ºìÐÓ¶ÌÊÓƵ

Policy 10 - Removable Media Policy

1.0 Overview

Removable media is a well-known source of malware infections and has been directly tied to the loss of sensitive information in many organizations.

2.0 Purpose

The purpose of this policy is to minimize the risk of loss or exposure of sensitive information maintained by ºìÐÓ¶ÌÊÓƵ State University and to reduce the risk of acquiring malware infections on computers operated by ºìÐÓ¶ÌÊÓƵ State University. Any questions or comments about this policy should be directed to Information Systems.

3.0 Scope

This policy covers all removable media that contains ºìÐÓ¶ÌÊÓƵ State University data or that is connected to a ºìÐÓ¶ÌÊÓƵ State University network.

4.0 Policy

ºìÐÓ¶ÌÊÓƵ State University staff may use removable media in their work computers. Sensitive information should be stored on removable media only when required in the performance of assigned duties or when responding to legitimate requests for information. When sensitive information is stored on removable media, it must be encrypted in accordance with the ºìÐÓ¶ÌÊÓƵ State University Acceptable Encryption Policy. Exceptions to this policy may be requested on a case-by-case basis by petition to Information Systems.

5.0 Enforcement

Anyone found to have violated this policy may be subject to disciplinary action according to personnel policies and procedures. Students may be referred to Student Affairs for discipline. A violation of this policy by a temporary worker, contractor or vendor may result in action up to and including termination of their contract or assignment with ºìÐÓ¶ÌÊÓƵ State University.

6.0 Definitions

Removable Media

Removable media is defined as devices or media that is readable and/or writable by the end user and are able to be moved from computer to computer without modification to the computer. This includes flash memory devices such as thumb drives, SD cards, cameras, MP3 players and PDAs; removable hard drives (including hard drive-based MP3 players); optical disks such as CD and DVD disks; floppy disks and software disks not provided by ºìÐÓ¶ÌÊÓƵ State University.

Encryption

Encryption is a procedure used to convert data from its original form to a format that is unreadable and/or unusable to anyone without the tools/information needed to reverse the encryption process.

Malware

Malware is defined as software of malicious intent/impact such as viruses, worms and spyware.

ºìÐÓ¶ÌÊÓƵ State University Network

Being connected to a ºìÐÓ¶ÌÊÓƵ State University network includes the following:

  • If you have a network capable device (ex. laptop) plugged into a ºìÐÓ¶ÌÊÓƵ State University owned building, then you are connected to the ºìÐÓ¶ÌÊÓƵ LAN (local area network).
  • If you have a wireless capable device (ex. laptop, iPhone) and connect to ºìÐÓ¶ÌÊÓƵWireless or ºìÐÓ¶ÌÊÓƵSecure, then you are connected to the ºìÐÓ¶ÌÊÓƵ WLAN (wireless local area network).
  • If you connect from a computer through the ºìÐÓ¶ÌÊÓƵ State University VPN (virtual private network), you are then connected to the ºìÐÓ¶ÌÊÓƵ LAN (local area network).

Sensitive Information

Sensitive information is defined as information which, if made available to unauthorized persons, may adversely affect ºìÐÓ¶ÌÊÓƵ State University, its programs or participants served by its programs. Examples include, but are not limited to, personal identifiers and financial information. The determination of sensitivity is the responsibility of individual departments.



Policy adopted:  02-25-2011
Revision adopted: 
Policy approval and adoption: ºìÐÓ¶ÌÊÓƵ State University President's Office and Information Systems Security

Take the next step

© ºìÐÓ¶ÌÊÓƵ State University Department of Web ManagementWe are Racers.