S T A N D A R D : M O B I L E D E V I C E S

Similar documents
Mobile Device policy Frequently Asked Questions April 2016

a. UTRGV owned, leased or managed computers that fall within the regular UTRGV Computer Security Standard

Trinity Multi Academy Trust

Securing BYOD With Network Access Control, a Case Study

Bring Your Own Device Policy

Procedure: Bring your own device

Remote Access Policy

Client Computing Security Standard (CCSS)

Virginia Commonwealth University School of Medicine Information Security Standard

The University of Texas at El Paso. Information Security Office Minimum Security Standards for Systems

ForeScout Extended Module for VMware AirWatch MDM

University of Alabama at Birmingham MINIMUM SECURITY FOR COMPUTING DEVICES RULE July 2017

Internet, , Social Networking, Mobile Device, and Electronic Communication Policy

Sample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.

BYOD An Interpretive Dance

Subject: Wireless Networking Policy Effective Date: May 2005 Responsible Office: Department of Information Technology _ Responsible Officer:

POLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND. October Table of Contents

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

Personal Communication Devices and Voic Procedure

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY September 20, 2017

Standard mobile phone a mobile device that can make and receive telephone calls, pictures, video, and text messages.

Vulnerability Management Policy

DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL. June 14, 2018

MOTT COMMUNITY COLLEGE. Procedure for Cellular Telephones

POLICY 8200 NETWORK SECURITY

BHIG - Mobile Devices Policy Version 1.0

GM Information Security Controls

Securing Institutional Data in a Mobile World

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY October 25, 2017

October 2016 Issue 07/16

BYOD Policy. Table of Contents

ForeScout Extended Module for MaaS360

DEPARTMENT OF THE NAVY UNITED STATES NAVAL ACADEMY 121 BLAKE ROAD ANNAPOLIS MARYLAND

Information Technology Standards

Cyber Security Program

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) ITS Responsible Use of Telephone, Telecommunications, and Networking Resources ISUPP 2280

Standard for Security of Information Technology Resources

The erosion of the perimeter in higher education. Why IAM is becoming your first line of defence.

Date of Next Review: May Cross References: Electronic Communication Systems- Acceptable Use policy (A.29) Highway Traffic Act

Forescout. eyeextend for VMware AirWatch. Configuration Guide. Version 1.9

2013 InterWorks, Page 1

Section 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016

Summary of FERC Order No. 791

II.C.4. Policy: Southeastern Technical College Computer Use

<Criminal Justice Agency Name> Personally Owned Device Policy. Allowed Personally Owned Device Policy

NOTE: The first appearance of terms in bold in the body of this document (except titles) are defined terms please refer to the Definitions section.

FERPA & Student Data Communication Systems

PCI Compliance Updates

Acceptable Use Policy

Guest Wireless Policy

Juniper Vendor Security Requirements

Virginia Commonwealth University School of Medicine Information Security Standard

Wireless Communication Device Use Policy

10 Hidden IT Risks That Might Threaten Your Business

Changing face of endpoint security

Managing Windows 8.1 Devices with XenMobile

01.0 Policy Responsibilities and Oversight

Technical Vulnerability and Patch Management Policy Document Number: OIL-IS-POL-TVPM

Donor Credit Card Security Policy

Security Awareness, Training, And Education Plan

ISSP Network Security Plan

Centeris Data Centers - Security Procedure. Revision Date: 2/28/2018 Effective Date: 2/28/2018. Site Information

UNIVERSITY OF HOUSTON SYSTEM ADMINISTRATIVE MEMORANDUM. SECTION: Information Technology NUMBER: 07.A.07

Information Security Incident Response and Reporting

Multi-Factor Authentication FAQs

GEORGIA DEPARTMENT OF CORRECTIONS Standard Operating Procedures

ForeScout Extended Module for MobileIron

PENN MANOR SCHOOL DISTRICT

Server Security Procedure

Forescout. eyeextend for IBM MaaS360. Configuration Guide. Version 1.9

CounterACT Afaria MDM Plugin

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

BYOD WORK THE NUTS AND BOLTS OF MAKING. Brent Gatewood, CRM

Name of Policy: Computer Use Policy

Department of Public Health O F S A N F R A N C I S C O

3 rd Party Certification of Compliance with MA: 201 CMR 17.00

I. Policy Statement. University Provided Mobile Device Eligibility Policy Effective Date: October 12, 2018

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

Password Standard Version 2.0 October 2006

BRING YOUR OWN DEVICE: POLICY CONSIDERATIONS

Oracle Data Cloud ( ODC ) Inbound Security Policies

Mobility Policy Bundle

Media Protection Program

Server Hardening Title Author Contributors Date Reviewed By Document Version

RMU-IT-SEC-01 Acceptable Use Policy

Acceptable Use Policy

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Jacksonville State University Acceptable Use Policy 1. Overview 2. Purpose 3. Scope

