resources
    Monitored with appropriate performance metrics
    Source: ISACA – Securing Mobile Devices
  • 33. Proven Frameworks (COBIT)
    Implementation is aligned with corporate strategy and objectives
    Value adding
    Risks are addressed
    Fits the corporate culture
    Compatible with users of the company
    Compatible with the technical architecture of the company
    External factors are considered
    Sufficient support with appropriate resources
    Monitored with appropriate performance metrics
    Source: ISACA – Securing Mobile Devices
  • 34. Proven Frameworks (COBIT)
    Implementation is aligned with corporate strategy and objectives
    Value adding
    Risks are addressed
    Fits the corporate culture
    Compatible with users of the company
    Compatible with the technical architecture of the company
    External factors are considered
    Sufficient support with appropriate resources
    Monitored with appropriate performance metrics
    Source: ISACA – Securing Mobile Devices
  • 35. Proven Frameworks (COBIT)
    Implementation is aligned with corporate strategy and objectives
    Value adding
    Risks are addressed
    Fits the corporate culture
    Compatible with users of the company
    Compatible with the technical architecture of the company
    External factors are considered
    Sufficient support with appropriate resources
    Monitored with appropriate performance metrics
    Source: ISACA – Securing Mobile Devices
  • 36. Proven Frameworks (COBIT)
    Implementation is aligned with corporate strategy and objectives
    Value adding
    Risks are addressed
    Fits the corporate culture
    Compatible with users of the company
    Compatible with the technical architecture of the company
    External factors are considered
    Sufficient support with appropriate resources
    Monitored with appropriate performance metrics
    Source: ISACA – Securing Mobile Devices
  • 37. Proven Frameworks (COBIT)
    Implementation is aligned with corporate strategy and objectives
    Value adding
    Risks are addressed
    Fits the corporate culture
    Compatible with users of the company
    Compatible with the technical architecture of the company
    External factors are considered
    Sufficient support with appropriate resources
    Monitored with appropriate performance metrics
    Source: ISACA – Securing Mobile Devices
  • 38. Proven Frameworks (COBIT)
    Implementation is aligned with corporate strategy and objectives
    Value adding
    Risks are addressed
    Fits the corporate culture
    Compatible with users of the company
    Compatible with the technical architecture of the company
    External factors are considered
    Sufficient support with appropriate resources
    Monitored with appropriate performance metrics
    Source: ISACA – Securing Mobile Devices
  • 39. Proven Frameworks (COBIT)
    Implementation is aligned with corporate strategy and objectives
    Value adding
    Risks are addressed
    Fits the corporate culture
    Compatible with users of the company
    Compatible with the technical architecture of the company
    External factors are considered
    Sufficient support with appropriate resources
    Monitored with appropriate performance metrics
    Source: ISACA – Securing Mobile Devices
  • 40. Proven Frameworks (COBIT)
    Implementation is aligned with corporate strategy and objectives
    Value adding
    Risks are addressed
    Fits the corporate culture
    Compatible with users of the company
    Compatible with the technical architecture of the company
    External factors are considered
    Sufficient support with appropriate resources
    Monitored with appropriate performance metrics
    Source: ISACA – Securing Mobile Devices
  • 41. Proven Frameworks (COBIT)
    Implementation is aligned with corporate strategy and objectives
    Value adding
    Risks are addressed
    Fits the corporate culture
    Compatible with users of the company
    Compatible with the technical architecture of the company
    External factors are considered
    Sufficient support with appropriate resources
    Monitored with appropriate performance metrics
    Source: ISACA – Securing Mobile Devices
  • 42. Implications – Chartered Accountants (CAs)
    CAs assess internal controls to determine the appropriate audit approach.
    Mobile devices pose risks to internal controls failing to achieve:
    Reliability on financial reporting
    Efficiency and effectiveness of its operations
    Compliance with laws and regulations
  • 43. Implications – Chartered Accountants
    Procedures:
    Ensure that mobile device management software is running the latest approved software and patches
    Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.
    Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device
    Evaluate the use of security monitoring software and processes
    Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.
    Evaluate procedures in place for tracking end user trouble tickets
    Ensure that appropriate security policies are in place for your mobile devices
    Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen
    Evaluate whether effective change management processes exist
    Source: Davis, C., & Schiller, M.
  • 44. Implications – Chartered Accountants
    Procedures:
    Ensure that mobile device management software is running the latest approved software and patches
    Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.
    Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device
    Evaluate the use of security monitoring software and processes
    Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.
    Evaluate procedures in place for tracking end user trouble tickets
    Ensure that appropriate security policies are in place for your mobile devices
    Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen
    Evaluate whether effective change management processes exist
    Source: Davis, C., & Schiller, M.
  • 45. Implications – Chartered Accountants
    Procedures:
    Ensure that mobile device management software is running the latest approved software and patches
    Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.
    Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device
    Evaluate the use of security monitoring software and processes
    Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.
    Evaluate procedures in place for tracking end user trouble tickets
    Ensure that appropriate security policies are in place for your mobile devices
    Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen
    Evaluate whether effective change management processes exist
    Source: Davis, C., & Schiller, M.
