Submit Search
Upload
Exemplo de política BYOD
•
2 likes
•
8,131 views
Fernando Palma
Follow
Autor: site http://www.noticebored.com/ Mais materiais: http://www.portalgsti.com.br/
Read less
Read more
Technology
Report
Share
Report
Share
1 of 4
Download now
Download to read offline
Recommended
Privacy in the Workplace: Employee Monitoring and Surveillance
Privacy in the Workplace: Employee Monitoring and Surveillance
Overholt Law
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)
Benjamin Ang
Internet safety ppt
Internet safety ppt
mcmullan
Classifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoft
David J Rosenthal
Security Awareness & Training
Security Awareness & Training
novemberchild
Sample IT Policy
Sample IT Policy
Clarknuber
Internet safety presentation 2019
Internet safety presentation 2019
KanelandSvihlik
SEGURANÇA CIBERNÉTICA X CIBERSEGURANÇA.pdf
SEGURANÇA CIBERNÉTICA X CIBERSEGURANÇA.pdf
annykaroline2Ainform
Recommended
Privacy in the Workplace: Employee Monitoring and Surveillance
Privacy in the Workplace: Employee Monitoring and Surveillance
Overholt Law
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)
Benjamin Ang
Internet safety ppt
Internet safety ppt
mcmullan
Classifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoft
David J Rosenthal
Security Awareness & Training
Security Awareness & Training
novemberchild
Sample IT Policy
Sample IT Policy
Clarknuber
Internet safety presentation 2019
Internet safety presentation 2019
KanelandSvihlik
SEGURANÇA CIBERNÉTICA X CIBERSEGURANÇA.pdf
SEGURANÇA CIBERNÉTICA X CIBERSEGURANÇA.pdf
annykaroline2Ainform
Integracao de Dados, Informacao, Conhecimento e Saber
Integracao de Dados, Informacao, Conhecimento e Saber
Junio Soares Dias
Solutions for ADAS and AI data engineering using OpenPOWER/POWER systems
Solutions for ADAS and AI data engineering using OpenPOWER/POWER systems
Ganesan Narayanasamy
ISO IEC 27001 2013.pdf
ISO IEC 27001 2013.pdf
ssuserb0af37
Lei geral de proteção de dados por Kleber Silva e Ricardo Navarro (Pise4)
Lei geral de proteção de dados por Kleber Silva e Ricardo Navarro (Pise4)
Joao Galdino Mello de Souza
Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3
CTIN
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
himalya sharma
Pcidss qr gv3_1
Pcidss qr gv3_1
leon bonilla
Internet / Cyber Security
Internet / Cyber Security
SrijanMukhopadhyay1
IT Policy
IT Policy
Julian Hutabarat
Computer misuse
Computer misuse
Shatakshi Goswami
ISMS: A7-Human Resources Security ISO 27001
ISMS: A7-Human Resources Security ISO 27001
chutinhha
Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2
DallasHaselhorst
Ftk install guide
Ftk install guide
Parisutham Institute of Technology & Science
Cyber security awareness สถาบันพระปกเกล้า
Cyber security awareness สถาบันพระปกเกล้า
Surachai Chatchalermpun
1 understanding cyber threats
1 understanding cyber threats
mohamad Hamizi
Introduction to Big Data Hadoop Training Online by www.itjobzone.biz
Introduction to Big Data Hadoop Training Online by www.itjobzone.biz
ITJobZone.biz
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
PECB
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
IT Governance Ltd
Information Security Seminar
Information Security Seminar
Acend Corporate Learning
Computer, E-mail and Internet Usage Policy and Procedure
Computer, E-mail and Internet Usage Policy and Procedure
The Pathway Group
Pesquisa sobre BYOD
Pesquisa sobre BYOD
