SlideShare une entreprise Scribd logo

NoticeBored BYOD policy

Fernando Palma
Fernando Palma

Autor: site http://www.noticebored.com/ Mais materiais: http://www.portalgsti.com.br/

Technologie
1  sur  4
Télécharger pour lire hors ligne
NoticeBored information security awareness BYOD policy Copyright © 2012 IsecT Ltd. Page 1 of 4 Information security policy BYOD (Bring Your Own Device) Policy summary Employees who prefer to use their personally-owned IT equipment for work purposes must be explicitly authorized to do so, must secure corporate data to the same extent as on corporate IT equipment, and must not introduce unacceptable risks (such as malware) onto the corporate networks by failing to secure their own equipment. Applicability This policy forms part of the corporate governance framework. It is particularly relevant to employees who wish to use PODs (see below) for work purposes. This policy also applies to third parties acting in a similar capacity to our employees whether they are explicitly bound (e.g. by contractual terms and conditions) or implicitly bound (e.g. by generally held standards of ethics and acceptable behavior) to comply with our information security policies. Policy detail Background In contrast to Information and Communications Technology (ICT) devices owned by the organization, Personally Owned Devices (PODs) are ICT devices1 owned by employees or by third parties (such as suppliers, consultancies and maintenance contractors). Authorized employees and third parties may wish to use their PODs for work purposes, for example making and receiving work phone calls and text messages on their own personal cellphones, using their own tablet computers to access, read and respond to work emails, or working in a home-office. Bring Your Own Device (BYOD) is associated with a number of information security risks such as:  Loss, disclosure or corruption of corporate data on PODs;  Incidents involving threats to, or compromise of, the corporate ICT infrastructure and other information assets (e.g. malware infection or hacking);  Noncompliance with applicable laws, regulations and obligations (e.g. privacy or piracy);  Intellectual property rights for corporate information created, stored, processed or communicated on PODs in the course of work for the organization. Due to management’s concerns about information security risks associated with BYOD, individuals who wish to opt-in to BYOD must be authorized by management and must explicitly accept the requirements laid out in this policy beforehand. Management reserves the right not to authorize individuals, or to withdraw the authorization, if they deem BYOD not to be appropriate and in the best interests of the organization. The organization will continue to provide 1 PODs are typically laptops, tablet computers, ultra-mobile PCs (UMPCs), desktop PCs, Personal Digital Assistants (PDAs), palmtops, cellphones, smartphones, digital cameras, digital memo recorders, printers etc., plus the associated portable storage media such as USB memory sticks, memory cards, portable hard drives, floppy disks etc.
NoticeBored information security awareness BYOD policy Copyright © 2012 IsecT Ltd. Page 2 of 4 its choice of fully owned and managed ICT devices as necessary for work purposes, so there is no compulsion for anyone to opt-in to BYOD if they choose not to participate in the scheme. Policy axioms (guiding principles) A. The organization and the owners and users of PODs share responsibilities for information security. B. Nothing in this policy affects the organization’s ownership of corporate information, including all work-related intellectual property created in the course of work on PODs. Detailed policy requirements 1. Corporate data can only be created, processed, stored and communicated on personal devices running the organization’s chosen Mobile Device Management (MDM) client software. Devices not running MDM (including devices that cannot run MDM, those on which the owners decline to allow IT to install MDM with the rights and privileges it needs to operate correctly, and those on which MDM is disabled or deleted after installation) may connect to designated guest networks providing Internet connections, but will not be granted access to the corporate LAN. They must not be used to create, modify, store or communicate corporate data. 2. PODs must use appropriate forms of device authentication approved by Information Security, such as digital certificates created for each specific device. Digital certificates must not be copied to or transferred between PODs. 3. BYOD users must use appropriate forms of user authentication approved by Information Security, such as userIDs, passwords and authentication devices. 4. The following classes or types of corporate data are not suitable for BYOD and are not permitted on PODs:  Anything classified SECRET or above;  Other currently unclassified but highly valuable or sensitive corporate information which is likely to be classified as SECRET or above;  Large quantities of corporate data (i.e. greater than 1 Gb in aggregate on any one POD or storage device). 5. The organization has the right to control its information. This includes the right to backup, retrieve, modify, determine access and/or delete corporate data without reference to the owner or user of the POD. 6. The organization has the right to seize and forensically examine any POD believed to contain, or to have contained, corporate data where necessary for investigatory or control purposes. 