Mobile Device policy Frequently Asked Questions April 2016

Similar documents
S T A N D A R D : M O B I L E D E V I C E S

Document Title: Electronic Data Protection and Encryption Policy. Revision Date Authors Description of Changes

a. UTRGV owned, leased or managed computers that fall within the regular UTRGV Computer Security Standard

Policies and Procedures Date: February 28, 2012

Information Technology Standards

Gramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

Subject: University Information Technology Resource Security Policy: OUTDATED

Seven Requirements for Successfully Implementing Information Security Policies and Standards

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Virginia Commonwealth University School of Medicine Information Security Standard

Access to University Data Policy

SPRING-FORD AREA SCHOOL DISTRICT

DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL. June 14, 2018

01.0 Policy Responsibilities and Oversight

Mobility Policy Bundle

Red Flags Program. Purpose

Procedure: Bring your own device

UCOP ITS Systemwide CISO Office Systemwide IT Policy. UC Event Logging Standard. Revision History. Date: By: Contact Information: Description:

POLICY 8200 NETWORK SECURITY

Client Computing Security Standard (CCSS)

UCOP ITS Systemwide CISO Office Systemwide IT Policy

Donor Credit Card Security Policy

KSU Policy Category: Information Technology Page 1 of 5

Mobile security: Tips and tricks for securing your iphone, Android and other mobile devices

Internet, , Social Networking, Mobile Device, and Electronic Communication Policy

I. Policy Statement. University Provided Mobile Device Eligibility Policy Effective Date: October 12, 2018

Acceptable Use Policy

Sample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.

Cybersecurity in Higher Ed

The University of Texas at El Paso. Information Security Office Minimum Security Standards for Systems

University of Alabama at Birmingham MINIMUM SECURITY FOR COMPUTING DEVICES RULE July 2017

University of North Texas System Administration Identity Theft Prevention Program

Virginia Commonwealth University School of Medicine Information Security Standard

POLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND. October Table of Contents

GM Information Security Controls

Section 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016

FERPA & Student Data Communication Systems

INFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES

Date of Next Review: May Cross References: Electronic Communication Systems- Acceptable Use policy (A.29) Highway Traffic Act

BHIG - Mobile Devices Policy Version 1.0

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY September 20, 2017

Cyber Security Program

Bring Your Own Device Policy

October 2016 Issue 07/16

II.C.4. Policy: Southeastern Technical College Computer Use

IAM Security & Privacy Policies Scott Bradner

Nebraska State College System Cellular Services Procedures Effective Date June 15, 2012 Updated August 13, 2015

Personal Communication Devices and Voic Procedure

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

Standard for Security of Information Technology Resources

Security Awareness, Training, And Education Plan

Information technology Security techniques Information security controls for the energy utility industry

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications

ITT Technical Institute. IT360 Networking Security I Onsite Course SYLLABUS

Mobile Device Policy. Augusta University Medical Center Policy Library. Policy Owner: Information Technology Support and Services

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY October 25, 2017

Bring Your Own Device Policy

Red Flags/Identity Theft Prevention Policy: Purpose

Securing Institutional Data in a Mobile World

DATA STEWARDSHIP STANDARDS

BYOD WORK THE NUTS AND BOLTS OF MAKING. Brent Gatewood, CRM

UTAH VALLEY UNIVERSITY Policies and Procedures

FDIC InTREx What Documentation Are You Expected to Have?

<Criminal Justice Agency Name> Personally Owned Device Policy. Allowed Personally Owned Device Policy

BRING YOUR OWN DEVICE: POLICY CONSIDERATIONS

IS305 Managing Risk in Information Systems [Onsite and Online]

RUTGERS POLICY. Section Title: Legacy UMDNJ policies associated with Information Technology

Securing BYOD With Network Access Control, a Case Study

Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014

NOTE: The first appearance of terms in bold in the body of this document (except titles) are defined terms please refer to the Definitions section.

