Mobile Devices: Control Issues<br />Thomas TszWai Au<br />
Definition of Mobile Devices<br />Mobile phones with computer-like functionality or smartphones<br />Laptops, netbooks, ta...
Definition of Mobile Devices<br />Mobile phones with computer-like functionality or smartphones<br />Laptops, netbooks, ta...
Definition of Mobile Devices<br />Mobile phones with computer-like functionality or smartphones<br />Laptops, netbooks, ta...
Definition of Mobile Devices<br />Mobile phones with computer-like functionality or smartphones<br />Laptops, netbooks, ta...
Definition of Mobile Devices<br />Mobile phones with computer-like functionality or smartphones<br />Laptops, netbooks, ta...
Definition of Mobile Devices<br />Mobile phones with computer-like functionality or smartphones<br />Laptops, netbooks, ta...
Current Environment<br />Business Performance Management (BPM) Study:<br />25% of all mobile devices used in the organizat...
Current Environment<br />Business Performance Management (BPM) Study:<br />40% of the organizations do not manage mobile d...
Current Environment<br />Business Performance Management (BPM) Study:<br />25% of all mobile devices used in the organizat...
Current Environment<br />Business Performance Management (BPM) Study:<br />25% of all mobile devices used in the organizat...
Current Environment<br />Findings from 22nd AICPA Top Technology Initiative Survey and India Study:<br />90% said the bigg...
Current Environment<br />Findings from 22nd AICPA Top Technology Initiative Survey and India Study:<br />90% said the bigg...
Current Environment<br />Findings from 22nd AICPA Top Technology Initiative Survey and India Study:<br />90% said the bigg...
Current Environment<br />Findings from 22nd AICPA Top Technology Initiative Survey and India Study:<br />90% said the bigg...
Current Environment<br />Findings from 22nd AICPA Top Technology Initiative Survey and India Study:<br />90% said the bigg...
Benefits<br />Increased workforce productivity<br />Improved customer service<br />Improved turnaround times for problem r...
Benefits<br />Increased workforce productivity<br />Improved customer service<br />Improved turnaround times for problem r...
Benefits<br />Increased workforce productivity<br />Improved customer service<br />Improved turnaround times for problem r...
Benefits<br />Increased workforce productivity<br />Improved customer service<br />Response to customer problems and quest...
Benefits<br />Increased workforce productivity<br />Improved customer service<br />Improved turnaround times for problem r...
Benefits<br />Increased workforce productivity<br />Improved customer service<br />Improved turnaround times for problem r...
Benefits<br />Increased workforce productivity<br />Improved customer service<br />Improved turnaround times for problem r...
Benefits<br />Increased workforce productivity<br />Improved customer service<br />Improved turnaround times for problem r...
Risks<br />Types of Risks:<br />Financial<br />Financial losses<br />Legal & Regulatory<br />Stolen confidential informati...
Risks<br />Types of Risks:<br />Financial<br />Financial losses<br />Legal & Regulatory<br />Stolen confidential informati...
Risks<br />Types of Risks:<br />Financial<br />Financial losses<br />Legal & Regulatory<br />Stolen confidential informati...
Risks<br />Types of Risks:<br />Financial<br />Financial losses<br />Legal & Regulatory<br />Stolen confidential informati...
Risk Mitigation<br />Update existing or create new mobile device strategies while considering the organizational culture, ...
Mobile Device Strategy<br />Should be tailored to address risks specific to the company.<br />Consider the company’s:<br /...
Mobile Device Policy<br />Define allowable device types<br />Defining the nature of services accessible through the device...
Proven Frameworks (COBIT)<br />Implementation is aligned with corporate strategy and objectives<br />Value adding<br />Ris...
Proven Frameworks (COBIT)<br />Implementation is aligned with corporate strategy and objectives<br />Value adding<br />Ris...
Proven Frameworks (COBIT)<br />Implementation is aligned with corporate strategy and objectives<br />Value adding<br />Ris...
Proven Frameworks (COBIT)<br />Implementation is aligned with corporate strategy and objectives<br />Value adding<br />Ris...
Proven Frameworks (COBIT)<br />Implementation is aligned with corporate strategy and objectives<br />Value adding<br />Ris...
Proven Frameworks (COBIT)<br />Implementation is aligned with corporate strategy and objectives<br />Value adding<br />Ris...
Proven Frameworks (COBIT)<br />Implementation is aligned with corporate strategy and objectives<br />Value adding<br />Ris...