7. Suitable antivirus software must be properly installed and running on all PODs. 8. POD users must ensure that valuable corporate data created or modified on PODs are backed up regularly, preferably by connecting to the corporate network and synchronizing the data between POD and a network drive, otherwise on removable media stored securely. 9. Any POD used to access, store or process sensitive information must encrypt data transferred over the network (e.g. using SSL or a VPN) and while stored on the POD or on separate storage media (e.g. using TrueCrypt), whatever storage technology is used (e.g. hard disk, solid-state disk, CD/DVD, USB/flash memory stick, floppy disk etc.). 10. Since IT Help/Service Desk does not have the resources or expertise to support all possible devices and software, PODs used for BYOD will receive limited support on a ‘best endeavors’ basis for business purposes only. 11. While employees have a reasonable expectation of privacy over their personal information on their own equipment, the organization’s right to control its data and manage PODs may
NoticeBored information security awareness BYOD policy Copyright © 2012 IsecT Ltd. Page 3 of 4 occasionally result in support personnel unintentionally gaining access to their personal information. To reduce the possibility of such disclosure, POD users are advised to keep their personal data separate from business data on the POD in separate directories, clearly named (e.g. “Private” and “BYOD”). 12. Take care not to infringe other people’s privacy rights, for example do not use PODs to make audio-visual recordings at work. Responsibilities  Information Security Management is responsible for maintaining this policy and advising generally on information security controls. It is responsible for issuing digital certificates to authenticate authorized PODs, and for monitoring network security for unauthorized access, inappropriate network traffic etc. Working in conjunction with other corporate functions, it is also responsible for running educational activities to raise awareness and understanding of the obligations identified in this policy.  IT Department is responsible for managing the security of corporate data and configuring security on authorized PODs using MDM. IT is also explicitly responsible for ensuring the security of the MDM software and related procedures in order to minimize the risk of hackers exploiting MDM to access mobile devices.  IT Help/Service Desk is responsible for providing limited support for BYOD on PODs on a ‘best endeavors’ basis for work-related issues only. Information security incidents affecting PODs used for BYOD should be reported promptly to IT Help/Service Desk in the normal way.  All relevant employees are responsible for complying with this and other corporate policies at all times.  Internal Audit is authorized to assess compliance with this and other corporate policies at any time. Related policies, standards, procedures and guidelines Item Relevance Information security policy manual Defines the overarching set of information security controls reflecting ISO/IEC 27002, the international standard code of practice for information security management Mobile/portable computing policy Specifies a number of information security controls applicable to the use of mobile and portable devices. Although it was MDM standards and procedures Given stringent information security requirements and the diverse nature of mobile/portable devices, the choice, installation, configuration and use of Mobile Data Management software is non-trivial. IT’s responsibilities are fulfilled through MDM technical standards and operating procedures. Information Asset Ownership policy Information Asset Owners are responsible for classifying their assets and may determine whether BYOD is or is not appropriate for them. Human Resources policies, procedures, code of conduct etc. Explain standards of behavior expected of employees, and disciplinary processes if the rules are broken.
NoticeBored information security awareness BYOD policy Copyright © 2012 IsecT Ltd. Page 4 of 4 Item Relevance BYOD guidelines and briefings Further security awareness materials are available on this topic. Contacts For further information about this policy or general advice on information security, contact the IT Help/Service Desk. Security standards, procedures, guidelines and other materials supporting and expanding upon this and other information security policies are available on the intranet Security Zone. The Information Security Manager can advise on more specific issues. Important note from IsecT Ltd. This policy is unlikely to be entirely sufficient or suitable for you without customization. This is a generic model or template policy incorporating a selection of common controls in this area derived from our knowledge of good security practices and international standards. It does not necessarily reflect your organization’s specific requirements. We are not familiar with your particular circumstances and cannot offer tailored guidance. It is not legal advice. It is meant to be considered by management as part of the security awareness program, ideally as part of the regular review and update of your information security policies. For the Word version of this and over 40 other security policies, see www.NoticeBored.com.

