Educause Security Discussion mailing list archives
Confidential information and Smartphone Policies ? was RE: Your thougts about smart phone ...
From: James H Moore <jhmfa () RIT EDU>
Date: Thu, 4 May 2006 16:45:58 -0400
We are finalizing a standard that covers PDAs, smart phones, and similar devices. In the Educause archives, we found 3 policies, Georgetown, East Carolina, and Azusa. We fashioned something that is kind of a combination. Does anyone else have standards in the PDA and smart phone area? Can you send me a link, or the document? Are PDAs and Smart phones covered in Data Classification and Handling policies? Thanks for your help. I will summarize to the list. Jim - - - - Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 (585) 475-5406 (office) (585) 475-4122 (lab) (585) 475-7950 (fax) "We will have a chance when we are as efficient at communicating information security best practices, as hackers and criminals are at sharing attack information" - Peter Presidio -----Original Message----- From: Gary Flynn [mailto:flynngn () JMU EDU] Sent: Tuesday, May 02, 2006 9:25 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Your thougts about smart phone access to privileged accounts? What are your thoughts regarding the use of smart phones to access elevated privilege accounts by administrators and other privileged users over a wireless VPN? We're getting requests for such use. Although known incidents with such devices are rare, the technology is new and changing rapidly and I'm not sure that we know enough about the technology, attack points, and how people will use them ( e.g. application downloads, local storage of sensitive data like passwords, etc. ) to perform any kind of accurate, formal risk assessment. Ergo, I lean toward the conservative and would tend to view use of such technology for access to accounts having global access to organizational data premature without a *strong* demonstrated benefit of doing so. Customer service is the benefit being used to justify the access. On the other hand, can they be any worse than using a Windows PC? :) -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Current thread:
- Confidential information and Smartphone Policies ? was RE: Your thougts about smart phone ... James H Moore (May 04)