St. Johns River State College



Similar documents
13. Acceptable Use Policy

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

MISSISSIPPI DEPARTMENT OF HEALTH COMPUTER NETWORK AND INTERNET ACCESS POLICY

Medford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee

FKCC AUP/LOCAL AUTHORITY

INFORMATION TECHNOLOGY Policy 8400 (Regulation 8400) Data Security

UNIVERSITY GUIDEBOOK. Title of Policy: Acceptable Use of University Technology Resources

Information Security and Electronic Communications Acceptable Use Policy (AUP)

Acceptable Use Policy

Acceptable Use Policy - NBN Services

Network and Workstation Acceptable Use Policy

Responsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy

Information Technology Cyber Security Policy

BUCKEYE EXPRESS HIGH SPEED INTERNET SERVICE ACCEPTABLE USE POLICY

Franciscan University of Steubenville Information Security Policy

Human Resources Policy and Procedure Manual

Delaware State University Policy

How To Protect Decd Information From Harm

Department of Finance and Administration Telephone and Information Technology Resources Policy and Procedures March 2007

INTERNET ACCEPTABLE USE POLICY

MEMORANDUM INFORMATION TECHNOLOGY SERVICES DEPARTMENT

Network Security Policy

CT Communications Internet Handbook

State of Michigan Department of Technology, Management & Budget. Acceptable Use of Information Technology (former Ad Guide 1460.

EMPLOYEE COMPUTER NETWORK AND INTERNET ACCEPTABLE USAGE POLICY

Information Technology Acceptable Use Policy

Acceptable Use of Computing and Information Technology Resources

DIOCESE OF DALLAS. Computer Internet Policy

Hyde School Student Computer Systems Acceptable Use Policy

Sheridan College Institute of Technology and Advanced Learning Telephone and Computer Information Access Policy

Odessa College Use of Computer Resources Policy Policy Date: November 2010

CITY OF BOULDER *** POLICIES AND PROCEDURES

United Tribes Technical College Acceptable Use Policies for United Tribes Computer System

REGION 19 HEAD START. Acceptable Use Policy

Technology Department 1350 Main Street Cambria, CA 93428

AVON OLD FARMS SCHOOL COMPUTER AND NETWORK ACCEPTABLE USE POLICY

B. Privacy. Users have no expectation of privacy in their use of the CPS Network and Computer Resources.

HIPAA Security Training Manual

City of Grand Rapids ADMINISTRATIVE POLICY

How To Use A College Computer System Safely

Acceptable Use Policy

BUCKEYE EXPRESS HIGH SPEED INTERNET SERVICE ACCEPTABLE USE POLICY

Information Resources Security Guidelines

Cablelynx Acceptable Use Policy

EMPLOYEE ACCESS RELEASE AND AUTHORIZATION FORM MCS warehouse form No

Acceptable Usage Policy

Code of Virginia, 1950, as amended, Sections , :1, , , and

'Namgis First Nation. 1.0 Overview. 2.0 Purpose. 3.0 Scope. 4.0 Policy

Acceptable Use Policy ("AUP")

OLYMPIC COLLEGE POLICY

Riverside Community College District Policy No General Institution

region16.net Acceptable Use Policy ( AUP )

IT1. Acceptable Use of Information Technology Resources. Policies and Procedures

The Internet and 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY

PRAIRIE SPIRIT SCHOOL DIVISION NO. 206, BOX 809, 121 KLASSEN STREET EAST, WARMAN, SK S0K 4S0 -- PHONE: (306)

MARIN COUNTY OFFICE OF EDUCATION. EDUCATIONAL INTERNET ACCOUNT Acceptable Use Agreement TERMS AND CONDITIONS