Recommandé

Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 sucesuminas
 
TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe
 
Richard Hogg & Dennis Waldron - #InfoGov17 - Cognitive Unified Governance & P...
Richard Hogg & Dennis Waldron - #InfoGov17 - Cognitive Unified Governance & P...Richard Hogg & Dennis Waldron - #InfoGov17 - Cognitive Unified Governance & P...
Richard Hogg & Dennis Waldron - #InfoGov17 - Cognitive Unified Governance & P...ARMA International
 
The Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event ProfessionalsThe Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event ProfessionalsHubilo
 
ISO.IEC_27001-27002-2013 Topology
ISO.IEC_27001-27002-2013 TopologyISO.IEC_27001-27002-2013 Topology
ISO.IEC_27001-27002-2013 TopologyJason Rusch - CISSP CGEIT CISM CISA GNSA
 
GDPR Changing Mindset
GDPR Changing MindsetGDPR Changing Mindset
GDPR Changing MindsetNetworkIQ
 
Lumension LCRM - DSS @Vilnius 2010
Lumension LCRM - DSS @Vilnius 2010Lumension LCRM - DSS @Vilnius 2010
Lumension LCRM - DSS @Vilnius 2010Andris Soroka
 
Agama Profile
Agama ProfileAgama Profile
Agama ProfileAgama Consulting
 

Recommandé

Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 sucesuminas
 
TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe Online Security Guidelines v2.0
TRUSTe Online Security Guidelines v2.0TRUSTe
 
Richard Hogg & Dennis Waldron - #InfoGov17 - Cognitive Unified Governance & P...
Richard Hogg & Dennis Waldron - #InfoGov17 - Cognitive Unified Governance & P...Richard Hogg & Dennis Waldron - #InfoGov17 - Cognitive Unified Governance & P...
Richard Hogg & Dennis Waldron - #InfoGov17 - Cognitive Unified Governance & P...ARMA International
 
The Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event ProfessionalsThe Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event ProfessionalsHubilo
 
ISO.IEC_27001-27002-2013 Topology
ISO.IEC_27001-27002-2013 TopologyISO.IEC_27001-27002-2013 Topology
ISO.IEC_27001-27002-2013 TopologyJason Rusch - CISSP CGEIT CISM CISA GNSA
 
GDPR Changing Mindset
GDPR Changing MindsetGDPR Changing Mindset
GDPR Changing MindsetNetworkIQ
 
Lumension LCRM - DSS @Vilnius 2010
Lumension LCRM - DSS @Vilnius 2010Lumension LCRM - DSS @Vilnius 2010
Lumension LCRM - DSS @Vilnius 2010Andris Soroka
 
Agama Profile
Agama ProfileAgama Profile
Agama ProfileAgama Consulting
 
Agam Profile
Agam ProfileAgam Profile
Agam ProfileAgama Consulting
 
Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Varonis
 
Dynamic access control sbc12 - thuan nguyen
Dynamic access control sbc12 - thuan nguyenDynamic access control sbc12 - thuan nguyen
Dynamic access control sbc12 - thuan nguyenThuan Ng
 
Building and implementing a successful information security policy
Building and implementing a successful information security policyBuilding and implementing a successful information security policy
Building and implementing a successful information security policyRossMob1
 
Perspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityPerspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityAccenture
 
ISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_IntindoloISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_IntindoloJohn Intindolo
 
General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001Owako Rodah
 
DSS ITSEC Conference 2012 - Varonis Eliminating Data Security Threats
DSS ITSEC Conference 2012 - Varonis Eliminating Data Security ThreatsDSS ITSEC Conference 2012 - Varonis Eliminating Data Security Threats
DSS ITSEC Conference 2012 - Varonis Eliminating Data Security ThreatsAndris Soroka
 
Oasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITILOasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITILOpen Access Systems Corporation
 
So you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to SuccessSo you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to SuccessGary Hayslip CISSP, CISA, CRISC, CCSK
 
4 System For Information Security
4 System For Information Security4 System For Information Security
4 System For Information SecurityAna Meskovska
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
CISO-Fundamentals
CISO-FundamentalsCISO-Fundamentals
CISO-FundamentalsGary Hayslip CISSP, CISA, CRISC, CCSK
 
iCode Security Architecture Framework
iCode Security Architecture FrameworkiCode Security Architecture Framework
iCode Security Architecture FrameworkMohamed Ridha CHEBBI, CISSP
 
APAC Partner Update: SolarWinds Security
APAC Partner Update: SolarWinds SecurityAPAC Partner Update: SolarWinds Security
APAC Partner Update: SolarWinds SecuritySolarWinds
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadaysPECB
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security AwarenessDinesh O Bareja
 
GDPR & digital strategy
GDPR & digital strategyGDPR & digital strategy
GDPR & digital strategyProf. Jacques Folon (Ph.D)
 
Leveraging Log Management to provide business value
Leveraging Log Management to provide business valueLeveraging Log Management to provide business value
Leveraging Log Management to provide business valueEnterprise Technology Management (ETM)
 
Pesquisa sobre BYOD
Pesquisa sobre BYODPesquisa sobre BYOD
Pesquisa sobre BYODFernando Palma
 
Exemplo de política de segurança
Exemplo de política de segurançaExemplo de política de segurança
Exemplo de política de segurançaFernando Palma
 

