1 State of Illinois Department of Central Management Services MOBILE DEVICE SECURITY Effective: October 01, 2009 State of Illinois
2 Department of Central Management Services Bureau of Communication and Computer Services Effective October 01, 2009 Version 1.0 Please Return to: Thank You. CMS/BCCS Chief Information Security Office 120 W. Jefferson Springfield, IL Page 2 of 5
3 TABLE OF CONTENTS STATEMENT PURPOSE SCOPE DEFINITIONS ENFORCEMENT RESPONSIBILITY Effective Oct 01, 2009 Public Page 3 of 5
4 STATEMENT The Illinois Department of Central Management Services, Bureau of Communication and Computer services (CMS/BCCS) seeks to protect State of Illinois (State) mobile devices from unauthorized access, use, disclosure, alteration, modification, deletion, destruction and/or removal. PURPOSE This document describes the minimum security policy for State of Illinois mobile devices. Mobile devices must be appropriately secured to prevent sensitive or confidential data from being lost or compromised, to reduce the risk of spreading viruses, and to mitigate other forms of abuse of the State of Illinois computing and information infrastructure. SCOPE This security policy (Mobile Device Security Policy) applies to the user of any State mobile device which connects to the CMS/BCCS managed network / resource. DEFINITIONS Definitions for terms used in this policy can be found in the BCCS Terminology Glossary located at The terms and definitions listed below are meaningful for this policy. In the event of conflict between the definition in the BCCS Terminology Glossary and the definition contained in this policy, the definition below shall control for this Policy. 1. Mobile Devices: These include, but are not limited to, Portable Digital Assistants (PDAs), notebook computers, Tablet PCs, Palm Pilots, Microsoft Pocket PCs, RIM Blackberrys, MP3 players, text pagers, smart phones, compact discs, DVD discs, memory sticks, USB drives, floppy discs and other similar devices. 2. User - Anyone with authorized access to State business information systems, including permanent and temporary employees or third-party personnel such as temporaries, contractors, consultants, and other parties with valid State access accounts. 3. Screen Lock - Mechanism to hide data on a visual display while the computer continues to operate. A screen lock requires authentication to access the data. Screen locks can be activated manually or in response to rules. 4. Screen Timeout - Mechanism to turn off a device or end a session when the device has not been used for a specified time period. ENFORCEMENT Noncompliance with this policy and/or its resulting procedures may be cause for disciplinary action up to and including discharge, may involve civil or criminal litigation, and may involve restitution, fines, and/or penalties. RESPONSIBILITY 1. Each user of a State mobile device is responsible for following this policy and any related policy or procedure promulgated by their Agency head. Effective Oct 01, 2009 Public Page 4 of 5
5 2. Each Agency may also establish policies and procedures and assign responsibility to specific agency personnel to achieve compliance with this policy. 3. Anyone observing what appears to be a breach of security, violation of this policy, violation of state or federal law, theft, damage, or any action placing State resources at risk must report the incident to an appropriate level supervisor, manager, or security officer within their organization. Those reporting alleged incidents will be protected from retaliation by existing whistleblower protection laws. 4. Managers and supervisors are responsible for ensuring that users are aware of and understand this policy and all related procedures. 1. Whenever possible, all mobile devices must be password protected. Choose and implement a strong password at least eight (8) characters in length. 2. The physical security of these devices is the responsibility of the employee to whom the device has been assigned. Devices shall be kept in the employee s physical presence whenever possible. Whenever a device is being stored, it shall be stored in a secure place, preferably outof-sight. 3. If a mobile device is lost or stolen, promptly report the incident to the CMS/BCCS Help Desk and proper authorities. Also, be sure to document the serial number of your device now, for reporting purposes, in the event that it is lost or stolen. 4. Sensitive or confidential documents, if stored on the device, should be encrypted if possible. 5. Mobile device options and applications that are not in use should be disabled. 6. Sensitive and confidential information should be removed from the mobile device before it is returned, exchanged or disposed. 7. Whenever possible all mobile devices should enable screen locking and screen timeout functions. 8. No personal information (as defined by the personal information protection act 815 ILCS 530) shall be stored on mobile devices unless it is encrypted and permission is granted from the data owner. 9. Before a mobile device is connected to State IT systems, it shall be scanned for viruses (the user risks having files on the device deleted if any viruses are detected). If media mobile device is used for transitional storage (for example copying data between systems), the data shall be securely deleted from the mobile device immediately upon completion. - End of Mobile Device Security Policy - Effective Oct 01, 2009 Public Page 5 of 5
1.0 BACKGROUND AND PURPOSE Information Technology ( IT ) includes a vast and growing array of computing, electronic and voice communications facilities and services. At the Colorado School of Mines ( Mines
Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether
Information Security Policy The purpose of this Policy is to describe the procedures and processes in place to ensure the secure and safe use of the federation s network and its resources and to protect
The Ministry of Information & Communication Technology MICT Document Reference: ISGSN2012-10-01-Ver 1.0 Published Date: March 2014 1 P a g e Table of Contents Table of Contents... 2 Definitions... 3 1.
Technology Department 1350 Main Street Cambria, CA 93428 Technology Acceptable Use and Security Policy The Technology Acceptable Use and Security Policy ( policy ) applies to all CUSD employees and any
Information Technology Policies and Procedures Wakulla County School District March 2014 Table of contents TABLE OF CONTENTS... 1 1.0 OVERVIEW... 2 2.0 PURPOSE... 2 3.0 SCOPE... 2 4.0 ACCEPTABLE USE POLICY...
Delgado Community College Information Technology Security Policy Approved: *November 5, 2010 ) Delgado Community College IT Security Policy Page 2 *November 5, 2010 Table of Contents Title Page 1.0 Introduction
The Archbishop s Seminary Information Security Policy 1 Contents PURPOSE... 4 SCOPE... 4 POLICY STATEMENTS... 5 INFORMATION SECURITY POLICY... 5 THE SCHOOL S RIGHT TO ACCESS ITS PROPERTY... 5 THE SCHOOL
Version 2.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you
Jefferson County School District Information Technology Policies and Procedures 575 S. Water Street Monticello, FL 32344 (850) 342-0100 www.jeffersonschooldistrict.org June 2014 Table of Contents 1.0 Overview...
Marist College Information Security Policy February 2005 INTRODUCTION... 3 PURPOSE OF INFORMATION SECURITY POLICY... 3 INFORMATION SECURITY - DEFINITION... 4 APPLICABILITY... 4 ROLES AND RESPONSIBILITIES...
2014 WorldEscrow N.V./S.A. SECURITY POLICIES AND PROCEDURES This document describes internal security rules within the WorldEscrow N.V./S.A. organization. Content 1) Employee Responsibilities... 1 2) Use
VA Privacy and Information Security Awareness and Rules of Behavior FY14 Text-Only Course Transcript Table of Contents Table of Contents... 0 Purpose of this Document... 3 Using this Document... 3 Module
NETWORK SECURITY GUIDELINES VIRUS PROTECTION STANDARDS All networked computers and networked laptop computers are protected by GST BOCES or district standard anti-virus protection software. The anti-virus
Acceptable Use Policy Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is
April 21, 2009 Dines Bjørner: MITS: Models of IT Security: 1 Models of IT Security Security Rules & Regulations: An Interpretation Dines Bjørner Fredsvej 11, DK 2840 Holte, Denmark Presented at Humboldt
Internet Acceptance Use and Data Security Policy Last Updated: 08/10/2012 Date of Next Review: 08/10/2015 Approved by GB: 10/10/2012 Responsible Committee: Student Welfare and Development Internet Acceptable
Poplar Street Primary School ICT Security and Acceptable Use Policy E-Safety policy 2013/14 Working Together Aiming High! 1 Contents 1. Introduction... 3 2. Policy Objectives... 3 3. Application... 3 4.
TADCASTER GRAMMAR SCHOOL Toulston, Tadcaster, North Yorkshire. LS24 9NB NETWORK AND INTERNET SECURITY POLICY STATEMENT Written by Steve South November 2003 Discussed with ICT Strategy Group January 2004
NETWORK SECURITY POLICY 1. GENERAL Henry County Board of Education (Board) provides employees appropriate electronic access, consisting of e- mail communication, network connectivity, student information
ACCEPTABLE USE POLICY -RA Page 1 of8 User Responsibilities for Computer Systems, Electronic Information and Network Security Agreement 1. Purpose a. To ensure the security of all elements of Cumberland
REED COLLEGE ediscovery GUIDELINES FOR PRESERVATION AND PRODUCTION OF ELECTRONIC RECORDS TABLE OF CONTENTS A. INTRODUCTION... 1 B. THE LANDSCAPE OF ELECTRONIC RECORDS SYSTEMS... 1 1. Email Infrastructure...
Policy Overview Dene Community School of Technology The school provides computers for use by staff as an important tool for teaching, learning, and administration of the school. Use of school computers,
(ITSP-1) SECURITY MANAGEMENT 1A. Policy Statement District management and IT staff will plan, deploy and monitor IT security mechanisms, policies, procedures, and technologies necessary to prevent disclosure,