Encryption of Mobile Devices
The University Code of Practice has an approved information security classification (see section x).
This distinguishes between different classes of information i.e.
- Unclassified or Public information
- Campus Only
- Confidential Information and
- Personal and Strictly Confidential Information
The confidentiality of the campus network cannot be guaranteed, since it has external links to the Internet. Thus, documents in the latter two categories must only be transmitted electronically over the campus network if they are protected (e.g. password control and at least "weak" encryption).
The different types of encryption are specified.
The term weak encryption is used to mean simple (single and often short key) encoding. It includes the limited file protection available under 'options' when saving files in Microsoft Word or Microsoft Excel. It must be stressed that documents protected with weak encryption may be decoded even if the password is not known using commercially available utilities. However, it does provide a degree of protection.
Information which is designated in the two confidential categories must not be stored on laptops or USB sticks. Data in these categories must be stored on the University data storage facilities (e.g. G and H Drive or equivalent) which can be accessed off-campus in secure ways using several mechanisms, and which avoids the transport of data over insecure networks.
The ways to access data storage from working off-campus are specified.
IT Services, February 2011