Академический Документы
Профессиональный Документы
Культура Документы
1.0 Introduction
The goal of this policy is to allow any type of mobile device (whether issued by [organization name] or
not) to be securely used to access [organization name] information resources. While the focus of this
policy is mitigating the risks to [organization name] associated with the use of smartphones, part or
all of this policy can be applied to traditional mobile devices, including laptops, USB drives, CD/DVD,
etc.
2.0 Purpose
This policy was created to mitigate known risks associated with:
• A breach of confidentiality due to the access, transmission, storage, and disposal of sensitive
information using a mobile device.
• A breach of integrity due to the access, transmission, storage, and disposal of sensitive
information using a mobile device.
• A loss of availability to critical systems as a result of using a mobile device.
3.0 Scope
This policy applies to any mobile device and its user, including those issued by [organization name] as
well as personal devices that are used for business purposes and/or store [organization name]
information.
4.0 Policy
The effectiveness of this policy is dependent on how it is tailored for [organization name] 's
environment. Whether by informal process or formal risk assessment, [organization name] should
enumerate 1) all mobile devices in use (type, owner, connections enabled, criticality, data
accessed/stored, etc.), 2) current threat-sources, and 3) known vulnerabilities. Each of these factors
should help formulate an understanding and prioritization of current risks such that the policy is
tailored to [organization name]’s specific environment and ensuring resources are focused only on
implementation of those necessary policies.
4.2 Authentication
4.2.1 Mobile device access must require a PIN.
4.2.2 SIM access must require a PIN.
4.3 Encryption
4.3.1 The use of encryption is required for all mobile devices that must store or access sensitive
information. While full disk encryption is preferable, application or file encryption solutions are
acceptable at this time.
4.3.2 The use of encryption is required for the transmission of sensitive information to/from
mobile devices.
5.0 Definitions