Information & Communications Technology ICT Security Compliance Guide (Student)



Similar documents
Internet and Policy User s Guide

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer

Hillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

Meopham School Information Technology Code of Conduct

VCU Payment Card Policy

Session 9 : Information Security and Risk

Immaculate Conception School, Prince George Bring Your Own Device Policy for Students

IT Account and Access Procedure

Yur Infrmatin technlgy Security Plicy

GUIDANCE FOR BUSINESS ASSOCIATES

HIPAA HITECH ACT Compliance, Review and Training Services

Remote Working (Policy & Procedure)

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions

How To Ensure That The Internet Is Safe For A Health Care Worker

Amazon Marketing Services Content Policies and Standards

Personal Data Security Breach Management Policy

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

ensure that all users understand how mobile phones supplied by the council should and should not be used.

Cloud-based File Sharing: Privacy and Security Tutorial Institutional Compliance Office July 2013

Customers FAQs for Webroot SecureAnywhere Identity Shield

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Aladdin HASP SRM Key Problem Resolution

Data Protection Policy & Procedure

FAQs for Webroot SecureAnywhere Identity Shield

CSAT Account Management

First Global Data Corp.

Privacy and Security Training Policy (PS.Pol.051)

990 e-postcard FAQ. Is there a charge to file form 990-N (e-postcard)? No, the e-postcard system is completely free.

Christchurch Polytechnic Institute of Technology Access Control Security Standard

IT Help Desk Service Level Expectations Revised: 01/09/2012

Deployment Overview (Installation):

In addition to assisting with the disaster planning process, it is hoped this document will also::

ACTIVITY MONITOR Real Time Monitor Employee Activity Monitor

SBClient and Microsoft Windows Terminal Server (Including Citrix Server)

Systems Support - Extended

ISMF Standard 141 Endpoint Protection. OCIO/S4.6 Government standard on cyber security

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS

EA-POL-015 Enterprise Architecture - Encryption Policy

Online Banking Agreement

Social Media Security Awareness for Business or Home Computing Users

Preventing Identity Theft

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

expertise hp services valupack consulting description security review service for Linux

FERRIS STATE UNIVERSITY SCHOOL of NURSING CODE of CONDUCT

Helpdesk Support Tickets & Knowledgebase

For students to participate in BYOD please follow these two steps

Licensing Windows Server 2012 for use with virtualization technologies

Service Desk Self Service Overview

POSITION DESCRIPTION. Classification Higher Education Worker, Level 7. Responsible to. I.T Manager. The Position

A96 CALA Policy on the use of Computers in Accredited Laboratories Revision 1.5 August 4, 2015

Erie Community College. Acceptable Use Policy Last Revision: December 17, College Information Technology Services

esupport Quick Start Guide

Tipsheet: Sending Out Mass s in ApplyYourself

What Happens To My Benefits If I Get a Bunch of Money? TANF Here is what happens if you are on the TANF program when you get lump-sum income:

Internet and Social Media Solicitations: Wise Giving Tips

CLOUD COMPUTING: SECURITY THREATS AND MECHANISM

Solving the Patch Management Dilemma Using SCCM 2007

Licensing Windows Server 2012 R2 for use with virtualization technologies

Key Steps for Organizations in Responding to Privacy Breaches

Malpractice and Maladministration Policy

How To Get A Credit By Examination

Exercise 5 Server Configuration, Web and FTP Instructions and preparatory questions Administration of Computer Systems, Fall 2008

Williamson County Board of Education Procedures and Guidelines

StarterPak: Dynamics CRM Opportunity To NetSuite Sales Order

KronoDesk Migration and Integration Guide Inflectra Corporation

MaaS360 Cloud Extender

FORM ADV (Paper Version) UNIFORM APPLICATION FOR INVESTMENT ADVISER REGISTRATION AND REPORT FORM BY EXEMPT REPORTING ADVISERS

LISTSERV ADMINISTRATION Department of Client Services Information Technology Systems Division

Frequently Asked Questions About I-9 Compliance

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012

Transcription:

Infrmatin & Cmmunicatins Technlgy ICT Security Cmpliance Guide (Student) RESTRICTED Dcument ID: ICT-SSG Versin 1.1 Effective Date 1 Nv 2011

Dcument Cntrl Revisin Histry Versin Date Descriptin Authr 1.0 23 Mar 2010 Initial Release. Replaces Security EMC Cnsultant Plicy Gverning the Use f Cmputer Resurces at the Singapre Plytechnic. 1.1 1 Nv 2011 Change f passwrd plicy t meet passwrd cmplexity requirement. Anthny Lau Reviewers Name Rle Status All Members Cmmittee n ICT Security Endrsed Anthny Lau ICT Security Manager Endrsed Apprvals Name Title Date Chairman & Members ICT Steering Cmmittee 25 March 2010 Versin 1.0 1 May 2010 Page 2 f 8

Table f Cntents Dcument Cntrl... 2 1. Intrductin... 4 2. Student Security Awareness... 4 3. Passwrds... 4 4. Yur Accunts... 5 5. Apprpriate Use SP s Cmputer Resurces... 6 6. Email... 7 7. Security Vilatins... 8 Versin 1.0 1 May 2010 Page 3 f 8

