【 Weak current College 】 mobile storage devices use policy for details

Protection of mobile storage devices use the safe in the process, involves human, technical, administrative and physical controls. For so many need management and implementation, prior to develop a practical mobile storage devices use policies to guide the implementation, is a very sensible solution.

Develop mobile storage devices use policy, is a very tedious work, you need to and protection of mobile storage devices use policy security aspects are considered in detail. Therefore, mobile storage devices use policy-setting, be sure to let the bodies of system administrators, network administrators and departments leadership and staff representatives were involved, drawn up by using policies, everything will be possible to both. At the same time, according to certain established steps, will let the entire usage policy formulation process becomes clear that also prevents the development of an error in the process, improve the efficiency of the developed.

The following is a generic mobile storage devices use the policy making process:

First, understand the mechanism in the use of mobile storage devices, and its type and security risks posed by

Develop mobile storage devices use policy, starting with the first step is to determine whether there is in the use of their necessity. If there is no need to use them, so as long as the disable all mobile storage devices use of the institutions, can prevent the use of the security risks they pose.

However, as long as the current institutions also cannot do without the mobile storage devices use policies, so next you should learn more about agencies in removable storage devices can access ways, currently used types, as well as they might have risk and so on.

Understanding agency mobile storage devices use policy can access, you can review bodies in a variety of devices (such as computer terminals and servers) have determined the interface type. In General, most computers are likely to have the interface as shown below:

1, USB port;

2. serial interface (COM) and parallel (LPT);

3, infrared, Bluetooth adapter, WIFI adapter;

4, 1394 interface.

5, there are some printer device also has a USB interface, should also come in their statistics.

Will they find the interface types and its equipment after a associated with a record to a fixed document that is used to give back the policy work for reference.

Complete body of an interface type in statistical work, the next job is to investigate what are now in the mobile storage device being used, and who they belong to. This task can be assigned to the various departments in your organization, from sectoral statistics among them is using a mobile storage device, and then integrated summary, it can be concluded that the entire body of mobile storage devices use policy.

At present, with data storage capabilities of mobile devices, there are many types, including:

1. use USB Flash memory (that is often say u disk), MP3 player, MP4 Player, card reader and mobile hard disk;

2. have a USB connection function in cell phone, PDA, digital camera and digital camera;

3, have a Bluetooth, infrared or WIFI capabilities of a laptop computer, cell phone and PDA;

4. various types of memory cards (such as the Sony memory stick, etc.)

5, various kinds of tape devices;

6, with burning function CD\DVD;

These mobile storage devices use policy to its small size, easy to carry, large capacity, as well as Plug and play feature widely popular, more and more frequently used. However, if you use them in the process of unchecked, these advantages can also become fatal flaw, as shown in the following security risks:

1. become a Trojan and a virus of the broadcast media;

2. employees can use them do not allow in-house use of software or software installation package, such as being able to use the u disk, QQ network browser, proxy server, so that employees can jump out of the body of the safety precautions. This may bring software copyright legal disputes;

3, to hold internal confidential information of mobile storage devices that may be stolen or lost, resulting in the leakage of confidential data, to bring a variety of serious losses;

4, because mobile storage device itself quality problems, result in retention of the data is not copied and restored;

5, there is no supervision of the wireless network access, will make non-authorized wireless devices connect to the internal network, resulting in the leakage of confidential data.

Notably: in addition to not regulate mobile storage devices use policy will bring these security risks, develop mobile storage devices use policy not practical, or inadequate implementation, and use encryption software to encrypt the weak to protect mobile data storage device, or you will have the same security risks.

Second, institutions in confidential data identification and positioning

Manage mobile storage devices use policy, one of the main purposes was to prevent confidential data leak by removable storage devices or missing, so start developing mobile storage devices use policy, you should identify the institutions which types of confidential data, they are now in what form is saved in the device and the device is in a sector where, etc.

To complete the confidential data identification and positioning, you can complete the following series of questions to address:

1, institutions which types of data is confidential?

2, they now reside in which devices in？

3, confidential data is saved in what in these devices?

4, these devices present on the institutions located?

5, mobile storage devices in the network of institutions which areas of use in?

6. what types of confidential data may be saved to removable storage devices?

In a real secret data identification and location of work, there may be a more confidential data-related issues, we should put them all in a table all listed one by one, so to find institutions all confidential data, as well as saved locations, etc. As for the records in the table styles, you can according to their own preferences to design; the number of questions can also be determined according to the actual situation, of course, the smaller the better.

Answer the questions above, we may use survey and analysis of institutions already have your document resolution. When all questions are answered correctly, it should also be based on the results of draws is found, a sector where confidential data distribution and distribution diagram indicating the use of mobile storage devices.

Third, the development of mobile storage devices use policy

When we understand the need to protect data, understand the type of mobile storage devices, as well as their possible risks, according to the above, to develop specific mobile storage devices use policy.

A mobile storage devices use policy, usually shown shall include the following:

1, expected to achieve;

To achieve the objectives of the can is all you need to use of mobile storage device, at any time can be protected to ensure that they are in use, no confidential data loss or damage, as well as introduce viruses, legal disputes and other security risks.

2, the provisions of the institutions in the use of mobile storage device types, and their access way;

3, the provisions of the Agency in the area of mobile storage devices;

4. specify which types of data can be saved to removable storage devices, how to save time;

5, the provisions of the institutions in which employees can use the provision of mobile storage devices use policy;

6, provides mobile storage device for receiving, distribution, use and destruction;

7. decides what technology measures (for example, to install the appropriate encryption and monitoring software) for the protection of mobile storage devices use the strategy of safe use;

8, decided to adopt the kind of physical control measures to control the access of mobile storage devices and use;

9, clear bodies staff use mobile storage devices of all kinds of duties and responsibilities;

10, determining staff security training program

11, the designated authority mobile storage devices use policy enforcement departments or staff;

12. specify the handling of emergencies and escalation system;

13, a clear audit trail of mobile storage devices;

14, clearly you can use removable storage devices of staff turnover.

Mobile storage devices use policy should be based on our own body's actual demand situation to decide, the content listed above is a use policy essential parts of the rest of the file that you want to add content, can we decide based on actual demand.

When a mobile storage devices use policy in place, we do not know that it is appropriate for institutions to the actual demand, nor do I know its true management effect, until the implementation of the Agency in order to understand it in the future. Therefore, the next task is to implement immediately in the institutions we set mobile storage devices use policy.