Feedback requested on proposed new policy

Chief Information Technology Officer Karl Kowalski asked Governance leaders for feedback on a proposed mobile device security policy. I had the opportunity to hear a discussion about IT risk analysis during the last Board of Regents meeting. The greatest threat to protecting sensitive information is people transporting and sharing sensitive information on their laptops or mobile devices and being careless about security. He wants to hear back from us by Jan. 15. Please contribute any suggestions, concerns or feedback. Thanks!

Rationale: The proliferation of mobile devices on our campuses utilizing our information resources has necessitated the development of policy regarding use of those devices and protection of University information assets, intellectual property and research.

Kowalski proposes the following policy. Regulation will follow and then guidelines for specific tools and practices for protecting mobile assets.

P02.07.066. Mobile Device Security Policy

University employees and students who use a laptop computer or mobile device (e.g. portable hard drives, USB flash drives, smartphones, tablets) are responsible for the university data stored, processed or transmitted via that computer or mobile device and for following the security requirements set forth in this policy and other applicable Information Resources Policies regardless of whether that device is the property of the university or the individual.

The use of unprotected mobile devices to access or store non-public information is prohibited regardless of whether or not such equipment is owned or managed by the university.

The Chief Information Technology Officer (CITO) is responsible for coordinating with the campuses in the development of consistent measures and business practices for ensuring the security of sensitive data on mobile devices.

Advertisements

1 Comment

Filed under Uncategorized

One response to “Feedback requested on proposed new policy

  1. It is all of our responsibility to be aware of IT and security risks and to play our part in protecting university data and resources. OIT developed a brochure that addresses mobile device security and offers 10 tips on mobile device security. Please take a moment to review these simple best practices — especially if you are using a mobile device for university business or on university networks.
    http://www.alaska.edu/files/oit/services/OITmobilesecurityFINAL.pdf

    Additional information can be accessed through OIT’s Security Standards & Best Practices page:
    http://www.alaska.edu/oit/services/computer-security/standards/index.xml

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s