POLICIES AND REGULATIONS Policy #78

STAR TELEPHONE MEMBERSHIP CORPORATION ACCEPTABLE USE POLICY FOR BROADBAND INTERNET SERVICES

AASTMT Acceptable Use Policy

Information Security

ORANGE REGIONAL MEDICAL CENTER Hospital Wide Policy/Procedure

ACCEPTABLE USE OF TECHNOLOGY

Internet Use Policy and Code of Conduct

DHHS Information Technology (IT) Access Control Standard

Responsible Access and Use of Information Technology Resources and Services Policy

UTMB INFORMATION RESOURCES PRACTICE STANDARD

Caldwell Community College and Technical Institute

BLOOMFIELD COLLEGE ACCEPTABLE USE POLICY

JHSPH Acceptable Use Policy

Approved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2

Embedded Network Solutions Australia Pty Ltd (ENSA) INTERNET ACCEPTABLE USE POLICY

Transcription:

St. Johns River State College 3.11 Technology 3.11.1 Account Management Computer accounts are the means used to grant access to SJR STATE Information Resources. These accounts provide a means of providing accountability, a key to any computer security program, for Information Resources usage. This means that creating, controlling, and monitoring all computer accounts is extremely important to an overall security program. The purpose of the SJR STATE Account Management Security Policy is to establish the rules for the creation, monitoring, control and removal of user accounts. 1. All accounts created must have an associated request and approval that is appropriate for the individual use of each SJR STATE system or service. 2. All users must sign the SJR STATE End User Agreement before access is given to an account. 3. All accounts must be uniquely identifiable using the assigned user name. 4. All default passwords for accounts must be constructed in accordance with the SJR STATE Password Policy. 5. All accounts must have a password expiration that complies with the SJR STATE Password Policy. 6. Accounts of individuals on extended leave (more than 30 days) will be disabled. 7. All new user accounts that have not been accessed within 30 days of creation will be disabled. 8. System Administrators or other designated staff: are responsible for removing the accounts of individuals that change roles within SJR STATE or are separated from their relationship with SJR STATE must have a documented process for periodically reviewing existing accounts for validity must cooperate with authorized SJR STATE management investigating security incidents 3.11.2 Computer Virus The number of computer security incidents and the resulting cost of business disruption and service restoration continues to escalate. Implementing solid security policies, blocking unnecessary access to networks and computers, improving user security awareness, and early detection and mitigation of security incidents are some of the actions that can be taken to reduce the risk and drive down the cost of security incidents. The purpose of the Computer Virus Detection Policy is to describe the requirements for dealing with computer virus, worm and Trojan Horse prevention, detection and cleanup. 105

3.11.2.1 Virus Detection All workstations whether connected to the SJR STATE network, or standalone, must use the SJR STATE IT approved virus protection software and configuration. It is the responsibility of each user of a machine to ensure the equipment is connected to the SJR STATE network on a regular basis to allow proper updates for virus protection and operating system security upgrades. The virus protection software must not be disabled or bypassed. The settings for the virus protection software must not be altered in a manner that will reduce the effectiveness of the software. The automatic update frequency of the virus protection software must not be altered to reduce the frequency of updates. Each file server attached to the SJR STATE network must utilize SJR STATE IT approved virus protection software and setup to detect and clean viruses that may infect file shares. Each E-mail gateway must utilize SJR STATE IT approved e-mail virus protection software and must adhere to the IT rules for the setup and use of this software. Every virus that is not automatically cleaned by the virus protection software constitutes a security incident and must be reported to the Help Desk. 3.11.3 E-Mail Under the provisions of the Information Resources Management Act, information resources are strategic assets of SJR STATE that must be managed as valuable resources. Thus this policy is established to achieve the following: To ensure compliance with applicable statutes, regulations, and mandates regarding the management of information resources. To establish prudent and acceptable practices regarding the use of email. To educate individuals using email with respect to their responsibilities associated with such use. The purpose of the SJR STATE Email Policy is to establish the rules for the use of SJR STATE email for the sending, receiving, or storing of electronic mail. The following activities are prohibited by policy: Sending email that is intimidating or harassing. Violating copyright laws by inappropriately distributing protected works. Posing as anyone other than oneself when sending email, except when authorized to send messages for another when serving in an administrative support role. The use of unauthorized e-mail software. The following activities are prohibited because they impede the functioning of network communications and the efficient operations of electronic mail systems: Sending or forwarding chain letters. Sending unsolicited messages to large groups except as required to conduct college business. Sending excessively large messages Sending or forwarding email that is likely to contain computer viruses. All sensitive SJR STATE material transmitted over external network must be encrypted. It is the individual users responsibility to ensure this rule is met. 106