  • 46. Implications – Chartered Accountants
    Procedures:
    Ensure that mobile device management software is running the latest approved software and patches
    Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.
    Evaluate the use of security monitoring software and processes
    Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.
    Evaluate procedures in place for tracking end user trouble tickets
    Ensure that appropriate security policies are in place for your mobile devices
    Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen
    Evaluate whether effective change management processes exist
    • Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device
    Source: Davis, C., & Schiller, M.
  • 47. Implications – Chartered Accountants
    Procedures:
    Ensure that mobile device management software is running the latest approved software and patches
    Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.
    Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device
    Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.
    Evaluate procedures in place for tracking end user trouble tickets
    Ensure that appropriate security policies are in place for your mobile devices
    Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen
    Evaluate whether effective change management processes exist
    • Evaluate the use of security monitoring software and processes
    Source: Davis, C., & Schiller, M.
  • 48. Implications – Chartered Accountants
    Procedures:
    Ensure that mobile device management software is running the latest approved software and patches
    Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.
    Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device
    Evaluate the use of security monitoring software and processes
    Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.
    Evaluate procedures in place for tracking end user trouble tickets
    Ensure that appropriate security policies are in place for your mobile devices
    Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen
    Evaluate whether effective change management processes exist
    Source: Davis, C., & Schiller, M.
  • 49. Implications – Chartered Accountants
    Procedures:
    Ensure that mobile device management software is running the latest approved software and patches
    Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.
    Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device
    Evaluate the use of security monitoring software and processes
    Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.
    Evaluate procedures in place for tracking end user trouble tickets
    Ensure that appropriate security policies are in place for your mobile devices
    Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen
    Evaluate whether effective change management processes exist
    Source: Davis, C., & Schiller, M.
  • 50. Implications – Chartered Accountants
    Procedures:
    Ensure that mobile device management software is running the latest approved software and patches
    Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.
    Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device
    Evaluate the use of security monitoring software and processes
    Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.
    Evaluate procedures in place for tracking end user trouble tickets
    Ensure that appropriate security policies are in place for your mobile devices
    Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen
    Evaluate whether effective change management processes exist
    Source: Davis, C., & Schiller, M.
  • 51. Implications – Chartered Accountants
    Procedures:
    Ensure that mobile device management software is running the latest approved software and patches
    Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.
    Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device
    Evaluate the use of security monitoring software and processes
    Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.
    Evaluate procedures in place for tracking end user trouble tickets
    Ensure that appropriate security policies are in place for your mobile devices
    Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen
    Evaluate whether effective change management processes exist
    Source: Davis, C., & Schiller, M.
  • 52. Implications – Chartered Accountants
    Procedures:
    Ensure that mobile device management software is running the latest approved software and patches
    Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.
    Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device
    Evaluate the use of security monitoring software and processes
    Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.
    Evaluate procedures in place for tracking end user trouble tickets
    Ensure that appropriate security policies are in place for your mobile devices
    Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen
    • Evaluate whether effective change management processes exist
    Source: Davis, C., & Schiller, M.
  • 53. Implications – Chartered Accountants (CAs)
    Consider the following items when confirming operational efficiency:
    Policy
    Antivirus updates
    Encryption
    Secure transmission
    Device management
    Access control
    Awareness training
    Risk
  • 54. Implications – Chartered Accountants (CAs)
    Consider the following items when confirming operational efficiency:
    Policy
    Antivirus updates
    Encryption
    Secure transmission
    Device management
    Access control
    Awareness training
    Risk
  • 55. Implications – Chartered Accountants (CAs)
    Consider the following items when confirming operational efficiency:
    Policy
    Antivirus updates
    Encryption
    Secure transmission
    Device management
    Access control
    Awareness training
    Risk
  • 56. Implications – Chartered Accountants (CAs)
    Consider the following items when confirming operational efficiency:
    Policy
    Antivirus updates
    Encryption
    Secure transmission
    Device management
    Access control
    Awareness training
    Risk
  • 57. Implications – Chartered Accountants (CAs)
    Consider the following items when confirming operational efficiency:
    Policy
    Antivirus updates
    Encryption
    Secure transmission
    Device management
    Access control
    Awareness training
    Risk
  • 58. Implications – Chartered Accountants (CAs)
    Consider the following items when confirming operational efficiency:
    Policy
    Antivirus updates
    Encryption
    Secure transmission
    Device management
    Access control
    Awareness training
    Risk
  • 59. Implications – Chartered Accountants (CAs)
    Consider the following items when confirming operational efficiency:
    Policy
    Antivirus updates
    Encryption
    Secure transmission
    Device management
    Access control
    Awareness training
    Risk
  • 60. Implications – Chartered Accountants (CAs)
    Consider the following items when confirming operational efficiency:
    Policy
    Antivirus updates
    Encryption
    Secure transmission
    Device management
    Access control
    Awareness training
    Risk
  • 61. Implications – Chartered Accountants (CAs)
    Consider the following items when confirming operational efficiency:
    Policy
    Antivirus updates
    Encryption
    Secure transmission
    Device management
    Access control
    Awareness training
    Risk
  • 62. Conclusion
    Mobile devices has definitely enhanced availability, productivity, and efficiency of business processes.
