Removable media is a well-known source of malware infections and has been directly tied to the loss of sensitive information in many organizations.
The purpose of this policy is to minimize the risk of loss or exposure of sensitive information maintained by eCuras and to reduce the risk of acquiring malware infections on computers operated by eCuras.
This policy covers all computers and servers operating in eCuras.
eCuras staff may only use eCuras removable media in their work computers. eCurasremovable media may not be connected to or used in computers that are not owned or leased by the eCuras without the explicit permission of the eCuras InfoSec staff. Sensitive information should be stored on removable media only when required in the performance of your assigned duties or when providing information required by other state or federal agencies. When sensitive information is stored on removable media, it must be encrypted following the eCuras Acceptable Encryption Policy.
Exceptions to this policy may be requested on a case-by-case basis by eCuras-exception procedures.
5.1 Compliance Measurement
The Infosec team will verify compliance with this policy through various methods, including but not limited to periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the policy owner.
The Infosec team must approve any exception to the policy in advance.
An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
Revised: March 14th, 2018