Abstract
Bring Your Own Device (BYOD) is a practice that has gained increasing popularity in recent years. Now, BYOD is being formally acknowledged and techniques have been developed to fully embrace this phenomenon in the workplace. The purpose of this study is to determine the IT risks that arise when employees are allowed to use their personal mobile devices for work purposes to ensure that customer needs are met, and ultimately, to achieve the organisation’s objectives. It is important to analyse how secure the organisation would be if it decided to adopt BYOD. This is achieved by considering the information security policies that organisations have implemented to mitigate the risks inherent in adopting BYOD. The research question was addressed through qualitative and quantitative methods. Qualitative research was used to obtain secondary data, which involved the investigation of BYOD, its benefits and challenges. Quantitative research was used to evaluate the mobile device policies of the four biggest commercial banks in South Africa through a questionnaire. The questionnaire was based on seven security principles that should be applied according to best practice. The findings indicated that all of the sampled banks had a common understanding of IT risks that could impact the organisation as a result of BYOD. Effective controls were implemented by the banks to address these risks.
M.Com. (Computer Auditing)