Name of Policy: Computer Use Policy

Employee Security Awareness Training Program

Remote Access Policy

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) ITS Responsible Use of Telephone, Telecommunications, and Networking Resources ISUPP 2280

Information Classification & Protection Policy

The Common Controls Framework BY ADOBE

10 Hidden IT Risks That Might Threaten Your Business

User Security and Governance Models. A review and primer presented for. ISACA - Phoenix

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Bring Your Own Device

Credit Card Data Compromise: Incident Response Plan

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

This document is a preview generated by EVS

Document No.: VCSATSP Restricted Data Protection Policy Revision: 4.0. VCSATS Policy Number: VCSATSP Restricted Data Protection Policy

DEPARTMENT OF THE NAVY UNITED STATES NAVAL ACADEMY 121 BLAKE ROAD ANNAPOLIS MARYLAND

Frequently Asked Question Regarding 201 CMR 17.00

Trinity Multi Academy Trust

Department of Public Health O F S A N F R A N C I S C O

Guest Wireless Policy

CIO IT Infrastructure Policy Bundle

Microsoft 365 Business FAQs

Information Security Policy

Mobile Security / Mobile Payments

Wireless Services Allowance Procedure

SECURITY & PRIVACY DOCUMENTATION

Information Technology Security Plan (ITSP)

Data Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Code of practice for information security management

RMU-IT-SEC-01 Acceptable Use Policy

Transcription:

Mobile Device policy Frequently Asked Questions April 2016 In an attempt to help the St. Lawrence University community understand this policy, the following FAQ document was developed by IT in collaboration with the Information Technology Committee (ITC). This policy is required for SLU to inform and protect individuals and the institution since the growth in use of mobile technology is so significant. The requirements of the policy are in line with general best practices for mobile technology. Even though many members of the SLU community will not fall under the scope of the policy, because of how they do and do not use this technology, we encourage everyone to properly protect their information stored and accessed on smartphones and tablets. Q. Do I have to comply with this policy? A. If you need or choose to access or store St. Lawrence University sensitive or protected information on a smartphone or tablet device, that device must comply with this policy. Protected information is that which is outlined in numerous government and industry regulations such as FERPA (Family Educational Rights and Privacy Act), GLBA (Gramm-Leach-Bliley Act), and PCI DSS (Payment Card Industry Data Security Standard). Sensitive information is that which can cause institutional or individual harm but isn t formally protected by law. Common examples of St. Lawrence University protected or sensitive information could include the following: bank information, credit card numbers, social security numbers, and student grades. Q. How do I enable what is needed (mobile wipe, encryption, etc..) for different operating systems? A. The technical aspects of this policy are all capabilities native to the major operating systems used on smartphones and tablets today. If you configure your smartphone or tablet to connect to SLU email then remote wipe and passcode security features are already automatically enabled. Please visit the website for your device s operating system or contact the IT Helpdesk at helpdesk@stlawu.edu or 315-229-5770 for assistance. Q. Could these configuration settings affect any personal content on my device? A. Generally settings like this apply across the device and all data stored on it. So if you ever have to remote wipe the device then any information stored on it is removed including apps, contacts, photos, non SLU email, etc. Making sure to have a data backup mechanism for your device is always wise even if you do not have SLU sensitive or protected data on it. Q. If I have a St. Lawrence University provided tablet have these settings been configured already? A. Not necessarily. You are responsible for ensuring your device complies with this policy if you access or store St. Lawrence University sensitive or protected information on that device. Q. If my device falls within the policy and I get a new phone or tablet, what should I do to make sure the previous phone is cleaned of data? A. You must wipe or factory reset the device before you trade-in, sell, or give away. You can find out how to do this at the website of your device manufacturer or contact the IT Helpdesk at helpdesk@stlawu.edu or 315-229-5770. Q. Who do I contact for questions regarding this policy? A. Please contact the Information Technology Helpdesk at helpdesk@stlawu.edu or 315-229-5770 and they will put you in touch with the most appropriate person for whatever policy or technical question you may have.

POLICY: MOBILE DEVICES DOCUMENT #: EFFECTIVE: CARETAKER: POL-000X XX-XXX-2016 VICE PRESIDENT FOR LIBRARIES AND INFORMATION TECHNOLOGY 1.0 PURPOSE The purpose of this policy is to secure and protect St. Lawrence University information assets that may be accessed and stored on mobile devices. Mobile devices offer great flexibility and improved productivity for employees, but they can also create added risk and potential targets for data loss. This document describes St. Lawrence University s requirements for securing the institution s information on mobile devices. 2.0 SCOPE All employees, students, contractors and consultants must adhere to this policy. This policy applies to all university owned and personal mobile devices with access to St. Lawrence University s information assets classified as sensitive or protected. St. Lawrence University considers mobile devices to be smart phones, tablets, or other types of highly mobile devices. Laptops are specifically excluded from the scope due to significant differences in security control options. 3.0 POLICY St. Lawrence University has established the following requirements for use of mobile devices based on ISO/IEC and NIST documented standards*. 3.1 USER AND TECHNICAL REQUIREMENTS Individuals and their devices accessing St. Lawrence University s information assets classified as sensitive or protected are subject to the St. Lawrence University Mobile Device Standard. The user is responsible for the backup of their own personal data and St. Lawrence University is not responsible for the loss of data. 4.0 ENFORCEMENT The institution may temporarily suspend or block access to any individual or device when it appears necessary to do so in order to protect the integrity, security, or functionality of institution and computer resources. Violations of this policy may result in penalties and disciplinary action in accordance with the Student Handbook, Faculty Handbook and/or rules governing employment at St. Lawrence University. 5.0 EXCEPTIONS Exceptions to the policy may be granted by the Vice President for Library and Information Technology, and/or his/her designee in accordance with the St. Lawrence University Mobile Device Standard.

