BYOD Policy for School Use

Verified

Added on 2020/04/15

AI Summary

This assignment details a Bring Your Own Device (BYOD) policy for the School of Computer Science at the University of Hertfordshire. It addresses various aspects including device compatibility, network access, data security, privacy, and acceptable use. The document emphasizes the importance of balancing the benefits of BYOD with potential risks, outlining measures to mitigate security threats and ensure responsible device usage within the academic environment. The policy also includes sections on risk assessment, confidentiality, integrity, availability, and mobile device specifications.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: POLICY DOCUMENT ON INFORMATION SECURITY
Policy document on Information security management and compliance
(University of Hertfordshire)
Name of the student:
Name of the university:
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1POLICY DOCUMENT ON INFORMATION SECURITY
Policy Document on Acceptable Use Policy (AUP)
1. Background towards developing the policy:
The policy document is the continuation of analysis and identification of the risks regarding
the current security policies and set up. It is also found from the analysis of the current system that
there have been various risks related to the system that are still needed to be addressed or solved.
The policies were needed to be modified, and various new steps are taken to address the related
risks.
The policy demonstrated the AUP or Acceptable Use Policy. It also includes the lines of the
ISO27000 family. It also links the BYOD, or the “Bring Your Device Policy” to the AUP. All the
integrities, confidentialities and the availabilities of the challenges information assets are analyzed
here.
2. Purpose:
The BYOD program involves the students and parents to bring their mobile devices
supporting the learning and teaching tasks. For the program, the mobile device indicates the student-
owned device like the laptop, iPod touch, suitable phone and tablet. It must be reminded that the
personal gaming devices are not permitted in the program.
This risk analysis policy has documented the authority of University of Hertfordshire for
conducting the investigations and taking actions as needed to analyze the risks in the university. It
intends to mitigate the measures for reducing, eliminating and managing the risks. The document
specifies when and how the risk analysis could be done and who have been behind those
responsibilities. Further, the policy determines how the risks could be identified for remediating it. It
is conducted keeping the authority of the Chief Security Officer.

2POLICY DOCUMENT ON INFORMATION SECURITY
3. Scope:
This policy applies to every data and systems on the organizational network operated or
owned by the university. The policy is efficient since the date issues never expire till it gets
superseded by any other policy. However various risks analysis is particular to the system, the entire
risk to the organization is needed to be considered. Moreover, the general risk analysis of the
university functions is evaluated periodically like the risks to the network.
4. Term Definitions:
Risk: The chance of an undesirable outcome along with the harm that could occur.
Risk assessment: This is the analysis of every possible risk with the implemented and non-
implemented solutions for managing, eliminating and reducing the risks.
Threat: It could be accidental, deliberate or result from any nature.
5. Risk Assessment Participants and Skills:
The staff members must perform the risk analysis. They must be familiar with the security
and technology. The leader here must be the security officer. The technical support staff and the
business owners must supply the information of risk assessment.
6. The risk assessment method:
This method is defined with the risk analysis process. It needs to be upgraded as needed. The
reason behind this is the outcomes of incidents and audits.

