As with any audit, standard procedures need to be considered. Ideally, these basic processes will follow the model of other audit procedures already in place. There will always be some variation — different systems have different functions and require measuring different metrics. But there should be some connective thread that runs through how you capture audit data, process it, report your findings and list corrective steps that need to be taken based on the results. An MDM audit will obviously focus on different things than a server or network security audit, but all three should come from the same basic template.
As you consider the scope of an audit and its processes, make notes of the specific questions you need to answer and the data points you need to answer them. If this is your first MDM audit, brainstorming areas of importance and looking to outside resources such as your MDM (and related service) vendor can help define exactly what you need to ask. Be sure to consider each idea carefully to see whether it’s really significant or simply mission creep.
If you’ve performed MDM audits in the past, you’ll want to review whether they captured the relevant information or let things fall between the cracks. And even if past audits went well, remember the mobile landscape and threat environment changes quickly. So you’ll need to account for any major changes — such as the recent proliferation of generative AI — since your last audit and decide whether your previous scope needs to be adjusted.
This story originally appeared on Computerworld