Assume you are tasked with designing a new policy that highlights information security best practices related specifically to mobile devices at RIT, including laptops, smartphones, and tablets. The new policy should supplement RIT’s Information Security Policy and Acceptable Use Policy (case Exhibits 4 and 5). What practices would you recommend? How could you make staff aware of the policy and encourage their compliance?
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Abayomi Aiyedebinu says
Let us assume I am saddled with the responsibility of designing a new Information Security
Policy and an Acceptable Use Policy.
According to Charlie Munger ‘knowing what you don’t know is more useful than being
brilliant’ this is self-explanatory because in this case the Dean is brilliant, yet he did not
understand the implication of some of his mistakes like not backing up his machine.
✓ Importantly, every system or machine belonging to RIT must be backed up
automatically and not manually because it is a designated personal task and not the
responsibility of the IT Support team.
✓ Periodically the review of sensitive information must be prioritised and not just upon
event of hazards of whatever form. By this I mean the security (authorizations) must
be reviewed and beefed up from time to time. So many people do not even know it is
imperative to change passwords used for a while.
✓ Encourage duplication of extremely High priority data and information.
✓ Every User must setup a 2-step verification, by this I mean double surety against
unauthorised invasion.
✓ Provision of training, highlighting the pitfalls in disregarding information security
tips and intelligence and stipulating penalties to enforce responsibility and sensitivity
on every user.
Acceptable Use Policy
This document constitutes RIT’s policy for the proper use of all computing and network
resources, User privileges, responsibilities, guidelines as well as procedures for RIT computer
systems and networks.
All the policies inherent in Appendix 5 is of impeccable standard however, ignorance does a
lot of evil than good, so it is significant to enlighten the Users, as well as emphasise on the
penalties apportioned to defaulters to stir up their sensitivity to the importance of these
policies especially if it is because of negligence