Conditions for Use of Campus Computing Resources
Users
are responsible for understanding and complying with the Conditions for
using Shawnee State’s systems, resources and networks (see
SSU Policy 5.30).
1.0 Conditions for
Information Security
Information
security is critical to the interests of the University and the many
constituencies it serves. As a result of the University’s dependency on
electronic information, it is critical that information and information
systems be protected from unauthorized access and electronic attacks so
the University can operate without interruption. Furthermore, it is
paramount the University safeguards institutional data as well as
protects personal information from unauthorized access.
Officially
protected or confidential information
created or maintained by the University or student academic records may
only reside on systems or networks operated and maintained by UIS, without
prior written authorization by the Director of UIS.
Confidential information
is defined as that information which is not releasable to the public under
state or federal law, and which could reasonably be used to perpetrate
identity theft, constitute a serious and unwarranted invasion of personal
privacy, compromise the physical security of university employees or
property, or compromise the University’s computer systems. Examples of
“confidential information” include, but are not limited to, the following:
A. "Personal information"
which includes an individual's name, consisting of the individual's first
name or first initial and last name, in combination with and linked to any
one or more of the following data elements, when the data elements are not
encrypted, redacted, or altered by any method or technology in such a
manner that the data elements are unreadable:
(i) Social security number;
(ii) Driver's license
number or state identification card number;
(iii) Account number or
credit or debit card number, in combination with and linked to any
required security code, access code, or password that would permit access
to an individual's financial account.
B. “Personal Financial
Information” which would link an individual with nonpublic information
about that individual’s tax return, gross income, investments, financial
aid, etc. A public employee’s salary is not “personal financial
information.”
C. Educational Records, as
defined under state and federal law as:
“Any record
with certain exceptions, maintained by an institution that is directly
related to a student or students. This record can contain a
student’s name, or students’ names, or information from which an
individual student or students can be individually identified.
These records
include: files, documents, and materials in whatever medium
(handwriting, print, tapes, disks, microfilm, microfiche, etc…)
which contain information directly related to students and from
which students can be personally identified.”
D. “Medical Treatment
Records” as defined under state and federal law.
The HIPAA Privacy Rule
defines private health information (PHI) as individually identifiable
health information, held or maintained by a covered entity (i.e. our SSU
group health plan) or its business associates acting for the covered
entity, that is transmitted or maintained in any form or medium (including
the individually identifiable health information of non-U.S. citizens).
This includes identifiable demographic and other information relating to
the past, present, or future physical or mental health or condition of an
individual, or the provision or payment of health care to an individual
that is created or received by a health care provider, health plan,
employer, or health care clearinghouse.
E. Security and
Infrastructure records, to include records or information concerning the
protection of a University office against sabotage or attack.
F. Information which would
allow unauthorized access to University computer systems or electronic
files.
UIS has overall responsibility for the security of the
University's information technologies. Implementation of security policies
is the responsibility of all SSU supervisors, employees and students.
Departmental
Responsibilities:
The President or the President’s designee, upon
recommendation by the Director of UIS, may authorize other networks solely
for academic purposes which do not come under the supervision of UIS,
provided the department understands its responsibility for the security of
such networks under its domain of control and responsibility, and may not
use the network to host officially protected or confidential information.
These responsibilities include but are not limited to responsibility for
general security issues, e.g., legal issues, security compliance and
reporting, physical security, communications, and IT infrastructure
security on wired and wireless networks. Authorization may be revoked if
the President or President’s designee finds the network is operating
contrary to University policy or the law.
All academic and administrative offices within the
University have the primary responsibility and authority to ensure their
respective departments comply with University requirements for privacy and
security of specific types of confidential information (e.g., student
educational records, personnel records, health records, and financial
transaction data). These units are responsible for general security issues
(e.g., legal issues, security compliance, physical security and
communications) as well as for completing risks assessments and assisting
in the development of University IT security policies, standards and best
practices in the areas of their responsibility.
Users who use University or personally-owned mobile devices
to access University resources are responsible for the security of their
data and are subject to the following:
-
The provisions of the Campus Computer and Network Use Policy 5.30 and Conditions for Use of Campus Computing Resources
-
The regulations for reporting lost or stolen confidential or private data
-
All other laws, regulations, or policies directed at the individual user or institution.
Reporting
Security Violations
Reporting suspected violations of the Conditions for Information Security is the responsibility of all members of the University community.
Examples of prohibited (actual or attempted) behavior include, but are not
limited to:
·
Allowing
institutionally or personally-owned mobile devices with officially
protected or personal, confidential information to leave the campus.
·
Allowing
others to use your personal network, MySSU or CARS account
·
Any attempt
involving campus-computing resources for the purpose of hacking. Hacking
is defined as attempting (either successfully or unsuccessfully) to break
into or gain unauthorized access or rights on a computer system or
network. Any unauthorized attempts to access non-university systems will
be reported to the administrators of these non-university systems.