Contenu connexe

Tendances

Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Varonis
 
Dynamic access control sbc12 - thuan nguyen
Dynamic access control sbc12 - thuan nguyenDynamic access control sbc12 - thuan nguyen
Dynamic access control sbc12 - thuan nguyenThuan Ng
 
Building and implementing a successful information security policy
Building and implementing a successful information security policyBuilding and implementing a successful information security policy
Building and implementing a successful information security policyRossMob1
 
Perspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityPerspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityAccenture
 
ISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_IntindoloISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_IntindoloJohn Intindolo
 
General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001Owako Rodah
 
DSS ITSEC Conference 2012 - Varonis Eliminating Data Security Threats
DSS ITSEC Conference 2012 - Varonis Eliminating Data Security ThreatsDSS ITSEC Conference 2012 - Varonis Eliminating Data Security Threats
DSS ITSEC Conference 2012 - Varonis Eliminating Data Security ThreatsAndris Soroka
 
4 System For Information Security
4 System For Information Security4 System For Information Security
4 System For Information SecurityAna Meskovska
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
APAC Partner Update: SolarWinds Security
APAC Partner Update: SolarWinds SecurityAPAC Partner Update: SolarWinds Security
APAC Partner Update: SolarWinds SecuritySolarWinds
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadaysPECB
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security AwarenessDinesh O Bareja
 

Tendances (20)

Agam Profile
Agam ProfileAgam Profile
Agam Profile
 
Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Corporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb?
 
Dynamic access control sbc12 - thuan nguyen
Dynamic access control sbc12 - thuan nguyenDynamic access control sbc12 - thuan nguyen
Dynamic access control sbc12 - thuan nguyen
 
Building and implementing a successful information security policy
Building and implementing a successful information security policyBuilding and implementing a successful information security policy
Building and implementing a successful information security policy
 
Perspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityPerspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_security
 
ISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_IntindoloISSC481_Term_Paper_John_Intindolo
ISSC481_Term_Paper_John_Intindolo
 
General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001
 
DSS ITSEC Conference 2012 - Varonis Eliminating Data Security Threats
DSS ITSEC Conference 2012 - Varonis Eliminating Data Security ThreatsDSS ITSEC Conference 2012 - Varonis Eliminating Data Security Threats
DSS ITSEC Conference 2012 - Varonis Eliminating Data Security Threats
 
Oasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITILOasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITIL
 
So you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to SuccessSo you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to Success
 
4 System For Information Security
4 System For Information Security4 System For Information Security
4 System For Information Security
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - Web
 
CISO-Fundamentals
CISO-FundamentalsCISO-Fundamentals
CISO-Fundamentals
 
iCode Security Architecture Framework
iCode Security Architecture FrameworkiCode Security Architecture Framework
iCode Security Architecture Framework
 
APAC Partner Update: SolarWinds Security
APAC Partner Update: SolarWinds SecurityAPAC Partner Update: SolarWinds Security
APAC Partner Update: SolarWinds Security
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadays
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness
 
GDPR & digital strategy
GDPR & digital strategyGDPR & digital strategy
GDPR & digital strategy
 
Leveraging Log Management to provide business value
Leveraging Log Management to provide business valueLeveraging Log Management to provide business value
Leveraging Log Management to provide business value
 

En vedette

Exemplo de política de segurança
Exemplo de política de segurançaExemplo de política de segurança
Exemplo de política de segurançaFernando Palma
 
Classificação da informação
Classificação da informaçãoClassificação da informação
Classificação da informaçãoFernando Palma
 
BIA - Business Impact Analysis
BIA - Business Impact AnalysisBIA - Business Impact Analysis
BIA - Business Impact AnalysisAllan Piter Pressi
 

En vedette (6)

Pesquisa sobre BYOD
Pesquisa sobre BYODPesquisa sobre BYOD
Pesquisa sobre BYOD
 
Exemplo de política de segurança
Exemplo de política de segurançaExemplo de política de segurança
Exemplo de política de segurança
 
Classificação da informação
Classificação da informaçãoClassificação da informação
Classificação da informação
 
BIA - Business Impact Analysis
BIA - Business Impact AnalysisBIA - Business Impact Analysis
BIA - Business Impact Analysis
 
Resumo ISO 27002
Resumo ISO 27002Resumo ISO 27002
Resumo ISO 27002
 
Aula 3 - Política de Segurança da Informação (PSI)
Aula 3 - Política de Segurança da Informação (PSI)Aula 3 - Política de Segurança da Informação (PSI)
Aula 3 - Política de Segurança da Informação (PSI)
 

