Main Nav


We are thinking of developing a policy to restrict college employees from taking out of the country the laptops supplied to them.  Since the laptops would contain personal and/or college data, we don't want to run the risk of the laptop being stolen or hacked while they are traveling.  We would in turn supply a loaner laptop with instructions to not load any personal or college data.  If it is lost, no big deal.

So, does anyone have a similar policy that I could review to ensure I cover all of the bases?  I will appreciate any thoughts you can provide.

Thanks.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  John R. Davis  <davisj@marietta.edu>
  Chief Information Officer
  Marietta College
  215 Fifth St.
  Marietta, OH  45750
  Voice: 740-376-4390
  Fax:   740-376-4812
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

John,

Relevant to such a policy is that it is illegal to bring encrypted laptops into certain countries.  We offer inexpensive rentals of clean, unencrypted laptops for international travel, but do not have a policy forbidding taking university laptops abroad. We are working with campus partners to educate faculty and staff.

Rick
John,

Will the proposed policy also cover mobile devices specifically, tablets such as  iPads, Nexus tablets etc…? It would seem to me they are much easier to take along, but would also present the same if not greater risk. The upshot being you could remote wipe the device containing sensitive data, or, trigger the “find my device” app to attempt locating the lost device, something not natively available in laptops but could be added through a third party service(for a fee). 


----
Bedan Kamau 


From: John Davis <davisj@MARIETTA.EDU>
Reply-To: The EDUCAUSE CIO Constituent Group Listserv <CIO@LISTSERV.EDUCAUSE.EDU>
Date: Monday, July 29, 2013 5:45 PM
To: "CIO@LISTSERV.EDUCAUSE.EDU" <CIO@LISTSERV.EDUCAUSE.EDU>
Subject: [CIO] Policy for out of country travel with laptops


We are thinking of developing a policy to restrict college employees from taking out of the country the laptops supplied to them.  Since the laptops would contain personal and/or college data, we don't want to run the risk of the laptop being stolen or hacked while they are traveling.  We would in turn supply a loaner laptop with instructions to not load any personal or college data.  If it is lost, no big deal.

So, does anyone have a similar policy that I could review to ensure I cover all of the bases?  I will appreciate any thoughts you can provide.

Thanks.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  John R. Davis  <davisj@marietta.edu>
  Chief Information Officer
  Marietta College
  215 Fifth St.
  Marietta, OH  45750
  Voice: 740-376-4390
  Fax:   740-376-4812
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

The Higher Education Information Security Council (HEISC) has developed a resource page, Security Tips for Traveling Abroad: https://wiki.internet2.edu/confluence/display/itsg2/Security+Tips+for+Tr... Most of the links that we collected from institutions are recommendations or guidelines when traveling abroad, rather than requirements or policies. The FBI has also developed a helpful brochure, Safety and Security for the Business Professional Traveling Abroad: http://www.fbi.gov/about-us/investigate/counterintelligence/business-tra... Thank you, Valerie Valerie Vogel Program Manager EDUCAUSE Uncommon Thinking for the Common Good direct: 202.331.5374 | main: 202.872.4200 | educause.edu From: Bedan Kamau > Reply-To: "cio@listserv.educause.edu" > Date: Tuesday, July 30, 2013 7:27 AM To: "cio@listserv.educause.edu" > Subject: Re: [CIO] Policy for out of country travel with laptops John, Will the proposed policy also cover mobile devices specifically, tablets such as iPads, Nexus tablets etc…? It would seem to me they are much easier to take along, but would also present the same if not greater risk. The upshot being you could remote wipe the device containing sensitive data, or, trigger the “find my device” app to attempt locating the lost device, something not natively available in laptops but could be added through a third party service(for a fee). ---- Bedan Kamau From: John Davis > Reply-To: The EDUCAUSE CIO Constituent Group Listserv > Date: Monday, July 29, 2013 5:45 PM To: "CIO@LISTSERV.EDUCAUSE.EDU" > Subject: [CIO] Policy for out of country travel with laptops We are thinking of developing a policy to restrict college employees from taking out of the country the laptops supplied to them. Since the laptops would contain personal and/or college data, we don't want to run the risk of the laptop being stolen or hacked while they are traveling. We would in turn supply a loaner laptop with instructions to not load any personal or college data. If it is lost, no big deal. So, does anyone have a similar policy that I could review to ensure I cover all of the bases? I will appreciate any thoughts you can provide. Thanks. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ John R. Davis > Chief Information Officer Marietta College 215 Fifth St. Marietta, OH 45750 Voice: 740-376-4390 Fax: 740-376-4812 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
It's not leaving the machine behind that's the problem, it's the risk of having it hacked into if traveling in a country where that appears to happen with some frequency. Even if left locked in one's hotel room (see the original NYT article that spawned this discussion.)