All user activity on SJR STATE Information Resources assets is subject to logging and review. Electronic mail users must not give the impression that they are representing, giving opinions, or otherwise making statements on behalf of SJR STATE or any unit of SJR STATE unless appropriately authorized (explicitly or implicitly) to do so. Individuals must not send, forward or receive confidential or sensitive SJR STATE information through non- SJR STATE email accounts. Examples of non-sjr STATE email accounts include, but are not limited to, Hotmail, Yahoo mail, AOL mail, and email provided by other Internet Service Providers (ISP). Individuals must not send, forward, receive or store confidential or sensitive SJR STATE information utilizing non-sjr STATE accredited mobile devices. Examples of mobile devices include, but are not limited to, Personal Data Assistants, two-way pagers and cellular telephones. 3.11.4 Internet Usage Information resources are strategic assets of SJR STATE that must be managed as valuable resources. Thus this policy is established to achieve the following: Ownership (electronic files created, sent, received, or stored on computers owned, leased, administered, or otherwise under the custody and control of SJR STATE are the property of SJR STATE) and Privacy (electronic files created, sent, received, or stored on Information Resources owned, leased, administered, or otherwise under the custody and control of SJR STATE are not private and may be accessed by SJR STATE IT employees at any time without knowledge of the Information Resources user or owner.) Usage: Incidental Use: Software for browsing the Internet is provided to authorize users for business and research use only. All software used to access the Internet must be part of the SJR STATE standard software suite or approved by IT. This software must incorporate all vendor provided security patches. All files downloaded from the Internet are scanned for viruses using the IT distributed software suite and current virus detection software. All sites accessed must comply with the SJR STATE Acceptable Use Policies. All user activity on SJR STATE Information Resources assets is subject to logging and review. Content on all SJR STATE Web sites must comply with the SJR STATE Acceptable Use Policies. No offensive or harassing material may be made available via SJR STATE Web sites. No personal commercial advertising may be made available via SJR STATE Web sites. SJR STATE internet access may not be used for personal gain or non-sjr STATE personal solicitations. No SJR STATE data will be made available via SJR STATE Web sites without ensuring that the material is available to only authorized individuals or groups. All sensitive SJR STATE material transmitted over external network must be encrypted. 107

Electronic files are subject to the same records retention rules that apply to other documents and must be retained in accordance with departmental records retention schedules. Electronic files are subject to the same records retention rules that apply to other documents and must be retained in accordance with departmental records retention schedules. Incidental use must not result in direct costs to SJR STATE. Incidental use must not interfere with the normal performance of an employee s work duties. No files or documents may be sent or received that may cause legal liability for, or embarrassment to, SJR STATE. Storage of personal files and documents within SJR STATE s Information Resources should be nominal. All files and documents are owned by SJR STATE, may be subject to open records requests, and may be accessed in accordance with this policy 3.11.5 Network Access Security The SJR STATE network infrastructure is provided as a central utility for all users of SJR STATE Information Resources. It is important that the infrastructure, which includes cabling and the associated equipment such as routers and switches, continues to develop with sufficient flexibility to meet user demands while at the same time remaining capable of exploiting anticipated developments in high speed networking technology to allow the future provision of enhanced user services. The purpose of the SJR STATE Network Configuration Security Policy is to establish the rules for the maintenance, expansion and use of the network infrastructure. These rules are necessary to preserve the integrity, availability, and confidentiality of SJR STATE information. To provide a consistent SJR STATE network infrastructure capable of exploiting new networking developments, all cabling must be installed by SJR STATE IT or an approved contractor. All network connected equipment must be configured to a specification approved by SJR STATE IT. SJR STATE IT owns and is responsible for the SJR STATE network infrastructure and will continue to manage further developments and enhancements to this infrastructure All hardware connected to the SJR STATE network is subject to SJR STATE IT management and monitoring standards. Changes to the configuration of active network management devices must not be made without the approval of SJR STATE IT. The SJR STATE network infrastructure supports a well-defined set of approved networking protocols. Any use of non-sanctioned protocols must be approved by SJR STATE IT. The networking addresses for the supported protocols are allocated, registered and managed centrally by SJR STATE IT. All connections of the network infrastructure to external third party networks are the responsibility of SJR STATE IT. This includes connections to external telephone networks. 108

