by Lisa Dozois - Originally published in issue 1 of (IN)SECURE Magazine
- Monday, 20 June 2005.
At a minimum, your portable storage security policy should address these issues:
- Define who is permitted to use portable data storage devices and what types of data are permitted to be stored on these devices.
- Establish rules for vendors and visitors who want to attach devices during presentations or visits to the organization.
- Establish virus and spyware protection standards for employees who use home or off-premise computers.
- Establish password and data encryption standards for portable storage devices.
- Establish a reporting procedure for notifying a responsible party in the event that a portable data storage device is lost or stolen.