1. Intrductin As a student f Singapre Plytechnic, yu will make use f the Plytechnic s ICT Assets such as infrmatin, cmputers, netwrks and sftware in yur day-t-day activities. It is imprtant that these imprtant resurces prvide the service t yu and t thers fr which they were intended. An imprtant part f the prper peratin f these ICT Assets is security. Trjans, viruses, wrms and spyware can wreak havc n these assets s the Plytechnic has taken great care t prtect them against such threat. That said, yu, the student, perfrm a very imprtant rle in maintaining the security and availability f the Plytechnics student cmputer resurces. We have written this guide t help explain what yu need t d, and what rules yu need t cmply with t help ensure that the cnfidentiality, availability and integrity f the cmputing resurces f the Plytechnic are prtected. Students must cmply with the ICT Security Plicies f the Plytechnic. These plicies are very serius and are meant t make sure that the Plytechnic s cmputers and netwrks keep running smthly and securely. This cmpliance guide is intended t explain these plicies t yu. All Students f SP are required t strictly cmply with the Infrmatin Cmmunicatins Technlgy (ICT) Security Plicy and Standards issued by the Plytechnic. 2. Student Security Awareness Reference Plicy Paragraph 5.5, 10.1.18 Yu shuld receive security awareness training as part f yur intrductin t the Plytechnic. This training will ensure that yu understand the risks and yur respnsibilities twards helping t reduce thse risks. Yu understand that yu are respnsible t cmply with all security related plicies. These plicies are imprtant and prtect nt nly yu, but everybdy else wh needs t use these resurces. 3. Passwrds Reference Plicy Paragraphs 6.10.1.2, 6.10.2.2 Versin 1.0 1 May 2010 Page 4 f 8

Yu will be given a passwrd t access any cmputer accunts that yu need. Yu must keep yur passwrd secret, and never ever tell anybdy else what it is 1 ; We have sme rules t help yu select a gd passwrd: It needs t be at least 9 characters lng; It has t cntain at least 1 letter frm the alphabet and 1 number; It can t have blanks; It can t be yur username r User ID; It can t be yur name r part f yur name; It can t cntain yur NRIC/Passprt Number; It can t cntain r be anything that can be assciated with yu, e.g. yur dg s name r street name; It can t cntain YES r NO. S, yu need t use great care when yu pick a passwrd. One easy way t pick ne yu can remember is t think f a phrase. Fr example, the phrase I like Ice Cream culd be cnverted int a passwrd like 1l1ke1cecream by just putting 1 instead f I ; this is a very gd passwrd. (Dn t use this ne thugh!) Dn t write yur passwrd dwn n a piece f paper r put it in a file n a cmputer. Smebdy else culd find it. If yu think smene has guessed yur passwrd, r if yu accidently revealed it t smebdy else, yu need t change it immediately. One mre thing yur passwrd needs t be changed every 180 days, and yu can t use the same passwrd again. 4. Yur Accunts Reference Plicy Paragraph 10.1.3 Yur accunt is just that yur accunt, just fr yu and yu alne. Yu cannt share it with smebdy else, fr any reasn. Yu are respnsible fr everything that cmes frm yur accunt. S if smebdy were t send an email, write a blg, r pst smething n FaceBk using yur accunt defaming the schl, a teacher, r a friend, it s yur prblem. S again, keeping yur passwrd a secret helps t avid prblems like this. Yu can t use smene else s accunt, just like smene else can t use yurs. Yu als can t d things that attempt t mask yur accunt t thers t try and hide. Yu can't use the Plytechnic s resurces t spy n thers, and yu can t change, read, delete, cpy r therwise mdify anther persns files unless they give yu permissin t d s. 1 One really gd example f when this rule is imprtant is when yu are the ptential victim f a phishing attack, where yu get an email asking yu t reveal yur passwrd. A legitimate site r rganizatin will never ever ask yu t reveal yur passwrd. Versin 1.0 1 May 2010 Page 5 f 8