The use of departmental firewalls is not permitted without the written authorization from SJR STATE IT. Users must not extend or re-transmit network services in any way. This means you must not install a router, switch, hub, or wireless access point to the SJR STATE network without SJR STATE IT approval. Users must not install network hardware or software that provides network services without SJR STATE IT approval. Users are not permitted to alter network hardware in any way. Remote users may connect to SJR STATE Information Resources only through an ISP and using protocols approved by SJR STATE IT. Users inside the SJR STATE firewall may not be connected to the SJR STATE network at the same time a modem is being used to connect to an external network. Users must not download, install or run security programs or utilities that reveal weaknesses in the security of a system. For example, SJR STATE users must not run password cracking programs, packet sniffers, network mapping tools, or port scanners while connected in any manner to the SJR STATE network infrastructure. 3.11.6 Password Procedure User authentication is a means to control who has access to an Information Resource system. Controlling the access is necessary for any Information Resource. Access gained by a non-authorized entity can cause loss of information confidentiality, integrity and availability that may result in loss of revenue, liability, loss of trust, or embarrassment to SJR STATE. Four factors, or a combination of these factors, can be used to authenticate a user. Examples are: Something you know password, Personal Identification Number (PIN) Something you have Smartcard Something you are fingerprint, iris scan, voice A combination of factors Smartcard and a PIN The purpose of the SJR STATE Password Policy is to establish the rules for the creation, distribution, safeguarding, termination, and reclamation of the SJR STATE user authentication mechanisms. All passwords, including initial passwords, must be constructed and implemented according to the following SJR STATE IT rules: it must be routinely changed it must adhere to a minimum length as established by SJR STATE IT (currently 8 characters minimum) it must be a combination of alpha, numeric, and special characters it must not be anything that can be easily tied back to the account owner such as: user name, social security number, nickname, relative s names, birth date, etc. it must not be dictionary words or acronyms password history must be kept to prevent the reuse of a password Stored passwords must be encrypted. User account passwords must not be divulged to anyone. SJR STATE IT and IT contractors will not ask for user account passwords. If the security of a password is in doubt, the password must be changed immediately. 109