Fernando Palma
Exemplo de política de segurança
Exemplo de política de segurança
Fernando Palma
More Related Content
What's hot
Integracao de Dados, Informacao, Conhecimento e Saber
Integracao de Dados, Informacao, Conhecimento e Saber
Junio Soares Dias
Solutions for ADAS and AI data engineering using OpenPOWER/POWER systems
Solutions for ADAS and AI data engineering using OpenPOWER/POWER systems
Ganesan Narayanasamy
ISO IEC 27001 2013.pdf
ISO IEC 27001 2013.pdf
ssuserb0af37
Lei geral de proteção de dados por Kleber Silva e Ricardo Navarro (Pise4)
Lei geral de proteção de dados por Kleber Silva e Ricardo Navarro (Pise4)
Joao Galdino Mello de Souza
Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3
CTIN
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
himalya sharma
Pcidss qr gv3_1
Pcidss qr gv3_1
leon bonilla
Internet / Cyber Security
Internet / Cyber Security
SrijanMukhopadhyay1
IT Policy
IT Policy
Julian Hutabarat
Computer misuse
Computer misuse
Shatakshi Goswami
ISMS: A7-Human Resources Security ISO 27001
ISMS: A7-Human Resources Security ISO 27001
chutinhha
Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2
DallasHaselhorst
Ftk install guide
Ftk install guide
Parisutham Institute of Technology & Science
Cyber security awareness สถาบันพระปกเกล้า
Cyber security awareness สถาบันพระปกเกล้า
Surachai Chatchalermpun
1 understanding cyber threats
1 understanding cyber threats
mohamad Hamizi
Introduction to Big Data Hadoop Training Online by www.itjobzone.biz
Introduction to Big Data Hadoop Training Online by www.itjobzone.biz
ITJobZone.biz
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
PECB
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
IT Governance Ltd
Information Security Seminar
Information Security Seminar
Acend Corporate Learning
Computer, E-mail and Internet Usage Policy and Procedure
Computer, E-mail and Internet Usage Policy and Procedure
The Pathway Group
What's hot
(20)
Integracao de Dados, Informacao, Conhecimento e Saber
Integracao de Dados, Informacao, Conhecimento e Saber
Solutions for ADAS and AI data engineering using OpenPOWER/POWER systems
Solutions for ADAS and AI data engineering using OpenPOWER/POWER systems
ISO IEC 27001 2013.pdf
ISO IEC 27001 2013.pdf
Lei geral de proteção de dados por Kleber Silva e Ricardo Navarro (Pise4)
Lei geral de proteção de dados por Kleber Silva e Ricardo Navarro (Pise4)
Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
Pcidss qr gv3_1
Pcidss qr gv3_1
Internet / Cyber Security
Internet / Cyber Security
IT Policy
IT Policy
Computer misuse
Computer misuse
ISMS: A7-Human Resources Security ISO 27001
ISMS: A7-Human Resources Security ISO 27001
Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2
Ftk install guide
Ftk install guide
Cyber security awareness สถาบันพระปกเกล้า
Cyber security awareness สถาบันพระปกเกล้า
1 understanding cyber threats
1 understanding cyber threats
Introduction to Big Data Hadoop Training Online by www.itjobzone.biz
Introduction to Big Data Hadoop Training Online by www.itjobzone.biz
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
Information Security Seminar
Information Security Seminar
Computer, E-mail and Internet Usage Policy and Procedure
Computer, E-mail and Internet Usage Policy and Procedure
Viewers also liked
Pesquisa sobre BYOD
Pesquisa sobre BYOD
Fernando Palma
Exemplo de política de segurança
Exemplo de política de segurança
Fernando Palma