·
Accessing or
using a protected computer account assigned to another person or the
unauthorized sharing of a password to a protected account with another
person without prior authorization by the director of UIS.
·
Misuse or
abuse of computer equipment, networks, software, or supplies.
·
Any act which
interferes with the appropriate access rights of others.
·
Transmitting
or posting fraudulent, defamatory, harassing, obscene, or threatening
messages, or any communications prohibited by law.
·
Use of any
computer network for a purpose contrary to the stated purpose of that
network.
·
Software
theft or piracy, data theft, or any other action which violates the
intellectual property rights of others.
·
Deletion,
examination, copying, or modification of files and/or data belonging to
other users without their prior consent.
·
Forgery (or
attempted forgery) of electronic mail messages.
·
Deliberate
interference with the ability of other users to send/receive electronic
mail.
·
Network-based applications will not be installed or utilized on Shawnee
State systems without prior authorization by UIS
·
Decryption of
system or user passwords and files.
·
The copying
of copyrighted materials, or unauthorized sharing of electronic files
(audio/video) or third party software, without the express written
permission of the owner of the copyright.
·
Intentional
attempts to crash systems or programs are subject to disciplinary
sanctions.
·
Any
improper or unauthorized attempts to secure a higher level of privilege on
Shawnee State systems.
·
A physical
connection of any computer to any of the University's networks without
proper authorization from the appropriate network administrator.
·
Misrepresenting one's identity or relationship to the University when
obtaining or using University computer or network privileges.
·
Creating,
installing, or knowingly distributing a computer virus, "Trojan horse", or
other surreptitiously destructive program on any University computer or
network, regardless of whether any demonstrable harm results.
·
Adding,
modifying or reconfiguring (without proper authorization) the software or
hardware of any University computer or network.
·
Loading of
software on campus computers without compliance to all licensing
requirements. Proof of licensing must be readily available.
·
Any
unauthorized access (or attempted access) of student identifiable data.
·
Using any
University computer or network resources to perpetrate a violation of
state or federal law or University policies.
1.1 UIS Recommended Best Practices
Individuals are required to know and comply with additional Best Practices established by UIS, colleges, departments or other units. Failure to comply with these Practices may result in loss of computing privileges and/or disciplinary action.
· Lock down console (using <Ctrl-Alt-Delete> function) when not at user station.
· Do not share passwords. Passwords should be complex in nature i.e. uses upper/lower case, numbers, special characters.
· Log-off or lock down computer when leaving office for the day.
· Keep all doors locked when not in office.
· Do not share personal office computers with unauthorized users.
· Do not share confidential information via the Internet without a secure connection.
· Do not respond to emails phishing for personal or institutional information.
· Do not store passwords or usernames in a non-secure location.
· Do not allow unauthorized individuals into your office or to access your computer. Request Id information from unfamiliar individuals.
· Notify UIS (via helpdesk) when a student or departmental employee terminates employment with SSU or leaves the department.
· Notify UIS (via helpdesk) when an electronic data transmit process (dialup transmission or the internet) is needed to complete a University business function.
· Do not access the Internet from Computers with confidential files stored on the local hard drive.
· Do not store Data/Reports with confidential student or staff information locally (C: drive) or on departmental Web shared spaces. If departmental files need to be stored/shared a request for a department share should be forwarded to UIS.
· Change passwords to third-party software on a frequent basis, using complex passwords (at least every 90 days or as required by the third-party).
· Do not keep paper reports with confidential information in non-secured areas and shred all reports and electronic media when no longer needed.
· Do not download (from the Internet) unauthorized, non-work related software onto your computer (i.e. Screensavers, Pointers, WeatherBug, Hotbar, Kazaa etc.)
2.0 Conditions for Network Access
(including ResNet and Wireless)
Access to computer systems,
resources and networks owned or operated by Shawnee State University is a
privilege which imposes responsibilities and obligations and is granted
subject to University policies as well as local, state, and federal
statutes. These Conditions apply to all users who are granted access to
the University's computing resources.
Use of the University's
computing systems, resources and networks is granted solely to current
Shawnee State University faculty, staff, enrolled students, and any others
designated in writing by the President or Vice President of Business and
Administrative Affairs.
Use of these resources is limited to
applications and activities appropriate to the user’s role in the
University.
The University reserves the right to limit, restrict, extend or deny
computing privileges and access to its resources.
The University reserves the
right to test and monitor security, and review any files or information
resident on University systems for unacceptable use.
It is the expectation that
all accounts assigned to authorized individuals will be treated as private
by University employees charged with managing University computer systems,
resources, and networks.
