This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
wiki:policies:end_user_device [2022/01/11 19:45] katcow |
wiki:policies:end_user_device [2024/08/11 18:38] (current) katcow |
||
---|---|---|---|
Line 16: | Line 16: | ||
===== III. End-User Device Policy ===== | ===== III. End-User Device Policy ===== | ||
- | We require end-user devices to be protected by the security procedures | + | We require end-user devices to be protected by the security procedures |
* Access to the device is protected with a password, PIN, or suitable biometric alternative. | * Access to the device is protected with a password, PIN, or suitable biometric alternative. | ||
Line 25: | Line 25: | ||
* Software or apps should not be installed unless the user explicitly trusts the source and knows a legal license exists. | * Software or apps should not be installed unless the user explicitly trusts the source and knows a legal license exists. | ||
* Employees must comply with software vendor license agreements and copyright holders’ notices. Making unauthorized copies of licensed and copyrighted software, even for evaluation purposes, is strictly forbidden. | * Employees must comply with software vendor license agreements and copyright holders’ notices. Making unauthorized copies of licensed and copyrighted software, even for evaluation purposes, is strictly forbidden. | ||
+ | * Employees are discouraged from storing client materials on their local machines; instead, files that are not in the production environment should be stored in an encrypted cloud folder. | ||
- | ===== V. Anti-Malware Policy ===== | + | ==== Software Review |
- | We require Nested Knowledge employees | + | Nested Knowledge reviews the applications installed on employee devices on a quarterly basis using our Mobile Device Management solution. |
+ | |||
+ | ===== IV. Anti-Malware Policy ===== | ||
+ | |||
+ | We require Nested Knowledge employees to run antivirus software on the company-issued | ||
=== Schedule === | === Schedule === | ||
- | The schedule for scanning is subject to change, but it will not fall below the minimum of twice annually. | + | The schedule for scanning is subject to change, but it will not fall below the minimum of twice annually. |
=== Reporting === | === Reporting === | ||
- | The results | + | |
+ | Positive | ||
+ | |||
+ | === Response === | ||
+ | |||
+ | - The offending applications and files will be uninstalled or removed until the report returns zero results. | ||
+ | - The incident response team will analyze the malware attack surface and inventory the information that was available on the infected device since last scan. | ||
+ | - Based on the information available on the infected device, the appropriate Incident Response and Data Protection procedures will be enacted. Information about the threat will be escalated to clients/ | ||
===== Enforcement ===== | ===== Enforcement ===== | ||
Line 44: | Line 56: | ||
^Author^Date of Revision/ | ^Author^Date of Revision/ | ||
- | |K. Cowie|12/15/2021|Draft Completed| | + | |K. Cowie|01/25/2024|Added application review| |
|K. Holub|12/ | |K. Holub|12/ | ||
- | |K. Kallmes| |Policy approved| | + | |K. Kallmes|12/18/2021|Policy approved| |
+ | |P. Olaniran|10/ | ||
+ | |||
+ | [[: | ||