Classificação da informação
Classificação da informação
Fernando Palma
BIA - Business Impact Analysis
BIA - Business Impact Analysis
Allan Piter Pressi
Resumo ISO 27002
Resumo ISO 27002
Fernando Palma
Aula 3 - Política de Segurança da Informação (PSI)
Aula 3 - Política de Segurança da Informação (PSI)
Carlos Henrique Martins da Silva
Viewers also liked
(6)
Pesquisa sobre BYOD
Pesquisa sobre BYOD
Exemplo de política de segurança
Exemplo de política de segurança
Classificação da informação
Classificação da informação
BIA - Business Impact Analysis
BIA - Business Impact Analysis
Resumo ISO 27002
Resumo ISO 27002
Aula 3 - Política de Segurança da Informação (PSI)
Aula 3 - Política de Segurança da Informação (PSI)
Similar to Exemplo de política BYOD
Bring your own device guidance
Bring your own device guidance
Gary Chambers
Mobile Device Policy Template
Mobile Device Policy Template
Demand Metric
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
Lou Milrad
08 pdf show-239
08 pdf show-239
#TheFraudTube
Leveraging byod
Leveraging byod
ManageEngine
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
Pace IT at Edmonds Community College
Ravi i ot-security
Ravi i ot-security
skumartarget
BYOD: Six Essentials for Success
BYOD: Six Essentials for Success
DMIMarketing
Ten Commandments of BYOD
Ten Commandments of BYOD
K Singh
Term assignment
Term assignment
Jenny Shimbashi
Data Privacy Introduction
Data Privacy Introduction
G Prachi
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Calgary Scientific Inc.
Maa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangalore
IBM Software India
Maa s360 10command_ebook-bangalore[1]
Maa s360 10command_ebook-bangalore[1]
IBM Software India
Bridging the Data Security Gap
Bridging the Data Security Gap
xband
University Personal Devices (BYOD) Policy
University Personal Devices (BYOD) Policy
keyashaj
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A Survey
IRJET Journal
Information Rights Management (IRM)
Information Rights Management (IRM)
Network Intelligence India
Byod
Byod
Asifulla Azad
Data-Centric Security | Seclore
Data-Centric Security | Seclore
Seclore
Similar to Exemplo de política BYOD
(20)
Bring your own device guidance
Bring your own device guidance
Mobile Device Policy Template
Mobile Device Policy Template
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
08 pdf show-239
08 pdf show-239
Leveraging byod
Leveraging byod
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
Ravi i ot-security
Ravi i ot-security
BYOD: Six Essentials for Success
BYOD: Six Essentials for Success
Ten Commandments of BYOD
Ten Commandments of BYOD
Term assignment
Term assignment
Data Privacy Introduction
Data Privacy Introduction
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Maa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangalore
Maa s360 10command_ebook-bangalore[1]
Maa s360 10command_ebook-bangalore[1]
Bridging the Data Security Gap
Bridging the Data Security Gap
University Personal Devices (BYOD) Policy
University Personal Devices (BYOD) Policy
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A Survey
Information Rights Management (IRM)
Information Rights Management (IRM)
Byod
Byod
Data-Centric Security | Seclore
Data-Centric Security | Seclore
More from Fernando Palma
CRM Gerenciamento Do Relacionamento Com Clientes | Prof. Francisco Alves | C...
CRM Gerenciamento Do Relacionamento Com Clientes | Prof. Francisco Alves | C...
