Smart phones, tablets, laptop computers, USB memory are convenient and easy to use. They also introduce risk to personal privacy and institution data. This document outlines guidelines regarding the use of these mobile devices in the Amrita computing environment.
Mobile computing devices can store large amounts of data, are highly portable and are frequently unprotected: They are easy to steal or lose, and unless precautions are taken, an unauthorized person can gain access to the information stored on them or accessed through them. Even if not stolen or lost, intruders can sometimes gain all the access they need if the device is left alone and unprotected, if data is "sniffed out of the air" during wireless communications, or if malware is installed. The results can include crippled devices, personal data loss, disclosure of non-public institution data, and disciplinary actions for the device owner.
Mobile computing devices are of concern both because of the data that might be stored on them, and because they may provide access to other services that store or display non-public data. This access may be enabled because the mobile device contains passwords or security certificates that identify the device or its user to the email system, Virtual Private Networks (VPNs), or other applications.
The best way to protect institution data is to remove unnecessary data from your computer. In particular, Prohibited data must not be stored on your system or device unless you have explicit permission from the Data Governance Board to do so. Prohibited data includes items such as Social Security Numbers, credit card numbers, or checking account numbers. Restricted data is also subject to mandatory institution-wide controls. The controls necessary for Confidential data are specified by its owner or custodian and may include those specified for Prohibited or Restricted data.
Brahmasthanam, Edappally North P.O. Kochi - 682 024, KERALA