Administrators, faculty, and staff must not circumvent the Password Policy for the sake of ease of use. Users cannot circumvent password entry with auto logon, application remembering, embedded scripts or hardcoded passwords in client software. Exceptions may be made for specific applications (like automated backup) with the approval of SJR STATE IT. In order for an exception to be approved there must be a procedure to change the passwords. Computing devices must not be left unattended without enabling a password protected screensaver or logging off of the device. IT Helpdesk password change procedures must include the following: authenticate the user to the helpdesk before changing password change to a strong password the user must change password at first login In the event passwords are found or discovered, the following steps must be taken: Take control of the passwords and protect them Report the discovery to the SJR STATE Help Desk Transfer the passwords to an authorized person as directed by SJR STATE IT 3.11.6.1 Password Guidelines Passwords must be changed at least every 60 days. Passwords must have a minimum length of 8 alphanumeric characters Passwords must contain a mix of upper and lower case characters and have at least 1 numeric character. Special characters should be included in the password where the computing system permits. The special characters are (!@#$%^&*_+=?/~`;:,<> \). Passwords must not be easy to guess and they: should not be your Username should not be your employee number should not be your name should not be family member names should not be your nickname should not be your social security number should not be your birthday should not be your license plate number should not be your pet's name should not be your address should not be your phone number should not be the name of your town or city should not be the name of your department should not be street names should not be makes or models of vehicles should not be slang words should not be obscenities should not be technical terms should not be school names, school mascot, or school slogans should not be any information about you that is known or is easy to learn (favorite - food, color, sport, etc.) 110

should not be any popular acronyms should not be words that appear in a dictionary should not be the reverse of any of the above Passwords must not be shared with anyone Passwords must be treated as confidential information 3.11.6.2 Creating a strong password Combine short, unrelated words with numbers or special characters. For example: eat42pen Make the password difficult to guess but easy to remember Substitute numbers or special characters for letters. (But do not just substitute) For example: livefish - is a bad password L1veF1sh - is better and satisfies the rules, but setting a pattern of 1st letter capitalized, and i's substituted by 1's can be guessed l!v3f1sh - is far better, the capitalization and substitution of characters is not predictable 3.11.7 Portable Computing Security Guidelines Portable computing devices are becoming increasingly powerful and affordable. Their small size and functionality are making these devices ever more desirable to replace traditional desktop devices in a wide number of applications. However, the portability offered by these devices may increase the security exposure to groups using the devices. The purpose of the SJR STATE Portable Computing Security Policy is to establish the rules for the use of mobile computing devices and their connection to the network. These rules are necessary to preserve the integrity, availability, and confidentiality of SJR STATE information. Only SJR STATE approved portable computing devices may be used to access SJR STATE Information Resources. 111 Portable computing devices must be password protected. SJR STATE data should not be stored on portable computing devices. However, in the event that there is no alternative to local storage, all sensitive SJR STATE data must be encrypted using SJR STATE IT approved encryption techniques. SJR STATE data must not be transmitted via wireless to or from a portable computing device unless approved wireless transmission protocols along with approved encryption techniques are utilized. All remote access (dial in services) to SJR STATE must be through an Internet Service Provider (ISP). Non SJR STATE computer systems that require network connectivity must conform to SJR STATE IT standards and must be approved in writing by IT prior to their connection to the SJR STATE network. Unattended portable computing devices must be physically secure. This means they must be locked in an office, locked in a desk drawer or filing cabinet, or attached to a desk or cabinet via a cable lock system.

3.11.8 Computer Privacy Privacy Policies are mechanisms used to establish the limits and expectations for the users of SJR STATE Information Resources. Internal users should have no expectation of privacy with respect to Information Resources. External users should have the expectation of complete privacy, except in the case of suspected wrongdoing, with respect to Information Resources. The purpose of the SJR STATE Information Services Privacy Policy is to clearly communicate the SJR STATE Information Services Privacy expectations to Information Resources users. 3.11.8.1 Ownership Electronic files created, sent, received, or stored on computers owned, leased, administered, or otherwise under the custody and control of SJR STATE are the property of SJR STATE. 3.11.8.2 Privacy Policy Electronic files created, sent, received, or stored on IR owned, leased, administered, or otherwise under the custody and control of SJR STATE are not private and may be accessed by SJR STATE IT employees at any time without knowledge of the user or owner. To manage systems and enforce security, SJR STATE may log, review, and otherwise utilize any information stored on or passing through its IT systems. For these same purposes, SJR STATE may also capture User activity such as telephone numbers dialed and web sites visited. A wide variety of third parties have entrusted their information to SJR STATE for business purposes, and all workers at SJR STATE must do their best to safeguard the privacy and security of this information. The most important of these third parties is the individual student; student account data is accordingly confidential and access will be strictly limited based on business need for access. Users must report any weaknesses in SJR STATE computer security, any incidents of possible misuse or violation of this agreement to the proper authorities by contacting the appropriate management. Users must not attempt to access any data or programs contained on SJR STATE systems for which they do not have authorization or explicit consent. 3.11.8.3 Web site Privacy Statement on the Use of Information Gathered from the General Public The following statement applies only to members of the general public and is intended to address concerns about the types of information gathered from the public, if any, and how that information is used. I. Cookies A cookie is a small file containing information that is placed on a user s computer by a web server. Typically, these files are used to enhance the user s experience of the site, to help users move between pages in a database, or to customize information for a user. 112