Proven Frameworks (COBIT)<br />Implementation is aligned with corporate strategy and objectives<br />Value adding<br />Ris...
Proven Frameworks (COBIT)<br />Implementation is aligned with corporate strategy and objectives<br />Value adding<br />Ris...
Proven Frameworks (COBIT)<br />Implementation is aligned with corporate strategy and objectives<br />Value adding<br />Ris...
Implications – Chartered Accountants (CAs)<br />CAs assess internal controls to determine the appropriate audit approach.<...
Implications – Chartered Accountants<br />Procedures:<br />Ensure that mobile device management software is running the la...
Implications – Chartered Accountants<br />Procedures:<br />Ensure that mobile device management software is running the la...
Implications – Chartered Accountants<br />Procedures:<br />Ensure that mobile device management software is running the la...
Implications – Chartered Accountants<br />Procedures:<br />Ensure that mobile device management software is running the la...
Implications – Chartered Accountants<br />Procedures:<br />Ensure that mobile device management software is running the la...
Implications – Chartered Accountants<br />Procedures:<br />Ensure that mobile device management software is running the la...
Implications – Chartered Accountants<br />Procedures:<br />Ensure that mobile device management software is running the la...
Implications – Chartered Accountants<br />Procedures:<br />Ensure that mobile device management software is running the la...
Implications – Chartered Accountants<br />Procedures:<br />Ensure that mobile device management software is running the la...
Implications – Chartered Accountants<br />Procedures:<br />Ensure that mobile device management software is running the la...
Implications – Chartered Accountants (CAs)<br />Consider the following items when confirming operational efficiency:<br />...
Implications – Chartered Accountants (CAs)<br />Consider the following items when confirming operational efficiency:<br />...
Implications – Chartered Accountants (CAs)<br />Consider the following items when confirming operational efficiency:<br />...
Implications – Chartered Accountants (CAs)<br />Consider the following items when confirming operational efficiency:<br />...
Implications – Chartered Accountants (CAs)<br />Consider the following items when confirming operational efficiency:<br />...
Implications – Chartered Accountants (CAs)<br />Consider the following items when confirming operational efficiency:<br />...
Implications – Chartered Accountants (CAs)<br />Consider the following items when confirming operational efficiency:<br />...
Implications – Chartered Accountants (CAs)<br />Consider the following items when confirming operational efficiency:<br />...
Implications – Chartered Accountants (CAs)<br />Consider the following items when confirming operational efficiency:<br />...
Conclusion<br />Mobile devices has definitely enhanced availability, productivity, and efficiency of business processes. <...
References<br />All music  used were attained from: http://www.partnersinrhyme.com/pir/free_music_loops.shtml<br />AICPA. ...
References<br />Gupta, U. (2011, June 6). How Effective are Mobile Security Policies? Retrieved June 8, 2011, from Bank In...
IT Mobile Devices and Control Issues
Upcoming SlideShare
Loading in...5
×

IT Mobile Devices and Control Issues

1,372

Published on

Published in: Education, Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,372
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

IT Mobile Devices and Control Issues

  1. 1. Mobile Devices: Control Issues<br />Thomas TszWai Au<br />
  2. 2. Definition of Mobile Devices<br />Mobile phones with computer-like functionality or smartphones<br />Laptops, netbooks, tablet computers<br />Portable digital assistants (PDAs)<br />Portable universal serial bus (USB) devices for storage and for connectivity<br />Radio frequency identification (RFID) devices for data storage, identification and asset management<br />Infrared-enabled (IrDA) devices<br />
  3. 3. Definition of Mobile Devices<br />Mobile phones with computer-like functionality or smartphones<br />Laptops, netbooks, tablet computers<br />Portable digital assistants (PDAs)<br />Portable universal serial bus (USB) devices for storage and for connectivity<br />Radio frequency identification (RFID) devices for data storage, identification and asset management<br />Infrared-enabled (IrDA) devices<br />
  4. 4. Definition of Mobile Devices<br />Mobile phones with computer-like functionality or smartphones<br />Laptops, netbooks, tablet computers<br />Portable digital assistants (PDAs)<br />Portable universal serial bus (USB) devices for storage and for connectivity<br />Radio frequency identification (RFID) devices for data storage, identification and asset management<br />Infrared-enabled (IrDA) devices<br />
  5. 5. Definition of Mobile Devices<br />Mobile phones with computer-like functionality or smartphones<br />Laptops, netbooks, tablet computers<br />Portable digital assistants (PDAs)<br />Portable universal serial bus (USB) devices for storage and for connectivity<br />Radio frequency identification (RFID) devices for data storage, identification and asset management<br />Infrared-enabled (IrDA) devices<br />
  6. 6. Definition of Mobile Devices<br />Mobile phones with computer-like functionality or smartphones<br />Laptops, netbooks, tablet computers<br />Portable digital assistants (PDAs)<br />Radio frequency identification (RFID) devices for data storage, identification and asset management<br />Infrared-enabled (IrDA) devices<br /><ul><li>Portable universal serial bus (USB) devices for storage and for connectivity</li></li></ul><li>Definition of Mobile Devices<br />Mobile phones with computer-like functionality or smartphones<br />Laptops, netbooks, tablet computers<br />Portable digital assistants (PDAs)<br />Portable universal serial bus (USB) devices for storage and for connectivity<br />Radio frequency identification (RFID) devices for data storage, identification and asset management<br />Infrared-enabled (IrDA) devices<br />
  7. 7. Definition of Mobile Devices<br />Mobile phones with computer-like functionality or smartphones<br />Laptops, netbooks, tablet computers<br />Portable digital assistants (PDAs)<br />Portable universal serial bus (USB) devices for storage and for connectivity<br />Radio frequency identification (RFID) devices for data storage, identification and asset management<br />Infrared-enabled (IrDA) devices<br />
  8. 8. Current Environment<br />Business Performance Management (BPM) Study:<br />25% of all mobile devices used in the organizations are contain vital applications and information<br />40% of the organizations do not manage mobile data tracking, backup, and archiving for regulatory purposes<br />Only 32.4% of small businesses ($100 million in revenue and under) implement formal mobile compliance policies<br />Source: Refer to references<br />
  9. 9. Current Environment<br />Business Performance Management (BPM) Study:<br />40% of the organizations do not manage mobile data tracking, backup, and archiving for regulatory purposes<br />Only 32.4% of small businesses ($100 million in revenue and under) implement formal mobile compliance policies<br /><ul><li>25% of all mobile devices used in the organizations are contain vital applications and information</li></ul>Source: Refer to references<br />
  10. 10. Current Environment<br />Business Performance Management (BPM) Study:<br />25% of all mobile devices used in the organizations are contain vital applications and information<br />Only 32.4% of small businesses ($100 million in revenue and under) implement formal mobile compliance policies<br /><ul><li>40% of the organizations do not manage mobile data tracking, backup, and archiving for regulatory purposes</li></ul>Source: Refer to references<br />
  11. 11. Current Environment<br />Business Performance Management (BPM) Study:<br />25% of all mobile devices used in the organizations are contain vital applications and information<br />40% of the organizations do not manage mobile data tracking, backup, and archiving for regulatory purposes<br />Only 32.4% of small businesses ($100 million in revenue and under) implement formal mobile compliance policies<br />Source: Refer to references<br />
  12. 12. Current Environment<br />Findings from 22nd AICPA Top Technology Initiative Survey and India Study:<br />90% said the biggest challenge confronting IT professionals is the control and use of mobile devices<br />No companies reported that improving data security is among their board’s top three priorities<br />6% said they have an IT or data security committee<br />47% said they have a Chief Information Security Officer<br />50% have not implemented policies or systems to mitigate the threat<br />Source: Refer to references<br />
  13. 13. Current Environment<br />Findings from 22nd AICPA Top Technology Initiative Survey and India Study:<br />90% said the biggest challenge confronting IT professionals is the control and use of mobile devices<br />6% said they have an IT or data security committee<br />47% said they have a Chief Information Security Officer<br />50% have not implemented policies or systems to mitigate the threat<br /><ul><li>No companies reported that improving data security is among their board’s top three priorities</li></ul>Source: Refer to references<br />
  14. 14. Current Environment<br />Findings from 22nd AICPA Top Technology Initiative Survey and India Study:<br />90% said the biggest challenge confronting IT professionals is the control and use of mobile devices<br />No companies reported that improving data security is among their board’s top three priorities<br />47% said they have a Chief Information Security Officer<br />50% have not implemented policies or systems to mitigate the threat<br /><ul><li>6% said they have an IT or data security committee</li></ul>Source: Refer to references<br />
  15. 15. Current Environment<br />Findings from 22nd AICPA Top Technology Initiative Survey and India Study:<br />90% said the biggest challenge confronting IT professionals is the control and use of mobile devices<br />No companies reported that improving data security is among their board’s top three priorities<br />6% said they have an IT or data security committee<br />47% said they have a Chief Information Security Officer<br />50% have not implemented policies or systems to mitigate the threat<br />Source: Refer to references<br />
  16. 16. Current Environment<br />Findings from 22nd AICPA Top Technology Initiative Survey and India Study:<br />90% said the biggest challenge confronting IT professionals is the control and use of mobile devices<br />No companies reported that improving data security is among their board’s top three priorities<br />6% said they have an IT or data security committee<br />47% said they have a Chief Information Security Officer<br /><ul><li>50% have not implemented policies or systems to mitigate the threat</li></ul>Source: Refer to references<br />
  17. 17. Benefits<br />Increased workforce productivity<br />Improved customer service<br />Improved turnaround times for problem resolutions<br />Response to customer problems and questions<br />Increased business process efficiency<br />Improved employee security and safety<br />Improved employee retention<br />Source: ISACA – Securing Mobile Devices<br />
  18. 18. Benefits<br />Increased workforce productivity<br />Improved customer service<br />Improved turnaround times for problem resolutions<br />Response to customer problems and questions<br />Increased business process efficiency<br />Improved employee security and safety<br />Improved employee retention<br />Source: ISACA – Securing Mobile Devices<br />
  19. 19. Benefits<br />Increased workforce productivity<br />Improved customer service<br />Improved turnaround times for problem resolutions<br />Response to customer problems and questions<br />Increased business process efficiency<br />Improved employee security and safety<br />Improved employee retention<br />Source: ISACA – Securing Mobile Devices<br />
  20. 20. Benefits<br />Increased workforce productivity<br />Improved customer service<br />Response to customer problems and questions<br />Increased business process efficiency<br />Improved employee security and safety<br />Improved employee retention<br /><ul><li>Improved turnaround times for problem resolutions</li></ul>Source: ISACA – Securing Mobile Devices<br />
  21. 21. Benefits<br />Increased workforce productivity<br />Improved customer service<br />Improved turnaround times for problem resolutions<br />Response to customer problems and questions<br />Increased business process efficiency<br />Improved employee security and safety<br />Improved employee retention<br />Source: ISACA – Securing Mobile Devices<br />
  22. 22. Benefits<br />Increased workforce productivity<br />Improved customer service<br />Improved turnaround times for problem resolutions<br />Response to customer problems and questions<br />Improved employee security and safety<br />Improved employee retention<br /><ul><li>Increased business process efficiency</li></ul>Source: ISACA – Securing Mobile Devices<br />
  23. 23. Benefits<br />Increased workforce productivity<br />Improved customer service<br />Improved turnaround times for problem resolutions<br />Response to customer problems and questions<br />Increased business process efficiency<br />Improved employee retention<br /><ul><li>Improved employee security and safety</li></ul>Source: ISACA – Securing Mobile Devices<br />
  24. 24. Benefits<br />Increased workforce productivity<br />Improved customer service<br />Improved turnaround times for problem resolutions<br />Response to customer problems and questions<br />Increased business process efficiency<br />Improved employee security and safety<br />Improved employee retention<br />Source: ISACA – Securing Mobile Devices<br />
  25. 25. Risks<br />Types of Risks:<br />Financial<br />Financial losses<br />Legal & Regulatory<br />Stolen confidential information<br />Inaccurate reporting<br />Vulnerabilities<br />Loss, theft, and corruption of data or device<br />
  26. 26. Risks<br />Types of Risks:<br />Financial<br />Financial losses<br />Legal & Regulatory<br />Stolen confidential information<br />Inaccurate reporting<br />Vulnerabilities<br />Loss, theft, and corruption of data or device<br />
  27. 27. Risks<br />Types of Risks:<br />Financial<br />Financial losses<br />Legal & Regulatory<br />Stolen confidential information<br />Inaccurate reporting<br />Vulnerabilities<br />Loss, theft, and corruption of data or device<br />
  28. 28. Risks<br />Types of Risks:<br />Financial<br />Financial losses<br />Legal & Regulatory<br />Stolen confidential information<br />Inaccurate reporting<br />Vulnerabilities<br />Loss, theft, and corruption of data or device<br />
  29. 29. Risk Mitigation<br />Update existing or create new mobile device strategies while considering the organizational culture, technology and governance as it will help ensure risks are appropriately accounted for and managed.<br />Establish policies to support the mobile device strategy’s goals while leveraging available technology and mitigating risks.<br />When introducing a mobile device, ensure it fits the corporate strategy and objectives by using a proven framework(i.e. COBIT).<br />Source: ISACA – Securing Mobile Devices<br />
  30. 30. Mobile Device Strategy<br />Should be tailored to address risks specific to the company.<br />Consider the company’s:<br />Technology<br />Culture<br />Governance<br />
  31. 31. Mobile Device Policy<br />Define allowable device types<br />Defining the nature of services accessible through the devices<br />Identifying the way people use the devices<br />Integrating all enterprise-issued devices into an asset management program<br />Describing the authentication and encryption needed on the devices<br />Outlining the tasks for which employees may use the devices and the types of applications that are allowed<br />Clarifying how data should be securely stored and transmitted<br />Simple to implement and support<br />Centrally managed by the company itself<br />Flexible for administering users and devices<br />Focused on hindering loss or theft<br />Auditable in all of its parts<br />Tested and verified in disaster response<br />Attentive to possible external threats<br />Source: ISACA – Securing Mobile Devices<br />
  32. 32. Proven Frameworks (COBIT)<br />Implementation is aligned with corporate strategy and objectives<br />Value adding<br />Risks are addressed<br />Fits the corporate culture<br />Compatible with users of the company<br />Compatible with the technical architecture of the company<br />External factors are considered<br />Sufficient support with appropriate resources<br />Monitored with appropriate performance metrics<br />Source: ISACA – Securing Mobile Devices<br />
  33. 33. Proven Frameworks (COBIT)<br />Implementation is aligned with corporate strategy and objectives<br />Value adding<br />Risks are addressed<br />Fits the corporate culture<br />Compatible with users of the company<br />Compatible with the technical architecture of the company<br />External factors are considered<br />Sufficient support with appropriate resources<br />Monitored with appropriate performance metrics<br />Source: ISACA – Securing Mobile Devices<br />
  34. 34. Proven Frameworks (COBIT)<br />Implementation is aligned with corporate strategy and objectives<br />Value adding<br />Risks are addressed<br />Fits the corporate culture<br />Compatible with users of the company<br />Compatible with the technical architecture of the company<br />External factors are considered<br />Sufficient support with appropriate resources<br />Monitored with appropriate performance metrics<br />Source: ISACA – Securing Mobile Devices<br />
  35. 35. Proven Frameworks (COBIT)<br />Implementation is aligned with corporate strategy and objectives<br />Value adding<br />Risks are addressed<br />Fits the corporate culture<br />Compatible with users of the company<br />Compatible with the technical architecture of the company<br />External factors are considered<br />Sufficient support with appropriate resources<br />Monitored with appropriate performance metrics<br />Source: ISACA – Securing Mobile Devices<br />
  36. 36. Proven Frameworks (COBIT)<br />Implementation is aligned with corporate strategy and objectives<br />Value adding<br />Risks are addressed<br />Fits the corporate culture<br />Compatible with users of the company<br />Compatible with the technical architecture of the company<br />External factors are considered<br />Sufficient support with appropriate resources<br />Monitored with appropriate performance metrics<br />Source: ISACA – Securing Mobile Devices<br />
  37. 37. Proven Frameworks (COBIT)<br />Implementation is aligned with corporate strategy and objectives<br />Value adding<br />Risks are addressed<br />Fits the corporate culture<br />Compatible with users of the company<br />Compatible with the technical architecture of the company<br />External factors are considered<br />Sufficient support with appropriate resources<br />Monitored with appropriate performance metrics<br />Source: ISACA – Securing Mobile Devices<br />
  38. 38. Proven Frameworks (COBIT)<br />Implementation is aligned with corporate strategy and objectives<br />Value adding<br />Risks are addressed<br />Fits the corporate culture<br />Compatible with users of the company<br />Compatible with the technical architecture of the company<br />External factors are considered<br />Sufficient support with appropriate resources<br />Monitored with appropriate performance metrics<br />Source: ISACA – Securing Mobile Devices<br />
  39. 39. Proven Frameworks (COBIT)<br />Implementation is aligned with corporate strategy and objectives<br />Value adding<br />Risks are addressed<br />Fits the corporate culture<br />Compatible with users of the company<br />Compatible with the technical architecture of the company<br />External factors are considered<br />Sufficient support with appropriate resources<br />Monitored with appropriate performance metrics<br />Source: ISACA – Securing Mobile Devices<br />
  40. 40. Proven Frameworks (COBIT)<br />Implementation is aligned with corporate strategy and objectives<br />Value adding<br />Risks are addressed<br />Fits the corporate culture<br />Compatible with users of the company<br />Compatible with the technical architecture of the company<br />External factors are considered<br />Sufficient support with appropriate resources<br />Monitored with appropriate performance metrics<br />Source: ISACA – Securing Mobile Devices<br />
  41. 41. Proven Frameworks (COBIT)<br />Implementation is aligned with corporate strategy and objectives<br />Value adding<br />Risks are addressed<br />Fits the corporate culture<br />Compatible with users of the company<br />Compatible with the technical architecture of the company<br />External factors are considered<br />Sufficient support with appropriate resources<br />Monitored with appropriate performance metrics<br />Source: ISACA – Securing Mobile Devices<br />
  42. 42. Implications – Chartered Accountants (CAs)<br />CAs assess internal controls to determine the appropriate audit approach.<br />Mobile devices pose risks to internal controls failing to achieve:<br />Reliability on financial reporting<br />Efficiency and effectiveness of its operations<br />Compliance with laws and regulations<br />
  43. 43. Implications – Chartered Accountants<br />Procedures:<br />Ensure that mobile device management software is running the latest approved software and patches<br />Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.<br />Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device<br />Evaluate the use of security monitoring software and processes<br />Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.<br />Evaluate procedures in place for tracking end user trouble tickets<br />Ensure that appropriate security policies are in place for your mobile devices<br />Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen<br />Evaluate whether effective change management processes exist<br />Source: Davis, C., & Schiller, M.<br />
  44. 44. Implications – Chartered Accountants<br />Procedures:<br />Ensure that mobile device management software is running the latest approved software and patches<br />Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.<br />Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device<br />Evaluate the use of security monitoring software and processes<br />Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.<br />Evaluate procedures in place for tracking end user trouble tickets<br />Ensure that appropriate security policies are in place for your mobile devices<br />Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen<br />Evaluate whether effective change management processes exist<br />Source: Davis, C., & Schiller, M.<br />
  45. 45. Implications – Chartered Accountants<br />Procedures:<br />Ensure that mobile device management software is running the latest approved software and patches<br />Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.<br />Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device<br />Evaluate the use of security monitoring software and processes<br />Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.<br />Evaluate procedures in place for tracking end user trouble tickets<br />Ensure that appropriate security policies are in place for your mobile devices<br />Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen<br />Evaluate whether effective change management processes exist<br />Source: Davis, C., & Schiller, M.<br />
  46. 46. Implications – Chartered Accountants<br />Procedures:<br />Ensure that mobile device management software is running the latest approved software and patches<br />Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.<br />Evaluate the use of security monitoring software and processes<br />Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.<br />Evaluate procedures in place for tracking end user trouble tickets<br />Ensure that appropriate security policies are in place for your mobile devices<br />Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen<br />Evaluate whether effective change management processes exist<br /><ul><li>Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device</li></ul>Source: Davis, C., & Schiller, M.<br />
  47. 47. Implications – Chartered Accountants<br />Procedures:<br />Ensure that mobile device management software is running the latest approved software and patches<br />Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.<br />Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device<br />Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.<br />Evaluate procedures in place for tracking end user trouble tickets<br />Ensure that appropriate security policies are in place for your mobile devices<br />Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen<br />Evaluate whether effective change management processes exist<br /><ul><li>Evaluate the use of security monitoring software and processes</li></ul>Source: Davis, C., & Schiller, M.<br />
  48. 48. Implications – Chartered Accountants<br />Procedures:<br />Ensure that mobile device management software is running the latest approved software and patches<br />Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.<br />Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device<br />Evaluate the use of security monitoring software and processes<br />Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.<br />Evaluate procedures in place for tracking end user trouble tickets<br />Ensure that appropriate security policies are in place for your mobile devices<br />Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen<br />Evaluate whether effective change management processes exist<br />Source: Davis, C., & Schiller, M.<br />
  49. 49. Implications – Chartered Accountants<br />Procedures:<br />Ensure that mobile device management software is running the latest approved software and patches<br />Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.<br />Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device<br />Evaluate the use of security monitoring software and processes<br />Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.<br />Evaluate procedures in place for tracking end user trouble tickets<br />Ensure that appropriate security policies are in place for your mobile devices<br />Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen<br />Evaluate whether effective change management processes exist<br />Source: Davis, C., & Schiller, M.<br />
  50. 50. Implications – Chartered Accountants<br />Procedures:<br />Ensure that mobile device management software is running the latest approved software and patches<br />Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.<br />Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device<br />Evaluate the use of security monitoring software and processes<br />Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.<br />Evaluate procedures in place for tracking end user trouble tickets<br />Ensure that appropriate security policies are in place for your mobile devices<br />Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen<br />Evaluate whether effective change management processes exist<br />Source: Davis, C., & Schiller, M.<br />
  51. 51. Implications – Chartered Accountants<br />Procedures:<br />Ensure that mobile device management software is running the latest approved software and patches<br />Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.<br />Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device<br />Evaluate the use of security monitoring software and processes<br />Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.<br />Evaluate procedures in place for tracking end user trouble tickets<br />Ensure that appropriate security policies are in place for your mobile devices<br />Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen<br />Evaluate whether effective change management processes exist<br />Source: Davis, C., & Schiller, M.<br />
  52. 52. Implications – Chartered Accountants<br />Procedures:<br />Ensure that mobile device management software is running the latest approved software and patches<br />Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.<br />Determine the effectiveness of device security controls around protecting data when a hacker has physical access to the device<br />Evaluate the use of security monitoring software and processes<br />Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.<br />Evaluate procedures in place for tracking end user trouble tickets<br />Ensure that appropriate security policies are in place for your mobile devices<br />Evaluate the disaster recovery plan in place to restore mobile device access should a disaster happen<br /><ul><li>Evaluate whether effective change management processes exist</li></ul>Source: Davis, C., & Schiller, M.<br />
  53. 53. Implications – Chartered Accountants (CAs)<br />Consider the following items when confirming operational efficiency:<br />Policy<br />Antivirus updates<br />Encryption<br />Secure transmission<br />Device management<br />Access control<br />Awareness training<br />Risk<br />
  54. 54. Implications – Chartered Accountants (CAs)<br />Consider the following items when confirming operational efficiency:<br />Policy<br />Antivirus updates<br />Encryption<br />Secure transmission<br />Device management<br />Access control<br />Awareness training<br />Risk<br />
  55. 55. Implications – Chartered Accountants (CAs)<br />Consider the following items when confirming operational efficiency:<br />Policy<br />Antivirus updates<br />Encryption<br />Secure transmission<br />Device management<br />Access control<br />Awareness training<br />Risk<br />
  56. 56. Implications – Chartered Accountants (CAs)<br />Consider the following items when confirming operational efficiency:<br />Policy<br />Antivirus updates<br />Encryption<br />Secure transmission<br />Device management<br />Access control<br />Awareness training<br />Risk<br />
  57. 57. Implications – Chartered Accountants (CAs)<br />Consider the following items when confirming operational efficiency:<br />Policy<br />Antivirus updates<br />Encryption<br />Secure transmission<br />Device management<br />Access control<br />Awareness training<br />Risk<br />
  58. 58. Implications – Chartered Accountants (CAs)<br />Consider the following items when confirming operational efficiency:<br />Policy<br />Antivirus updates<br />Encryption<br />Secure transmission<br />Device management<br />Access control<br />Awareness training<br />Risk<br />
  59. 59. Implications – Chartered Accountants (CAs)<br />Consider the following items when confirming operational efficiency:<br />Policy<br />Antivirus updates<br />Encryption<br />Secure transmission<br />Device management<br />Access control<br />Awareness training<br />Risk<br />
