Print

Print


Some campus IT units may be recommending that users bring UVM equipment (monitors, portable storage, desktop computers) home in cases where it simplifies support of these users in their transition to working remotely. This is a great adaptation, and in almost all cases is preferred over use of personal devices, especially where Protected University Information (PUI[1]) is accessed. In the interest of reducing associated risks to the security of PUI (and, most importantly, the people described by that PUI) in the short- and long term, we’d ask the following:

 
Please communicate to your users the requirement that UVM computing devices be used only by the UVM staff member(s) in their house, and that their screensaver must lock with a password after no more than 10 minutes of inactivity. (These are pre-existing expectations/policies[2], but since many folks may be new to teleworking, it’s worth stating explicitly.)
 
Most, if not all of us are likely tracking equipment being taken home for teleworking use. Absent any other method, a simple list (spreadsheet?) of “who’s got what” will do. ISO will communicate with the community a week or two after this state of emergency has passed to check on the process of reclaiming all that gear, as we have an interest in PUI wherever it goes.
 

 

Please direct questions and concerns to [log in to unmask]

 

 

Cheers,

 

-sth

 

[1]https://www.uvm.edu/sites/default/files/UVM-Policies/policies/infosecurity.pdf, pp.4-5

[2]https://www.uvm.edu/sites/default/files/UVM-Policies/policies/infosecurityprocedures.pdf, p.4 section 7.5

 

--

Sam Hooker | [log in to unmask]

Information Security Engineer

Enterprise Technology Services

The University of Vermont

@uvminfosec | https://blog.uvm.edu/whysecurity