Educause Security Discussion mailing list archives
Re: Smartphone Policies.
From: "Plesco, Todd" <tplesco () CHAPMAN EDU>
Date: Mon, 27 Apr 2009 10:29:04 -0700
Great question, Matt. My recommendation would be to develop a "Mobile Device Usage" policy/procedure. Within that, you would address whether encryption and model/brand is a requirement. Also, what may/may not reside in memory storage on the device and for what purpose the device may be used. Then, require that the acquisition of such devices needs a form (you designed) be signed by the supervisor and submitted to HR to be stored with their regular non-disclosure agreement which you have them sign after their annual awareness training. (Lots of assumptions about the extent of your security practices on my part, of course.) ;) Best, Todd A. Plesco CISM, CBCP Chapman University, Director of Information Security One University Drive, Orange, CA 92866 Phone: (714) 744-7979/Fax: (714) 744-7041 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Matthew Gracie Sent: Monday, April 27, 2009 10:09 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Smartphone Policies. Long ago, perhaps back in the Pleistocene, a phone could be trusted to make and receive phone calls and otherwise leave well enough alone. Now, of course, with iPhones and Blackberries everywhere, people want to read their mail, check their calendars, and otherwise manipulate College data using their handheld devices. Like many places, I'm sure, we've been lax in addressing this, so we've got departments going off on their own, buying random products, and then asking ITS to make them work. Does anyone have some sage advice -- or even better, written policies -- for containing this? Have you standardized on a particular phone OS, manufacturer, model, etc.?
From almost any perspective -- security, warranty, support, inventory
control -- we need to get a handle on this. --Matt -- Matt Gracie (716) 888-8378 Information Security Administrator graciem () canisius edu Canisius College ITS Buffalo, NY http://www2.canisius.edu/~graciem/graciem_public_key.gpg
Current thread:
- Smartphone Policies. Matthew Gracie (Apr 27)
- <Possible follow-ups>
- Re: Smartphone Policies. Plesco, Todd (Apr 27)
- Re: Smartphone Policies. Tupker, Mike (Apr 27)
- Re: Smartphone Policies. Leon DuPree (Apr 27)
- Re: Smartphone Policies. Maloney, Michael (Apr 27)
- Re: Smartphone Policies. Cal Frye (Apr 27)
- Re: Smartphone Policies. Cal Frye (Apr 27)
- Re: Smartphone Policies. Adam Stone (Apr 27)
- Re: Smartphone Policies. Caroline Couture (Apr 27)
- Re: Smartphone Policies. Connie Sadler (May 14)
- Re: Smartphone Policies. Chris Green (May 14)
- Re: Smartphone Policies. Adam Carlson (May 15)