Fernando Palma
Formação em ciência de dados
Formação em ciência de dados
Fernando Palma
Apostila de Introdução ao Arduino
Apostila de Introdução ao Arduino
Fernando Palma
Apostila Arduino Basico
Apostila Arduino Basico
Fernando Palma
Cartilha Segurança na Internet - CERT.br
Cartilha Segurança na Internet - CERT.br
Fernando Palma
Ebook Apache Server: Guia Introdutório
Ebook Apache Server: Guia Introdutório
Fernando Palma
Apostila Zend Framework
Apostila Zend Framework
Fernando Palma
Hacker Ético
Hacker Ético
Fernando Palma
Ebook Governança de TI na Prática
Ebook Governança de TI na Prática
Fernando Palma
Simulado ITIL Foundation - Questões Comentadas
Simulado ITIL Foundation - Questões Comentadas
Fernando Palma
Introdução à Aprendizagem de Máquina
Introdução à Aprendizagem de Máquina
Fernando Palma
PDTI - Plano Diretor de Tecnologia da Informação (modelo)
PDTI - Plano Diretor de Tecnologia da Informação (modelo)
Fernando Palma
Guia Salarial 2017 Robert Half Brasil
Guia Salarial 2017 Robert Half Brasil
Fernando Palma
Tutorial memcached
Tutorial memcached
Fernando Palma
Gerenciamento na nuvem e System Center
Gerenciamento na nuvem e System Center
Fernando Palma
SAN: Storage Area Network
SAN: Storage Area Network
Fernando Palma
Linguagem ABAP
Linguagem ABAP
Fernando Palma
Ebook ITIL Na Prática
Ebook ITIL Na Prática
Fernando Palma
Exemplo de Plano Estratégico de TI - MEC
Exemplo de Plano Estratégico de TI - MEC
Fernando Palma
Apostila Tutorial CakePHP
Apostila Tutorial CakePHP
Fernando Palma
More from Fernando Palma
(20)
CRM Gerenciamento Do Relacionamento Com Clientes | Prof. Francisco Alves | C...
CRM Gerenciamento Do Relacionamento Com Clientes | Prof. Francisco Alves | C...
Formação em ciência de dados
Formação em ciência de dados
Apostila de Introdução ao Arduino
Apostila de Introdução ao Arduino
Apostila Arduino Basico
Apostila Arduino Basico
Cartilha Segurança na Internet - CERT.br
Cartilha Segurança na Internet - CERT.br
Ebook Apache Server: Guia Introdutório
Ebook Apache Server: Guia Introdutório
Apostila Zend Framework
Apostila Zend Framework
Hacker Ético
Hacker Ético
Ebook Governança de TI na Prática
Ebook Governança de TI na Prática
Simulado ITIL Foundation - Questões Comentadas
Simulado ITIL Foundation - Questões Comentadas
Introdução à Aprendizagem de Máquina
Introdução à Aprendizagem de Máquina
PDTI - Plano Diretor de Tecnologia da Informação (modelo)
PDTI - Plano Diretor de Tecnologia da Informação (modelo)
Guia Salarial 2017 Robert Half Brasil
Guia Salarial 2017 Robert Half Brasil
Tutorial memcached
Tutorial memcached
Gerenciamento na nuvem e System Center
Gerenciamento na nuvem e System Center
SAN: Storage Area Network
SAN: Storage Area Network
Linguagem ABAP
Linguagem ABAP
Ebook ITIL Na Prática
Ebook ITIL Na Prática
Exemplo de Plano Estratégico de TI - MEC
Exemplo de Plano Estratégico de TI - MEC
Apostila Tutorial CakePHP
Apostila Tutorial CakePHP
Recently uploaded
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
Mark Billinghurst
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
FIDO Alliance
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
UXDXConf
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
Femke de Vroome
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
FIDO Alliance
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
Stephanie Beckett
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
CzechDreamin
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
Patrick Viafore
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
vincent683379
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
iSEO AI
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
UXDXConf
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
GDSC PJATK
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
FIDO Alliance
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
Stefano
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
FIDO Alliance
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
shyamraj55
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
CzechDreamin
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
marcuskenyatta275
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
John Staveley
Recently uploaded
(20)
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
Exemplo de política BYOD
1.
