Data Security and Stewardship Committee
Cordelia Camp 101a
Wednesday, October 28, 2009
Present Pam Buchanan, Steve Christison, Craig Fowler, Lisa Gaetano,
Larry Hammer, Debbie Justice, Scott Koger, Mary Ann Lochner,
Zeta Smith, and Scott Swartzentruber
Absent Mike Stewart and Kay Turpin
Guests Robert Edwards and Sam Miller
Recorder Jenny Owen
Handout
Matrix of Mobile Communication Devices & Security Options
Approval of Minutes

Craig Fowler made a motion to approve the minutes from the
Data Security and Stewardship Committee (DSSC) meeting that
was held on Wednesday, October 14, 2009. There was no
opposition, and the motion carried unanimously.
General Information

Fowler clarified that the Chancellor is the only one that can
approve emeritus applications and that those decisions are
reported to the Board of Trustees.
Action Items Confidentiality Agreement in
Policy 95

After a brief discussion about how to implement the
confidentiality agreement that is attached to Policy 95 - Data
Network and Security Management, DSSC members approved
Fowler’s suggestion to have Debbie Justice coordinate with
Anna McFadden to arrange for Policy 95 and its confidentiality
agreement to be set up as a course in WebCat. Fowler explained
that after the course/training is completed, the confidentiality
agreement and a certificate indicating completion of the training
could be printed, signed and sent to Human Resources for filing.
This will only have to be done one time by employees.
Fowler will take this to Executive Council for their approval.

Security for Mobile
Communication Devices

Fowler and several other DSSC members participated in a
conference call on Monday, October 26 with John Girard
(Gartner analyst) about security for mobile communication
devices. Brief summary of items discussed:
o Smart phones should be viewed as small laptops.
o People were 15 times more likely to lose a smart phone
than a laptop.
o Gartner analyst said best security approach for mobile
communication devices would be Blackberrys operating
from a Blackberry Enterprise Server (BES).
o Windows Mobile 6.1 with Exchange 2.7 had fairly good
capabilities but wasn’t very popular.
o iPhones, at a minimum, would be the 3GS family and
above.
Talked about blocking IMAP—can block by mailbox.
Talked about being able to use Outlook Web Access
(OWA).
o Some places have additional charges for supporting
different devices—the more devices that are supported—
the higher the costs.
o Have passwords with 10 characters.
o If no activity after 10 – 15 minutes, devices lock down.
o Encrypt from core memory and removable media.
o Consider using remote swipe.
o If smart phone is offline longer than 10 days, it should
lock down.
o Talked about different ways to block attachments.
DSSC members reviewed the matrix that Scott Koger was asked
to put together on various devices that were being considered and
their security options.
Sam Miller asked if DSSC members had an idea on how much
security was good enough. He added that he didn’t necessarily
advocate a particular device, but would rather the group come up
with ways to “incentivize faculty and staff with a security
mindset.”
o
o


Action Items




A task force was formed to create a first draft of a tiered approach
to security of mobile communication devices. Lisa Gaetano
agreed to be the chairperson. Members are Scott Koger,
Mary Ann Lochner, Larry Hammer, and Pam Buchanan. They
will have their first draft ready for review and discussion at the
next DSSC meeting on November 10.
Koger will follow up with Shandon Bates on filtering by device
and also what is involved with turning off email forwarding.
Koger will follow up with Anne Vail on what the impact might be
if IMAP were turned off.
Scott Swartzentruber will review Policy 93 – Electronic Mail
Policy for possible changes or modifications and will report his
findings at the next meeting.