  60. 60. Implications – Chartered Accountants (CAs)<br />Consider the following items when confirming operational efficiency:<br />Policy<br />Antivirus updates<br />Encryption<br />Secure transmission<br />Device management<br />Access control<br />Awareness training<br />Risk<br />
  61. 61. Implications – Chartered Accountants (CAs)<br />Consider the following items when confirming operational efficiency:<br />Policy<br />Antivirus updates<br />Encryption<br />Secure transmission<br />Device management<br />Access control<br />Awareness training<br />Risk<br />
  62. 62. Conclusion<br />Mobile devices has definitely enhanced availability, productivity, and efficiency of business processes. <br />However, the device and its data can be lost, corrupted, damaged, or stolen which may do harm to the exact items it was originally enhancing. <br />Many executives recognize there is a risk associated with these devices, but do not implement sufficient controls to mitigate the risks. <br />Recommendation:<br />Develop a strategy to manage mobile devices<br />Develop policies to support the strategy<br />Use proven frameworks to assess IT technology when using or introducing new devices<br />
  63. 63. References<br />All music used were attained from: http://www.partnersinrhyme.com/pir/free_music_loops.shtml<br />AICPA. (2011, February 15). Surging Business Use of Mobile Devices is Top Business IT Challenge; AICPA Survey. Retrieved May 5, 2011, from AICPA: http://www.aicpa.org/PRESS/PRESSRELEASES/2011/Pages/2011TopTechnologySurvey.aspx <br />Blank, P. (2010, July 2). Compliance concerns delay banks introducing iPhone trading. Retrieved May 5, 2011, from Finextra: http://www.finextra.com/community/fullblog.aspx?blogid=4236<br />Brenner, B. (2006, October 20). Infected iPods a threat to corporate networks. Retrieved May 5, 2011, from SearchSecurityChannel.com: http://searchsecurity.techtarget.com/news/1225559/Infected-iPods-a-threat-to-corporate-networks<br />Cobb, M. (2009, January 8). Can USB compromise the security of an embedded mobile device? Retrieved May 5, 2011, from SearchSecurity.com: http://searchsecurity.techtarget.com/answer/Can-USB-compromise-the-security-of-an-embedded-mobile-device<br />Computer Security Update. (2007, January 1). Mobile Devices Expose Firms to Compliance/Security Risks. Computer Security Update: Vol. 8. Issue. 1.<br />COSO. (n.d.). Internal Control - Integrated Framework. Retrieved June 30, 2011, from COSO.org: http://www.coso.org/IC-IntegratedFramework-summary.htm<br />Davis, C., & Schiller, M. (2011, April 12). 10 Steps for Auditing Mobile Computing Security. Retrieved May 5, 2011, from Enterprise Systems: http://esj.com/Articles/2011/04/12/IT-Auditing-Mobile-Security.aspx?p=1<br />Expert Names Top 10 Audit Issues of 2009. (2009). Retrieved May 5, 2011, from InternetNews.com: http://www.internetnews.com/government/article.php/3819156/Expert-Names-Top-10-Audit-Issues-of-2009.htm<br />Fell, J. (2011, April 19). Mobile devices and the law: What are the legal issues? Retrieved May 5, 2011, from computing.co.uk: http://www.computing.co.uk/ctg/feature/2044628/mobile-devices-law<br />
  64. 64. References<br />Gupta, U. (2011, June 6). How Effective are Mobile Security Policies? Retrieved June 8, 2011, from Bank Info Security: http://blogs.bankinfosecurity.asia/posts.php?postID=967<br />Hernacki, B. (2006). Improving Bluetooth Security: What IT Managers and Mobile Device Users Can do. Information Security Journal. Vol 15. Issue 4. , 39-42.<br />ISACA. (n.d.). COBIT - IT Governance Framework. Retrieved June 30, 2011, from ISACA: http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx<br />ISACA. (2011, June 1). ISACA Survey: IT Leaders in India Believe Mobile Devices Pose Serious Risk to Enterprises. Retrieved June 7, 2011, from Asia Pulse Pty Ltd.: http://proquest.umi.com.proxy.lib.uwaterloo.ca/pqdweb?index=5&did=2363825061&SrchMode=2&sid=2&Fmt=3&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1307655836&clientId=16746 <br />ISACA. (2010). Securing Mobile Devices. An ISACA Emerging Technology White Paper , 1-10.<br />Juniper Networks. (2011, January). Mobile Device Security - Emerging Threats, Essential Strategies: Key Capabilities for Safeguarding Mobile Devices and Corporate Assets. Retrieved May 5, 2011, from Juniper Networks: http://www.juniper.net/us/en/local/pdf/whitepapers/2000372-en.pdf<br />Levick, R. S. (2011, May 3). Sony's Cyberattack and How Companies Fail in Data Security. Retrieved May 5, 2011, from FastCompany.com: http://www.fastcompany.com/1751318/directors-are-disengaged-on-data-security<br />Parizo, E. (2008, April 7). HP: Would you like some malware with your server? Retrieved May 5, 2011, from IT Knowledge Exchange: http://itknowledgeexchange.techtarget.com/security-bytes/hp-would-you-like-some-malware-with-your-server/<br />Vijayan, J. (2011, March 29). BP employee loses laptop containing data on 13,000 oil spill claimants. Retrieved May 5, 2011, from ComputerWorld: http://www.computerworld.com/s/article/9215316/BP_employee_loses_laptop_containing_data_on_13_000_oil_spill_claimants<br />White, M. (2010, June 30). Drunk oil trader banned and fined. Retrieved May 5, 2011, from finextra: http://www.finextra.com/news/fullstory.aspx?newsitemid=21554<br />

×