close

What Is Truth to Power?

[+] A research and advisory resource...

dedicated to bridging the gaps between governance and practice, technology and business, regulation and control, risk management and real market pressures, and your own knowledge and the knowledge of your peers.

[+] An open forum and community...

built to create a common pool of knowledge—one big brain—that lets you work more efficiently, build technology and business practices more effectively, and endure audits more effortlessly.

[+] A plexus nexus...

a neutral hub through which you can reach many valuable information nodes, resource collections, and organizations that are helping people like you already, but in fractured ways.

[+] A rebellion...

against the idea that auditors, analysts, and consultancies can control information simply through their ability to collect and distill it. T2P's goal is to unlock the vast body of knowledge, insight, and conventional wisdom that we all have, make it freely available to you, and help you digest and interpret it—without undue cost, bias, or hype.

Top Panel
WHAT IS T2P?
Top Panel
Submit in FaceBook
Submit Mobile%20Computing%20and%20Network%20Access%20%28Policy%29 in Google Bookmarks
Tweet this!
|
Print
E-mail
 
Mobile Computing and Network Access (Policy)
------- INDEX AND GLOSSARY. DO NOT CHANGE OR DELETE! ----------

Open IT Policy Index

-------------------------------------------------------------------------------------------------

Overview and Purpose

Mobile computing devices such as laptop computers, PDAs, and multi-function cell phones, increase the flexibility, range, and business potential of day-to-day business processes. However, the use of these devices can also increase the risk exposure of [variable: Covered Organization] networks and Information Resources.

This policy seeks to protect the integrity, availability, and confidentiality of [variable: Covered Organization] networks, systems, and information by establishing rules for the use and network connectivity of mobile computing devices.

Coverage

All individuals that use or manage mobile or portable computing devices to access [variable: Covered Organization] Information Resources.

Definitions

General Terminology:

Roles and Functions

Policy

  • Personnel may use only approved mobile computing devices to access [variable: Covered Organization] Information Resources.
  • Mobile computing functionality must be password protected.
  • [variable: Covered Organization] data should not be stored on mobile computing devices. However, in the event that there is no alternative to local storage, all sensitive [variable: Covered Organization] data must be encrypted using approved encryption techniques.
  • [variable: Covered Organization] data must not be transmitted via wireless connections to or from a mobile computing device, unless the connection uses approved, secure wireless transmission protocols and approved encryption techniques.
  • All remote access (dial in services) to [variable: Covered Organization] must be through an approved modem pool or via an Internet Service Provider (ISP).
  • Non-[variable: Covered Organization] computer systems that require network connectivity must conform to [variable: Covered Organization] IS Standards and must be approved in writing by the {organization} ISO.
  • Unattended mobile computing devices must be physically secured: locked in an office, locked in a desk drawer or filing cabinet, or locked to a desk or cabinet via a cable lock system.
    • Mobile computing devices must not be left unattended overnight, either on [variable: Covered Organization] premises or offsite.
    • In particular, mobile computing devices must not be left in parked vehicles overnight or for a period of more than [variable: time period].

Enforcement

Gross negligence or willful disregard of this standard may result in disciplinary action which may include termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; or suspension or expulsion in the case of a student. Additionally, individuals are subject to loss of [variable: covered Organization] Information Resources access privileges, civil, and criminal prosecution.

Supporting Documentation

This policy is supported by the following rules, standards, and procedures:

  • [variable: internal documents (with links, if available)]
  • [variable: external documents (with links, if available)]

Policy Support Contact

  • [variable: title (not personal name) of role responsible for overseeing this procedure]
  • [variable: Contact information of office responsible for overseeing this procedure]

References

Research Resources
 
Hide comment form

Antispam Refresh image Case sensitive

T2P RECOMMENDS:

AuditNet logo
AuditNet is an online portal for auditors. Created and run by the venerable Jim Kaplan, the organization's mission is to develop a complete "utility" for audit-related information, products, and services.

T2P RECOMMENDS:

The BeyeNETWORK provides resources and professional community support for business intelligence, performance management, data warehousing, data integration and data quality.

T2P RECOMMENDS:

IIA Logo

The Institute of Internal Auditors (IIA) is a powerful research and guidance organization focusing on audit principles and processes for business and IT functions. IIA guidance related to information control includes the Global Technology Audit Guide (GTAG) series and the Guide to the Assessment of IT Risk (GAIT) series.