Any information that SJR STATE webservers may store in cookies is used for internal purposes only. Cookie data is not used in any way that would disclose personally identifiable information to outside parties unless SJR STATE is legally required to do so in connection with law enforcement investigations or other legal proceedings. II. Logs and Network Monitoring SJR STATE maintains log files of all access to its site and also monitors network traffic for the purposes of site management. This information is used to help diagnose problems with the server and to carry out other administrative tasks. Log analysis tools are also used to create summary statistics to determine which information is of most interest to users, to identify system problem areas, or to help determine technical requirements. III. Email and Form Information If a member of the general public sends SJR STATE an e-mail message or fills out a web-based form with a question or comment that contains personally identifying information, that information will only be used to respond to the request and analyze trends. The message may be redirected to another government agency or person who is better able to answer your question. Such information is not used in any way that would reveal personally identifying information to outside parties unless System Administration is legally required to do so in connection with law enforcement investigations or other legal proceedings. IV. Links This site may contain links to other sites. SJR STATE is not responsible for the privacy practices or the content of such websites. V. Security This site has security measures in place to protect from loss, misuse and alteration of the information. Contacting SJR STATE If there are any questions about this privacy statement, the practices of this site, or dealings with this website, contact the Director of IT for SJR STATE. 3.11.9 Software Licensing End-user license agreements are used by software and other information technology companies to protect their valuable intellectual assets and to advise technology users of their rights and responsibilities under intellectual property and other applicable laws. The purpose of the Software Licensing Policy is to establish the rules for licensed software use on SJR STATE Information Resources. SJR STATE provides a sufficient number of licensed copies of software such that workers can get their work done in an expedient and effective manner. Management must make appropriate arrangements with the involved vendor(s) for additional licensed copies if and when additional copies are needed for business activities. 113

Third party copyrighted information or software, that SJR STATE does not have specific approval to store and/or use, must not be stored on SJR STATE systems or networks. Systems administrators will remove such information and software unless the involved users can provide proof of authorization from the rightful owner(s). Third party software in the possession of SJR STATE must not be copied unless such copying is consistent with relevant license agreements and prior management approval of such copying has been obtained, or copies are being made for contingency planning purposes. 3.11.10 Acceptable Technology Use Guidelines Information Resources are strategic assets of SJR STATE that must be managed as valuable resources. Thus this policy is established to achieve the following: To ensure compliance with applicable statutes, regulations, and mandates regarding the management of information resources. To establish prudent and acceptable practices regarding the use of information resources. To educate individuals who may use information resources with respect to their responsibilities associated with such use. Ownership of Electronic Files Electronic files created, sent, received, or stored on Information Resources owned, leased administered, or otherwise under the custody and control of SJR STATE are the property of SJR STATE. 3.11.10.1 Information Resources Acceptable Use Users must report any weaknesses in SJR STATE computer security, any incidents of possible misuse or violation of this agreement to the proper authorities by contacting the appropriate management. Users must not attempt to access any data or programs contained on SJR STATE systems for which they do not have authorization or explicit consent. Users must not divulge VPN connection (remote computer use) information to anyone. Users must not share their SJR STATE account(s), passwords, Personal Identification Numbers (PIN), or similar information or devices used for identification and authorization purposes. Users must not use non-standard shareware or freeware software without SJR STATE IT management approval unless it is on the SJR STATE standard software list. Users must not purposely engage in activity that may: harass, threaten or abuse others; degrade the performance of Information Resources; deprive an authorized SJR STATE user access to a SJR STATE resource; obtain extra resources beyond those allocated; circumvent SJR STATE computer security measures. Users must not download, install or run security programs or utilities that reveal or exploit weaknesses in the security of a system. For example, SJR STATE users must not run password cracking programs, packet sniffers, or port scanners or any other non-approved programs on SJR STATE Information Resources. 114

