What does the Device DCS cover?
Laptops, desktops, tablets, smartphones, flash drives and other portable storage drives used for work purposes regardless of ownership.
- Step 1: Determine which data classification level applies to the data on your device(s). See the DCS cheat sheet or the UM DCS definitions.
- Step 2: Inform your IT support staff of the DCS level that aligns with your device(s).
- Step 3: Your IT professional is responsible for ensuring your device(s) is deployed, configured and managed in accordance with the Device DCS.
- Step 4: You are responsible for the following:
- Keep portable devices physically secure.
- Lock your screen/device when not in use.
- When connecting to your campus network or campus resources, use VPN or other secure remote access services as deemed appropriate by your campus IT department.
- Do not share your password with anyone and do not use your University password on non-University web sites or other accounts.
- Make sure your device is disposed of properly. For University-owned devices, give your aged device to your IT support staff. For personal devices, make sure they are wiped before disposal.
- Do not disable the firewall or antivirus.
- Use mapped network drives or collaboration applications provided by your campus to store work files rather than storing files exclusively on your workstation (protects against device failure).
- Do not join unsecure wireless networks when working or, if you must use such networks, use VPN or other secure remote access services.
- Report the loss or theft of a device, regardless of ownership, to your campus police department, your IT support person and to your campus Information Security Office.
- Do not make online purchases or other financial transactions over a publicly-available wireless network.
- Do not use a flash drive if you don't know where it came from (it could hold a virus).
- For personal devices, keep the operating system and applications current.
- Encrypt personal devices, including flash drives, that hold DCL4 data. If you own a device that can't be encrypted, you should not store DCL4 data on it.
- Do not download suspicious or obscure applications onto your computer and never click on links in emails.
- Use common sense and best practices when traveling, especially when traveling overseas.
Note: If your University-issued computer is not managed by an IT professional or if it uses a non-standard operating system such as Linux, consult with your campus IT division and/or with your campus Information Security Officer.
The creator/manager (e.g., data custodian) of information and data has the latitude to classify data at a level higher than the definitions below. However, data/information cannot be classified at a lower level than the definitions below unless approved by your ISO.
|DCL Cheat Sheet General Guidelines|
Most Web page content
Meeting agendas and minutes
Business emails and other correspondence
Non-directory student information
Financial aid information
Job candidate resumes and applications
Personnel evaluations and other HR-related information such as EMPLID
Some forms of intellectual property and unpublished research
Floor plans, diagrams, etc.
Birthdates and other personal information
Applicable laws (not exhaustive): FERPA, GLBA, Federal Trade Commission regulations on identity theft protection
Social Security Numbers
Credit card numbers
Intellectual property including information and data with commercial value
Information/data affected by federal export control regulations
Documentation about critical infrastructures (floor plans, power systems, diagrams, etc.)
Applicable laws and standards (not exhaustive): HIPAA, Payment Card Industry (PCI), Missouri Breach Law, federal export control laws