Similaire à NoticeBored BYOD policy

Bring your own device guidance
Bring your own device guidanceBring your own device guidance
Bring your own device guidanceGary Chambers
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template Demand Metric
 
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
10 Legal Challenges in Creating a BYOD Policy - Lou MilradLou Milrad
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)Pace IT at Edmonds Community College
 
Ravi i ot-security
Ravi i ot-securityRavi i ot-security
Ravi i ot-securityskumartarget
 
BYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessBYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessDMIMarketing
 
Ten Commandments of BYOD
Ten Commandments of BYODTen Commandments of BYOD
Ten Commandments of BYODK Singh
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureCalgary Scientific Inc.
 
Maa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreMaa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreIBM Software India
 
Maa s360 10command_ebook-bangalore[1]
Maa s360 10command_ebook-bangalore[1]Maa s360 10command_ebook-bangalore[1]
Maa s360 10command_ebook-bangalore[1]IBM Software India
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gapxband
 
University Personal Devices (BYOD) Policy
University Personal Devices (BYOD) PolicyUniversity Personal Devices (BYOD) Policy
University Personal Devices (BYOD) Policykeyashaj
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET Journal
 
Data-Centric Security | Seclore
Data-Centric Security | Seclore Data-Centric Security | Seclore
Data-Centric Security | Seclore Seclore
 

Similaire à NoticeBored BYOD policy (20)

Bring your own device guidance
Bring your own device guidanceBring your own device guidance
Bring your own device guidance
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template
 
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
 
08 pdf show-239
08 pdf show-23908 pdf show-239
08 pdf show-239
 
Leveraging byod
Leveraging byodLeveraging byod
Leveraging byod
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
 
Ravi i ot-security
Ravi i ot-securityRavi i ot-security
Ravi i ot-security
 
BYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessBYOD: Six Essentials for Success
BYOD: Six Essentials for Success
 
Ten Commandments of BYOD
Ten Commandments of BYODTen Commandments of BYOD
Ten Commandments of BYOD
 
Term assignment
Term assignmentTerm assignment
Term assignment
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secure
 
Maa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangaloreMaa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangalore
 
Maa s360 10command_ebook-bangalore[1]
Maa s360 10command_ebook-bangalore[1]Maa s360 10command_ebook-bangalore[1]
Maa s360 10command_ebook-bangalore[1]
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gap
 
University Personal Devices (BYOD) Policy
University Personal Devices (BYOD) PolicyUniversity Personal Devices (BYOD) Policy
University Personal Devices (BYOD) Policy
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A Survey
 
Information Rights Management (IRM)
Information Rights Management (IRM)Information Rights Management (IRM)
Information Rights Management (IRM)
 
Byod
ByodByod
Byod
 
Data-Centric Security | Seclore
Data-Centric Security | Seclore Data-Centric Security | Seclore
Data-Centric Security | Seclore
 

Plus de Fernando Palma

CRM Gerenciamento Do Relacionamento Com Clientes | Prof. Francisco Alves | C...
CRM Gerenciamento Do Relacionamento Com Clientes | Prof. Francisco Alves | C...CRM Gerenciamento Do Relacionamento Com Clientes | Prof. Francisco Alves | C...
CRM Gerenciamento Do Relacionamento Com Clientes | Prof. Francisco Alves | C...Fernando Palma
 
Formação em ciência de dados
Formação em ciência de dadosFormação em ciência de dados
Formação em ciência de dadosFernando Palma
 
Apostila de Introdução ao Arduino
Apostila de Introdução ao ArduinoApostila de Introdução ao Arduino
Apostila de Introdução ao ArduinoFernando Palma
 
Apostila Arduino Basico
Apostila Arduino BasicoApostila Arduino Basico
Apostila Arduino BasicoFernando Palma
 
Cartilha Segurança na Internet - CERT.br
Cartilha Segurança na Internet - CERT.brCartilha Segurança na Internet - CERT.br
Cartilha Segurança na Internet - CERT.brFernando Palma
 
Ebook Apache Server: Guia Introdutório
Ebook Apache Server: Guia IntrodutórioEbook Apache Server: Guia Introdutório
Ebook Apache Server: Guia IntrodutórioFernando Palma
 
Apostila Zend Framework
Apostila Zend FrameworkApostila Zend Framework
Apostila Zend FrameworkFernando Palma
 
Ebook Governança de TI na Prática
Ebook Governança de TI na PráticaEbook Governança de TI na Prática
Ebook Governança de TI na PráticaFernando Palma
 
