Franciscan University of Steubenville Information Security Policy



Similar documents
COMPUTER USE POLICY. 1.0 Purpose and Summary

MISSISSIPPI DEPARTMENT OF HEALTH COMPUTER NETWORK AND INTERNET ACCESS POLICY

Department of Finance and Administration Telephone and Information Technology Resources Policy and Procedures March 2007

13. Acceptable Use Policy

MARIN COUNTY OFFICE OF EDUCATION. EDUCATIONAL INTERNET ACCOUNT Acceptable Use Agreement TERMS AND CONDITIONS

UNIVERSITY GUIDEBOOK. Title of Policy: Acceptable Use of University Technology Resources

Policy and Procedure for Internet Use Summer Youth Program Johnson County Community College

Technology Department 1350 Main Street Cambria, CA 93428

IT1. Acceptable Use of Information Technology Resources. Policies and Procedures

Odessa College Use of Computer Resources Policy Policy Date: November 2010

Computers Basic Training recruits are provided access to a computer lab for completion of work assignments. Recruits may choose to bring a laptop or

EMPLOYEE COMPUTER NETWORK AND INTERNET ACCEPTABLE USAGE POLICY

Massachusetts College of Pharmacy and Health Sciences Information Services Acceptable Use Policy

COMPUTER USE IN INSTRUCTION

How To Use Your Cell Phone At Renaissance Academy Charter School

Human Resources Policy and Procedure Manual

POLICIES AND REGULATIONS Policy #78

COMPUTER NETWORK FOR EDUCATION

TECHNOLOGY RESPONSIBLE USE Policy Code: 3225/4312/7320

Network and Workstation Acceptable Use Policy

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9

Delaware State University Policy

Riverside Community College District Policy No General Institution

Peace Corps Office of the OCIO Information and Information Technology Governance and Compliance Rules of Behavior for General Users

COLLINS CONSULTING, Inc.

Computer Use Policy Approved by the Ohio Wesleyan University Faculty: March 24, 2014

North Clackamas School District 12

Medford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee

Reynoldsburg City Schools Computer and Technology Acceptable Use Policy Staff, Volunteers and Students

ACCEPTABLE USE POLICY

City of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011

1. Computer and Technology Use, Cell Phones Information Technology Policy

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY

TECHNOLOGY ACCEPTABLE USE POLICY

Information Technology Cyber Security Policy

Code of Virginia, 1950, as amended, Sections , :1, , , and

New Mexico Highlands University (NMHU) Information Technology Services (ITS) Information Technology Resources Policy: Internet, Intranet, ,

Boston Public Schools. Guidelines for Implementation of Acceptable Use Policy for Digital Information, Communication, and. Technology Resources

DIOCESE OF DALLAS. Computer Internet Policy

TECHNOLOGY ACCEPTABLE USE POLICY FOR STUDENTS

POLICY Adopted by Board of Education: 4/20/05

POLICY: INTERNET AND ELECTRONIC COMMUNICATION # 406. APPROVAL/REVISION EFFECTIVE REVIEW DATE: March 2, 2009 DATE: March 10, 1009 DATE: March 2014

Acceptable Usage Policy

B. Privacy. Users have no expectation of privacy in their use of the CPS Network and Computer Resources.

C H E R O K E E C H R I S TIAN SCHOOLS ( E L E M E N TARY SCHOOL) I N F O R M A TION TECHNOLOGY AND A C C E P TABLE USE POLICY

Internet Acceptable Use Policy

Cass Cable TV, Inc. and Greene County Partners, Inc. CASSCOMM ACCEPTABLE USE POLICY

Pasadena Unified School District (PUSD) Acceptable Use Policy (AUP) for Students

Information Security and Electronic Communications Acceptable Use Policy (AUP)

OXFORD COMMUNITY SCHOOLS 10 North Washington Street, Oxford, Michigan ACCEPTABLE USE POLICY

Student use of the Internet Systems is governed by this Policy, OCS regulations, policies and guidelines, and applicable law.

