Departmental Security Requirements

Compliance

Within this document standards marked with a lock are Mandatory standards (i.e. they require immediate compliance by all). Standards marked with a unlock are Mandatory for users or departments who can comply. All others should make plans to comply at the earliest opportunity.

Physical Security

unlockAs a minimum precaution, all Laptop user desks should be fitted with a cable lock device.

These devices are very effective and provide good protection against the casual thief at moderate cost. However, if they are to have any effect, Laptop users need to use them. This requirement should be clearly communicated to users by departmental management.

lockLaptops at higher risk should be fitted with additional security devices.

Access Control/Authentication

lockWhere feasible, Laptops should be protected by boot passwords and a hard disk format that precludes access in the event the machine is booted up using alternative media. 

This simple precaution would provide sufficient protection to thwart many casual thieves from accessing sensitive data.

lockNon Western University owned Laptops connecting to the network must comply with the Computing Resources Security Policy (MAPP 1.20).

All non-Western University Laptops (e.g. those belonging to students or contractors) connecting to the network need to meet the following criteria

    • Connection is only permitted via authorized and approved facilities
    • Connection is only to an authorized network domain
    • All access is authenticated
    • The Mobile Device is running up-to-date anti-virus software

Data Protection

lockIt is important that Unit Heads, including Directors, of those who need to leave Mobile Data Devices in vehicles during the day assess the risk to the University.

This situation might arise, for example, when Mobile Devices are being used on fieldwork. The risk level is based upon frequency and duration of storage in the vehicle and the crime profile of the area worked in. Advice on appropriate security measures should be obtained from The Western University Campus Community Police Services office.

unlockWherever possible, mobile users with sensitive data should be provided with the ability to encrypt data and to back-up off-line.

Data encryption systems protect information stored on Laptops and other Mobile Devices in the event other access control mechanisms fail. Any user who locally stores information considered to be confidential, or who has remote access to sensitive data or systems, should have a hard drive encryption solution installed on their laptop.

Solutions that encrypt the whole of the hard drive should be used by preference.

Extremely sensitive data may need to be kept on compact, removable PCMCIA, USB drives or similar which are kept with the user at all times.

Off-line back-up, for users away from their base location, can vary from the simple; e.g. copying data to floppy disks or CD, to the sophisticated; e.g. scheduled back-up software that copies sensitive data to portable drives.  The back-ups should be treated as securely as the original data as it represents similar risks.

In all cases, the Unit Head needs to ensure that users are fully aware of the security issues and are sufficiently confident in the use of the solution/s provided.

lockAll Laptops need to have at minimum, the University standard anti-virus software installed. To ensure continued protection, all Laptops should have their system and application software updated on a regular basis and, where possible, protected by a firewall.

This ensures the University’s information systems and data are protected from the risk of virus infection and other threats. A process should be in place to ensure AV signatures and other software are kept up-to-date if the Mobile Data Device is to be used off-line (from the University network) for an extended period.

lockAll computers, including Laptops, should be configured with a password protected screen saver that activates after no more than 15 minutes idle time.

This ensures additional security when users are absent from their desks. It should be noted that all users are required to secure the screen whenever they leave a machine unattended.

Tracking/Recovery

unlockMobile Data Devices used to store highly sensitive data may justify the use of software tracking and recovery agents.

Tracking software (combined with an irremovable tag) residing in an undetectable file on the hard drive, will trace stolen Laptops and other Mobile Devices as soon as they are connected to the Internet. The IP address, computer ID number and telephone number the Mobile Device is calling from can then be provided to the police, hopefully leading to recovery of the machine and any sensitive data it contains.

Wireless

lockSecure Wireless should be used where available.  Western provides secure wireless access and it is important that this be used with all Western owned wireless devices on campus.

This ensures that the University’s information systems and data are protected from userid and password theft.  Users should exercise due diligence in public areas where encryption and secure transmission are not available.


Published on  and maintained in Cascade CMS.