It's probably less of a risk when visiting Poughkeepsie NY or Normal IL, which is why folks are asking about international travel. Not sure I'd risk a hotel in downtown Detroit, however :-)

We are also preparing to develop such a policy, and I will appreciate answers to this question as they flow by.

Geoff

Geoffrey S. Nathan
Faculty Liaison, C&IT
and Professor, Linguistics Program
http://blogs.wayne.edu/proftech/
+1 (313) 577-1259 (C&IT)

Nobody at Wayne State will EVER ask you for your password. Never send it to anyone in an email, no matter how authentic the email looks.


From: "Kyle Johnson" <Kyle.Johnson@CHAMINADE.EDU>
To: CIO@LISTSERV.EDUCAUSE.EDU
Sent: Tuesday, July 30, 2013 3:43:49 PM
Subject: Re: Policy for out of country travel with laptops

On 7/30/2013 3:55 PM, Geoffrey Steven Nathan wrote:
It's not leaving the machine behind that's the problem, it's the risk of having it hacked into if traveling in a country where that appears to happen with some frequency. Even if left locked in one's hotel room (see the original NYT article that spawned this discussion.)

It's probably less of a risk when visiting Poughkeepsie NY or Normal IL, which is why folks are asking about international travel. Not sure I'd risk a hotel in downtown Detroit, however :-)

As someone who visits Poughkeepsie, NY on an almost daily basis, I would hope it is almost no risk.

As Rick mentioned before, there are some countries that do not allow unsupervised encryption imported into their country.B B In addition, you are bound by US Export laws, which while they have been greatly liberalized, have not been repealed.B When I looked last year, I was never able to get a definitive statement about taking an encrypted laptop (as all ours are) with a VPN client into certain countries, such as Cuba where we had a class visit.B You can't imagine the difficulties we had trying to get a digital photo emailed from Cuba.B I would love to have such a definitive statement about what is allowed where.

And for those that care, when you return to the US, the 4th Amendment rules on searches do not apply.B CBP can force you to provide full access to any device.

Valerie also posted a link to an excellent resource page.

/ahw
We are also preparing to develop such a policy, and I will appreciate answers to this question as they flow by.

Geoff

Geoffrey S. Nathan
Faculty Liaison, C&IT
and Professor, Linguistics Program
http://blogs.wayne.edu/proftech/
+1 (313) 577-1259 (C&IT)

Nobody at Wayne State will EVER ask you for your password. Never send it to anyone in an email, no matter how authentic the email looks.


From: "Kyle Johnson" <Kyle.Johnson@CHAMINADE.EDU>
To: CIO@LISTSERV.EDUCAUSE.EDU
Sent: Tuesday, July 30, 2013 3:43:49 PM
Subject: Re: Policy for out of country travel with laptops


We are thinking of developing a policy to restrict college employees from taking out of the country the laptops supplied to them.  Since the laptops would contain personal and/or college data, we don't want to run the risk of the laptop being stolen or hacked while they are traveling.  We would in turn supply a loaner laptop with instructions to not load any personal or college data.  If it is lost, no big deal.