SJR STATE Information Resources must not be used for personal benefit. Users must not intentionally access, create, store or transmit material which SJR STATE may deem to be offensive, indecent or obscene (other than in the course of academic research where this aspect of the research has the explicit approval of the SJR STATE official processes for dealing with academic ethical issues). Access to the Internet from an SJR STATE owned, home based, computer must adhere to all the same policies that apply to use from within SJR STATE facilities. Employees must not allow family members or other non-employees to access SJR STATE computer systems. Users must not otherwise engage in acts against the aims and purposes of SJR STATE as specified in its governing documents or in rules, regulations and procedures adopted from time to time. Users of the College's Computing Resources who download any software, files, materials or information of any type using the College's Computing Resources: Must comply with all terms of any software license agreements, end user license agreements, terms of use, privacy policies and any other agreements or policy that a User has notice of (collectively "License Agreements"). Must be aware that copyright protection includes, but is not limited to, computer software, recordings of songs, graphic art, photographs, images, films, videos, and that using material that is protected by copyright is illegal, unless the User has received express permission from the owner of the copyright, or if the material is explicitly labeled as being in the Public Domain. Must not copy or download any materials protected by copyright, such as software, songs, image files or other similar materials, for any purpose outside those allowed by the License Agreement that pertains to such software, songs or image files. Must not make software, songs, image files or other similar materials available for others to use or copy in violation of the License Agreement. Must not accept software, songs, image files or other similar materials from any third party which has not been licensed for use Must not install or direct others to install illegal copies of software, songs, image files or their similar materials onto any College-owned or operated Computing Resources. Must not download, install, use or direct or assist others to download, install, or use software specifically designed to share or download material. It shall be a violation of this Policy for a User to use the College's Computing Resources for any unauthorized or improper purpose including but not limited to the following: 1. Any activity or behavior that violates any of the College's codes or policies, including this Policy. 2. Using any computer as a server without authorization from the College. 3. Any commercial advertising or commercial purpose not expressly authorized by the College. 4. Using any Computing Resource to harass anyone. 5. Sending chain letters, spamming, (distributing unsolicited email or advertisement to users) or denial of service attacks. 115

6. To attempt to defeat any security on any computer or system or to spread any computer virus. 7. Any conduct that violates local, state or federal law. 8. Any unethical or immoral conduct, such as using the College's Computing Resources to access child pornography. 9. Unauthorized reproduction or use of any College, names, trademarks and/or logos. 10. Accessing or reviewing the files, information, or data of other individuals for improper purposes or without the required authorization. 3.11.10.2 Incidental Use As a convenience to the SJR STATE user community, incidental use of Information Resources is permitted. The following restrictions apply: Incidental personal use of electronic mail, internet access, fax machines, printers, copiers, and so on, is restricted to SJR STATE approved users; it does not extend to family members or other acquaintances. Incidental use must not result in direct costs to SJR STATE. Incidental use must not interfere with the normal performance of an employee s work duties. No files or documents may be sent or received that may cause legal action against, or embarrassment to, SJR STATE. Storage of personal email messages, voice messages, files and documents within SJR STATE s Information Resources must be nominal. All messages, files and documents including personal messages, files and documents located on SJR STATE Information Resources are owned by SJR STATE, may be subject to open records requests, and may be accessed in accordance with this policy. 3.11.11 Technology Disciplinary Actions and Definitions Violation of this policy may result in disciplinary action which may include termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; or suspension or expulsion in the case of a student. Additionally, individuals are subject to loss of SJR STATE Information Resources access privileges, civil, and criminal prosecution. Definition(s): Electronic mail system: Any computer software application that allows electronic mail to be communicated from one computing system to another. Electronic mail (email): Any message, image, form, attachment, data, or other communication sent, received, or stored within an electronic mail system. E-mail: Abbreviation for electronic mail, which consists of messages sent over any electronic media by a communications application. 116

