Information System Audit for Mobile Device Security Assessment

The competency to use mobile devices for work-related tasks gives advantages to the company productiveness and expedites business processes. Thus Bring Your Own Device (BYOD) setting emerge to enable work flexibility and technological compatibility. For management, employees' productivity is important, but they could not jeopardise the security of information and data stored in the corporate network. Securing data and network becomes more complex tasks as it deals with foreign devices, i.e., devices that do not belong to the organisation. With much research focused on pre-implementation and the technical aspects of mobile device usage, post-implementation advancement is receiving less attention. IS audit as one of the post-implementation mechanisms provides performance evaluation of existing IS assets, business operations and process implementation, thus helping management formulating the best strategies in optimising IS practices. This paper discusses the feasibility of IS audit in assessing mobile device security by exploring the risks and vulnerabilities of mobile devices for organisational IS security as well as the perception of Information system management in mobile device security. By analysing related literature, authors pointed out how the references used in the current IS audit research address the mobile device security. This work serves a significant foundation in the future development in mobile device audit.