So, does anyone have a similar policy that I could review to ensure I cover all of the bases?  I will appreciate any thoughts you can provide.

Thanks.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  John R. Davis  <davisj@marietta.edu>
  Chief Information Officer
  Marietta College
  215 Fifth St.
  Marietta, OH  45750
  Voice: 740-376-4390
  Fax:   740-376-4812
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

John,

Relevant to such a policy is that it is illegal to bring encrypted laptops into certain countries.  We offer inexpensive rentals of clean, unencrypted laptops for international travel, but do not have a policy forbidding taking university laptops abroad. We are working with campus partners to educate faculty and staff.

Rick
John,

Will the proposed policy also cover mobile devices specifically, tablets such as  iPads, Nexus tablets etc…? It would seem to me they are much easier to take along, but would also present the same if not greater risk. The upshot being you could remote wipe the device containing sensitive data, or, trigger the “find my device” app to attempt locating the lost device, something not natively available in laptops but could be added through a third party service(for a fee). 


----
Bedan Kamau 


From: John Davis <davisj@MARIETTA.EDU>
Reply-To: The EDUCAUSE CIO Constituent Group Listserv <CIO@LISTSERV.EDUCAUSE.EDU>
Date: Monday, July 29, 2013 5:45 PM
To: "CIO@LISTSERV.EDUCAUSE.EDU" <CIO@LISTSERV.EDUCAUSE.EDU>
Subject: [CIO] Policy for out of country travel with laptops


We are thinking of developing a policy to restrict college employees from taking out of the country the laptops supplied to them.  Since the laptops would contain personal and/or college data, we don't want to run the risk of the laptop being stolen or hacked while they are traveling.  We would in turn supply a loaner laptop with instructions to not load any personal or college data.  If it is lost, no big deal.

So, does anyone have a similar policy that I could review to ensure I cover all of the bases?  I will appreciate any thoughts you can provide.

Thanks.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  John R. Davis  <davisj@marietta.edu>
  Chief Information Officer
  Marietta College
  215 Fifth St.
  Marietta, OH  45750
  Voice: 740-376-4390
  Fax:   740-376-4812
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

The Higher Education Information Security Council (HEISC) has developed a resource page, Security Tips for Traveling Abroad: https://wiki.internet2.edu/confluence/display/itsg2/Security+Tips+for+Tr... Most of the links that we collected from institutions are recommendations or guidelines when traveling abroad, rather than requirements or policies. The FBI has also developed a helpful brochure, Safety and Security for the Business Professional Traveling Abroad: http://www.fbi.gov/about-us/investigate/counterintelligence/business-tra... Thank you, Valerie Valerie Vogel Program Manager EDUCAUSE Uncommon Thinking for the Common Good direct: 202.331.5374 | main: 202.872.4200 | educause.edu From: Bedan Kamau > Reply-To: "cio@listserv.educause.edu" > Date: Tuesday, July 30, 2013 7:27 AM To: "cio@listserv.educause.edu" > Subject: Re: [CIO] Policy for out of country travel with laptops John, Will the proposed policy also cover mobile devices specifically, tablets such as iPads, Nexus tablets etc…? It would seem to me they are much easier to take along, but would also present the same if not greater risk. The upshot being you could remote wipe the device containing sensitive data, or, trigger the “find my device” app to attempt locating the lost device, something not natively available in laptops but could be added through a third party service(for a fee). ---- Bedan Kamau From: John Davis > Reply-To: The EDUCAUSE CIO Constituent Group Listserv > Date: Monday, July 29, 2013 5:45 PM To: "CIO@LISTSERV.EDUCAUSE.EDU" > Subject: [CIO] Policy for out of country travel with laptops We are thinking of developing a policy to restrict college employees from taking out of the country the laptops supplied to them. Since the laptops would contain personal and/or college data, we don't want to run the risk of the laptop being stolen or hacked while they are traveling. We would in turn supply a loaner laptop with instructions to not load any personal or college data. If it is lost, no big deal. So, does anyone have a similar policy that I could review to ensure I cover all of the bases? I will appreciate any thoughts you can provide. Thanks. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ John R. Davis > Chief Information Officer Marietta College 215 Fifth St. Marietta, OH 45750 Voice: 740-376-4390 Fax: 740-376-4812 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
It's not leaving the machine behind that's the problem, it's the risk of having it hacked into if traveling in a country where that appears to happen with some frequency. Even if left locked in one's hotel room (see the original NYT article that spawned this discussion.)

