MOBILE DEVICE SECURITY POLICY



Similar documents
DATA BREACH NOTIFICATION POLICY

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name

INITIAL APPROVAL DATE INITIAL EFFECTIVE DATE

Network and Workstation Acceptable Use Policy

MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP)

HIPAA Security Training Manual

HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY

HIPAA 101: Privacy and Security Basics

Standard: Information Security Incident Management

Data and Information Security Policy

Information Technology Security Policies

Policies and Procedures. Policy on the Use of Portable Storage Devices

Information Security and Electronic Communications Acceptable Use Policy (AUP)

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction

HIPAA Compliance (DSHS and HCA) Preamble: This section of the Contract is the Business Associate Agreement as

HIPAA Security Alert

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

Appendix H: End User Rules of Behavior

Client Advisory October Data Security Law MGL Chapter 93H and 201 CMR 17.00

General Rules of Behavior for Users of DHS Systems and IT Resources that Access, Store, Receive, or Transmit Sensitive Information

Portable Devices and Removable Media Acceptable Use Policy v1.0

CODE OF ETHICS AND BUSINESS CONDUCT

DHHS Information Technology (IT) Access Control Standard

Information Security

Appendix A: Rules of Behavior for VA Employees

Information Technology Services Guidelines

Information Security Policy

EAA Policy for Accepting and Handling Credit and Debit Card Payments ( Policy )

SAMPLE TEMPLATE. Massachusetts Written Information Security Plan

HIPAA and Privacy Policy Training

HELPFUL TIPS: MOBILE DEVICE SECURITY

Ohio Supercomputer Center

BERKELEY COLLEGE DATA SECURITY POLICY

State HIPAA Security Policy State of Connecticut

HIPAA and Health Information Privacy and Security

31-R-11 A RESOLUTION ADOPTING THE CITY OF EVANSTON IDENTITY PROTECTION POLICY. WHEREAS, The Fair and Accurate Credit Transactions Act of 2003,

Who Should Know This Policy 2 Definitions 2 Contacts 3 Procedures 3 Forms 5 Related Documents 5 Revision History 5 FAQs 5

State of Illinois Department of Central Management Services ACTION PLAN FOR NOTIFICATION OF A SECURITY BREACH

Estate Agents Authority

HMIS SECURITY PLAN of the PHILADELPHIA CONTINUUM OF CARE

Title: Data Security Policy Code: Date: rev Approved: WPL INTRODUCTION

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

SECURITY POLICY REMOTE WORKING

Encryption Security Standard

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY

INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL

Department of Homeland Security Management Directive System MD Number: 4900 INDIVIDUAL USE AND OPERATION OF DHS INFORMATION SYSTEMS/ COMPUTERS

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HFS DATA SECURITY TRAINING

Montclair State University. HIPAA Security Policy

Information Technology Cyber Security Policy

State of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE NETWORK RESOURCES POLICY

IT ACCESS CONTROL POLICY

Order. Directive Number: IM Stephen E. Barber Chief Management Officer

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices

Policy Document. Communications and Operation Management Policy

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

H 6191 SUBSTITUTE A AS AMENDED ======= LC02663/SUB A/2 ======= STATE OF RHODE ISLAND IN GENERAL ASSEMBLY JANUARY SESSION, A.D.

Wellesley College Written Information Security Program

HIPAA PRIVACY AND SECURITY AWARENESS

The HIPAA Security Rule Primer A Guide For Mental Health Practitioners

Security Is Everyone s Concern:

Acceptable Use Guidelines

Document Type Doc ID Status Version Page/Pages. Policy LDMS_001_ Effective of 7 Title: Corporate Information Technology Usage Policy

ACE Advantage PRIVACY & NETWORK SECURITY

How To Protect Decd Information From Harm

Hamilton College Administrative Information Systems Security Policy and Procedures. Approved by the IT Committee (December 2004)

CHAPTER 1 COMPUTER SECURITY INCIDENT RESPONSE TEAM (CSIRT)

Privacy Incident and Breach Management Policy

Information Security Policy

Identity Theft Prevention Program Compliance Model

Section 5 Identify Theft Red Flags and Address Discrepancy Procedures Index

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.

Information Security Policy and Handbook Overview. ITSS Information Security June 2015

Transcription:

State of Illinois Department of Central Management Services MOBILE DEVICE SECURITY Effective: October 01, 2009 State of Illinois

Department of Central Management Services Bureau of Communication and Computer Services Effective October 01, 2009 Version 1.0 Please Return to: Thank You. CMS/BCCS Chief Information Security Office 120 W. Jefferson Springfield, IL 62702 Page 2 of 5

TABLE OF CONTENTS STATEMENT PURPOSE SCOPE DEFINITIONS ENFORCEMENT RESPONSIBILITY Effective Oct 01, 2009 Public Page 3 of 5

STATEMENT The Illinois Department of Central Management Services, Bureau of Communication and Computer services (CMS/BCCS) seeks to protect State of Illinois (State) mobile devices from unauthorized access, use, disclosure, alteration, modification, deletion, destruction and/or removal. PURPOSE This document describes the minimum security policy for State of Illinois mobile devices. Mobile devices must be appropriately secured to prevent sensitive or confidential data from being lost or compromised, to reduce the risk of spreading viruses, and to mitigate other forms of abuse of the State of Illinois computing and information infrastructure. SCOPE This security policy (Mobile Device Security Policy) applies to the user of any State mobile device which connects to the CMS/BCCS managed network / resource. DEFINITIONS Definitions for terms used in this policy can be found in the BCCS Terminology Glossary located at http://bccs.illinois.gov. The terms and definitions listed below are meaningful for this policy. In the event of conflict between the definition in the BCCS Terminology Glossary and the definition contained in this policy, the definition below shall control for this Policy. 1. Mobile Devices: These include, but are not limited to, Portable Digital Assistants (PDAs), notebook computers, Tablet PCs, Palm Pilots, Microsoft Pocket PCs, RIM Blackberrys, MP3 players, text pagers, smart phones, compact discs, DVD discs, memory sticks, USB drives, floppy discs and other similar devices. 2. User - Anyone with authorized access to State business information systems, including permanent and temporary employees or third-party personnel such as temporaries, contractors, consultants, and other parties with valid State access accounts. 3. Screen Lock - Mechanism to hide data on a visual display while the computer continues to operate. A screen lock requires authentication to access the data. Screen locks can be activated manually or in response to rules. 4. Screen Timeout - Mechanism to turn off a device or end a session when the device has not been used for a specified time period. ENFORCEMENT Noncompliance with this policy and/or its resulting procedures may be cause for disciplinary action up to and including discharge, may involve civil or criminal litigation, and may involve restitution, fines, and/or penalties. RESPONSIBILITY 1. Each user of a State mobile device is responsible for following this policy and any related policy or procedure promulgated by their Agency head. Effective Oct 01, 2009 Public Page 4 of 5

2. Each Agency may also establish policies and procedures and assign responsibility to specific agency personnel to achieve compliance with this policy. 3. Anyone observing what appears to be a breach of security, violation of this policy, violation of state or federal law, theft, damage, or any action placing State resources at risk must report the incident to an appropriate level supervisor, manager, or security officer within their organization. Those reporting alleged incidents will be protected from retaliation by existing whistleblower protection laws. 4. Managers and supervisors are responsible for ensuring that users are aware of and understand this policy and all related procedures. 1. Whenever possible, all mobile devices must be password protected. Choose and implement a strong password at least eight (8) characters in length. 2. The physical security of these devices is the responsibility of the employee to whom the device has been assigned. Devices shall be kept in the employee s physical presence whenever possible. Whenever a device is being stored, it shall be stored in a secure place, preferably outof-sight. 3. If a mobile device is lost or stolen, promptly report the incident to the CMS/BCCS Help Desk and proper authorities. Also, be sure to document the serial number of your device now, for reporting purposes, in the event that it is lost or stolen. 4. Sensitive or confidential documents, if stored on the device, should be encrypted if possible. 5. Mobile device options and applications that are not in use should be disabled. 6. Sensitive and confidential information should be removed from the mobile device before it is returned, exchanged or disposed. 7. Whenever possible all mobile devices should enable screen locking and screen timeout functions. 8. No personal information (as defined by the personal information protection act 815 ILCS 530) shall be stored on mobile devices unless it is encrypted and permission is granted from the data owner. 9. Before a mobile device is connected to State IT systems, it shall be scanned for viruses (the user risks having files on the device deleted if any viruses are detected). If media mobile device is used for transitional storage (for example copying data between systems), the data shall be securely deleted from the mobile device immediately upon completion. - End of Mobile Device Security Policy - Effective Oct 01, 2009 Public Page 5 of 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information