Portable Computing

1. General

Portable computing devices are becoming increasingly powerful and affordable. Their small size and functionality are making these devices more desirable to replace traditional desktop devices in a wide number of applications. However, the portability offered by these devices may increase the security exposure to individuals using the devices.

2. Applicability

This procedure applies to all portable information resource devices that process, contain, or have direct access to mission critical and/or confidential information. The purpose of this procedure is to provide a set of measures that will mitigate information security risks associated with portable computing. The intended audience is all users of University information resources.

3. Definitions

• Confidential Information: information that is excepted from disclosure requirements under the provisions of applicable state or federal law, e.g., the Texas Public Information Act.
• Information Resources (IR): the procedures, equipment, and software that are designed, employed, operated, and maintained to collect, record, process, store, retrieve, display, and transmit information or data.
• Internet Service Provider (ISP): a company that provides access to the internet.
  

4. Procedures

1. Where appropriate, portable computing devices shall be protected from unauthorized access by passwords or other means.
2. All sensitive University data stored on portable computing devices shall be encrypted when possible.
3. All remote access (VPN, Remote Desktop, etc.) to the University shall utilize encryption techniques when connecting from an Internet Service Provider (ISP).
4. University data or information shall not be transmitted via wireless connection to, or from, a portable computing device unless encryption methods that appropriately secure wireless transmissions are utilized (i.e., secured socket layer (SSL) or with protected access (WEP).