Educause Security Discussion mailing list archives
Security Breach Laws & Smartphones/Handhelds
From: James H Moore <jhmfa () RIT EDU>
Date: Thu, 15 Sep 2005 12:57:19 -0400
New York state's new security breach law has language in it surrounding the loss of control of a devices with unencrypted personal information on it. How are people approaching things. My reaction is to say 1) No confidential information on the device. But people are using it to receive email, and the assumption by some people at the institute is that since you can use encrypted MAPI and IMAP, then sending confidential information through email to others on campus is OK. The problem is that with smartphones, etc, the people get their email from off campus, often with a server in between. So bottom line is that confidential information to handhelds/smartphones is not regulated in any manner. (But there is a benefit - people can stay in touch better when they are on the road.) 2) If there is confidential information on the smartphone/handheld, then there needs to be: (Based on marketing literature, not experience) a) Anti-virus b) Encryption c) A firewall This is where I need the voice of experience. Does anyone have success with a smartphone/handheld architecture? Will you be willing to share your helpdesk, or awareness, or training materials with RIT? Thanks, Jim - - - - Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 (585) 475-5406 (office) (585) 475-4122 (lab) (585) 475-7950 (fax) ""In the middle of difficulty lies opportunity." Albert Einstein "The release of new internet threats have not created a new problem. It has merely made more urgent the necessity of solving an existing one." Parallels quote by Albert Einstein on atomic energy
Current thread:
- Security Breach Laws & Smartphones/Handhelds James H Moore (Sep 15)