Information Technologies

Access to computer systems and networks owned or operated by the College of St. Scholastica is a privilege that imposes certain responsibilities and obligations and is granted subject to College policies and local, state and federal laws. The objective of this policy is to ensure an available, reliable, secure and responsive network environment at the College of St. Scholastica. It is the responsibility of each user to ensure that the College’s technology is used appropriately.

Any activity that compromises the performance of the College’s computers and/or network such that others are negatively affected is not acceptable. Acceptable use is always ethical, reflects academic honesty and shows restraint in the consumption of shared resources. It demonstrates respect for intellectual property, ownership of data, system security mechanisms and an individual’s rights to privacy and freedom from intimidation, harassment and unwarranted annoyance. If any use adversely impacts the network, the user will be asked to reconfigure his or her work so that network impact is avoided.

Examples of Inappropriate Use At Any Time Include, But Are Not Limited To

• Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of “pirated” or other software products that are not appropriately licensed for use by the College of St. Scholastica
• Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music and the installation of any copyrighted software for which the College or the end-user does not have an active license
• Introduction of malicious programs onto any device connected to the campus network (i.e., viruses, worms, Trojan horses, email bombs, etc.)
• Revealing your account password to others or allowing the use of your account by others. This includes student employees as well as family and other household members when work is being done at home
• Using a College computing asset to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws in the user’s local jurisdiction
• Making fraudulent offers of products, items or services originating from any College account
• Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access unless these duties are within the scope of regular duties. For purposes of this section, “disruption” includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service and forged routing information for malicious purposes.
• Port scanning or security scanning is expressly prohibited unless prior notification to the Information Technologies Department is made
• Executing any form of network monitoring which will intercept data not intended for the employee’s host, unless this activity is a part of the employee’s normal job/duty
• Circumventing user authentication or security of any host, network or account
• Interfering with or denying service to any user or network (i.e. denial of service attack)
• Using any program/script/command or sending messages of any kind, with the intent to interfere with, or disable, a user’s terminal session, via any means, locally or via the internet/intranet/extranet

The primary purpose of the College’s email system is for correspondence relating to the mission of the College. Email is a resource provided to the College Community to enhance the performance and productivity of the College. The College Community recognizes that the hardware, software and network resources used by the email system as well as email correspondence are owned by the College.

Inappropriate Use of Email

• Sending unsolicited email messages or newsgroup posts, including the sending of “junk mail” or other advertising material to individuals who did not specifically request such material (email spam)
• Any form of harassment via email, telephone or paging, whether through language, frequency or size of messages
• Unauthorized use or forging of email header information
• Solicitation of email for any other email address other than that of the poster’s account, with the intent to harass or to collect replies
• Creating or forwarding “chain letters”, “Ponzi” or other “pyramid” schemes of any type.
  Use of unsolicited email originating from within the College’s networks of other Internet/Intranet/Extranet service providers on behalf of, or to advertise, any service hosted by The College of St. Scholastica or connected via the College’s network.
• Email communications are not considered private despite any such designation or functionality within the software application, either by the sender or the recipient. Access to the College’s email services is a privilege that may be wholly or partially restricted by the College without prior notice and consent of the email user when required by and consistent with the law when there is a substantiated reason to believe that violations of policy or law have occurred or, in time-sensitive cases when required to meet critical operational needs. The administrators of the College’s email system may, within certain limits, block mail including external, unsolicited, bulk email (spam) or viruses.

Privacy

• Do not say anything you would not want others, besides your correspondent, to read. Messages meant to be confidential can be intercepted during or after transmission, and even deleted messages might have been stored on backup tapes. Users are advised not to send confidential College communications via email. The College will make every attempt to assure the security of the email system, however, this is not a guarantee.
• The College does not monitor email communications as a matter of routine. However, Users understand and consent to any monitoring, interception, use or disclosure of email communications deemed necessary by the College in its discretion to investigate and enforce its Acceptable Use Policy, maintaining the integrity and efficient operation of The College’s systems or as may be required in connection with legal requests from governmental authorities.
• The College can assure neither privacy of an individual user’s use of the email resources nor the confidentiality of particular messages that may be created, transmitted, received or stored.
  Backup copies may be retained for periods of time even if the user has deleted the message from his account.
• IT members may, in the course of routine system maintenance, troubleshooting, upgrades, etc., inadvertently see the content of email messages.
  Email account holders are expected to comply with College requests for copies of email records in their possession that pertain to College business or whose disclosure is required to comply with applicable laws.
• Email account holders may, under certain conditions, have email files accessed by others when it relates to College business
• Do not send confidential information via emails such as social security numbers, account passwords, tax IDs or credit card numbers

Security of Email

• Never open an attachment or click on a web link from a person that you do not know. Many phishing scams involve an infected attachment or web link that looks to be from a legitimate bank or financial institution.
• Be aware of the potential for forged email. One example is that a person has acquired another individual’s password and that person pretends to be the other individual and sends a forged email.
• Be extremely careful when executing programs you receive via email, as they may contain viruses that could be dangerous to the network, servers or your computer

Harassment

• Users should be sensitive to the public nature of the shared computing facilities and take care to refrain from transmitting to others in any location inappropriate images, sounds or messages which might reasonably create an atmosphere of discomfort or be considered harassing

References

• CAN-SPAM Act
• FERPA
• HIPAA
• The College of St. Scholastica Acceptable Use Policy

Password violations are the number one security problem on networks today. This policy is designed to ensure that all College and individual data stored on the network are protected through the reasonable and appropriate use of password security. Users who violate this policy will be held responsible for a breach of security and any impact this may have on the integrity of data or performance of the network.

An initial password is set for you at the time you receive your account; your password is set as your student ID.

Examples Of Activities That Will Jeopardize Your Privilege To Access The College’s Computer Resources Include

• Writing down your password and posting it in your work area
• Sharing your password with others
• Keying in your password for others to use
• Sending your password over the Internet or through email
• Giving your password to an unknown person either in person or over the phone

Should a password be compromised, the owner should change his/her password immediately, to avoid future unauthorized access. Otherwise, passwords should be changed periodically, once every 6 months is our policy.

Authorized users of College computer networks and resources include faculty, staff, official guests and all currently registered students, both within the traditional campus and beyond. Temporary privileges will be given, as appropriate, for official guests at The College.

The purpose of this policy is to prevent unauthorized access to the College’s or individual’s data/information stored on the network. At the same time, we are striving to achieve three goals necessary for a productive networking environment, namely:

• Availability: ensure that systems, networks, applications, utilities and data are online and accessible when authorized users need them for uses and purposes consistent with the College’s mission and goals
• Integrity: protect College information, data or software from improper modification or access (i.e., virus or unauthorized access)
• Confidentiality: assure that sensitive data is read-only by authorized individuals and is not disclosed to unauthorized individuals or the public

While not identified as a goal, every effort will be made to implement security measures that will not impact the performance of the network. To ensure this environment for all students, faculty and staff associated with the College, users are responsible for taking reasonable precautions to maintain the security of information stored on, or accessed by, their computer system(s).

Anyone who attempts to disable, defeat or circumvent any security measures will violate this policy. Access to the College network increases the vulnerability of whatever equipment is connected to the network. While the following measures can reduce the risk of exposure, the College makes no warranty, either explicit or implied, concerning security measures implemented on the network or computing resources. Users shall be responsible for their own security measures to protect hardware, software and data.