Educause Security Discussion mailing list archives
Re: Cell Phone Pin Policy
From: "Patria, Patricia" <PPatria () BENTLEY EDU>
Date: Mon, 19 Jul 2010 08:39:29 -0400
Hi George, We have a policy that requires PINs for all employees that connect to our Blackberry Enterprise Server or Active Sync server. The full policy can be viewed at http://info-privacy.bentley.edu/policy/handheld-device-policy. We don't yet have a hands free policy, but Nick’s points below are very valid and could be incorporated into a policy to reduce your exposure. Patty Patty Patria Chief Information Security Administrator | Bentley University 175 Forest Street, Waltham, MA 02452 |781.891.2364 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Nick Recchia Sent: Friday, July 16, 2010 2:33 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Cell Phone Pin Policy Hi George, 1) We do not have a phone/mobile device pin policy in place; however, I am interested to see who may currently have one in place, or considering such an implementation. 2) Regrading the concern of hands free, etc. In California we already have a law<http://www.dmv.ca.gov/pubs/vctop/d11/vc23123.htm> in-place requiring hands free use while driving. Even when a phone/mobile device is locked, it will allow incoming calls to be answered. If one is planning to use the device to make a call, one can unlock it before starting the car (mount the phone, etc). Configuration settings can also be put in place allowing the phone to stay unlocked for varying time periods (when a phone is not holstered; i.e. Blackberry). Other thoughts? -- Nicholas Recchia Security Administrator University of San Francisco On Fri, Jul 16, 2010 at 10:20 AM, Finney, George <gfinney () mail smu edu<mailto:gfinney () mail smu edu>> wrote: Our University is considering activating a group policy (for those phones recognizing Active Sync policies) to require a PIN before accessing the contents of the phone (including personal phones). First Question: Do any of your schools have a policy in place that requires a pin for smartphones. Second Question: If you do have a cell phone pin policy, does that policy also address how you use your device; i.e. Not using it while driving or using a hands free device while driving. There have been some concerns that requiring a pin may create additional exposure for the University, since drivers may be more distracted while typing in their pins than they otherwise would have been. George Finney, J.D., PMP, CISSP Information Security Officer and Director of Digital Interests Southern Methodist University
Current thread:
- Cell Phone Pin Policy Finney, George (Jul 16)
- Re: Cell Phone Pin Policy Nick Recchia (Jul 16)
- Re: Cell Phone Pin Policy Patria, Patricia (Jul 19)
- Re: Cell Phone Pin Policy Nick Recchia (Jul 16)