This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
wiki:policies:end_user_device [2021/12/16 03:55] katcow |
wiki:policies:end_user_device [2024/08/11 18:38] (current) katcow |
||
---|---|---|---|
Line 2: | Line 2: | ||
===== I. Purpose ===== | ===== I. Purpose ===== | ||
+ | |||
To mitigate risks and vulnerabilities, | To mitigate risks and vulnerabilities, | ||
===== II. Scope ===== | ===== II. Scope ===== | ||
+ | |||
This policy affects all employees, contractors, | This policy affects all employees, contractors, | ||
=== Definitions === | === Definitions === | ||
- | ** End-user device:** Any desktop or laptop computer, any tablet, smart phone, or other mobile device is an end-user device. “End-user device” does not include removable storage like USB flash drives. | + | |
+ | **End-user device:** Any desktop or laptop computer, any tablet, smart phone, or other mobile device is an end-user device. “End-user device” does not include removable storage like USB flash drives. | ||
**End-user: | **End-user: | ||
+ | ===== III. End-User Device Policy ===== | ||
- | ===== III. Policy ===== | + | We require end-user devices to be protected by the security procedures |
- | We require end-user devices to be protected by the security procedures | + | |
* Access to the device is protected with a password, PIN, or suitable biometric alternative. | * Access to the device is protected with a password, PIN, or suitable biometric alternative. | ||
* Where practicable, | * Where practicable, | ||
- | * On devices, when available and practicable, | + | * On devices, when available and practicable, |
* On devices, where available, practicable, | * On devices, where available, practicable, | ||
* On devices, where available, practicable, | * On devices, where available, practicable, | ||
- | * Software or apps should not be installed unless the user explicitly trusts the source and knows a legal license exists. | + | * Software or apps should not be installed unless the user explicitly trusts the source and knows a legal license exists. |
- | * Employees must comply with software vendor license agreements and copyright holders’ notices. Making unauthorized copies of licensed and copyrighted software, even for evaluation purposes, is strictly forbidden. | + | * Employees must comply with software vendor license agreements and copyright holders’ notices. Making unauthorized copies of licensed and copyrighted software, even for evaluation purposes, is strictly forbidden. |
+ | * Employees are discouraged from storing client materials on their local machines; instead, files that are not in the production environment should be stored in an encrypted cloud folder. | ||
+ | |||
+ | ==== Software Review ==== | ||
+ | |||
+ | Nested Knowledge reviews the applications installed on employee devices on a quarterly basis using our Mobile Device Management solution. | ||
+ | |||
+ | ===== IV. Anti-Malware Policy ===== | ||
+ | |||
+ | We require Nested Knowledge employees to run antivirus software on the company-issued computers. Software includes macOS built-in [[https:// | ||
+ | |||
+ | === Schedule === | ||
+ | |||
+ | The schedule for scanning is subject to change, but it will not fall below the minimum of twice annually. Currently, Nested Knowledge employee devices use macOS malware defense as well as Mosyle' | ||
+ | |||
+ | === Reporting === | ||
+ | |||
+ | Positive results in the scan must be reported to one or more members of the [[: | ||
+ | |||
+ | === Response === | ||
+ | |||
+ | - The offending applications and files will be uninstalled or removed until the report returns zero results. | ||
+ | - The incident response team will analyze the malware attack surface and inventory the information that was available on the infected device since last scan. | ||
+ | - Based on the information available on the infected device, the appropriate Incident Response and Data Protection procedures will be enacted. Information about the threat will be escalated to clients/ | ||
===== Enforcement ===== | ===== Enforcement ===== | ||
+ | |||
Failure to comply with this policy may result in disciplinary actions. | Failure to comply with this policy may result in disciplinary actions. | ||
Line 29: | Line 56: | ||
^Author^Date of Revision/ | ^Author^Date of Revision/ | ||
- | |K. Cowie|12/15/2021|Draft Completed| | + | |K. Cowie|01/25/2024|Added application review| |
- | |K. Holub| | | | + | |K. Holub|12/15/2021|Policy approved| |
- | |K. Kallmes| |Policy approved| | + | |K. Kallmes|12/18/2021|Policy approved| |
+ | |P. Olaniran|10/ | ||
+ | |||
+ | [[: | ||