Educause Security Discussion mailing list archives
Re: policy question?
From: "Rosenthal, Jane E." <jer () KU EDU>
Date: Thu, 4 Nov 2010 12:17:49 -0500
The rubber meets the road on this topic and it's a difficult one. For those of you with a policy on Data or Data Classification, you may already have the requirements of handling the information in one manner or another (no matter what device or equipment is the mechanism for dealing with the information). The transmission and/or storage required for information on a home PC or mobile smartphone may be the key-in these tough economic times. You can certain do a blanket policy for any HIPAA units and possibly some others. Training and awareness are keys to this issue as well. _____________________ Jane E. Rosenthal Director | Privacy Office The University of Kansas Voice +1.785.864.9528 | Fax +1.785.864.4463 Email jer () ku edu | Web http://www.privacy.ku.edu <http://www.privacy.ku.edu/> ________________________________ The information transmitted by this email communication, including any additional pages or attachments, is only for the intended recipient and may contain confidential and/or privileged material. Any interception, review, retransmission, disclosure, dissemination, or other use and/or taking of any action upon this information by persons or entities other than the intended recipient is prohibited by law and may subject them to criminal or civil liability. If you received this communication in error, please contact us immediately at (785) 864-4904, and delete the communication from any computer or network system or dispose of the documents as directed. Thank you. ________________________________ From: Brad Judy [mailto:win-hied () BRADJUDY COM] Sent: Thursday, October 28, 2010 2:51 PM Subject: Re: policy question? Be careful with such a policy. Between research funding and personal funding, a lot of faculty equipment might not technically belong to the university. Just ask a typical research lab what items would move with them if the PI decided to move to another university. Certain types of schools might be able to provide for all faculty needs with institutionally-owned computers and equipment, but many would have major problems without "personally owned" items in use. Not to mention the vast amount of university business that is done on personally owned cell phones and smart phones. Plus, there's the issue of third-party owned equipment on the university network, but that issue has an option of contractual security requirements. Brad Judy Emory University From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Anand S Malwade Sent: Thursday, October 28, 2010 3:30 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] policy question? I was wondering if other institutions have a general Policy that a) explicitly prohibits Employees and administrators from using personal laptops or computing equipment for conducting university business ? The Assumption is that they are provided university owned equipment with standard images with up to-date security updates and protection. b) Prohibits Student Workers/GA's from handling confidential information when working with certain departments. Thanks, Anand Anand Malwade IT Security Seton Hall University
Current thread:
- policy question? Anand S Malwade (Oct 28)
- Re: policy question? SCHALIP, MICHAEL (Oct 28)
- Re: policy question? Dr. Wole Akpose (Oct 29)
- Re: policy question? randy marchany (Oct 29)
- Re: policy question? Joel Rosenblatt (Oct 29)
- Re: policy question? SCHALIP, MICHAEL (Oct 29)
- Re: policy question? Bristol, Gary L. (Oct 29)
- Re: policy question? randy marchany (Oct 29)
- Re: policy question? Valdis Kletnieks (Oct 29)
- Re: policy question? Dr. Wole Akpose (Oct 29)
- Re: policy question? SCHALIP, MICHAEL (Oct 28)
- <Possible follow-ups>
- Re: policy question? Rosenthal, Jane E. (Nov 04)
- Re: policy question? Soldi, Miguel (Nov 04)