Educause Security Discussion mailing list archives

Re: Stolen Laptops

From: Ben Woelk <fbwis () RIT EDU>
Date: Thu, 29 Jul 2010 13:10:19 -0400

To be more specific, we're requiring encryption on university owned or leased laptops. We do not require it on 
personally owned laptops. We discourage use of personally owned laptops to access university information resources, but 
the responsibility for authorizing use of personal equipment lies with the respective dean or VP. We do require 
documented technical controls on ALL laptops that access Private or Confidential information. (This information is in 
our Information Access and Protection Standard--http://security.rit.edu/iap.html)

Ben Woelk '07
Policy and Awareness Analyst
Information Security Office
Rochester Institute of Technology
ROS 10-A204
151 Lomb Memorial Drive
Rochester, New York 14623 
585.475.4122
585.475.7920 fax
ben.woelk () rit edu
http://security.rit.edu/dsd.html 
 
Become a fan of RIT Information Security at http://rit.facebook.com/RITInfosec
 
Follow us on Twitter: http://twitter.com/RIT_InfoSec
 

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chris 
Green
Sent: Thursday, July 29, 2010 12:02 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Stolen Laptops

http://www.educause.edu/sites/default/files/library/presentations/SEC10/SESS11/SPC%2B2010%2Bdisk%2Bencryption%2B-%2Ball.pdf
 slide 16 is what we did and now do. A big pain point was a lot of personally owned approved devices for work and 
needing to support encryption on those.  

There's nothing like bricking an associate dean's brand new "I want to watch movies on a plane and keep up with my UAB 
work that may include sensitive email"  $300 netbook right before a month long trip to France.

Don't require it:  Expect the edge cases not to do it.   Require it:  Expect a painful process dealing with edge cases 
if you don't have a fairly locked down set of hard ware platforms.

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of SCHALIP, 
MICHAEL
Sent: Wednesday, July 28, 2010 9:16 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Stolen Laptops

Are your institutions "encouraging encryption" on laptops, or "requiring encryption" on laptops?  We're moving to 
Symantec Endpoint Encryption (it was GuardianEdge, but they got bought by Symantec - which is actually good for us, 
since we use Symantec Altiris, SEP, etc.) and will be doing full disk encryption on any/all non-instructional (student 
use) laptops.....

M

-----Original Message-----

Current thread:

Re: Stolen Laptops, (continued)
- - - Re: Stolen Laptops Sherry Callahan (Jul 28)
- Re: Stolen Laptops Tonkin, Derek K. (Jul 28)
  - Re: Stolen Laptops Ben Woelk (Jul 28)
    - Re: Stolen Laptops SCHALIP, MICHAEL (Jul 28)
    - Re: Stolen Laptops Ben Woelk (Jul 28)
    - Re: Stolen Laptops Joel Rosenblatt (Jul 28)
    - Re: Stolen Laptops Russell Fulton (Jul 29)
    - Re: Stolen Laptops Beechey, Jim (Jul 29)
    - Re: Stolen Laptops Maloney, Michael (Jul 28)
    - Re: Stolen Laptops Chris Green (Jul 29)
    - Re: Stolen Laptops Ben Woelk (Jul 29)
    - Re: Stolen Laptops Kimberly Heimbrock (Jul 29)
    - Re: Stolen Laptops Walter Petruska (Jul 29)
    - Re: Stolen Laptops Sherry Callahan (Jul 29)
    - Re: Stolen Laptops Joel Rosenblatt (Jul 29)
    - Re: Stolen Laptops Sherry Callahan (Jul 29)
    - Re: Stolen Laptops Chris Green (Jul 31)
- Re: Stolen Laptops Joel Rosenblatt (Jul 29)
  - Re: Stolen Laptops Ray McClure (Jul 31)