OLYMPIC COLLEGE POLICY

Acceptable Use Policy

MAINE COMMUNITY COLLEGE SYSTEM. SUBJECT: COMPUTER AND NETWORK USE PURPOSE: To promote the responsible use of college and System computers and networks

Internet Use Policy and Code of Conduct

The Internet and 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3

region16.net Acceptable Use Policy ( AUP )

Information Technology Acceptable Use Policy

ATHLONE INSTITUTE OF TECHNOLOGY. I.T Acceptable Usage Staff Policy

Data Management Policies. Sage ERP Online

Terms and Conditions- OnAER Remote Monitoring Service

COMPUTER NETWORK AGREEMENT FORM

Acceptable Use of ICT Policy For Staff

Technology Acceptable Use Policy

[Acceptable Use Policy]

RESPONSIBLE USE PROCEDURE for INFORMATION, COMMUNICATION AND COLLABORATION TECHNOLOGIES

Electronic Communications System

EMPLOYEE ACCESS RELEASE AND AUTHORIZATION FORM MCS warehouse form No

Transcription:

Franciscan University of Steubenville Information Security Policy Scope This policy is intended for use by all personnel, contractors, and third parties assisting in the direct implementation, support, and servicing of information security measures at Franciscan University of Steubenville (FUS). There are certain sections within this policy that specifically apply to students, such as the end user awareness policy. The Office of Information Technology (OIT) reserves the right to change or supplement this policy at any time. Responsibility Information Security is the ultimate responsibility of the Director of OIT. Day to day and operational responsibility falls on the Director of OIT. The Director of OIT reports directly to the Executive Vice President of FUS. The Director of OIT is responsible for the overall ownership of this document and for communicating this policy, in full or in portion, to all pertinent employees on a regular basis. Maintenance This policy is reviewed at least on an annual basis for appropriateness and effectiveness as it relates to generally accepted information technology guidance. This review is performed by the Office of information Technology that is led by the Director of OIT. These policies are communicated to the President s Cabinet for approval on an annual basis, or as changes are made. The end user awareness portion of this document shall be reviewed by every new hire as part on their orientation. In addition, the section that pertains to students will be shared with the students via the student handbook. At least annually end users (student/faculty/staff) shall be notified of any changes in the program along with any tips or reminders to maintain a strong information security environment. Faculty and staff will reaffirm the policy annually. Enforcement Violations of this Policy may result in the suspension or loss of the violator s use privileges, and/or discipline up to and including termination of employment. At the university s sole discretion, additional civil, criminal and equitable remedies may be pursued. Any exceptions to this policy must be documented, reported to the Director of OIT, and brought to the attention of the Office of Information Technology and President s Cabinet for appropriate action as necessary.

Faculty/Staff Policy The usage of University computers and network facilities is a privilege, not a right, and improper use can result in suspension or revocation of those privileges, and/or further disciplinary measures as warranted. The Franciscan University of Steubenville (FUS) urges all faculty/staff to follow these policies and to conduct themselves within the framework of the University s Mission Statement. 01-01 Internet and Email Safety 01-01.1 Faculty/Staff shall take full responsibility for every message they transmit through the University s computers and network facilities. No one shall use the University s network to transmit fraudulent, defamatory, harassing, obscene, indecent, or threatening messages, or any communications prohibited by law or which violates University practice, policy or the spirit of its mission. 01-01.1.1 Faculty/Staff are to exercise caution when forwarding or sending email to a non-fus email account. Sending email to non-fus accounts is the same as storing that email on a non-fus computer. Please carefully consider the contents of your email prior to sending. 01-01.1.2 Faculty/staff are prohibited from using the University s computing resources for political campaigns, fundraising, commercial enterprises, mass mailings, or other outside activities that have not been granted the use of the University s facilities. 01-01.1.3 Faculty/Staff shall not automatically forward their FUS email outside of the University. The OIT cannot control or enforce proper security policies on messages that are no longer stored on their network. 01-01.2 Faculty/Staff shall ensure that they maintain confidentiality between the University and student information with the utmost care and never share this information with any outside party unless explicitly authorized by management or the student (where applicable). 01-01.3 Viewing, accessing, printing, or distributing indecent, obscene, or pornographic materials using University equipment, network, or internet access is strictly prohibited. 01-01.4 Faculty/Staff of the Franciscan University of Steubenville are to practice safe internet browsing and email behavior that will lower the risk associated with viruses, worms, spyware, copyright infringement, etc. Internet browsing and email

