Ask the Expert

Distinguishing a remote access policy from a portable computing protection policy

What is the best way to distinguish a remote access policy from a portable computing protection policy?

    Requires Free Membership to View

These two policies have very distinct focuses.

A remote access policy should address the following items and concepts:

  • Standardize remote connectivity for:
    • Any system type, whether it is company owned or personally owned computers, PDAs, smart phones, laptops, Blackberries, etc.
    • User type (employee, vendor, contractors, partners, etc.)
    • Connectivity type, as in dial-in modems, frame relay, ISDN, DSL, VPN, SSH, and cable modems, etc.
  • Remote access should only be allowed to carry out company-related functions
  • Reduce potential unauthorized use of company resources
  • Connectivity and encryption requirements:
    • VPN, SSL, SSH and encryption needs for sensitive data
  • Employee is responsible for ensuring:
    • Family members do not violate any company policies
    • Antivirus signatures, hot fixes and patches are up to date
    • Personal firewall is installed and properly configured
    • Authentication credentials are not shared
    • System is not connected to another network that is not owned by the company or employee
    • No use of non-company e-mail accounts are used
    • Non-approved hardware configurations are not used
  • Authentication type that is allowed
    • Passwords, passphrases, one-time passwords, private key, etc.
  • Enforcement
    • Disciplinary actions, termination, prosecution

While a portable computing protection policy should address the following items and concepts:

  • Standardize connectivity and configurations for:
    • Notebook computers, Tablet PCs, Palm Pilots, Microsoft Pocket PCs using Windows CE, text pagers, smart phones, FireWire devices, USB drives, etc.
    • User type (employee, vendor, contractors, partners, etc.)
    • Connectivity type, as in remote, LAN, WAN, wireless, etc.
  • Allowable usage
    • Smart phones with cameras may be banned in sensitive areas for example
  • Classified data needs to be encrypted during transfer or synchronization steps
  • Roles that are allowed to use certain portable devices:
    • Only executives may be able to use and connect Blackberry devices to the network
  • Specific types of security software may be required for specific types of devices
    • Additional security software may need to be installed and properly configured
  • Asset management
    • Company owned portable devices must be properly tagged and documented
    • User must register device with company before attempting to connect it to the network
  • Portable devices should not be left unattended in public areas
  • Public network may be setup to allow only Internet accessibility for portable devices
  • Prior to transfer of ownership or disposal of portable device, all sensitive data must be properly destroyed
  • Access should only be allowed to carry out company related functions
  • Reduce potential unauthorized use of company resources
  • Connectivity and encryption requirements:
    • VPN, SSL, SSH and encryption needs for sensitive data
  • Employee is responsible for ensuring:
    • Antivirus signatures, hot fixes and patches are up to date if applicable
    • Personal firewall is installed and properly configured if applicable
    • Authentication credentials are not shared
    • System is not connected to another network that is not owned by the company or employee
    • No use of non-company e-mail accounts are used
    • Non-approved hardware configurations are not used
  • Authentication type that is allowed:
    • Passwords, passphrases, one-time passwords, private key, etc.
  • Enforcement
    • Disciplinary actions, termination, prosecution

More Information
  • Learn more about acceptable use policies in our resource center
  • Learn how to minimize e-mail risks with acceptable use policies

  • This was first published in November 2005

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: