BACKGROUND

ACCEPTABLE USE POLICY

Acceptable use always is ethical, reflects academic honesty, and shows restraint in the consumption of shared resources. It demonstrates respect for intellectual property, ownership of data, system security mechanisms, and an individual's rights to privacy and freedom from intimidation, harassment, and unwarranted annoyance.

If any use adversely impacts the network, the user will be asked to schedule his or her work outside of regular business hours (8 a.m. - 5 p.m. Monday - Friday) or to confer with the Information Technologies Department to reconfigure his or her work so that network impact is avoided. Examples of the sorts of activities that should be avoided may include but are not limited to:

• Attempting to download a large video or audio file onto the network
• Sending graphic files as Mail attachments to large groups of people
• Playing an interactive, networked game

• Attempting to circumvent or subvert system or network security measures at the College or another organization
• Engaging in any activity that might be harmful to systems or to any information stored thereon, such as creating or releasing viruses, disrupting services, or damaging files
• Upload, download, email or post files that contain software or other material protected by intellectual property laws, rights of privacy or publicity, copyright, trademark, patent, trade secret or any other applicable law unless you own or control the rights thereto or have received all necessary consents.*
• Deliberately disseminating a virus, worm, Trojan horse or trap-door program code
• Accessing any kind of sexually explicit image or document
• Use of the network to threaten, harass, stalk, abuse or otherwise violate the legal rights (including rights of privacy and publicity) of others*
• Excessive use of printing resources

SOFTWARE LICENSING COMPLIANCE POLICY

SECURITY POLICY

• Availability - ensure that systems, networks, applications, utilities and data are on-line and accessible when authorized users need them for uses and explorations consistent with the College's mission and goals.
• Integrity - protect College information, data, or software from improper modification or access (i.e. virus or unauthorized access).
• Confidentiality - assure that sensitive data is read only by authorized individuals and is not disclosed to unauthorized individuals or to the public.

In order to ensure this environment for all students, faculty, and staff associated with the College, users are responsible for taking reasonable precautions to maintain the security of information stored on, or accessed by, their computer system(s).

Anyone who attempts to disable, defeat or circumvent any security measures will be in violation of this policy.

Access to the CSS network increases the vulnerability of whatever equipment is connected to the network. While the following measures can reduce the risk of exposure, CSS makes no warranty, either expressed or implied, with respect to security measures implemented on the network or computing resources. Users shall be responsible for implementing their own security measures to protect hardware, software and data.

What could happen?

• Sharing Network Passwords: If you share your network password (or logged on personal computer) with another user, this user will then have access to any private data and programs that are accessible through use of your password. This would include data in your own computer and files as well as data in other users' files and in any shared files that you have special permission to use. You are responsible for any unauthorized access to confidential data that is thus made available. You are also responsible in case of accidental or purposeful erasure and/or tampering with your data. It is possible that this user might accidentally or intentionally damage systems software and that such an incident would be traced back to your computer or user id. You are responsible for any damage made possible by the sharing of your password. In any case, do not allow unauthorized users access to your password.
• Sharing E-mail Passwords: If you share your e-mail password with other users, they could send mail to others using your password and your name. If a user sends e-mail locally that is malicious or embarrassing, the received e-mail will look like it came from you. A malicious, naive, or inattentive user could send off campus e-mail that might jeopardize St. Scholastica's permission to access parts of the Internet. You are responsible for the uses that are made of your e-mail password. In any case, do not allow unauthorized users access to your password.

Examples of activities that help ensure a secure network include, but are not limited to, the following:

• Log off of general use computers (labs and work rooms)
• Choose passwords wisely and to keep them secret [see Password Policy].
• Do not aid or allow any unauthorized person to use College computer or network equipment.
• Access the network and data in an authorized fashion only [see Computer/Network Acceptable Use Policy]. Using someone else's password to access unauthorized services or data is a violation of this policy, regardless of how the password was obtained. Do not use anyone else's password.
• If you share your password with others, you are giving them access to services and data they may not be authorized to use. They will also have access to all of your personal information. If you suspect that someone may have discovered your password, change it immediately.
• Ensure your workstation, when logged on to the network, is reasonably secure in your absence from your office. Examples include but are not limited to:
  • Windows security, with the screen saver
  • Read-only security or access security available within the Microsoft tools
  • Confidential information stored on diskettes to allow them to be removed from the workstation
  • Locking your office door when absent or logging out
• Never type a password for an unknown person.
• Never send security related information (i.e. a password) over e-mail.
• Do not give accounts on personal workstations to unknown or non-users.
• Do not break into accounts or bypass security measures in any way.
• If you should inadvertently obtain information to which you are not entitled or become aware of a breach of security pertaining to any computing service, immediately report the incident to the WAN Specialist, extension 5914, or the Director of Information Technologies, extension 5966.

To support the identified goals of this Policy, the Information Technologies Department:

• Is responsible for managing and overseeing security to ensure privacy and integrity of user information. This will include reasonable efforts to:
  • Ensure that shared programs and data are available to users and are invulnerable to accidental erasure and/or tampering.
  • Ensure that e-mail and private user information (on servers) is invulnerable to accidental erasure and/or tampering.
  • Ensure backups of both public and private server information, at least weekly, to ensure that any information lost, erased, or corrupted can be recovered.
• Monitors the system for security breaches and unauthorized activity using available security utilities and software
• Installed a firewall to assist in the safety and security of the College's networks.
• Uses available utilities to ensure secure movement of data within the CSS network and over the Internet.
• Takes reasonable precautions to minimize network and machine downtime.