An account may be accessed
without the user's permission upon authorization by the President or the
President’s designee for any employee placed on temporary or extended
leave of absence, in order to secure documents or data. The University
reserves the right to deny access to its computer systems, resources and
networks until authorization to access the account is provided by the
President or President’s designee.
Access to some computer programs and network resources may require a written request. Access to information which is private or confidential may be restricted.
Employees who leave the
institution shall have their accounts disabled, and then deleted after
documents of a departmental nature are identified and archived. Those
employees who have been terminated or have received notification of
termination will be restricted from access to the system, unless
authorized by the President or President’s designee.
Access to some on-campus computers and to external networks requires a means to authenticate a user's identity, usually with a password. The user, or account owner, is responsible for all actions originating from an assigned account. Passwords to protected accounts may not be shared or used by anyone other than the assigned user.
Users given access to
University computational resources shall be advised of their domain
(resources available for their use). Users may not go beyond or attempt to
go beyond their respective domain without authorization.
The installation/execution
of games and/or recreational programs on Shawnee State systems excluding
those required for academic coursework in designated labs intended for
gaming is prohibited.
Use of Shawnee State
computer systems, resources, networks and/or services for unauthorized
commercial activities, including use of Internet facilities for any
commercial activities, is prohibited.
2.1 Conditions for Residential Housing (ResNet)
ResNet provides a
reliable, efficient connection to the Internet, but the drawback of this
connection is that it provides an avenue for more people to reach one’s
computer. UIS provides as much protection as possible, but in order to
help you must install Anti-virus and Spyware software and keep both
definitions up to date on your computer.
Since ResNet/Wireless
Network Access is an “always on connection” similar to commercial
broadband, the University has a responsibility to both the ResNet/Wireless
Network Participant, and the greater Internet community to protect them
from each other. These rules are meant to help educate, inform, and
provide an environment free of computer viruses and security attacks. They
are meant to help foster a friendly, safe and clean network environment
for ResNet/Wireless Network Participants. They are not optional.
Selection of inclusion is
entirely at the discretion of the Participant, UIS, and Student Housing (ResNet).
ResNet/Wireless Network is provided with the understanding that it serves
primarily as an academic tool. The University reserves the right to limit
or prohibit activities that might interfere with the primary function of
the ResNet/Wireless Network.
ResNet will be periodically scanned to check for malicious activity. If
issues are detected on a system, the owner of that computer will be
notified of the action taken to resolve the problem and will be advised of
the steps that must be taken to be re-connected to ResNet.
In order to reactivate a port after a virus or other malicious software
has been removed, an appointment with a UIS Technician may need to be made
for the Technician to verify that the hard drive has been cleaned.
All computers accessing or attempting to access the ResNet/Wireless Network must have an anti-virus with the anti-malware component software package installed with current definitions. If the participant’s anti-virus software package does not have an anti-malware component then an anti-malware software program must be installed separately.
UIS provides a free copy of
Symantec Anti-Virus with an anti-malware component free to all registered
students, faculty and staff. This software package is available on the
UIS Resource CD which can be picked up in the UIS office or can be
downloaded through the network access control interface.
Please review the ResNet
Conditions prior to installing the software. Computers connected to ResNet
via network access control must meet the following software prerequisites
before authentication is complete.
2.1.1 Installed Software
Anti-Virus Software
a. An anti-virus software package must be installed and running.
b. Anti-virus definitions must be current
c. Live Update feature must be enabled for anti-virus definition files.
Anti-Malware Software (if not a component of Anti-Virus software package)
a. An anti-malware software package must be installed and running.
b. Anti-malware definition files must be current.
c. Update feature must be enabled for anti-malware definition files.
Microsoft Security Updates (only applies if running Windows)
a. Operating system updates will be posted when required. Any required updates must be applied.
Shawnee State University utilizes a network access control application, which each Participant must download on his or her personal computer to have access to the ResNet/Wireless Network. This application ensures all requirements are satisfied.
2.1.2 Personal Servers
Servers of any kind are not permitted on the ResNet/Wireless Network.
Servers open security holes on the network allowing attackers to gain unauthorized access to your computer and/or the ResNet/Wireless Network. They also may serve files to unauthorized persons without your knowledge or consent. Specific examples of servers are: Web servers, FTP servers, File sharing servers, Print servers, Database or Application servers.
2.1.3 Static IP’s
Static IP’s will not be permitted on any system connected to the ResNet/Wireless Network. UIS managed software will monitor IP addresses and assign them appropriately.
2.1.4 Network Port Scans
Network port scans by Participants are not permitted. Port scans may be performed by UIS to maintain the ResNet/Wireless Network. However, no ResNet/Wireless Network Participant is to perform a port scan of any host inside or outside of the ResNet/Wireless Network. This will be considered a network attack and UIS will respond accordingly.