behavior may be regulated and is monitored to ensure compliance. 01-01.4.1 Quick tips for safe browsing include never clicking on suspicious links or offers that seem too good to be true, never sharing personal information without verifying the identity of the party requesting it, and the use of common sense. 01-01.5 Faculty/Staff shall not attempt to read, alter, or delete anyone s email other than their own unless given the proper authority from staff (ie; proxy access). 01-01.6 Faculty/Staff shall never open up attached email items that appear to be related to SPAM. Faculty/Staff should alert the Office of Information Technology (OIT) in the event they receive a suspicious email that appears to be SPAM. 01-01.6.1 SPAM messages are generally from email address that you would not recognize. 01-01.6.2 SPAM messages also typically offer something to get your attention that is too good to be true. If something sounds too good to be true, it generally is. 01-01.6.3 If you believe a message is SPAM never respond to it. 01-01.7 Occasionally you may receive e-mails from outside companies or other universities that request information about your e-mail account. Often they ask for the following: 1. First Name & Last: 2. Full Login Email: 3. Username: 4 Password: 5. Current Password: Although the e-mail may appear to be official and appear to come from a legitimate site, in most circumstances it is fraudulent. This kind of spam is known as "phishing". It's a method used to gain access to your e-mail account(s) to acquire personal and financial information about you. Never give out this kind of information to anyone. This not only applies to your Franciscan e-mail account, but also to any personal e-mail accounts you use. If you do receive an e-mail such as this, delete it. Do not reply or forward it to anyone. Do not click on any link that it directs you to.

If you have provided this kind of information from your Franciscan e-mail account, please contact the Help Desk. 01-01.8 Faculty/Staff shall not share (verbally, electronically, or by any other means) personally identifiable information (including grades) about students or other faculty/staff unless authorized explicitly by the owner of that information or the OIT. 01-01.9 Faculty/Staff shall not use file sharing or peer to peer programs to illegally download to retrieve or share files. Please review the addendum to the Higher Education Opportunity Act of 2008 (HEOA) as part of Appendix A. 01-01.10 Faculty/Staff shall not copy or install software that is in violation of any copyright laws. If there is any question all faculty/staff are urged to call the OIT. 01-02 PC Security and Safety 01-02.1 Faculty/Staff should ensure that their computers are configured with the hardware and software specifications recommended by the OIT. Any updates and services to the resources given to Faculty/Staff are to be applied by the OIT. 01-02.2 Faculty/Staff shall never use FUS network/computer resources without proper authorization. Faculty/Staff shall not misrepresent his or her identity or relationship to the University for the purpose of obtaining or using computer, server or network privileges and/or services. 01-02.3 Faculty/Staff shall never knowingly endanger, or attempt to endanger, the security of any University computer, server or network facility, nor willfully interfere with others authorized computer usage. 01-02.4 Faculty/Staff shall never use the University s communication facilities to attempt unauthorized use, nor to interfere with others legitimate use, of any computer, server or network facility anywhere. 01-02.5 Permission to physically connect or attempt to connect a computer or device not provided by the university to any of the University s networks must be done in the conjunction with the University s Office of Information Technology. 01-02.6 Faculty/Staff shall place confidential information onto University systems at their own risk. The University cannot guarantee the privacy of computer files, electronic mail or