It's probably less of a risk when visiting Poughkeepsie NY or Normal IL, which is why folks are asking about international travel. Not sure I'd risk a hotel in downtown Detroit, however :-)

We are also preparing to develop such a policy, and I will appreciate answers to this question as they flow by.

Geoff

Geoffrey S. Nathan
Faculty Liaison, C&IT
and Professor, Linguistics Program
http://blogs.wayne.edu/proftech/
+1 (313) 577-1259 (C&IT)

Nobody at Wayne State will EVER ask you for your password. Never send it to anyone in an email, no matter how authentic the email looks.


From: "Kyle Johnson" <Kyle.Johnson@CHAMINADE.EDU>
To: CIO@LISTSERV.EDUCAUSE.EDU
Sent: Tuesday, July 30, 2013 3:43:49 PM
Subject: Re: Policy for out of country travel with laptops

On 7/30/2013 3:55 PM, Geoffrey Steven Nathan wrote:
It's not leaving the machine behind that's the problem, it's the risk of having it hacked into if traveling in a country where that appears to happen with some frequency. Even if left locked in one's hotel room (see the original NYT article that spawned this discussion.)

It's probably less of a risk when visiting Poughkeepsie NY or Normal IL, which is why folks are asking about international travel. Not sure I'd risk a hotel in downtown Detroit, however :-)

As someone who visits Poughkeepsie, NY on an almost daily basis, I would hope it is almost no risk.

As Rick mentioned before, there are some countries that do not allow unsupervised encryption imported into their country.B B In addition, you are bound by US Export laws, which while they have been greatly liberalized, have not been repealed.B When I looked last year, I was never able to get a definitive statement about taking an encrypted laptop (as all ours are) with a VPN client into certain countries, such as Cuba where we had a class visit.B You can't imagine the difficulties we had trying to get a digital photo emailed from Cuba.B I would love to have such a definitive statement about what is allowed where.

And for those that care, when you return to the US, the 4th Amendment rules on searches do not apply.B CBP can force you to provide full access to any device.

Valerie also posted a link to an excellent resource page.

/ahw
We are also preparing to develop such a policy, and I will appreciate answers to this question as they flow by.

Geoff

Geoffrey S. Nathan
Faculty Liaison, C&IT
and Professor, Linguistics Program
http://blogs.wayne.edu/proftech/
+1 (313) 577-1259 (C&IT)

Nobody at Wayne State will EVER ask you for your password. Never send it to anyone in an email, no matter how authentic the email looks.


From: "Kyle Johnson" <Kyle.Johnson@CHAMINADE.EDU>
To: CIO@LISTSERV.EDUCAUSE.EDU
Sent: Tuesday, July 30, 2013 3:43:49 PM
Subject: Re: Policy for out of country travel with laptops

--On 30 July 2013 17:16 -0400 "A. Harry Williams" wrote: > Valerie also posted a link to an excellent resource page. This side of the pond, the Centre for the Protection of the National Infrastructure have this brief document, which may be of some interest/use... Richard http://www.bris.ac.uk/infosec ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Close
Close


Annual Conference
September 29–October 2
View Proceedings

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.