DEFINITION OF TERMS



OGEECHEE TECHNICAL COLLEGE

COMPUTER AND NETWORK ACCEPTABLE USE POLICY

BACKGROUND AND PURPOSE

Ogeechee Technical College (OTC) is a unit of the Georgia Department of Technical and Adult Education (DTAE) and is therefore subject to the policies and standards of DTAE as well as state governing bodies, e.g., Georgia Technology Authority (GTA). The mission of OTC is to facilitate economic growth and community development through quality educational programs and services for students, business, industry, and service organizations by offering technical education, adult literacy services, customized training, and workforce development opportunities. Ogeechee Technical College is committed to emphasizing the essential values of work ethics, community service, and lifelong learning. In an effort to provide quality services and provide educational resources to a broader student population, OTC provides access to sophisticated computer and Internet technologies for use by its faculty, staff, and students. In particular, Ogeechee Technical College provides all faculty and staff with access to computers and related computer hardware, logon accounts to institutional systems necessary to perform job functions, e-mail accounts, personal web pages and software applications needed to carry out job-related tasks. OTC students are provided access to computers and related computer hardware and software needed to meet the educational requirements of a challenging, technology-based curriculum, including Internet access. In an effort to protect the individuals it serves and the computer resources it provides, OTC has outlined the following Computer and Network Acceptable Use Policy to specifically define the privileges and responsibilities of the institution and its users and to bind both groups to the terms of the agreement.

This policy is posted on the Ogeechee Technical College intranet, and it is distributed to each new employee during orientation. When updates occur, the Information Security Administrator will advise employees via email. Each employee must return the “Acknowledgement” form to Human Resources (HR). HR is responsible for ensuring that each employee’s file contains a signed acknowledgement form.

Ogeechee Technical College adheres to the Gramm-Leach-Bliley Act and the Federal Trade Commission (FTC) Standards for Safeguarding Customer Information; Final Rule (16 CFR Part 314). A copy of the Ogeechee Technical College Information Security Plan and the FTC Safeguards Rule can be found on the OTC intranet, .

DEFINITION OF TERMS

Authorized use: use of OTC-owned or operated computing and network resources that are consistent with the mission of the college and consistent with this policy.

Authorized users: (a) current faculty, staff, and students of the institution; (b) individuals connecting to a public information service provided by the college; and (c) individuals whose access enhances the mission of the college and whose usage is in good taste, is consistent with the computer use policy, and does not interfere with other authorized users’ access to resources.

Banner: a suite of software applications for student information, alumni development, human resources, financial aid, faculty and advisors, finance, and more.

Computer forgery: forgery as defined by state and federal laws, but committed on a computer rather than on paper.

Computer invasion of privacy: unauthorized access to financial or personal data or the like.

Computer password disclosure: unauthorized disclosure of a password resulting in damages exceeding $500 – in practice, this includes any disclosure that requires a system security audit afterward.

Computer theft: theft of computer services, hardware, software, intellectual property such as copyrighted material and any other property.

Computer trespass: unauthorized use of computers (i.e. to delete or alter data or interfere with others’ usage)

Misleading transmittal of names or trademarks: falsely identifying yourself or falsely claiming to speak for a person or organization by using their name, trademark, logo or seal. [Ga. Code 16-9-93.1]

Public Network Connection: A network connection that allows traffic to flow between any Campus LAN and the GTA WAN or other Internet Service Provider network.

Point of network access: Any device which allows a user to connect to the Campus network.

UserID/Password: The unique combination of login credentials that identifies a specific piece of equipment or individual user.

PRIVILEDGES AND RESPONSIBILITIES REGARDING COMPUTER NETWORK USAGE

1. Ogeechee Tech has a responsibility to develop, implement, maintain, and enforce appropriate security procedures to ensure the integrity of individual and institutional information and to discourage harassment through the use of its computers or networks. It also has the responsibility to impose appropriate penalties when privacy is purposefully violated or harassment occurs. OTC is responsible for upholding copyrights, laws governing access and use of information, and rules or contractual requirements of organizations supplying information resources to members of the community.

2. Ogeechee Tech makes no warranties of any kind, either express or implied, for the computer, computer systems and Internet access it provides. It shall not be responsible for any damages users suffer, including but not limited to loss of data resulting from delays or interruptions in service. OTC shall not be responsible for the accuracy, nature or quality of information gathered through its diskettes, hard drives or servers; nor for the accuracy, nature or quality of information gathered through college-provided Internet access. It shall not be responsible for personal property used to access its computers, network or college-provided Internet access. Finally, OTC shall not be responsible for unauthorized financial obligations resulting from college-provided access to the Internet.

