Educause Security Discussion mailing list archives
Re: Stolen Laptops
From: Ben Woelk <fbwis () RIT EDU>
Date: Thu, 29 Jul 2010 13:10:19 -0400
To be more specific, we're requiring encryption on university owned or leased laptops. We do not require it on personally owned laptops. We discourage use of personally owned laptops to access university information resources, but the responsibility for authorizing use of personal equipment lies with the respective dean or VP. We do require documented technical controls on ALL laptops that access Private or Confidential information. (This information is in our Information Access and Protection Standard--http://security.rit.edu/iap.html) Ben Woelk '07 Policy and Awareness Analyst Information Security Office Rochester Institute of Technology ROS 10-A204 151 Lomb Memorial Drive Rochester, New York 14623 585.475.4122 585.475.7920 fax ben.woelk () rit edu http://security.rit.edu/dsd.html Become a fan of RIT Information Security at http://rit.facebook.com/RITInfosec Follow us on Twitter: http://twitter.com/RIT_InfoSec -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chris Green Sent: Thursday, July 29, 2010 12:02 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Stolen Laptops http://www.educause.edu/sites/default/files/library/presentations/SEC10/SESS11/SPC%2B2010%2Bdisk%2Bencryption%2B-%2Ball.pdf slide 16 is what we did and now do. A big pain point was a lot of personally owned approved devices for work and needing to support encryption on those. There's nothing like bricking an associate dean's brand new "I want to watch movies on a plane and keep up with my UAB work that may include sensitive email" $300 netbook right before a month long trip to France. Don't require it: Expect the edge cases not to do it. Require it: Expect a painful process dealing with edge cases if you don't have a fairly locked down set of hard ware platforms. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of SCHALIP, MICHAEL Sent: Wednesday, July 28, 2010 9:16 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Stolen Laptops Are your institutions "encouraging encryption" on laptops, or "requiring encryption" on laptops? We're moving to Symantec Endpoint Encryption (it was GuardianEdge, but they got bought by Symantec - which is actually good for us, since we use Symantec Altiris, SEP, etc.) and will be doing full disk encryption on any/all non-instructional (student use) laptops..... M -----Original Message-----
Current thread:
- Re: Stolen Laptops, (continued)
- Re: Stolen Laptops Sherry Callahan (Jul 28)
- Re: Stolen Laptops Tonkin, Derek K. (Jul 28)
- Re: Stolen Laptops Ben Woelk (Jul 28)
- Re: Stolen Laptops SCHALIP, MICHAEL (Jul 28)
- Re: Stolen Laptops Ben Woelk (Jul 28)
- Re: Stolen Laptops Joel Rosenblatt (Jul 28)
- Re: Stolen Laptops Russell Fulton (Jul 29)
- Re: Stolen Laptops Beechey, Jim (Jul 29)
- Re: Stolen Laptops Ben Woelk (Jul 28)
- Re: Stolen Laptops Maloney, Michael (Jul 28)
- Re: Stolen Laptops Chris Green (Jul 29)
- Re: Stolen Laptops Ben Woelk (Jul 29)
- Re: Stolen Laptops Kimberly Heimbrock (Jul 29)
- Re: Stolen Laptops Walter Petruska (Jul 29)
- Re: Stolen Laptops Sherry Callahan (Jul 29)
- Re: Stolen Laptops Joel Rosenblatt (Jul 29)
- Re: Stolen Laptops Sherry Callahan (Jul 29)
- Re: Stolen Laptops Chris Green (Jul 31)
- Re: Stolen Laptops Ray McClure (Jul 31)