3POLICY DOCUMENT ON INFORMATION SECURITY
7. The steps of risk analysis:
 The management controlling the university is bound to define every scopes of risk analysis
and make the team to guide the process.
 As the procedure is not defined, the team must determine them.
 The system must be evaluated by determining if the system is critical to the business process
of organization and recognizing the security needs and data classification.
 The threats must be listed as the exploitation of the vulnerability.
 The vulnerabilities must be identified.
 Evaluate the security controls.
 The identification of probabilities.
 The impact of the quality damage.
 The risk levels must be determined.
8. The BYOD Acceptable Use Policy (AUP) Summary:
In the effort to the parents, guardians and students to take part in the BYOD program, the
responsibilities and conditions added must be accepted as stated in the BYOD linked to the AUP as
shown below. They must first read, then sign and return from this document.
1. The students wishing to use the personally owned mobile phone must read and sign the AUP.
2. The guardian/parent must read a sign and submit the AUP to the tutor putting that in the student
file.
3. The students should undertake the roles for the proper use of the personal device at any times.
4. They are also liable for the devices including the cost of repairs, breakages and replacement.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4POLICY DOCUMENT ON INFORMATION SECURITY
5. Further, the school has the right to reserve to monitor or inspect the student mobile devices during
the school hours.
6. The violations of the school rules or policies including any student device might lead to a student
not being permitted to use the device during the disciplinary action or school hours.
7. As the school hours are allowed to use the device to learn the related tasks only.
8. The students need to comply with the requests from the teachers about the using of devices while
the classes are going on.
9. The mobile devices should be charged with bringing them to school to be usable during the school
hours.
10. The devices must not be used to transmit or post or record the videos or photos.
11. Every user is responsible for their device and must use that appropriately and with responsibility.
The University of Hertfordshire had taken no liability regarding the damaged, lost or stolen devices.
This must also include the corrupted or lost data on the devices.
12. Further, University of Hertfordshire is also not liable for any possible device changes to the
account which could be incurred during the approval of the school-related use.
13. Confidentiality: The privacy and the ability to control or restrict the access must be maintained
by the individuals to view the sensitive data.
14. Integrity: To maintain this security testing is intended to reveal the flaws in the security
mechanisms protecting the data and control the functionality as expected.
15. Availability: An off-site location must be kept ready for restoring the services as anything occurs
to the primary data centers.

5POLICY DOCUMENT ON INFORMATION SECURITY
Mobile Device Details
______________________________ (For example: Mobile, Tablet – include manufacturer, type of
device here)
As a student I abide by the AUP.
Student Name: __________________________________________ (in capitals)
Student signature: _______________________________________ Date: _________________

6POLICY DOCUMENT ON INFORMATION SECURITY
The signatures by officers:
Submitted by: _______________________ Date: _________
Risk Assessment Manager
Reviewed by: _______________________ Date: _________
Chief Security Officer
Approved by: _______________________ Date: _________
IS Authorizing Official
School of Computer Science
University of Hertfordshire

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7POLICY DOCUMENT ON INFORMATION SECURITY
9. Bibliography:
Blaisdell, J., Kelly, M., Lang, M., Muldoon, K. and Toner, J., 2014. Embracing “Bring Your Own
Device”: Balancing the Risks of Security Breaches. Impact of Emerging Digital Technologies on
Leadership in Global Business, p.113.
Bruder, P., 2014. Gadgets go to school: The benefits and risks of BYOD (bring your own
device). The Education Digest, 80(3), p.15.
Gamundani, A.M. and Uuzombala, K.N., 2016. A review of organizational information security
acceptable use policy implementation. International Journal of Computer Science and Information
Security, 14(9), p.474.
Gkamas, V., Paraskevas, M. and Varvarigos, E., 2016, August. Design of a Secure BYOD Policy for
the Greek School Network: A Case Study. In Computational Science and Engineering (CSE) and
IEEE Intl Conference on Embedded and Ubiquitous Computing (EUC) and 15th Intl Symposium on
Distributed Computing and Applications for Business Engineering (DCABES), 2016 IEEE Intl
Conference on (pp. 557-560). IEEE.
Hallett, J. and Aspinall, D., 2017, May. Capturing Policies for BYOD. In IFIP International
Conference on ICT Systems Security and Privacy Protection (pp. 310-323). Springer, Cham.
Hinkes, A., 2014. BYOD policies: a litigation perspective. Retrieved, 6(10), p.2014.
Kulkarni, G., Shelke, R., Palwe, R., Solanke, V., Belsare, S. and Mohite, S., 2014, April. Mobile
cloud computing-bring your own device. In Communication Systems and Network Technologies
(CSNT), 2014 Fourth International Conference on (pp. 565-568). IEEE.
Sellers, M.R., 2016. Future Privacy and Security Controls. Attack prevention.