Internet: A global system interconnecting computers and computer networks. The computers and networks are owned separately by a host of organizations, government agencies, companies, and colleges. The Internet is the present information super highway. Intranet: A private network for communications and sharing of information that, like the Internet, is based on TCP/IP, but is accessible only to authorized users within an organization. An organization s intranet is usually protected from external access by a firewall. Password: A string of characters which serves as authentication of a person s identity, which may be used to grant, or deny, access to private or shared data. Portable Computing Devices: Any easily portable device that is capable of receiving and/or transmitting data to and from IR. These include, but are not limited to, notebook computers, handheld computers, PDAs, pagers, and cell phones. Server: A computer program that provides services to other computer programs in the same, or another, computer. A computer running a server program is frequently referred to as a server, though it may also be running other client (and server) programs. Security Incident: In information operations, an assessed event of attempted entry, unauthorized entry, or an information attack on an automated information system. It includes unauthorized probing and browsing; disruption or denial of service; altered or destroyed input, processing, storage, or output of information; or changes to information system hardware, firmware, or software characteristics with or without the users' knowledge, instruction, or intent. Strong Passwords: A strong password is a password that is not easily guessed. It is normally constructed of a sequence of characters, numbers, and special characters, depending on the capabilities of the operating system. Typically the longer the password the stronger it is. It should never be a name, dictionary word in any language, an acronym, a proper name, a number, or be linked to any personal information about you such as a birth date, social security number, and so on. Trojan Horse: Destructive programs usually viruses or worms that are hidden in an attractive or innocent-looking piece of software, such as a game or graphics program. Victims may receive a Trojan horse program by e-mail or on a diskette, often from another unknowing victim, or may be urged to download a file from a Web site or bulletin board. User: An individual or automated application or process that is authorized access to the resource by the owner, in accordance with the owner s procedures and rules. Vendor: someone who exchanges goods or services for money. Virus: A program that attaches itself to an executable file or vulnerable application and delivers a payload that ranges from annoying to extremely destructive. A file virus executes when an infected file is accessed. A macro virus infects the executable code embedded in Microsoft Office programs that allows users to generate macros. 117

Web page: A document on the World Wide Web. Every Web page is identified by a unique URL (Uniform Resource Locator). Website: A location on the World Wide Web, accessed by typing its address (URL) into a Web browser. A Web site always includes a home page and may contain additional documents or pages. Webserver: A computer that delivers (serves up) web pages. World Wide Web: A system of Internet hosts that supports documents formatted in HTML (HyperText Markup Language) which contain links to other documents (hyperlinks) and to audio, video, and graphic images. Users can access the Web with special applications called browsers, such as Netscape Navigator, and Microsoft Internet Explorer. Worm: A program that makes copies of itself elsewhere in a computing system. These copies may be created on the same computer or may be sent over networks to other computers. The first use of the term described a program that copied itself benignly around a network, using otherwise-unused resources on networked machines to perform distributed computation. Some worms are security threats, using networks to spread themselves against the wishes of the system owners and disrupting networks by overloading them. A worm is similar to a virus in that it makes copies of itself, but different in that it need not attach to particular files or sectors at all. 118

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information