III. General Users

Care and Storage

Users should keep portable storage media with information related to university out of sight from other people to minimise the risk of theft. In addition, such media should not be left unattended at any time.

Where possible, users should utilise the security features of the portable storage media (e.g. USB stick with finger print recognition function) or security tools recommended by the university (e.g. data encryption software) to protect the information from unauthorised access or modification.

Important data stored on portable storage devices should be regularly backed up to designated file servers of the university.

Cleansing and Sanitisation

Portable storage media containing the university related information must be appropriately cleansed and sanitised after use and before disposal. If un-rewritable portable storage devices/media are used, such as CD and DVD, they must be destroyed either by a disintegrator, or by grinding, smashing or burning.

Lost or Stolen Portable Storage Media

Users must report to the IT Help Desk as soon as possible if a portable storage device containing information related to the university is lost or stolen. The IT security staff must be notified immediately and record the identification (e.g. serial number, type, asset register code) of the device, the physical appearance of the device and the details of the information stored.

Restriction

Unless specifically approved, users should not keep the university related information on privately owned portable storage media. On the other hand, data related to personal matters should not be kept on the portable storage provided by the university.

 

Conclusion

The convenience and flexibility of portable storage media increase the efficiency of university's staff and students during their work and study. However, the security threats of data loss or denial cannot be ignored. To build a safe environment for using portable storage media, both the Management and general users should pay great attention to the establishment, enforcement and maintenance of necessary security measures.

 

 
Reference:
http://security.tennessee.edu/pdfs/SMDBP.pdf
http://www.sandisk.com/media/226722/enterprise_whitepaper_endpointsecurity.pdf