Information & Communications Technology ICT Security Compliance Guide (Student)

Transcription

1 Infrmatin & Cmmunicatins Technlgy ICT Security Cmpliance Guide (Student) RESTRICTED Dcument ID: ICT-SSG Versin 1.1 Effective Date 1 Nv 2011

2 Dcument Cntrl Revisin Histry Versin Date Descriptin Authr Mar 2010 Initial Release. Replaces Security EMC Cnsultant Plicy Gverning the Use f Cmputer Resurces at the Singapre Plytechnic Nv 2011 Change f passwrd plicy t meet passwrd cmplexity requirement. Anthny Lau Reviewers Name Rle Status All Members Cmmittee n ICT Security Endrsed Anthny Lau ICT Security Manager Endrsed Apprvals Name Title Date Chairman & Members ICT Steering Cmmittee 25 March 2010 Versin May 2010 Page 2 f 8

3 Table f Cntents Dcument Cntrl Intrductin Student Security Awareness Passwrds Yur Accunts Apprpriate Use SP s Cmputer Resurces Security Vilatins... 8 Versin May 2010 Page 3 f 8

4 1. Intrductin As a student f Singapre Plytechnic, yu will make use f the Plytechnic s ICT Assets such as infrmatin, cmputers, netwrks and sftware in yur day-t-day activities. It is imprtant that these imprtant resurces prvide the service t yu and t thers fr which they were intended. An imprtant part f the prper peratin f these ICT Assets is security. Trjans, viruses, wrms and spyware can wreak havc n these assets s the Plytechnic has taken great care t prtect them against such threat. That said, yu, the student, perfrm a very imprtant rle in maintaining the security and availability f the Plytechnics student cmputer resurces. We have written this guide t help explain what yu need t d, and what rules yu need t cmply with t help ensure that the cnfidentiality, availability and integrity f the cmputing resurces f the Plytechnic are prtected. Students must cmply with the ICT Security Plicies f the Plytechnic. These plicies are very serius and are meant t make sure that the Plytechnic s cmputers and netwrks keep running smthly and securely. This cmpliance guide is intended t explain these plicies t yu. All Students f SP are required t strictly cmply with the Infrmatin Cmmunicatins Technlgy (ICT) Security Plicy and Standards issued by the Plytechnic. 2. Student Security Awareness Reference Plicy Paragraph 5.5, Yu shuld receive security awareness training as part f yur intrductin t the Plytechnic. This training will ensure that yu understand the risks and yur respnsibilities twards helping t reduce thse risks. Yu understand that yu are respnsible t cmply with all security related plicies. These plicies are imprtant and prtect nt nly yu, but everybdy else wh needs t use these resurces. 3. Passwrds Reference Plicy Paragraphs , Versin May 2010 Page 4 f 8

5 Yu will be given a passwrd t access any cmputer accunts that yu need. Yu must keep yur passwrd secret, and never ever tell anybdy else what it is 1 ; We have sme rules t help yu select a gd passwrd: It needs t be at least 9 characters lng; It has t cntain at least 1 letter frm the alphabet and 1 number; It can t have blanks; It can t be yur username r User ID; It can t be yur name r part f yur name; It can t cntain yur NRIC/Passprt Number; It can t cntain r be anything that can be assciated with yu, e.g. yur dg s name r street name; It can t cntain YES r NO. S, yu need t use great care when yu pick a passwrd. One easy way t pick ne yu can remember is t think f a phrase. Fr example, the phrase I like Ice Cream culd be cnverted int a passwrd like 1l1ke1cecream by just putting 1 instead f I ; this is a very gd passwrd. (Dn t use this ne thugh!) Dn t write yur passwrd dwn n a piece f paper r put it in a file n a cmputer. Smebdy else culd find it. If yu think smene has guessed yur passwrd, r if yu accidently revealed it t smebdy else, yu need t change it immediately. One mre thing yur passwrd needs t be changed every 180 days, and yu can t use the same passwrd again. 4. Yur Accunts Reference Plicy Paragraph Yur accunt is just that yur accunt, just fr yu and yu alne. Yu cannt share it with smebdy else, fr any reasn. Yu are respnsible fr everything that cmes frm yur accunt. S if smebdy were t send an , write a blg, r pst smething n FaceBk using yur accunt defaming the schl, a teacher, r a friend, it s yur prblem. S again, keeping yur passwrd a secret helps t avid prblems like this. Yu can t use smene else s accunt, just like smene else can t use yurs. Yu als can t d things that attempt t mask yur accunt t thers t try and hide. Yu can't use the Plytechnic s resurces t spy n thers, and yu can t change, read, delete, cpy r therwise mdify anther persns files unless they give yu permissin t d s. 1 One really gd example f when this rule is imprtant is when yu are the ptential victim f a phishing attack, where yu get an asking yu t reveal yur passwrd. A legitimate site r rganizatin will never ever ask yu t reveal yur passwrd. Versin May 2010 Page 5 f 8

