This paper discusses management of security policies for mobile devices. The increasing use of mobile devices in the workplace is covered, as well as new software applications that allow employees to use their mobile devices to increase their productivity. Various risks to businesses arising from compromised mobile devices are discussed. Mobile devices are defined, as are some common attack vectors currently present in most devices. A framework for creating mobile device security policies is discussed, and sample policy language for mobile devices is offered.