3. Using a computer without permission is theft of services and is illegal under state and federal laws. The following computer crimes are specifically defined by state law with maximum penalties for the first four crimes being a $50,000 fine and 15 years imprisonment, plus civil liability and maximum penalties for the fifth being a $5,000 fine and 1 year of imprisonment, plus civil liability: (a) computer theft; (b) computer trespass; (c) computer invasion of privacy; (d) computer forgery; (e) computer password disclosure; and (f) misleading transmittal of names or trademarks. [GA State Code]

4. Users should not expect that files stored on Ogeechee Tech computers shall always be private. Computer files stored on OTC computers shall be treated like other college premises that are temporarily assigned for individual use. Administrators may review files and monitor usage for the maintenance of networks and computer and storage systems (i.e. create and cache the backup of data and communications, log computer and network activity, and monitor general usage patterns ) and in an effort to maintain system integrity and insure that users are acting responsibly. Additionally, the institution and its officials will cooperate with law enforcement officials who are properly authorized to search campus computers and computer systems.

5. Ogeechee Tech may suspend computer and network privileges of an individual for reasons relating to his/her physical or emotional safety and well-being, or for reasons relating to the safety and well-being of other members of the campus community, or institution property. Access will be promptly restored when safety and well-being can be reasonably assured, unless access is to remain suspended as a result of formal disciplinary action imposed by Student Services [for students] or the appropriate Vice President [for employee].

6. The following uses of OTC computers are not permitted and are subject to disciplinary action, including termination:

a. Accessing, uploading, downloading or distributing obscene material;

b. Transmitting obscene, abusive or threatening language;

c. Violating local, state or federal statues;

d. Vandalizing, damaging or disabling the property of another individual or organization;

e. Accessing another individual’s password, materials, information or files without express permission;

f. Violating copyright or otherwise using the intellectual property of another individual or organization in violation of the law;

g. Engaging in any personal commercial enterprise without advance approval in writing by Ogeechee Technical College’s president;

h. Knowingly endangering the security of any OTC computer or network or willfully interfering with others’ authorized computer usage;

i. Connecting any computer to OTC’s network unless it meets technical and security standards set by the college’s administration;

j. Creating, installing or knowingly distributing a computer virus, “Trojan horse” or other surreptitiously destructive program on any OTC computer or network facility, regardless of whether any demonstrable harm results;

k. Modifying or reconfiguring the software or hardware of any OTC computer or Network without proper authorization;

l. Using encryption utilities or password protection schemes requiring data recovery via a password or encryption key without gaining unit-level approval;

m. Looking at, copying, altering, or destroying anyone else’s personal files without explicit permission (unless authorized or required to do so by law or regulation);

n. Using Ogeechee Tech’s computers or networks to harass any other person;

o. Sharing computer accounts, passwords, and other types of authorization assigned to individual users with others;

p. Configuring or running software or hardware to intentionally allow access by unauthorized users;

q. Using facilities, accounts, access codes, privileges, or information for which he/she is not authorized;

r. Attempting to circumvent or subvert any system’s security measures;

s. Using any computer program or device to intercept or decode passwords or similar access control information;

t. Deliberately attempting to degrade the performance of a computer system or network or depriving authorized personnel of resources or access to any OTC computer system or network;

u. Committing harmful activities including IP spoofing; creating and propagating viruses; port scanning; disrupting services; damaging files; or intentional destruction of or damage to equipment, software, or data;

v. Damaging computer systems, obtaining extra resources not authorized to them, depriving another user of authorized resources or gaining unauthorized access to systems by using a special password; loopholes in computer security systems; another user’s password or accessing abilities used during a previous position at the institution;

w. Using computing resources for unauthorized monitoring of electronic communications;

x. Using, inspecting, copying, storing, and redistributing copyrighted computer programs and other material, violation of copyright laws;

y. Installing, copying, or using software on institutional resources except as permitted by the owner of the software and permission of the institution itself. Furthermore, software subject to licensing must be properly licensed and all license provisions (installation, use, copying, number of simultaneous users, term of license, etc.) must be strictly adhered to;

z. Using computing facilities, services, and networks in connection with compensated outside work or for the benefit of organizations not related to Ogeechee Tech, except in accordance with the College Policy or state laws. State law restricts the use of state facilities for personal gain or benefit.

7. All points of network access are protected by a userID and password to prevent unauthorized network access. The OTC Information Security Administrator (ISA) is ultimately responsible for the implementation and enforcement of network security guidelines and has the authority to permit or deny any user access to network and network attached resources. Windows 2000 logon and e-mail accounts are provided for all full-time employees at OTC and any part-time employees who request an account. Deleted e-mail will not be maintained on the OTC server for more than seven days. OTC will assign a temporary password to new accounts requiring that a strong password be created by the user upon initial logon to the account. Periodic security audits will be performed using appropriate tool sets, including use of password cracking software, to assure compliance with stated information security policies. User accounts found not to be in compliance may be disabled until proper passwords are implemented or assigned.

The following requirements are made of OTC accounts and account passwords:

a. The creation standard for non-student userIDs is as follows: first initial full last name, if duplicate userIDs result then add middle initial following first initial. No non-alphanumeric characters are allowed in usernames (i.e. Mike Peterson = mpeterson, Mary Lyn Peterson = mlpeterson);

b. Use of generic (multiple users using the same userID/password) logins (userID/password combinations) is prohibited except under special circumstances due to the fact that accountability and audit ability are severely compromised. Generic logins are only used for specific, limited time applications, and distribution of the login credentials are limited to persons authorized for specific applications.

c. User passwords will be initially assigned by ITS at the creation of the account and users will be required to change the password upon first logon.

d. UserIDs will be disabled after 5 invalid password attempts within a 15 minute time period. Administrator intervention and review is required for re-enablement of password (no automatic resets);

e. Passwords/user IDs are confidential and must be protected. Sharing of login credentials or logging on using another user’s login credentials is prohibited and may result in disciplinary action;

f. Passwords will be a required length of 8 characters or more;

g. Passwords may NOT contain single dictionary words (i.e. dolphins), proper names (i.e. Mary1234), the userID associated with that account (i.e. msmith12) or repeating characters (i.e. xxxx0000);

h. Passwords will be changed every 90 days. Users are encouraged to change passwords at 42 day intervals or less where possible;

i. No previously used password will be re-used within 5 consecutive password changes (i.e. a password may be re-used upon using a different password during the previous 5 password changes);

j. Passwords may be assigned to users by the OTC Information Security Administrator (ISA);

k. User passwords must adhere to at least 3 of the following rules:

i. Contain a lowercase letter

ii. Contain an uppercase letter

iii. Contain a number

iv. Contain a special (non-alphanumeric) character (Note: although special characters are more secure, they are not recognized over the web thus preventing web access to e-mail)

8. Users are expected to demonstrate appropriate e-mail etiquette when communicating via the OTC and DTAE network. E-mail etiquette not only conveys professionalism, but promotes efficiency in communications and protects the institution and its users from liability. The following recommendations are made of OTC users when preparing e-mail messages:

a. Set the option to Always check spelling before sending;

b. Provide a prompt reply;

c. Do not attach unnecessary files;

d. Do not overuse the high priority option;

e. Do no write in CAPITALS;

f. Include the original message in replies;

g. Add a signature to off-campus e-mails including name, title and phone number;

h. When sending to groups, use the bcc: field to maintain anonymity of those receiving the message and to avoid listing the members of the group within the message;

i. Do not use graphics, backgrounds or stationery;

j. Do not forward virus hoaxes and chain letters;

k. Limit the use of Request delivery and Read receipt;

l. Do not ask to recall a message;

m. Do not copy a message or attachment without permission;

n. Do not use e-mail to discuss confidential information;

o. Use a meaningful subject line;

p. Avoid using URGENT and IMPORTANT in the subject line;

q. Do not send or forward e-mails containing libelous, defamatory, offensive, racist or obscene remarks; and

r. Do not reply to spam;

9. Personal pages housed on the OTC web server or linked from the OTC web site must comply with institutional standards which include, but are not limited to:

a. Must be non-discriminatory;

b. Must not be used to advertise a particular opinion or idea which is demeaning to other individuals or groups;

c. Must not invade the privacy of others;

d. Must not disclose private information about individuals or groups;

e. Must not falsely claim to speak for a person or organization by using their name, trademark, logo, or seal;

f. Must not be used to display, distribute, or link to obscene, abusive, or threatening material or language;

g. Must not violate state or federal laws; and

h. Must not be used to promote businesses outside of OTC or to conduct business activities unrelated to the author’s position with the college.

Personal pages and links in violation of these standards will be removed, and the responsible user may be subject to disciplinary action.

10. Users are responsible for recognizing and honoring the intellectual property rights of others. Additionally, anyone creating intellectual works using Ogeechee Tech computers or networks, including but not limited to software, should consult the DTAE policy on Development of Patentable Devices/Materials or Copyrightable Materials/Media by Technical Institute/Department Personnel.

11. While every effort is made to limit access to Banner to those with a “need to know,” users may inadvertently or advertently gain access to other data. Banner access and screen privileges are issued to individuals with the understanding that they will use the information obtained only in the conduct of their official duties and that no information will be disclosed to any person who does not have an official “need to know.”

As employees of Ogeechee Technical College, whose position responsibilities require interaction with any or all of Banner, users will:

a. Maintain the confidentiality of my password for all systems to which they have access.

b. Maintain or view the data to which they have access in strictest confidence. The information viewed will not be shared in any manner with others who are unauthorized to view such data.

c. Understand that the use of the College’s administrative data for profit or personal purposes is strictly prohibited.

d. Understand that inappropriate use of my privileges to access and use administrative data may result in disciplinary action, loss of access to the system, and possible sanctions up to and including dismissal from the College.

EMPLOYEE ACKNOWLEDGEMENT OF COMPUTER AND NETWORK ACCEPTABLE USE POLICY:

I acknowledge that I have read Ogeechee Technical College’s Computer and Network Acceptable Use Policy (approved February 2003; revised March 17, 2005) and understand my responsibilities as an employee of the institution and authorized computer and network user.

| | | |

|Employee’s signature | |Date |

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download