other information by computer, whose confidentiality is not otherwise mandated by law. 01-02.7 Faculty/Staff shall not use shared university computers for unauthorized games, chat rooms, or other recreational sites for personal interest. Faculty assigned games and chat rooms to teach particular concepts can be used with prior coordinated authorization from the Coordinator of Academic Computing. 01-02.8 Faculty/Staff shall never share their passwords with another individual inside or outside of the University. In addition, faculty/staff shall never write their passwords down. 01-02.9 Faculty/Staff are required to lock their computers (password must be entered again upon return) prior to leaving their work areas. 01-02.10 All mobile devices (laptops, smart phones, PDAs, ipads, etc.) used by faculty/staff must be protected outside of the office. Faculty/Staff need to have security set up on any mobile device that integrates with the university s network or accesses any of the university s resources. At a minimum there must be a screen lock and remote wipe capabilities setup on the phone. 01-02.11 Faculty/Staff should read and understand and abide by the university s Laptop Leasing Policy (See Appendix B). 01-02.12 Faculty/Staff shall select passwords that are strong in nature. Strong passwords have the following characteristics: 01-02.12.1 Is at least eight characters long 01-02.12.2 Does not contain your user name, real name, or school name 01-02.12.3 Does not contain a complete dictionary word 01-02.12.4 Is significantly different from previous passwords. Passwords that increment (Password1, Password2, Password3...) are not strong 01-02.12.5 Contains characters from each of the following four groups (uppercase letters, lowercase letters, numerals, symbols) 01-02.12.6 Changed at least every 90 days 01-02.13 Faculty/Staff shall never attempt to modify or disrupt the configuration or operation of University software or hardware. This includes automatic system updates, anti-virus scans, personal firewall settings, or any other process initiated by the OIT.

01-02.14 Faculty/Staff are responsible for archiving their own emails. The OIT will give guidance and instruction on how to do this but faculty/staff are ultimately responsible for ensuring that any important emails don t get purged from the FUS systems. 01-02.15 Faculty/Staff are responsible for all data stored locally on their laptop or desktop. Users should take care to ensure that all FUS related materials are stored on the user s corresponding network drive as this drive is archived and backed up regularly. Faculty/Staff are responsible for backing up any data on their laptop or PC s local drive. FUS is not responsible for any data stored on laptops. 01-02.15.1 Any material that is stored on an FUS network drive that is not work or academically related to FUS is subject to removal upon the Office of Information Technology s discretion. 01-02.16 Faculty/Staff are to have anti-malware (anti-spyware and antivirus) application systems installed on their systems. 01-02.16.1 The anti-malware application system is to receive updated virus and malware definitions and application updates on a regular basis or as soon as they come available from the vendor. 01-02.16.2 The anti-malware application system is to be configured to fully scan the faculty/staff computer on a regular basis for known malware. 01-03 Network Security and Safety 01-03.1 Faculty/Staff may not modify or tamper with any university owned network wiring, wall faceplates, or network devices. Faculty/Staff who do not follow this policy will be assessed a fee based on time and materials for the repair of any damage to University resources. 01-03.2 Faculty/Staff are prohibited from setting up their computers to be used as DHCP, DNS, File Sharing, WEB or FTP servers. Computers cannot be set up to act as a bridge, a router, or a gateway. 01-03.3 Faculty/Staff are prohibited from setting up an additional network by attaching a wireless access point, a hub, router or a switch to the network. 01-03.4 Under no circumstances will any member of faculty/staff be permitted to use their network connection or computing privileges for non-university or commercial purposes. Faculty/Staff may not advertise any commercial products. Any member of faculty/staff found to be using their connection for

commercial use will be disconnected from the network and subject to discipline under appropriate University policies. 01-03.5 Faculty/Staff requiring remote access to FUS information technology resources must review and acknowledge understanding of the Remote Usage Policy which can be found as Appendix B of the Franciscan Information Security Program. 01-03.6 Faculty/Staff are prohibited from installing any software on PC s or laptops provided by the university without authorization from OIT. 01-03.7 Remote access to/from a university computer must adhere to the University s Remote Access Policy and must be approved by the Department Head/Vice President and OIT.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information