Simulado ITIL Foundation - Questões Comentadas
Simulado ITIL Foundation - Questões ComentadasSimulado ITIL Foundation - Questões Comentadas
Simulado ITIL Foundation - Questões ComentadasFernando Palma
 
Introdução à Aprendizagem de Máquina
Introdução à Aprendizagem de MáquinaIntrodução à Aprendizagem de Máquina
Introdução à Aprendizagem de MáquinaFernando Palma
 
PDTI - Plano Diretor de Tecnologia da Informação (modelo)
PDTI - Plano Diretor de Tecnologia da Informação (modelo)PDTI - Plano Diretor de Tecnologia da Informação (modelo)
PDTI - Plano Diretor de Tecnologia da Informação (modelo)Fernando Palma
 
Guia Salarial 2017 Robert Half Brasil
Guia Salarial 2017 Robert Half BrasilGuia Salarial 2017 Robert Half Brasil
Guia Salarial 2017 Robert Half BrasilFernando Palma
 
Gerenciamento na nuvem e System Center
Gerenciamento na nuvem e System CenterGerenciamento na nuvem e System Center
Gerenciamento na nuvem e System CenterFernando Palma
 
SAN: Storage Area Network
SAN: Storage Area NetworkSAN: Storage Area Network
SAN: Storage Area NetworkFernando Palma
 
Ebook ITIL Na Prática
Ebook ITIL Na PráticaEbook ITIL Na Prática
Ebook ITIL Na PráticaFernando Palma
 
Exemplo de Plano Estratégico de TI - MEC
Exemplo de Plano Estratégico de TI - MECExemplo de Plano Estratégico de TI - MEC
Exemplo de Plano Estratégico de TI - MECFernando Palma
 
Apostila Tutorial CakePHP
Apostila Tutorial CakePHPApostila Tutorial CakePHP
Apostila Tutorial CakePHPFernando Palma
 

Plus de Fernando Palma (20)

CRM Gerenciamento Do Relacionamento Com Clientes | Prof. Francisco Alves | C...
CRM Gerenciamento Do Relacionamento Com Clientes | Prof. Francisco Alves | C...CRM Gerenciamento Do Relacionamento Com Clientes | Prof. Francisco Alves | C...
CRM Gerenciamento Do Relacionamento Com Clientes | Prof. Francisco Alves | C...
 
Formação em ciência de dados
Formação em ciência de dadosFormação em ciência de dados
Formação em ciência de dados
 
Apostila de Introdução ao Arduino
Apostila de Introdução ao ArduinoApostila de Introdução ao Arduino
Apostila de Introdução ao Arduino
 
Apostila Arduino Basico
Apostila Arduino BasicoApostila Arduino Basico
Apostila Arduino Basico
 
Cartilha Segurança na Internet - CERT.br
Cartilha Segurança na Internet - CERT.brCartilha Segurança na Internet - CERT.br
Cartilha Segurança na Internet - CERT.br
 
Ebook Apache Server: Guia Introdutório
Ebook Apache Server: Guia IntrodutórioEbook Apache Server: Guia Introdutório
Ebook Apache Server: Guia Introdutório
 
Apostila Zend Framework
Apostila Zend FrameworkApostila Zend Framework
Apostila Zend Framework
 
Hacker Ético
Hacker ÉticoHacker Ético
Hacker Ético
 
Ebook Governança de TI na Prática
Ebook Governança de TI na PráticaEbook Governança de TI na Prática
Ebook Governança de TI na Prática
 
Simulado ITIL Foundation - Questões Comentadas
Simulado ITIL Foundation - Questões ComentadasSimulado ITIL Foundation - Questões Comentadas
Simulado ITIL Foundation - Questões Comentadas
 
Introdução à Aprendizagem de Máquina
Introdução à Aprendizagem de MáquinaIntrodução à Aprendizagem de Máquina
Introdução à Aprendizagem de Máquina
 
PDTI - Plano Diretor de Tecnologia da Informação (modelo)
PDTI - Plano Diretor de Tecnologia da Informação (modelo)PDTI - Plano Diretor de Tecnologia da Informação (modelo)
PDTI - Plano Diretor de Tecnologia da Informação (modelo)
 
Guia Salarial 2017 Robert Half Brasil
Guia Salarial 2017 Robert Half BrasilGuia Salarial 2017 Robert Half Brasil
Guia Salarial 2017 Robert Half Brasil
 
Tutorial memcached
Tutorial memcachedTutorial memcached
Tutorial memcached
 
Gerenciamento na nuvem e System Center
Gerenciamento na nuvem e System CenterGerenciamento na nuvem e System Center
Gerenciamento na nuvem e System Center
 