INFORMATION RESOURCE SECURITY CONFIGURATION AND MANAGEMENT

Table of Contents. Policy Patch Management Version Control

NEOMED OPERATIONAL POLICY

Effective Strategies for Managing Cybersecurity Risks

SPRING-FORD AREA SCHOOL DISTRICT

201 CMR COMPLIANCE CHECKLIST Yes No Reason If No Description

Tangipahoa Parish School System. Bring Your Own Device

HPE Intelligent Management Center

IAM Security & Privacy Policies Scott Bradner

Data Backup and Contingency Planning Procedure

Transcription:

S T A N D A R D : M O B I L E D E V I C E S Contents 1 Purpose... 2 2 Scope... 2 3 Standard... 2 3.1 Lost or Stolen devices... 2 3.2 Administration of Mobile Devices... 2 3.3 Remote Device Wipe... 2 3.4 Jailbroken, Rooted, etc. Devices... 2 3.5 Device Access Security... 3 3.6 Encryption... 3 3.7 Vulnerability Management... 3 3.8 Compliance with State and Federal laws... 3 3.9 Camera-enabled devices... 3 3.10 Ownership of University provided mobile devices... 3 4 Standard review... 3 5 Related Standards, Policies and Processes... 4 6 Revision History... 5 7 Approvals... 5 St. Lawrence University IT Security Page 1

1 Purpose This standard specifies the technical requirements related to mobile devices that utilize the infrastructure and access Sensitive or Protected St. Lawrence University data. 2 Scope St. Lawrence University considers mobile devices to be smart phones, tablets, or other types of highly mobile devices. Laptops are specifically excluded from the scope due to significant differences in security control options. There are two general types of mobile device categories that will impact the applicability of the Standard University owned and BYOD (Bring Your Own Device)/personal devices. Users include any mobile device that is able to connect and make use of the University s sensitive or protected information assets that include, but is not limited to all employees, faculty members, students, contractors, consultants, and approved guests. 3 Standard 3.1 Lost or Stolen devices Contact the IT Help Desk (315.229.5770) and University Safety & Security (315.229.5555) if a device is lost or stolen. 3.2 Administration of Mobile Devices Users of BYOD and university owned devices are responsible for the administration of the devices that they utilize. The IT department will implement the ability to manage university owned devices as the technology is developed and deployed in our institutional infrastructure. 3.3 Remote Device Wipe Users of BYOD and university owned devices are responsible for ensuring that remote wipe of their device is enabled. Remote wipe of specific university protected and sensitive information will be deployed as the technology becomes available. 3.4 Jailbroken, Rooted, etc. Devices Devices that have been modified to bypass security, sideload applications, and/or provide privileged control are prohibited. St. Lawrence University IT Security Page 2

3.5 Device Access Security All devices must enable security measures (PIN, passcode, Biometrics, etc.) that protected the device from unauthorized used. 3.6 Encryption All protected and sensitive data assets accessed on the mobile device must be encrypted. Refer to the St. Lawrence University Data Classification Policy. 3.7 Vulnerability Management Mobile devices must be maintained with the most recent versions of operating system and software/apps as available from carriers, manufacturers, or software vendors. IT will deploy patches and updates to University owned devices as the technology is developed and deployed in our infrastructure. 3.8 Compliance with State and Federal laws Employees who use mobile devices to conduct University business must comply with all State and Federal laws related to those devices. 3.9 Camera-enabled devices Capturing, recording, or transmitting images on a mobile device that may contain sensitive or protected university data is prohibited. 3.10 Ownership of University provided mobile devices University provided mobile devices are institutional assets and are intended for business use. All institution-provided mobile devices and associated telephone numbers are the property of St. Lawrence University. Personal use of university provided mobile devices is not encouraged and use is restricted to the assigned employee with approval from their supervisor. Expenses associated with personal use are the responsibility of the assigned employee. 4 Standard review This document will be reviewed on an annual basis and the results will be documented in the Revision History below. St. Lawrence University reserves the right to update this standard as necessary and all changes will be presented to the Information Technology Committee (ITC) for review. Requests for changes to this policy may be made through the IT HelpDesk and will be directed to the appropriate group for review and inclusion as appropriate. St. Lawrence University IT Security Page 3

5 Related Standards, Policies and Processes St. Lawrence University Mobile Device Policy St. Lawrence University Acceptable Use Policy St. Lawrence University Data Classification Policy St. Lawrence University IT Security Page 4

6 Revision History Version Date Author Revisions/Reviews d.02.00 2015-11-23 Sean Cunningham Original Mobile Device Standard 1.00.00 2015-12-18 Sean Cunningham Updates, added content, updated comments from JS 1.00.01 2016-01-20 Sean Cunningham Update details from JR, RT, SM 1.00.02 2016-01-28 Sean Cunningham Update JS review 1.00.03 2016-02-03 Sean Cunningham Standard review update based on ITC review. 1.00.04 2016-03-09 Sean Cunningham Updates JS review 1.00.04 2016-07-01 Sean Cunningham Effective date 7 Approvals VP for Library and Information Technology Name Sponsor/Caretaker Name Title Title Date Date St. Lawrence University IT Security Page 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback