• No results found

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

COVER SHEET OF POLICY DOCUMENT

Code Number

Policy Document Name Removable Media and Mobile Device Policy

Introduction Removable media and mobile devices are increasingly used to enable information access and transfer.

However removable media and mobile devices are also a high risk for the Service in terms of loss of information, lack of

Corporate access, duplicate work, and potential for attack on CFRS systems. This policy defines how the Service will use removable media and mobile devices while managing information security risks.

Knowledge of this policy will enable

employees to maintain CFRS security and avoid inadvertently breaching information security.

Owner Head of ICT

Last Review Created October 2012

Review Due Date Every 2 years

Version Control/Amend Schedule

4.1

Cross References ICT Acceptable Use policy Information Security policy

Contents Policy statement

Responsibilities Procedures

1. Encryption

2. Protection of media

3. Security of equipment – data 4. Loss of equipment – data 5. Destruction of information 6. Virus control

(2)

BODY OF POLICY DOCUMENT

Policy Document Name: Removable Media and Mobile Device Policy Policy Element

Policy statement

CFRS will use adopt appropriate security practices when using mobile devices and removable media, and will ensure that Service information and associated systems are adequately protected.

Removable media or mobile devices will only be used for information if this method of access or transfer is absolutely necessary, and only if there is an organisational requirement to do so that cannot be met by any other means.

Specific commitments

Mobile media and removable devices must not be used to store data on a permanent basis. All Service data must be stored on the Service network to allow Corporate access and ensure it is backed up automatically by ICT.

This policy will be applied to:

• All information stored on mobile devices, or transferred by, removable media.

• Removable media includes, but is not limited to: - USB sticks

- CDs, DVDs - Floppy disks

- Memory cards (including Compact Flash, Smart Media, Multi Media, Secure Digital Cards, etc)

- External hard drives

- Laptops, tablet PC’s and PDAs - CFRS issued mobile phones

All employees, contractors, temporary staff and employees of other

organisations who directly or indirectly support our ICT services who handle CFRS information will comply with these requirements.

Responsibilities

ICT

ICT will encrypt USB drives and portable devices that will be used for the

storage and transfer of CFRS data. Employees

Employees must only use removable media authorised and purchased through ICT.

IMPORTANT: Personally identifiable or confidential information must only be

copied to or stored on any removable media in line with the Information Security policy.

(3)

advice.

Refer to the Information Security Policy for details.

Failure to adhere to this policy which results in an information security breach may lead to appropriate disciplinary action being taken as defined in the Information Security Policy.

Procedure Element List of Procedures

1. Encryption

2. Protection of media

3. Security of equipment – data 4. Loss of equipment – data 5. Destruction of information 6. Virus control

1. Encryption of media

Laptops - All CFRS issued laptops will have full disk encryption installed as

standard before they’re issued to staff. If you are aware of any device that is not encrypted, please notify the ICT Service Desk as soon as possible.

USB / removable hard drives – Do not store personally identifiable or

confidential information on an unencrypted USB / removable hard drive. These devices should only be used for the transfer of information if they are encrypted and you have the permission of the data owner. They should not be used as a storage or back-up device.

2. Protection of media

You must not store or use removable media or mobile devices as back-up systems for any data. These devices are unreliable for this type of data storage and should only be used for the temporary transport of data. Please do not use this type of device for your primary source of data storage. If for any reason the device becomes corrupted, any data will be unrecoverable. Please contact the ICT Service Desk for advice on long term storage and backups.

3. Security of data

Sufficient care must be taken to ensure that the removable media is secured at all times and any faults with supplied equipment must be reported to the ICT Service Desk immediately. Failure to do so may result in a security breach. Equipment supplied to customers must be used in accordance with CFRS ICT policies.

4. Loss of data

(4)

prosecution under the Data Protection Act and may be subject to disciplinary action.

Report any loss of removable media or mobile device (even if encrypted) as soon as possible to the ICT Service Desk.

5. Destruction of information

Employees are responsible for ensuring that personally identifiable or confidential information is not left on removable media for periods longer than necessary. Information that is no longer required must be promptly deleted from mobile devices or removable media in order to comply with the Data Protection Act.

For further advice on the destruction of confidential information, please contact the Information Manager.

6. Virus control

Employees using removable media should be aware that the data contained on the device may carry a virus or malicious software (malware). When data is copied to a CFRS computer from any removable media, it must be scanned by the anti-virus software on the workstation or laptop.

Please contact the ICT Service Desk on the procedure for manual virus scanning.

All users must maintain virus and malware awareness. Users of laptops are responsible for ensuring their anti-virus updates are maintained on a regular basis by connecting to the network daily if possible.

When a laptop is connected to the CFRS network via a network cable, Wi-Fi or docking station, the anti-virus definitions will update automatically at noon. If you have any concerns or would like advice on keeping your machine up-to-date, please contact the ICT Service Desk.

Guidance Element

USB Devices & Memory Sticks

Frequently asked questions

I’ve received an unencrypted memory stick contain data I need to access, can I use the device?

(5)

I have been given an encrypted USB stick from a trusted source but my computer will not read the device?

Again, ICT are implementing software to only allow authorised devices. You should contact the ICT Service Desk who will be able to open the device for you and retrieve the data.

Does all mobile data need to be encrypted?

References

Download now ( PDF - 5 Page - 35.61 KB )

Related documents

Upon completion, you will be able to:

creditors provide a Loan Estimate in good faith, based on the best information reasonably available to the creditor..  It must be delivered or placed in the mail to

The Effect of Spiritual Care Education on Hospice Nurses’ Competence in the Assessment and Implementation of Spiritual Care with their Patients: A Quasi-experimental Study

These researchers found a significant increase in competence for spiritual care among the intervention group after they received six week education; assessment and implementation

Glucose 5% Intravenous Infusion BP (Viaflo Container)

When a compatible medication is added to the Glucose Intravenous Infusion, the solution must be administered immediately.. Those additives known to be incompatible should not

Arbitration in China: Modern Dispute Resolution in Cultural Clothing

145 If all parties involved in a case are legal persons registered in China, and the dispute involves no foreign element, the award is considered to be a domestic arbitral

Portable, Interoperable Cloud Applications using TOSCA

Composing a TOSCA Service Template for a “SugarCRM” Application using Vnomic’s Service Designer, www.vnomic.com. The SugarCRM application include

Morphology Of Shophouse Facade In Mandonga Kendari

Sampel pada inti nukleus ini dipilih unit ruko yang dianggap mewakili dan dapat mendukung tujuan penelitian yaitu untuk menjelaskan morfologi fasade ruko dan

Assesment of construction planning : maintenance of piping system at Bukit Sekilau Kuantan case study

Year 5 Figure 2.1 Construction project lifecycle 12 Figure 2.2 Risk Management Planning Process 14 Figure 2.3 Probability-impact grid 18 Figure 2.4 Probability and Impacts of Risk

Study on the Economic Contribution of the Software Industry in Lebanon

An analysis of the economic contribution of the software industry examined the effect of software activity on the Lebanese economy by measuring it in terms of output and value