Recent Incident

University of Nevada School of Medicine Computer Equipment Stolen

The University of Nevada, Reno is alerting current and former students over the loss of a USB drive containing student information. The drive contained the names and Social Security numbers on 16,000 students enrolled as freshman during the fall semesters between 2001 and 2007. In a letter to affected students, the University offers one year of free identity theft protection. While the university has no evidence that the information is being misused, the university asks anyone that notices fraudulent activity contact the university's police department.

Read more
 

Related Article

University of Missouri - Information Security Policy

University Departments should ensure compliance with appropriate University policies; ensure all electronic storage devices are processed by a professional IT staff person (or delegate approved by the ISO) before being transferred; and seek assistance from the central IT department if necessary. University Employees must ensure that University data is removed from their personally owned electronic storage devices prior to leaving the University. Employees should seek assistance from professional IT staff to ensure adequate removal of electronic data.

Read more
 
 

III. General Users

Care and Storage

Users should keep portable storage media with information related to university out of sight from other people to minimise the risk of theft. In addition, such media should not be left unattended at any time.

Where possible, users should utilise the security features of the portable storage media (e.g. USB stick with finger print recognition function) or security tools recommended by the university (e.g. data encryption software) to protect the information from unauthorised access or modification.

Important data stored on portable storage devices should be regularly backed up to designated file servers of the university.

Cleansing and Sanitisation

Portable storage media containing the university related information must be appropriately cleansed and sanitised after use and before disposal. If un-rewritable portable storage devices/media are used, such as CD and DVD, they must be destroyed either by a disintegrator, or by grinding, smashing or burning.

Lost or Stolen Portable Storage Media

Users must report to the IT Help Desk as soon as possible if a portable storage device containing information related to the university is lost or stolen. The IT security staff must be notified immediately and record the identification (e.g. serial number, type, asset register code) of the device, the physical appearance of the device and the details of the information stored.

Restriction

Unless specifically approved, users should not keep the university related information on privately owned portable storage media. On the other hand, data related to personal matters should not be kept on the portable storage provided by the university.

 

Conclusion

The convenience and flexibility of portable storage media increase the efficiency of university's staff and students during their work and study. However, the security threats of data loss or denial cannot be ignored. To build a safe environment for using portable storage media, both the Management and general users should pay great attention to the establishment, enforcement and maintenance of necessary security measures.

 

Copyright Statement

All material in this document is, unless otherwise stated, the property of the Joint Universities Computer Centre ("JUCC"). Copyright and other intellectual property laws protect these materials. Reproduction or retransmission of the materials, in whole or in part, in any manner, without the prior written consent of the copyright holder, is a violation of copyright law.

A single copy of the materials available through this document may be made, solely for personal, noncommercial use. Individuals must preserve any copyright or other notices contained in or associated with them. Users may not distribute such copies to others, whether or not in electronic form, whether or not for a charge or other consideration, without prior written consent of the copyright holder of the materials. Contact information for requests for permission to reproduce or distribute materials available through this document are listed below:

copyright@jucc.edu.hk
Joint Universities Computer Centre Limited (JUCC),
Room 223, Run Run Shaw Building,
c/o Computer Centre, The University of Hong Kong,
Pokfulam Road, Hong Kong
 
Reference:
http://security.tennessee.edu/pdfs/SMDBP.pdf
http://www.sandisk.com/media/226722/enterprise_whitepaper_endpointsecurity.pdf
< Previous page
P.4 of 4