6 5. Apprpriate Use SP s Cmputer Resurces Reference Plicy Paragraphs , , , 11.5 The cmputer systems, including netwrks that have been set aside fr yur use are tls t facilitate yur educatin. These systems shuld be usable by yu just the way they are, and yu shuld nt need t change their cnfiguratin r add any sftware. Use cmmn sense in what yu d n these systems - if it feels wrng, it prbably is. Yu shuld nly use Plytechnic cmputer systems and the Plytechnic s netwrks fr Plytechnic related activities such as cursewrk r research, and fr n ther purpse. Yu shuld nt use these systems fr: Cmmercial r financial gain; Gambling; Unauthrized strage; Attacking r hacking Plytechnic r external resurces Installatin f malicius sftware r cde Disruptive activities t ther students r the Plytechnic as a whle Only install authrized sftware n the Plytechnic s systems. Authrized sftware is sftware that is licensed fr use, legally acquired, and apprved by the Plytechnic fr use. By installing unauthrized sftware yu culd inadvertently intrduce malicius cde and cause great harm t the Plytechnic. Yu culd als break the licensing agreements that the Plytechnic has with varius sftware vendrs, and withut even knwing it. Only use resurces that are fr students. Staff cmputers are fr staff and students shuld nt use them. If yu have a questin as t if a cmputer system is fr student r staff, please ask. We have spent a lt f time and expense installing security safeguards such as anti-virus, persnal firewalls and anti-spyware prgrams n the Plytechnic s ICT systems. Please d nt try and circumvent these safeguards, as yu will be endangering bth the system and yur fellw students. Infrmatin that ges n the Internet frm the Plytechnic is traceable t the Plytechnic. S dn t use the Plytechnic s netwrk t pst r anything that is: Distasteful; Objectinable; Prejudicial t the gd name f Singapre Plytechnic; Illegal as defined under the laws f the Republic f Singapre; nt public Blgs, scial netwrking sites 2, websites, r any ther publicly accessible cmmunicatin channel. Again, gd sense prevails defamatin, prngraphy, pictures that are disturbing if yu think it s bad, then it prbably is. Yu must nt use the Plytechnic s ICT Systems t illicitly exchange 3 r therwise infringe n the cpyrighted intellectual prperty f thers by any means, including but nt limited t the 2 Scial netwrking sites include sites such as MySpace, Facebk, Twitter, Picasa and s n. Versin May 2010 Page 6 f 8

7 use f peer-t-peer r client-t-client technlgies 4, r FTP. If yu have peer-tpeer r client-t-client sftware n yur persnal laptp, either turn it ff r dn t cnnect yur cmputer int the Plytechnic s netwrk. When yu use yur wn cmputer r laptp, yu can nly cnnect it t netwrks that are allcated specifically fr student r guest use. Yu cannt attach it t any netwrk reserved fr the staff f the Plytechnic. If yur cmputer runs the Micrsft Windws perating system, yu must ensure that it has an apprpriate antivirus prgram installed, peratinal and up-t-date befre yu cnnect it t the Plytechnic s netwrk. This is t prtect bth yu and yur fellw students against malware. Ensure that yur cmputer is nt attached t a secnd netwrk 5 and Singapre Plytechnic s netwrk at the same time; fr example, if yu have a USB dngle that facilitates cnnectins t a 3G netwrk, then yu can t use that dngle at the same time as yur cmputer is attached t the Plytechnic s netwrk. 6. Reference Plicy Paragraph , The Plytechnic may have created a student accunt fr yur exclusive use. Yu are fully accuntable fr all s transmitted frm yur Plytechnic accunt s yu must ensure that nbdy else can access this accunt. When yu use yur Plytechnic accunt, yu are in effect representing the Plytechnic. Yu must exercise care and discretin when yu send mail, and yu must nt use yur Plytechnic accunt t: Send spam r cmmercial s; Slicit fr plitical candidates; Engage in illegal, unethical r imprper activities; Disseminate internal addresses t external mailing lists; Cnduct persnal business 3 By illicitly exchange, we mean exchange withut the permissin f the cpyright wner r exchange in vilatin f nrmal fair use principles; this generally applies t music, mvies, sftware, and ther frms f intellectual prperty. 4 Examples include ednkey, Gnutella and Bit Trrent 5 A Secnd Netwrk is meant t be an un-trusted third-party netwrk such as the Internet; the effect f cnnecting a cmputer t tw netwrks at the same time is t circumvent prtectin mechanisms that may be in place n the trusted netwrk. A gd example f cnnecting t a secnd netwrk is at the same time wuld be t cnnect t the SPICE netwrk using a LAN prt while at the same time being cnnected t Wireless@SG n the WiFi prt. Versin May 2010 Page 7 f 8

8 7. Security Vilatins Reference Plicy Paragraph RESTRICTED If yu see smething that yu think might indicate a security prblem, malfunctin f a security device r prgram, r a security vilatin, please prmptly reprt the matter t the SPICE Service Desk it is yur respnsibility t d s. If there is an investigatin being cnducted by the Plytechnic relating t system misuse, abuse r a security incident/vilatin, then yu understand that during the curse f the investigatin the Plytechnic s management has the right t examine yur accunt, s, and user files even n yur PC if yur PC is attached t the Plytechnic s netwrk. Yu als understand that vilatin f the Plytechnics cmputer security plicies and acceptable use plicies is a very serius matter. Vilatins may result in: Fines against the ffending party; Withdrawal f access t the Plytechnic s cmputing resurces and/r netwrk Suspensin r expulsin frm the Plytechnic. Finally, Singapre Plytechnic reserves the right t take disciplinary r legal actin against an ffending user in the event that he r she cnducts himself r herself in any manner which is cnsidered by the Plytechnic t be irrespnsible; r in the event that the individual is misusing the cmputing resurces allcated t him r her. Versin May 2010 Page 8 f 8