E-MAIL POLICY

The following actions are not allowed:

• Any use that violates state or federal law.
• The sending or displaying of harassing, threatening, obscene, discriminatory, and/or defamatory messages. Any use that violates College policies including, but not limited to, Sexual Harassment, Discrimination, Computer/Network Acceptable Use, and Computer/Network Security
• The origination or further propagation of chain letters is strictly forbidden and will be considered an abuse of St. Scholastica's E-mail system. A chain letter is an e-mail that is sent out requiring each recipient to mail it on to a number of other people, resulting in the distribution of an infinite number of e-mail messages
• Individuals who knowingly degrade the network and/or use up hardware resources.
• Any forgery or attempted forgery of e-mail messages. Users shall not disguise or alter the source of any message.
• Actual or attempted interception, use or disclosure of e-mail sent to other users.
• Sending unsolicited junk mail, chain letters, commercial messages and the like ("spam"). Do not respond to "spam", even if the sender invites you to be removed from its mailing list. Some spammers use this as evidence of an active e-mail account for their further exploitation.

Access to the College's e-mail services is a privilege that may be wholly or partially restricted by the College without prior notice and without consent of the e-mail user when required by and consistent with law when there is a substantiated reason to believe that violations of policy or law have occurred or, in time sensitive cases, when required to meet critical operational needs.

The administrators of the College's e-mail system may, within certain limits, block mail including external, unsolicited, bulk e-mail (spam) or viruses.

Procedures:

• Sending messages to groups:
  • Visit the Mass E-mail Procedure page located on the Web.
  • Do not select the entire address list for inclusion in the to:, cc: and/or bc: fields.
  • Send only to those people who "need to know" the information
  • Never use the Return Receipt option when sending to large groups
• Keep your In-box and Sent Mail Folders manageable.
  • Delete any old or unnecessary messages (especially those with attachments) in your folders on a regular basis.
  • Only save what you need.
  • Only save the most up-to-date message in a thread. This should contain the previous messages within the body of the newest message.
  • Contact the Computer Support Help Desk, ext. 5911, for assistance with archiving e-mail messages.
• Security of E-mail
  • Be aware of the potential for forged mail. If a person has acquired another individual's password, that person can pretend to be the other individual and send forged mail.
  • Be extremely careful when executing programs you receive via e-mail, as they may contain viruses that could be dangerous to the network, the servers, or your computer.
• Harassment
  • Users should be sensitive to the public nature of the shared computing facilities and take care to refrain from transmitting to others in any location inappropriate images, sounds, or messages which might reasonably create an atmosphere of discomfort or be considered harassing.
• Privacy:
  • Do not say anything you would not want others, besides your correspondent, to read. Messages meant to be confidential can be intercepted during or after transmission, and even deleted messages might have been stored on backup tapes. Users are advised not to send confidential College communications via e-mail. The College will make every attempt to assure the security of the e-mail system, however, this is not a guarantee.
  • The College does not monitor e-mail communications as a matter of routine. However, Users understand and consent to any monitoring, interception, use or disclosure of e-mail communications deemed necessary by the College in its discretion for the purpose of investigating and enforcing its Acceptable Use Policies, maintaining the integrity and efficient operation of the College's systems, or as may be required in connection with legal requests from governmental authorities.
  • The College can assure neither privacy of an individual user's use of the e-mail resources nor the confidentiality of particular messages that may be created, transmitted, received, or stored.
  • Backup copies may be retained for periods of time even if the user has deleted the message from his account.
  • IT members may, in the course of routine system maintenance, troubleshooting, upgrades, etc, inadvertently see the content of e-mail messages.
  • E-mail account holders are expected to comply with College requests for copies of e-mail records in their possession that pertain to College business or whose disclosure is required to comply with applicable laws.
  • E-mail account holders may, under certain conditions, have e-mail files accessed by others when it relates to College business.
  • Do not send confidential information via e-mail such as social security numbers, account passwords, or credit card numbers.

AUTHORIZED USERS

PERSONAL USE

The College expects users to be responsible in their use of the system. Faculty, staff, employees, and agents of the College agree to refrain from any private communication which suggests that there is College approval of such communication.

PRIVACY

DATA SECURITY

The College cannot completely guarantee the security and integrity of any information placed on the network, including personal data or programs placed on the network or individuals' workstations. While reasonable measures are being taken to ensure the availability, integrity, and confidentiality of information on the network [See Computer/Network Security Policy], there is still the threat of natural disaster, sophisticated hackers, and password violations which could jeopardize the system. Information stored on network servers is backed up, and therefore, recoverable. We recommend, additionally, that all significant data residing on personal workstations be backed up on a regular basis. For assistance with data backup, contact the Computer Support Help Desk, ext. 5911.

CONSEQUENCES

Users violating this Policy will be required to discontinue their inappropriate use immediately. Any further violation may lead to the loss of network privileges as approved by the appropriate Dean or Vice President. Offenders are also subject to College disciplinary procedures as well as criminal or civil prosecution. Any appeals should follow appropriate College grievance procedures.

QUESTIONS

MODIFICATIONS TO THIS POLICY