Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 13 Next »

Purpose:

Faculty and staff members who are traveling to risky areas as defined in University’s Faculty and Staff International Travel Policy must follow ITS procedures to protect University data and devices.

Lisa's Note:

Until we have clarity around our procedures (see below), we may want to publish something like this:

Consistent with the University’s Faculty and Staff International Travel Policy, ITS works with those traveling to high-risk countries to help protect University data and devices during their visit.

If you plan to travel to a Level 3 or Level 4 country, contact the ITS Service Desk for an ITS security consultation and review at least 30 days before departure. ITS will provide you with information/guidance to safeguard University data and devices until all post-travel activities have been completed. In some cases, it may be necessary to [change your password? Re-image your computer? Anything else we might mention here?]


Procedure:

  1. Travelers to risky areas must contact the ITS Service Desk at least 30 days before departure to review the appropriate protections needed. (This sounds like the traveler needs to review the appropriate protections.)
  2. ITS’ Information Security team will review key protections, including: (This sounds like ITS does the review, not the traveler.)
    1. Review traveler’s use of a University computer:
      1. Determination for loaner computer or re-imaging of existing computer (Is a loaner computer a realistic option?)
      2. Likely methods for internet connections. (Not sure what this means.)
      3. Other connections, such as Bluetooth and USB. (Not sure what this means.)
    2. Configuration of University's Global Protect VPN. (Not sure what this means, nor do I know who does the configuring.)
    3. Review traveler’s access to sensitive data/applications. (How does this happen and who does it?)
    4. Assess other potential cybersecurity risks associated with specific travel details. (How is this determined and who does it?)
    5. Use of personal devices to access University data. (Guessing this is strictly cautionary guidance?)
    6. Resetting user account password (Guessing this might be a requirement after travel is complete? If so, can we enforce it?)
  3. ITS will keep the service request open during travel.
  4. ITS will close the service request after all post-travel activities have been completed.

Related information:


  • No labels