6.0 REFERENCES St. Lawrence University Mobile Device Standard International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) Joint Technical Committee 1 (JTC 1) / Standardization subcommittee 27 (SC27): IT Security Techniques National Institute of Standards and Technology (NIST) Computer Security Resource Center St. Lawrence University Acceptable Use Policy St. Lawrence University Asset Inventory St. Lawrence University Data Classification Policy St. Lawrence University Data Classification Quick Reference Guide

STANDARD: MOBILE DEVICES PURPOSE This standard specifies the technical requirements related to mobile devices that utilize the infrastructure and access Sensitive or Protected St. Lawrence University data. SCOPE St. Lawrence University considers mobile devices to be smart phones, tablets, or other types of highly mobile devices. Laptops are specifically excluded from the scope due to significant differences in security control options. There are two general types of mobile device categories that will impact the applicability of the Standard University owned and BYOD (Bring Your Own Device)/personal devices. Users include any mobile device that is able to connect and make use of the University s sensitive or protected information assets that include, but is not limited to all employees, faculty members, students, contractors, consultants, and approved guests. STANDARD LOST OR STOLEN DEVICES Contact the IT Help Desk (315.229.5770) and University Safety & Security (315.229.5555) if a device is lost or stolen. ADMINISTRATION OF MOBILE DEVICES Users of BYOD and university owned devices are responsible for the administration of the devices that they utilize. The IT department will implement the ability to manage university owned devices as the technology is developed and deployed in our institutional infrastructure. REMOTE DEVICE WIPE Users of BYOD and university owned devices are responsible for ensuring that remote wipe of their device is enabled. Remote wipe of specific university protected and sensitive information will be deployed as the technology becomes available. JAILBROKEN, ROOTED, ETC. DEVICES Devices that have been modified to bypass security, sideload applications, and/or provide privileged control are prohibited. DEVICE ACCESS SECURITY All devices must enable security measures (PIN, passcode, Biometrics, etc.) that protected the device from unauthorized used. ENCRYPTION All protected and sensitive data assets accessed on the mobile device must be encrypted. Refer to the St. Lawrence University Data Classification Policy. VULNERABILITY MANAGEMENT Mobile devices must be maintained with the most recent versions of operating system and software/apps as available from carriers, manufacturers, or software vendors. IT will deploy patches and updates to University owned devices as the technology is developed and deployed in our infrastructure.

COMPLIANCE WITH STATE AND FEDERAL LAWS Employees who use mobile devices to conduct University business must comply with all State and Federal laws related to those devices. CAMERA-ENABLED DEVICES Capturing, recording, or transmitting images on a mobile device that may contain sensitive or protected university data is prohibited. OWNERSHIP OF UNIVERSITY PROVIDED MOBILE DEVICES University provided mobile devices are institutional assets and are intended for business use. All institution-provided mobile devices and associated telephone numbers are the property of St. Lawrence University. Personal use of university provided mobile devices is not encouraged and use is restricted to the assigned employee with approval from their supervisor. Expenses associated with personal use are the responsibility of the assigned employee. STANDARD REVIEW This document will be reviewed on an annual basis and the results will be documented in the Revision History below. St. Lawrence University reserves the right to update this standard as necessary and all changes will be presented to the Information Technology Committee (ITC) for review. Requests for changes to this policy may be made through the IT HelpDesk and will be directed to the appropriate group for review and inclusion as appropriate. RELATED STANDARDS, POLICIES AND PROCESSES St. Lawrence University Mobile Device Policy St. Lawrence University Acceptable Use Policy St. Lawrence University Data Classification Policy

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback