Consider Ash Rao’s role as Dean of the Saunders College of Business. How important is his laptop to him? What information might he have on that machine?
1. Consider Ash Rao’s role as Dean of the Saunders College of Business. How important is his laptop to him? What information might he have on that machine?
The Dean of Saunders College of Business, Ash Rao’s role was to report the theft case of his stolen Laptop to the Rochester police and to the Network Administrator, Dave Ballard of the College of Business in an email with the ominous subject line “URGENT: Laptop Stolen”… upon noticing with sickening realization that the laptop given to him for his personal and administrative use by the Rochester Institute of Technology was nowhere to be found, which he’d left on the couch in the den before taking his wife to the airport was no longer there.
The importance of Dean’s laptop was extensive with details of his personal business improvement goals and roles as the dean and leader in the business world. Other important information contained on the machine are the several events schedules for that week, budget reports containing Saunders faculty staff salary information and many presentations to fellow deans, faculty staffs, alumni and business leaders
2. Evaluate the steps that Dave Ballard and Nick Francesco took in response to Dean Rao’s email informing them that his laptop had been stolen.
1. Ballard called for a safety check.
2. Assures the Dean of getting a new device but with authorisation From Nick Francesco
3. RIT Public Safety policies, ISO procedures and Nick Francesco in the loop on the case
4. Francesco and Dave Ballard experience about similar case asked Dean about the vital information that might be stolen and how unlikely to recover such information.
5. Ballard assured the Dean perhaps if the Laptop ever got connected on the internet, a notification will
Dave Ballard, noticed the ominous subject line “URGENT: Laptop Stolen” received in his email from the Dean of the Saunders College of Business explaining in a short email to him (Dave) how his house was broken into and the laptop was gone. Dave Ballard dialled the Dean’s number, but couldn’t get through to the Dean. He sent an email replying “Are you Okay!” Dean’s answer came shortly to confirm “He was fine, I notified the Rochester police – they will be here shortly”. Dean further asked him how soon he can get him a new laptop.
Evaluation: Dave took necessary steps required as the Network Administrator to begin by checking to see if the Dean was alright and okay. He reported the situation timely to the high authority above him and making sure they are notified. He assures the Dean, a new device will be assigned to him to carry out his duties as the Dean College of Business of Rochester Institute of technology.
Francesco’s steps were basically surrounded with concern about the integrity of the information contained on the stolen machine and if there were propriety information which has to be reported timely for action. Also, he approved the assignment of a new device to the Dean. Dave Ballard, meanwhile was able to assist within the scope of the previous backup re-installation of the software and programs from previous backup made from necessary to make the new device functioned like the old machine but some other information which wasn’t backed up by the Dean was irretrievably lost.
Francesco presence was centred about making sure the ISO standard was maintained during the backup and re-installations of the programs and software required on the Dean’s new device by Dave Ballard.
Francesco and Ballard from previous experience, understands the RIT policies and standards covered information security (Appendix D, E and F). Data was classified into four categories: Private, Confidential, Internal, and Public. As part of the information protection standard, every department was required to identify and maintain an inventory of all private, confidential and internal data it maintained. So Francesco asked the Dean about information that might have been on the stolen laptop, and what student records did the Dean have saved on the laptop.
3. Assume you are tasked with designing a new policy that highlights information security best practices related specifically to mobile devices at RIT, including laptops, smartphones, and tablets. The new policy should supplement RIT’s Information Security Policy and Acceptable Use Policy (see the case’s Exhibits 4 and 5). What practices would you recommend? How could you make staff aware of the policy and encourage their compliance?
The term “mobile device” includes, but is not limited or restricted to, laptops, mobile phones, smartphones, tablets and other personal electronic devices (PDEs) and approved storage devices which can be used to access, store, process, transmit, discuss, or record data electronically.
The focus of the IT Security policies and design would be a policy framework which reduces the exposure to risks, threat, and vulnerabilities. It is important that the policies are available to the member staffs and academic community (students, regardless of whether or not they are directly member staffs of the community of Rochester Institute of Technology who access or have access rights to the RIT systems, networks or computers. It is important to relate policy definition and standards to practical design requirements. These requirements will properly apply the best security controls and countermeasures. Policy statements must set limits as well as refer to standards, procedures, and guidelines.
The policies define how security controls and countermeasures must be used to comply with laws and regulations on day to day usage of these devices.
• Policy that provides with reasoning and processes for minimising and handling (accessing, storing, processing, transmitting, discussing or recording) of sensitive or personal identifiable information used to carry out designated duties and business objectives on a day-to-day operation on computers, laptops and all other mobile devices on RIT network facilities.
• Members are charged with responsibility for the physical security of all mobile devices provided for work purposes, and for the information fetched access and stored on them.
• This policy applies to everyone including the RIT Deans, other authority and subordinate staff members and public community who accesses the RIT systems, networks or computers, regardless of whether or not they are directly member staffs of RIT.
• Laptops and mobile devices will, in most circumstances, be loaded with a standard suite of approved software and encryptions security applications installed by the RIT.
• In the event of damage or malfunction, it is the Member staff’s responsibility to report the matter within two (2) business days and return the device to the Technology Centre for repair or replacement.
• This policy warranty does not cover drops, falls, electrical surges, liquids spilled on the units, fire damage, intentional damage, normal wear and tear, lost parts (power units) or consumables (batteries).
• In the case of theft of RIT College of Business issued equipment, the member staff shall immediately notify his/her supervisor and the Administrator and if requested by the College, the employee must file a police report and provide a copy of the report to his/her supervisor.
• Evidence of misuse or abuse of a laptop or mobile device may result in the revocation of the employee’s use of such equipment or device but any such action will be consistent with any governing collective bargaining agreement as applicable.
1. Consider Ash Rao’s role as Dean of the Saunders College of Business. How important is his laptop to him? What information might he have on that machine?
The Dean of Saunders College of Business, Ash Rao’s role was to report the theft case of his stolen Laptop to the Rochester police and to the Network Administrator, Dave Ballard of the College of Business in an email with the ominous subject line “URGENT: Laptop Stolen”… upon noticing with sickening realization that the laptop given to him for his personal and administrative use by the Rochester Institute of Technology was nowhere to be found, which he’d left on the couch in the den before taking his wife to the airport was no longer there.
The importance of Dean’s laptop was extensive with details of his personal business improvement goals and roles as the dean and leader in the business world. Other important information contained on the machine are the several events schedules for that week, budget reports containing Saunders faculty staff salary information and many presentations to fellow deans, faculty staffs, alumni and business leaders
2. Evaluate the steps that Dave Ballard and Nick Francesco took in response to Dean Rao’s email informing them that his laptop had been stolen.
1. Ballard called for a safety check.
2. Assures the Dean of getting a new device but with authorisation From Nick Francesco
3. RIT Public Safety policies, ISO procedures and Nick Francesco in the loop on the case
4. Francesco and Dave Ballard experience about similar case asked Dean about the vital information that might be stolen and how unlikely to recover such information.
5. Ballard assured the Dean perhaps if the Laptop ever got connected on the internet, a notification will
Dave Ballard, noticed the ominous subject line “URGENT: Laptop Stolen” received in his email from the Dean of the Saunders College of Business explaining in a short email to him (Dave) how his house was broken into and the laptop was gone. Dave Ballard dialled the Dean’s number, but couldn’t get through to the Dean. He sent an email replying “Are you Okay!” Dean’s answer came shortly to confirm “He was fine, I notified the Rochester police – they will be here shortly”. Dean further asked him how soon he can get him a new laptop.
Evaluation: Dave took necessary steps required as the Network Administrator to begin by checking to see if the Dean was alright and okay. He reported the situation timely to the high authority above him and making sure they are notified. He assures the Dean, a new device will be assigned to him to carry out his duties as the Dean College of Business of Rochester Institute of technology.
Francesco’s steps were basically surrounded with concern about the integrity of the information contained on the stolen machine and if there were propriety information which has to be reported timely for action. Also, he approved the assignment of a new device to the Dean. Dave Ballard, meanwhile was able to assist within the scope of the previous backup re-installation of the software and programs from previous backup made from necessary to make the new device functioned like the old machine but some other information which wasn’t backed up by the Dean was irretrievably lost.
Francesco presence was centred about making sure the ISO standard was maintained during the backup and re-installations of the programs and software required on the Dean’s new device by Dave Ballard.
Francesco and Ballard from previous experience, understands the RIT policies and standards covered information security (Appendix D, E and F). Data was classified into four categories: Private, Confidential, Internal, and Public. As part of the information protection standard, every department was required to identify and maintain an inventory of all private, confidential and internal data it maintained. So Francesco asked the Dean about information that might have been on the stolen laptop, and what student records did the Dean have saved on the laptop.
3. Assume you are tasked with designing a new policy that highlights information security best practices related specifically to mobile devices at RIT, including laptops, smartphones, and tablets. The new policy should supplement RIT’s Information Security Policy and Acceptable Use Policy (see the case’s Exhibits 4 and 5). What practices would you recommend? How could you make staff aware of the policy and encourage their compliance?
The term “mobile device” includes, but is not limited or restricted to, laptops, mobile phones, smartphones, tablets and other personal electronic devices (PDEs) and approved storage devices which can be used to access, store, process, transmit, discuss, or record data electronically.
The focus of the IT Security policies and design would be a policy framework which reduces the exposure to risks, threat, and vulnerabilities. It is important that the policies are available to the member staffs and academic community (students, regardless of whether or not they are directly member staffs of the community of Rochester Institute of Technology who access or have access rights to the RIT systems, networks or computers. It is important to relate policy definition and standards to practical design requirements. These requirements will properly apply the best security controls and countermeasures. Policy statements must set limits as well as refer to standards, procedures, and guidelines.
The policies define how security controls and countermeasures must be used to comply with laws and regulations on day to day usage of these devices.
• Policy that provides with reasoning and processes for minimising and handling (accessing, storing, processing, transmitting, discussing or recording) of sensitive or personal identifiable information used to carry out designated duties and business objectives on a day-to-day operation on computers, laptops and all other mobile devices on RIT network facilities.
• Members are charged with responsibility for the physical security of all mobile devices provided for work purposes, and for the information fetched access and stored on them.
• This policy applies to everyone including the RIT Deans, other authority and subordinate staff members and public community who accesses the RIT systems, networks or computers, regardless of whether or not they are directly member staffs of RIT.
• Laptops and mobile devices will, in most circumstances, be loaded with a standard suite of approved software and encryptions security applications installed by the RIT.
• In the event of damage or malfunction, it is the Member staff’s responsibility to report the matter within two (2) business days and return the device to the Technology Centre for repair or replacement.
• This policy warranty does not cover drops, falls, electrical surges, liquids spilled on the units, fire damage, intentional damage, normal wear and tear, lost parts (power units) or consumables (batteries).
• In the case of theft of RIT College of Business issued equipment, the member staff shall immediately notify his/her supervisor and the Administrator and if requested by the College, the employee must file a police report and provide a copy of the report to his/her supervisor.
• Evidence of misuse or abuse of a laptop or mobile device may result in the revocation of the employee’s use of such equipment or device but any such action will be consistent with any governing collective bargaining agreement as applicable.