The WPI Hub | Article | Mobile And Personally Owned Device Management Standard

The purpose of this standard is to secure and protect WPI data on mobile and personally-owned devices.

Note:

Standard under revision

Purpose

The purpose of this standard is to secure and protect WPI data on mobile devices and personally-owned devices.

This standard provides security measures for:

WPI-owned or personally-owned mobiles devices that process WPI email or other WPI information such as:
- Personal Electronic Devices (PEDs)
- Personal Digital Assistants (PDAs)
- Email and paging devices (such as Blackberry)
- Other handheld communication devices
Personally-owned computers which are used to assess or process WPI information. WPI information includes but is not limited to: email, electronic files, copies of WPI files, confidential student information, WPI applications, Banner, and WPI shared resources.

For other devices and methodologies, please follow the appropriate standard.

Physically secure all devices.
Use strong passwords to secure the device and its information. Adhere to the WPI Password Standard.
Ensure only appropriate WPI personnel are granted administrator access to a device accessing WPI information.
Do not store WPI passwords, safe/door combinations, or personal identification numbers.
Do not store classified, sensitive, or proprietary WPI information on these devices.
Store all WPI data on a WPI shared resource.
Close the browser after using authenticated WPI web sites.
Use secure methods to transfer files via the WPI VPN. E-mail is not considered a secure method.
Media containing sensitive WPI data is only utilized when absolutely necessary and is properly destroyed prior to disposal.

Activate at least one firewall (hardware or software, if available).
- Many Internet routers have a hardware firewall pre-configured for use at home. Please see the Home Network Standard.
- Microsoft Windows XP Service Pack 2 and above: Activate the Windows Firewall that is available with the operating system.
- For other operating systems, free and commercial firewalls are available.
Apply security patches and updates regularly. Use available automated patch services (such as Microsoft Update) when available.
Turn off any additional services, especially file and printer sharing.
Set the security settings to the highest level on internet browsers. If this disrupts some of your favorite websites, lower the setting until it allows websites to work. Disable cookies, or set cookies to be discarded when the website is closed. Again, this may disrupt some websites and adjustments may be needed. Apply software upgrades to the web browser as they become available.

Install and use anti-virus software, if available. Set the computer to automatically update anti-virus applications at least once per week.
Install spyware detection and removal tools, if available.

Notify the Information Security Office, immediately if the device is lost, stolen, or compromised.

The Information Technology Division endorsed this standard on April 23, 2007.
After revisions, the faculty Committee on IT Policy endorsed this standard on April 15, 2008.