SAN: Storage Area Network
SAN: Storage Area NetworkSAN: Storage Area Network
SAN: Storage Area Network
 
Linguagem ABAP
Linguagem ABAPLinguagem ABAP
Linguagem ABAP
 
Ebook ITIL Na Prática
Ebook ITIL Na PráticaEbook ITIL Na Prática
Ebook ITIL Na Prática
 
Exemplo de Plano Estratégico de TI - MEC
Exemplo de Plano Estratégico de TI - MECExemplo de Plano Estratégico de TI - MEC
Exemplo de Plano Estratégico de TI - MEC
 
Apostila Tutorial CakePHP
Apostila Tutorial CakePHPApostila Tutorial CakePHP
Apostila Tutorial CakePHP
 

Dernier

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Dernier (20)

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

NoticeBored BYOD policy

  • 1. NoticeBored information security awareness BYOD policy Copyright © 2012 IsecT Ltd. Page 1 of 4 Information security policy BYOD (Bring Your Own Device) Policy summary Employees who prefer to use their personally-owned IT equipment for work purposes must be explicitly authorized to do so, must secure corporate data to the same extent as on corporate IT equipment, and must not introduce unacceptable risks (such as malware) onto the corporate networks by failing to secure their own equipment. Applicability This policy forms part of the corporate governance framework. It is particularly relevant to employees who wish to use PODs (see below) for work purposes. This policy also applies to third parties acting in a similar capacity to our employees whether they are explicitly bound (e.g. by contractual terms and conditions) or implicitly bound (e.g. by generally held standards of ethics and acceptable behavior) to comply with our information security policies. Policy detail Background In contrast to Information and Communications Technology (ICT) devices owned by the organization, Personally Owned Devices (PODs) are ICT devices1 owned by employees or by third parties (such as suppliers, consultancies and maintenance contractors). Authorized employees and third parties may wish to use their PODs for work purposes, for example making and receiving work phone calls and text messages on their own personal cellphones, using their own tablet computers to access, read and respond to work emails, or working in a home-office. Bring Your Own Device (BYOD) is associated with a number of information security risks such as:  Loss, disclosure or corruption of corporate data on PODs;  Incidents involving threats to, or compromise of, the corporate ICT infrastructure and other information assets (e.g. malware infection or hacking);  Noncompliance with applicable laws, regulations and obligations (e.g. privacy or piracy);  Intellectual property rights for corporate information created, stored, processed or communicated on PODs in the course of work for the organization. Due to management’s concerns about information security risks associated with BYOD, individuals who wish to opt-in to BYOD must be authorized by management and must explicitly accept the requirements laid out in this policy beforehand. Management reserves the right not to authorize individuals, or to withdraw the authorization, if they deem BYOD not to be appropriate and in the best interests of the organization. The organization will continue to provide 1 PODs are typically laptops, tablet computers, ultra-mobile PCs (UMPCs), desktop PCs, Personal Digital Assistants (PDAs), palmtops, cellphones, smartphones, digital cameras, digital memo recorders, printers etc., plus the associated portable storage media such as USB memory sticks, memory cards, portable hard drives, floppy disks etc.
  • 2. NoticeBored information security awareness BYOD policy Copyright © 2012 IsecT Ltd. Page 2 of 4 its choice of fully owned and managed ICT devices as necessary for work purposes, so there is no compulsion for anyone to opt-in to BYOD if they choose not to participate in the scheme. Policy axioms (guiding principles) A. The organization and the owners and users of PODs share responsibilities for information security. B. Nothing in this policy affects the organization’s ownership of corporate information, including all work-related intellectual property created in the course of work on PODs. Detailed policy requirements 1. Corporate data can only be created, processed, stored and communicated on personal devices running the organization’s chosen Mobile Device Management (MDM) client software. Devices not running MDM (including devices that cannot run MDM, those on which the owners decline to allow IT to install MDM with the rights and privileges it needs to operate correctly, and those on which MDM is disabled or deleted after installation) may connect to designated guest networks providing Internet connections, but will not be granted access to the corporate LAN. They must not be used to create, modify, store or communicate corporate data. 2. PODs must use appropriate forms of device authentication approved by Information Security, such as digital certificates created for each specific device. Digital certificates must not be copied to or transferred between PODs. 3. BYOD users must use appropriate forms of user authentication approved by Information Security, such as userIDs, passwords and authentication devices. 4. The following classes or types of corporate data are not suitable for BYOD and are not permitted on PODs:  Anything classified SECRET or above;  Other currently unclassified but highly valuable or sensitive corporate information which is likely to be classified as SECRET or above;  Large quantities of corporate data (i.e. greater than 1 Gb in aggregate on any one POD or storage device). 