Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: smart phones/mobile devices

From: Melissa Muth <muthm () ISC UPENN EDU>
Date: Fri, 5 Mar 2010 09:18:33 -0500
The University of Pennsylvania's policy is here:
http://www.net.isc.upenn.edu/policy/approved/20080407-serverpda.html
While it doesn't distinguish between personally- and University-owned devices, it is limited to server-managed PDAs. A password and encryption are required. Also, the University reserves the right to wipe the device if it's lost or stolen. If a user wishes to get push email, etc., they have to accept that as a term of service. 
http://www.net.isc.upenn.edu/policy/supporting/pda-disclaimer-w-guidelines.html

Melissa

Melissa Muth
Sr. Information Security Analyst
Information Systems & Computing
University of Pennsylvania
muthm () isc upenn edu   215-573-6798

On Mar 3, 2010, at 9:36 AM, Youngquist, Jason R. wrote:
With the increase in smart phones over the last few years (ie. iphones, blackberries, droids, etc) for both professional and personal use, how are other organizations addressing the threat of mobile devices? For example, a person may use their personal smart phone to check their personal email and work email, (which may/may not have sensitive information) and then the phone is lost/stolen. Also, more applications are becoming “web app” enabled and can be accessible from a smart phone.
Viruses/malware haven’t been as prevalent on smart phones (compared to Windows OS) but the threat still exists. Do you suggest/require that anti-virus software be installed on mobile phones? What requiring a password to unlock the phone, or requiring encryption technology?
Finally, if you have a smart phone policy, do you differentiate between personal phones and phones owned by the organization but used by faculty/staff members? 


Thanks.
Jason Youngquist
Information Technology Security Engineer
Technology Services
Columbia College
1001 Rogers Street, Columbia, MO  65216
(573) 875-7334
jryoungquist () ccis edu
http://www.ccis.edu

Attachment: PGP.sig
Description: This is a digitally signed message part

Previous By Date Next
Previous By Thread Next

Current thread: