ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > My First Mobile Device

My First Mobile Device

Ian Cooke, CISA, CRISC, CGEIT, COBIT Assessor and Implementer, CFE, CPTE, DipFM, ITIL Foundation, Six Sigma Green Belt
| Published: 12/4/2017 9:00 AM | Category: Audit-Assurance | Permalink | Email this Post | Comments (2)

Ian CookeI cannot remember the date at all (I think it was some time in the mid- to late ‘90s), but I can most certainly remember getting my first mobile (cell) telephone. The reason I remember it so well is that it was such a traumatic experience!

I was working for a multinational manufacturer on an IT project that involved integrating 2 key applications. My role was obviously considered important enough that I was the first nonmanager in an open plan office to be asked to carry a mobile telephone—literally, no one else in the area had one. It was so embarrassing! Every time the phone rang (with the classic Nokia tune), everybody would stop what they were doing and turn around to watch me answering the telephone. There I would be, holding the phone to my ear with my right hand (my face bright red) while I reached over my head with my left to pull up the aerial to ensure that I got decent reception.

I think that phone was a Nokia 3110. It had enough memory for a phone book of 250 people and records for 10 dialed, 10 received and 10 missed calls.1 It came with 2 batteries, as it had only 1-2 hours of talk time, and it could only connect to a 2G network.

Of course, the real reason I was asked to carry the device was not, not because I was important as I had originally thought, but because I was going to be traveling a lot and the company wanted to make me more productive. Productivity is the very reason that mobile telephones and, indeed, mobile devices have become ubiquitous in the enterprise. But these devices contain a lot more than 250 records. My son recently purchased an iPhone 8 Plus with 250 GB of storage. The loss of such a company-owned device could, therefore, result in data leakage and, ultimately, reputational damage.

I discuss this together with other mobile devices risk in my volume 6, IS Audit Basics column, “Auditing Mobile Devices.” I would be interested to hear your thoughts on this matter.

Read Ian Cooke’s recent Journal article:
IS Audit Basics: Auditing Mobile Devices,” ISACA Journal, volume 6, 2017.

1 GSM Arena, “Nokia 3110,”


Re: My First Mobile Device

When it comes to security, mobile devices that contain sensitive data could put all that data at risk, unless the appropriate controls are in place. Worryingly, many users do not protect their phones with a PIN or password, leaving all the information on the device exposed to anyone who picks it up
PRECIOUS785 at 12/5/2017 4:19 AM

Re: My First Mobile Device

Corporate devices need to be centrally managed. Enforcement of password/pin, encryption, app whitelist should all be part of a baseline security posture. There is no absolute solution but there are some obvious measures that should be taken. The lack of doing so should probably be considered poor cyber hygiene.

BYOD always makes me nervous.
Matthew684 at 12/5/2017 7:29 AM