5. The organization has the right to control its information. This includes the right to backup, retrieve, modify, determine access and/or delete corporate data without reference to the owner or user of the POD. 6. The organization has the right to seize and forensically examine any POD believed to contain, or to have contained, corporate data where necessary for investigatory or control purposes. 7. Suitable antivirus software must be properly installed and running on all PODs. 8. POD users must ensure that valuable corporate data created or modified on PODs are backed up regularly, preferably by connecting to the corporate network and synchronizing the data between POD and a network drive, otherwise on removable media stored securely. 9. Any POD used to access, store or process sensitive information must encrypt data transferred over the network (e.g. using SSL or a VPN) and while stored on the POD or on separate storage media (e.g. using TrueCrypt), whatever storage technology is used (e.g. hard disk, solid-state disk, CD/DVD, USB/flash memory stick, floppy disk etc.). 10. Since IT Help/Service Desk does not have the resources or expertise to support all possible devices and software, PODs used for BYOD will receive limited support on a ‘best endeavors’ basis for business purposes only. 11. While employees have a reasonable expectation of privacy over their personal information on their own equipment, the organization’s right to control its data and manage PODs may
  • 3. NoticeBored information security awareness BYOD policy Copyright © 2012 IsecT Ltd. Page 3 of 4 occasionally result in support personnel unintentionally gaining access to their personal information. To reduce the possibility of such disclosure, POD users are advised to keep their personal data separate from business data on the POD in separate directories, clearly named (e.g. “Private” and “BYOD”). 12. Take care not to infringe other people’s privacy rights, for example do not use PODs to make audio-visual recordings at work. Responsibilities  Information Security Management is responsible for maintaining this policy and advising generally on information security controls. It is responsible for issuing digital certificates to authenticate authorized PODs, and for monitoring network security for unauthorized access, inappropriate network traffic etc. Working in conjunction with other corporate functions, it is also responsible for running educational activities to raise awareness and understanding of the obligations identified in this policy.  IT Department is responsible for managing the security of corporate data and configuring security on authorized PODs using MDM. IT is also explicitly responsible for ensuring the security of the MDM software and related procedures in order to minimize the risk of hackers exploiting MDM to access mobile devices.  IT Help/Service Desk is responsible for providing limited support for BYOD on PODs on a ‘best endeavors’ basis for work-related issues only. Information security incidents affecting PODs used for BYOD should be reported promptly to IT Help/Service Desk in the normal way.  All relevant employees are responsible for complying with this and other corporate policies at all times.  Internal Audit is authorized to assess compliance with this and other corporate policies at any time. Related policies, standards, procedures and guidelines Item Relevance Information security policy manual Defines the overarching set of information security controls reflecting ISO/IEC 27002, the international standard code of practice for information security management Mobile/portable computing policy Specifies a number of information security controls applicable to the use of mobile and portable devices. Although it was MDM standards and procedures Given stringent information security requirements and the diverse nature of mobile/portable devices, the choice, installation, configuration and use of Mobile Data Management software is non-trivial. IT’s responsibilities are fulfilled through MDM technical standards and operating procedures. Information Asset Ownership policy Information Asset Owners are responsible for classifying their assets and may determine whether BYOD is or is not appropriate for them. Human Resources policies, procedures, code of conduct etc. Explain standards of behavior expected of employees, and disciplinary processes if the rules are broken.
  • 4. NoticeBored information security awareness BYOD policy Copyright © 2012 IsecT Ltd. Page 4 of 4 Item Relevance BYOD guidelines and briefings Further security awareness materials are available on this topic. Contacts For further information about this policy or general advice on information security, contact the IT Help/Service Desk. Security standards, procedures, guidelines and other materials supporting and expanding upon this and other information security policies are available on the intranet Security Zone. The Information Security Manager can advise on more specific issues. Important note from IsecT Ltd. This policy is unlikely to be entirely sufficient or suitable for you without customization. This is a generic model or template policy incorporating a selection of common controls in this area derived from our knowledge of good security practices and international standards. It does not necessarily reflect your organization’s specific requirements. We are not familiar with your particular circumstances and cannot offer tailored guidance. It is not legal advice. It is meant to be considered by management as part of the security awareness program, ideally as part of the regular review and update of your information security policies. For the Word version of this and over 40 other security policies, see www.NoticeBored.com.