NoticeBored information security
awareness BYOD policy Copyright © 2012 IsecT Ltd. Page 1 of 4 Information security policy BYOD (Bring Your Own Device) Policy summary Employees who prefer to use their personally-owned IT equipment for work purposes must be explicitly authorized to do so, must secure corporate data to the same extent as on corporate IT equipment, and must not introduce unacceptable risks (such as malware) onto the corporate networks by failing to secure their own equipment. Applicability This policy forms part of the corporate governance framework. It is particularly relevant to employees who wish to use PODs (see below) for work purposes. This policy also applies to third parties acting in a similar capacity to our employees whether they are explicitly bound (e.g. by contractual terms and conditions) or implicitly bound (e.g. by generally held standards of ethics and acceptable behavior) to comply with our information security policies. Policy detail Background In contrast to Information and Communications Technology (ICT) devices owned by the organization, Personally Owned Devices (PODs) are ICT devices1 owned by employees or by third parties (such as suppliers, consultancies and maintenance contractors). Authorized employees and third parties may wish to use their PODs for work purposes, for example making and receiving work phone calls and text messages on their own personal cellphones, using their own tablet computers to access, read and respond to work emails, or working in a home-office. Bring Your Own Device (BYOD) is associated with a number of information security risks such as: Loss, disclosure or corruption of corporate data on PODs; Incidents involving threats to, or compromise of, the corporate ICT infrastructure and other information assets (e.g. malware infection or hacking); Noncompliance with applicable laws, regulations and obligations (e.g. privacy or piracy); Intellectual property rights for corporate information created, stored, processed or communicated on PODs in the course of work for the organization. Due to management’s concerns about information security risks associated with BYOD, individuals who wish to opt-in to BYOD must be authorized by management and must explicitly accept the requirements laid out in this policy beforehand. Management reserves the right not to authorize individuals, or to withdraw the authorization, if they deem BYOD not to be appropriate and in the best interests of the organization. The organization will continue to provide 1 PODs are typically laptops, tablet computers, ultra-mobile PCs (UMPCs), desktop PCs, Personal Digital Assistants (PDAs), palmtops, cellphones, smartphones, digital cameras, digital memo recorders, printers etc., plus the associated portable storage media such as USB memory sticks, memory cards, portable hard drives, floppy disks etc.
2.
NoticeBored information security
awareness BYOD policy Copyright © 2012 IsecT Ltd. Page 2 of 4 its choice of fully owned and managed ICT devices as necessary for work purposes, so there is no compulsion for anyone to opt-in to BYOD if they choose not to participate in the scheme. Policy axioms (guiding principles) A. The organization and the owners and users of PODs share responsibilities for information security. B. Nothing in this policy affects the organization’s ownership of corporate information, including all work-related intellectual property created in the course of work on PODs. Detailed policy requirements 1. Corporate data can only be created, processed, stored and communicated on personal devices running the organization’s chosen Mobile Device Management (MDM) client software. Devices not running MDM (including devices that cannot run MDM, those on which the owners decline to allow IT to install MDM with the rights and privileges it needs to operate correctly, and those on which MDM is disabled or deleted after installation) may connect to designated guest networks providing Internet connections, but will not be granted access to the corporate LAN. They must not be used to create, modify, store or communicate corporate data. 2. PODs must use appropriate forms of device authentication approved by Information Security, such as digital certificates created for each specific device. Digital certificates must not be copied to or transferred between PODs. 3. BYOD users must use appropriate forms of user authentication approved by Information Security, such as userIDs, passwords and authentication devices. 4. The following classes or types of corporate data are not suitable for BYOD and are not permitted on PODs: Anything classified SECRET or above; Other currently unclassified but highly valuable or sensitive corporate information which is likely to be classified as SECRET or above; Large quantities of corporate data (i.e. greater than 1 Gb in aggregate on any one POD or storage device). 5. The organization has the right to control its information. This includes the right to backup, retrieve, modify, determine access and/or delete corporate data without reference to the owner or user of the POD. 6. The organization has the right to seize and forensically examine any POD believed to contain, or to have contained, corporate data where necessary for investigatory or control purposes. 7. Suitable antivirus software must be properly installed and running on all PODs. 8. POD users must ensure that valuable corporate data created or modified on PODs are backed up regularly, preferably by connecting to the corporate network and synchronizing the data between POD and a network drive, otherwise on removable media stored securely. 9. Any POD used to access, store or process sensitive information must encrypt data transferred over the network (e.g. using SSL or a VPN) and while stored on the POD or on separate storage media (e.g. using TrueCrypt), whatever storage technology is used (e.g. hard disk, solid-state disk, CD/DVD, USB/flash memory stick, floppy disk etc.). 10. Since IT Help/Service Desk does not have the resources or expertise to support all possible devices and software, PODs used for BYOD will receive limited support on a ‘best endeavors’ basis for business purposes only. 11. While employees have a reasonable expectation of privacy over their personal information on their own equipment, the organization’s right to control its data and manage PODs may
3.