5. Apprpriate Use SP s Cmputer Resurces Reference Plicy Paragraphs 10.1.1, 10.1.2, 10.1.4-10.1.14, 11.5 The cmputer systems, including netwrks that have been set aside fr yur use are tls t facilitate yur educatin. These systems shuld be usable by yu just the way they are, and yu shuld nt need t change their cnfiguratin r add any sftware. Use cmmn sense in what yu d n these systems - if it feels wrng, it prbably is. Yu shuld nly use Plytechnic cmputer systems and the Plytechnic s netwrks fr Plytechnic related activities such as cursewrk r research, and fr n ther purpse. Yu shuld nt use these systems fr: Cmmercial r financial gain; Gambling; Unauthrized strage; Attacking r hacking Plytechnic r external resurces Installatin f malicius sftware r cde Disruptive activities t ther students r the Plytechnic as a whle Only install authrized sftware n the Plytechnic s systems. Authrized sftware is sftware that is licensed fr use, legally acquired, and apprved by the Plytechnic fr use. By installing unauthrized sftware yu culd inadvertently intrduce malicius cde and cause great harm t the Plytechnic. Yu culd als break the licensing agreements that the Plytechnic has with varius sftware vendrs, and withut even knwing it. Only use resurces that are fr students. Staff cmputers are fr staff and students shuld nt use them. If yu have a questin as t if a cmputer system is fr student r staff, please ask. We have spent a lt f time and expense installing security safeguards such as anti-virus, persnal firewalls and anti-spyware prgrams n the Plytechnic s ICT systems. Please d nt try and circumvent these safeguards, as yu will be endangering bth the system and yur fellw students. Infrmatin that ges n the Internet frm the Plytechnic is traceable t the Plytechnic. S dn t use the Plytechnic s netwrk t pst r email anything that is: Distasteful; Objectinable; Prejudicial t the gd name f Singapre Plytechnic; Illegal as defined under the laws f the Republic f Singapre; nt public Blgs, scial netwrking sites 2, websites, r any ther publicly accessible cmmunicatin channel. Again, gd sense prevails defamatin, prngraphy, pictures that are disturbing if yu think it s bad, then it prbably is. Yu must nt use the Plytechnic s ICT Systems t illicitly exchange 3 r therwise infringe n the cpyrighted intellectual prperty f thers by any means, including but nt limited t the 2 Scial netwrking sites include sites such as MySpace, Facebk, Twitter, Picasa and s n. Versin 1.0 1 May 2010 Page 6 f 8

use f peer-t-peer r client-t-client technlgies 4, email r FTP. If yu have peer-tpeer r client-t-client sftware n yur persnal laptp, either turn it ff r dn t cnnect yur cmputer int the Plytechnic s netwrk. When yu use yur wn cmputer r laptp, yu can nly cnnect it t netwrks that are allcated specifically fr student r guest use. Yu cannt attach it t any netwrk reserved fr the staff f the Plytechnic. If yur cmputer runs the Micrsft Windws perating system, yu must ensure that it has an apprpriate antivirus prgram installed, peratinal and up-t-date befre yu cnnect it t the Plytechnic s netwrk. This is t prtect bth yu and yur fellw students against malware. Ensure that yur cmputer is nt attached t a secnd netwrk 5 and Singapre Plytechnic s netwrk at the same time; fr example, if yu have a USB dngle that facilitates cnnectins t a 3G netwrk, then yu can t use that dngle at the same time as yur cmputer is attached t the Plytechnic s netwrk. 6. Email Reference Plicy Paragraph 10.1.15, 10.1.16 The Plytechnic may have created a student email accunt fr yur exclusive use. Yu are fully accuntable fr all emails transmitted frm yur Plytechnic email accunt s yu must ensure that nbdy else can access this accunt. When yu use yur Plytechnic email accunt, yu are in effect representing the Plytechnic. Yu must exercise care and discretin when yu send mail, and yu must nt use yur Plytechnic email accunt t: Send spam r cmmercial emails; Slicit fr plitical candidates; Engage in illegal, unethical r imprper activities; Disseminate internal email addresses t external mailing lists; Cnduct persnal business 3 By illicitly exchange, we mean exchange withut the permissin f the cpyright wner r exchange in vilatin f nrmal fair use principles; this generally applies t music, mvies, sftware, and ther frms f intellectual prperty. 4 Examples include ednkey, Gnutella and Bit Trrent 5 A Secnd Netwrk is meant t be an un-trusted third-party netwrk such as the Internet; the effect f cnnecting a cmputer t tw netwrks at the same time is t circumvent prtectin mechanisms that may be in place n the trusted netwrk. A gd example f cnnecting t a secnd netwrk is at the same time wuld be t cnnect t the SPICE netwrk using a LAN prt while at the same time being cnnected t Wireless@SG n the WiFi prt. Versin 1.0 1 May 2010 Page 7 f 8

7. Security Vilatins Reference Plicy Paragraph 10.1.12 RESTRICTED If yu see smething that yu think might indicate a security prblem, malfunctin f a security device r prgram, r a security vilatin, please prmptly reprt the matter t the SPICE Service Desk it is yur respnsibility t d s. If there is an investigatin being cnducted by the Plytechnic relating t system misuse, abuse r a security incident/vilatin, then yu understand that during the curse f the investigatin the Plytechnic s management has the right t examine yur accunt, emails, and user files even n yur PC if yur PC is attached t the Plytechnic s netwrk. Yu als understand that vilatin f the Plytechnics cmputer security plicies and acceptable use plicies is a very serius matter. Vilatins may result in: Fines against the ffending party; Withdrawal f access t the Plytechnic s cmputing resurces and/r netwrk Suspensin r expulsin frm the Plytechnic. Finally, Singapre Plytechnic reserves the right t take disciplinary r legal actin against an ffending user in the event that he r she cnducts himself r herself in any manner which is cnsidered by the Plytechnic t be irrespnsible; r in the event that the individual is misusing the cmputing resurces allcated t him r her. Versin 1.0 1 May 2010 Page 8 f 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information