1051 NW 14th St., Suite 165
(UM mail routing R-26)
Miami, FL 33136

Receptionist: 305-243-6475
Hours: 830am - 500pm, M-F

Help Desk: 305-243-5999
Hours: 24/7

General fax: 305-243-6417
Admin. fax: 305-243-2622

Rust (1963). Electron micrograph of an oxide scale, sometimes called rust, on a single crystal of iron. Source: General Motors and Nationl Museum of American History.

Related content

Mobile computing and tele-working

Objective • Policies for use of mobile computing devices and work in off-site settings (“tele-work”) should aim for information security commensurate with that for non-mobile devices and work in on-site settings, where technically and operationally feasible.

Mobile computing and tele-working controls • Controls should be implemented that are commensurate with the types of users, settings of mobile/tele-working use, and sensitivity of the applications and data being accessed from mobile/tele-working settings.

Applicability • Controls on mobile computing and tele-working should extend to any extra-institutional or non-traditional work setting where the organization’s information is accessed. This could include controls on:

desktop computers used off-premises;
laptop, notebook, and palmtop computers;
mobile phones and "smart" phone-PDAs;
portable storage devices and media; and
any other type of component capable of using, displaying, storing or transmitting the organization’s information.

Portable devices and media controls • Appropriate security measures should be required for mobile computing and communications activities. This could include guidelines and/or requirements for:

physical and environmental security measures;
appropriate user authentication (knowledge-, token- or biometric-based) and access control;
minimization or prohibition of data storage on mobile devices or devices in off-premises locations, particularly sensitive data;
cryptographic methods for any stored sensitive data;
data backups for stored sensitive data;
secure communication methods for transmitted data (e.g., VPN);
anti-virus and other protective software;
operating system and other software updating; and
independent validation of appropriate device configuration.

Controls against malicious mobile code • Appropriate controls should be implemented for prevention, detection and response to mobile versions of malicious code, including appropriate user awareness.

Tele-working controls • Appropriate security measures should be required for "tele-working" activities. This could include requirements for:

physical and environmental security measures;
appropriate user authentication and access control, given reasonably anticipated threats from other users at the site (e.g., family members);
cryptographic techniques for data storage at and communications to/from the site;
data backup processes and security measures for those backup copies;
security measures for wired and wireless network configurations at the site;
policies regarding intellectual property used or created at the site, including software licensing;
policies regarding organizational property used at the site (e.g., organizations' computing hardware and software);
policies regarding private property used at the site (e.g., tele-workers' own computing hardware and software); and
insurance coverage or other specification of financial responsibility for equipment repair or replacement.

SOURCE: ISO-27001/27002:2005 sects. 11.7.1 – 11.7.2.