    However, the device and its data can be lost, corrupted, damaged, or stolen which may do harm to the exact items it was originally enhancing.
    Many executives recognize there is a risk associated with these devices, but do not implement sufficient controls to mitigate the risks.
    Recommendation:
    Develop a strategy to manage mobile devices
    Develop policies to support the strategy
    Use proven frameworks to assess IT technology when using or introducing new devices
  • 63. References
    All music used were attained from: http://www.partnersinrhyme.com/pir/free_music_loops.shtml
    AICPA. (2011, February 15). Surging Business Use of Mobile Devices is Top Business IT Challenge; AICPA Survey. Retrieved May 5, 2011, from AICPA: http://www.aicpa.org/PRESS/PRESSRELEASES/2011/Pages/2011TopTechnologySurvey.aspx
    Blank, P. (2010, July 2). Compliance concerns delay banks introducing iPhone trading. Retrieved May 5, 2011, from Finextra: http://www.finextra.com/community/fullblog.aspx?blogid=4236
    Brenner, B. (2006, October 20). Infected iPods a threat to corporate networks. Retrieved May 5, 2011, from SearchSecurityChannel.com: http://searchsecurity.techtarget.com/news/1225559/Infected-iPods-a-threat-to-corporate-networks
    Cobb, M. (2009, January 8). Can USB compromise the security of an embedded mobile device? Retrieved May 5, 2011, from SearchSecurity.com: http://searchsecurity.techtarget.com/answer/Can-USB-compromise-the-security-of-an-embedded-mobile-device
    Computer Security Update. (2007, January 1). Mobile Devices Expose Firms to Compliance/Security Risks. Computer Security Update: Vol. 8. Issue. 1.
    COSO. (n.d.). Internal Control - Integrated Framework. Retrieved June 30, 2011, from COSO.org: http://www.coso.org/IC-IntegratedFramework-summary.htm
    Davis, C., & Schiller, M. (2011, April 12). 10 Steps for Auditing Mobile Computing Security. Retrieved May 5, 2011, from Enterprise Systems: http://esj.com/Articles/2011/04/12/IT-Auditing-Mobile-Security.aspx?p=1
    Expert Names Top 10 Audit Issues of 2009. (2009). Retrieved May 5, 2011, from InternetNews.com: http://www.internetnews.com/government/article.php/3819156/Expert-Names-Top-10-Audit-Issues-of-2009.htm
    Fell, J. (2011, April 19). Mobile devices and the law: What are the legal issues? Retrieved May 5, 2011, from computing.co.uk: http://www.computing.co.uk/ctg/feature/2044628/mobile-devices-law
  • 64. References
    Gupta, U. (2011, June 6). How Effective are Mobile Security Policies? Retrieved June 8, 2011, from Bank Info Security: http://blogs.bankinfosecurity.asia/posts.php?postID=967
    Hernacki, B. (2006). Improving Bluetooth Security: What IT Managers and Mobile Device Users Can do. Information Security Journal. Vol 15. Issue 4. , 39-42.
    ISACA. (n.d.). COBIT - IT Governance Framework. Retrieved June 30, 2011, from ISACA: http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx
    ISACA. (2011, June 1). ISACA Survey: IT Leaders in India Believe Mobile Devices Pose Serious Risk to Enterprises. Retrieved June 7, 2011, from Asia Pulse Pty Ltd.: http://proquest.umi.com.proxy.lib.uwaterloo.ca/pqdweb?index=5&did=2363825061&SrchMode=2&sid=2&Fmt=3&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1307655836&clientId=16746
    ISACA. (2010). Securing Mobile Devices. An ISACA Emerging Technology White Paper , 1-10.
    Juniper Networks. (2011, January). Mobile Device Security - Emerging Threats, Essential Strategies: Key Capabilities for Safeguarding Mobile Devices and Corporate Assets. Retrieved May 5, 2011, from Juniper Networks: http://www.juniper.net/us/en/local/pdf/whitepapers/2000372-en.pdf
    Levick, R. S. (2011, May 3). Sony's Cyberattack and How Companies Fail in Data Security. Retrieved May 5, 2011, from FastCompany.com: http://www.fastcompany.com/1751318/directors-are-disengaged-on-data-security
    Parizo, E. (2008, April 7). HP: Would you like some malware with your server? Retrieved May 5, 2011, from IT Knowledge Exchange: http://itknowledgeexchange.techtarget.com/security-bytes/hp-would-you-like-some-malware-with-your-server/
    Vijayan, J. (2011, March 29). BP employee loses laptop containing data on 13,000 oil spill claimants. Retrieved May 5, 2011, from ComputerWorld: http://www.computerworld.com/s/article/9215316/BP_employee_loses_laptop_containing_data_on_13_000_oil_spill_claimants
    White, M. (2010, June 30). Drunk oil trader banned and fined. Retrieved May 5, 2011, from finextra: http://www.finextra.com/news/fullstory.aspx?newsitemid=21554