Removable media is a type of storage device that can be removed from a computer whilst the system is running. Examples include: Show
Risks - removable mediaRemovable media introduces the capability to transfer and store huge volumes of sensitive information as well as the ability to import malicious content. The failure to manage the import and export of information using removable media could expose the University to the following risks: Loss of informationRemovable media is very easily lost, which could result in the compromise of large volumes of sensitive information stored on it. Some media types will retain information even after user deletion, placing information at risk where the media is used between systems (or when the media is disposed of). Introduction of malwareThe uncontrolled use of removable media can increase the risk of introducing malware to systems. Reputational damageThe loss of media can result in significant reputational damage, even if there is no evidence of any specific data loss. Portable device that can be connected to an information system (IS), computer, or network to provide data storage. These devices interface with the IS through processing chips and may load driver software, presenting a greater security risk to the IS than non-device media, such as optical discs or flash memory cards. Note: Examples include, but are not limited to: USB flash drives, external hard drives, and external solid state disk (SSD) drives. Portable Storage Devices also include memory cards that have additional functions aside from standard data storage and encrypted data storage, such as built-in Wi-Fi connectivity and global positioning system (GPS) reception. See also removable media. See portable storage device. A system component that can communicate with and be added to or removed from a system or network and that is limited to data storage—including text, video, audio or image data—as its primary function (e.g., optical discs, external or removable hard drives, external or removable solid-state disk drives, magnetic or optical tapes, flash memory devices, flash memory cards, and other external or removable disks). A system component that can be inserted into and removed from a system, and that is used to store data or information (e.g., text, video, audio, and/or image data). Such components are typically implemented on magnetic, optical, or solid-state devices (e.g., floppy disks, compact/digital video disks, flash/thumb drives, external hard disk drives, and flash memory cards/drives that contain nonvolatile memory). The purpose of this Standard is to establish requirements to provide for the protection of information stored on portable electronic storage media and portable computing devices. BackgroundPortable computing devices (including, but not limited to, laptops computers, PDAs, tablet PCs) and portable electronic storage media (including but not limited to, CDs and USB storage devices) are vulnerable to loss or theft. In the event of loss of theft, information stored on these devices or media may result in identity theft or unauthorized access to secure systems, networks, and resources. The Information Classification Standard requires that Confidential (Level 1) information stored on portable computing devices and portable electronic storage media be encrypted or otherwise rendered unreadable and unusable by unauthorized persons. ScopeThis Standard applies to:
Portable Computing DevicesThe following requirements apply to all University owned portable computing devices containing confidential or internal use data/information or any CSULB Auxiliary owned portable computing device containing University confidential or internal use data/information:
Portable Electronic Storage MediaThe following requirements apply to all University/Auxiliary owned portable electronic storage media containing confidential or internal use data/information or any CSULB auxiliary owned portable electronic storage media containing University confidential or internal use data/information:
Disposal RequirementsAll confidential or internal use information stored on portable computing devices or portable electronic storage media must be sanitized prior to disposal in accordance with the Electronic Media Sanitization Procedure. Reporting Loss or TheftThe loss or theft of a portable computing device or portable electronic storage media within the scope of this standard must be reported to the employee’s appropriate administrator, University Police and the Information Security Office. If lost or stolen off-campus, local law enforcement must be notified and a police report obtained. Which is a rule for removable media other portable electronic devices?What is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? Do not use any personally owned/non-organizational removable media on your organization's systems.
Which of the following is true of portable electronic devices in a SCIF?A program that segregates various type of classified information into distinct compartments for added protection and dissemination for distribution control. What portable electronic devices (PEDs) are permitted in a SCIF? Only expressly autorized government-owned PEDs.
How can you protect data on your mobile computing and portable electronic devices?Encrypt files - By encrypting files, you ensure that unauthorized people can't view data even if they can physically access it. You may also want to consider options for full disk encryption, which prevents a thief from even starting your laptop without a passphrase.
Which of the following is an example of removable data?Removable media include flash media, such as thumb drives, memory sticks, and flash drives; external hard drives; optical discs (such as CDs, DVDs, and Blu-rays); and music players (such as iPods).
|