NoticeBored information security
awareness BYOD policy Copyright © 2012 IsecT Ltd. Page 3 of 4 occasionally result in support personnel unintentionally gaining access to their personal information. To reduce the possibility of such disclosure, POD users are advised to keep their personal data separate from business data on the POD in separate directories, clearly named (e.g. “Private” and “BYOD”). 12. Take care not to infringe other people’s privacy rights, for example do not use PODs to make audio-visual recordings at work. Responsibilities Information Security Management is responsible for maintaining this policy and advising generally on information security controls. It is responsible for issuing digital certificates to authenticate authorized PODs, and for monitoring network security for unauthorized access, inappropriate network traffic etc. Working in conjunction with other corporate functions, it is also responsible for running educational activities to raise awareness and understanding of the obligations identified in this policy. IT Department is responsible for managing the security of corporate data and configuring security on authorized PODs using MDM. IT is also explicitly responsible for ensuring the security of the MDM software and related procedures in order to minimize the risk of hackers exploiting MDM to access mobile devices. IT Help/Service Desk is responsible for providing limited support for BYOD on PODs on a ‘best endeavors’ basis for work-related issues only. Information security incidents affecting PODs used for BYOD should be reported promptly to IT Help/Service Desk in the normal way. All relevant employees are responsible for complying with this and other corporate policies at all times. Internal Audit is authorized to assess compliance with this and other corporate policies at any time. Related policies, standards, procedures and guidelines Item Relevance Information security policy manual Defines the overarching set of information security controls reflecting ISO/IEC 27002, the international standard code of practice for information security management Mobile/portable computing policy Specifies a number of information security controls applicable to the use of mobile and portable devices. Although it was MDM standards and procedures Given stringent information security requirements and the diverse nature of mobile/portable devices, the choice, installation, configuration and use of Mobile Data Management software is non-trivial. IT’s responsibilities are fulfilled through MDM technical standards and operating procedures. Information Asset Ownership policy Information Asset Owners are responsible for classifying their assets and may determine whether BYOD is or is not appropriate for them. Human Resources policies, procedures, code of conduct etc. Explain standards of behavior expected of employees, and disciplinary processes if the rules are broken.
4.
NoticeBored information security
awareness BYOD policy Copyright © 2012 IsecT Ltd. Page 4 of 4 Item Relevance BYOD guidelines and briefings Further security awareness materials are available on this topic. Contacts For further information about this policy or general advice on information security, contact the IT Help/Service Desk. Security standards, procedures, guidelines and other materials supporting and expanding upon this and other information security policies are available on the intranet Security Zone. The Information Security Manager can advise on more specific issues. Important note from IsecT Ltd. This policy is unlikely to be entirely sufficient or suitable for you without customization. This is a generic model or template policy incorporating a selection of common controls in this area derived from our knowledge of good security practices and international standards. It does not necessarily reflect your organization’s specific requirements. We are not familiar with your particular circumstances and cannot offer tailored guidance. It is not legal advice. It is meant to be considered by management as part of the security awareness program, ideally as part of the regular review and update of your information security policies. For the Word version of this and over 40 other security policies, see www.NoticeBored.com.
Download now