It's been a tough week for mobile phones. First the World Health Organization declared them to be "possible carcinogens," and now ISACA says they constitute a corporation's biggest security risk when employees supply them themselves. 

For 58 percent of the companies recently surveyed by ISACA, iPhones, iPads and other mobile devices represent the greatest risk to their organization. The survey showed that organizations are aware of the risks that user-supplied devices pose, with 44 percent acknowledging that data is stored on them insecurely, reports Tim Greene at Network World.

Information security professionals appear to be unsure how to approach the proliferation of personal devices, however. For 37 percent, the risks are greater than the benefits, and for just 27 percent the benefits are greater than the risks. 36 percent of those surveyed said that the risks and benefits are equal.

One of the main problems is that the prevalence of the gear has outpaced security professionals' ability to agree on best practices, said John Pironti, president of IP Architects, who advised ISACA in developing the survey. IT professionals seem to be split on the best approach toward security. When it comes to employees downloading apps on their devices, for example, 42 percent allow it and 46 percent ban it.

Security professionals also disagree over how much control organizations should wield over employees' personal devices. The survey found that 13 percent try to control all features, 10 percent have no policy at all, 15 percent require encryption and 22 percent exert limited control.

For more:
- see Tim Greene's article at Network World

Related Articles:
How much does mobile encryption help?
Pepperdine University's defense against the onslaught of devices
Android could cause problems in the enterprise
Security vendor: Mobile users more vulnerable to phishing scams