2.1.5 Network Attacks
Network attacks of any kind will not be tolerated. Network attacks are serious concerns to the University and UIS, and should be to the ResNet/Wireless Participant involved as well.
2.1.6 Dissemination of Information
There will be no dissemination of libelous, slanderous, racial, or offensive material on the SSU ResNet/Wireless Network.
2.1.7 Software and Hardware Devices
Software and hardware devices that are currently prohibited by Shawnee State University and UIS will not be permitted on the ResNet/Wireless Network. Devices include wireless network products (i.e. Apple Airport), thin-clients, game consoles (i.e. Xbox, Playstations, etc), hubs, switches, routers, print servers, and network appliances.
2.1.8 Modification of Physical Wiring
ResNet/Wireless Network services and physical wiring may not be modified or extended for any reason. This applies to all network wiring, hardware, and in-room data jacks.
2.1.9 Minimum Hardware Requirements
Participants must have a computer system that satisfies the minimum published requirements of the ResNet/Wireless Network program. For current minimum system requirements, click here.
2.1.10 File Sharing
Participants are reminded that sharing of copyrighted materials over the network such as software, music, images, videos, publications, or any other protected materials is a violation of federal copyright statutes and is strictly prohibited. Students who are cited in infringements notices under the Digital Millennium Copyright Act (DMCA) will have their ResNet/Wireless Network access suspended. Repeat violations will result in a judicial referral.
2.1.11 Access to Participant’s Systems
UIS staff may require access to a Participant’s computer to maintain
ResNet/Wireless Network operations. Participants agree to provide
reasonable access to their system.
2.1.12 Licensing of Software
Participants agree to abide by the license agreements governing the use and distribution of the software provided by the University.
2.1.13
Responsibility for All
Participants
Participants are ultimately responsible for any and all network use or communication traffic originating from their personally-owned computer, regardless of the actual author of such traffic.
2.1.14 Disclaimer of Liability
Participants connecting
computers to the ResNet/Wireless Network or seeking technical assistance
in order to connect computers to the ResNet/Wireless Network understand
and agree that Shawnee State University, its contractors, employees,
representatives and agents volunteering to help set up the computer
assumes no responsibility for a Participant’s loss of time, data or other
loss due to unavailable network services or network outages. With full
knowledge of the risks involved the Participant waives any claim whether
in tort or contract, for any damage including but not limited to loss of
data, programs, and hardware which may result from work, as well as
suggested or required downloads on the Participant’s personal computer.
Furthermore, the Participant agrees to hold harmless, Shawnee State
University, its contractors, employees, and agents from any liability of
damages the Participant may incur or cause to others. In addition to this
waiver of any claim of damages, the Participant agrees to assume the risks
associated with computer assistance. The Participant agrees to this
waiver, hold harmless agreement and assumption of risk without reservation
and certify that the Participant has had the opportunity to ask any
questions concerning the risks that might be involved with this computer
assistance. UIS is charged with ensuring that Participants can connect
their personally owned computers to ResNet/Wireless Network. Beyond
network connectivity, it is at the discretion of the UIS staff the extent
to which it will troubleshoot and/or resolve issues related specifically
to the equipment. UIS does not provide repair services for personally
owned computers, printers, or PDA devices.
2.2
Conditions for Wireless
Installation and Usage
To guide the deployment and usage of wireless networking on the SSU campus, to protect the security of SSU’s information resources and electronic communications as well as to abate possible interference in the FCC unlicensed 2.4 GHz and 5 GHz radio frequency spectrum, Conditions for Wireless Installation and Usage 2.2 serve as a prerequisite to implementing and using wireless networks on the SSU campus.
2.2.1 Installing Personal Wireless Access Points
The installation of any wireless access device on SSU networks by any individual or group other than University Information Services (UIS) is prohibited without prior authorization by the Director of UIS. Contact University Information Services at 740-351-3538, or via e-mail at helpdesk@shawnee.edu for wireless access point procurement, survey and installation.
-
Installation must comply with all health, safety, building, and fire codes.
-
Students may not install or operate wireless local area network (WLAN) access points in the residence halls or any other areas on campus.
-
UIS retains the right to enforce cessation of any unapproved access points, and/or disable network ports where unauthorized access points are found.
-
All IP addresses for the SSU WLAN will be assigned and maintained by UIS.
2.2.2 Acceptable Technology
The Institute of Electrical and Electronic Engineers (IEEE) is responsible for defining and publishing telecommunications and data communications standards. UIS will use these standards as a basis for establishing and keeping current its wireless protocols for the campus.
2.2.3 Installation and Management
University Information Services (UIS) will be the sole provider of design, specification, installation, operation, maintenance, and management services for all wireless access points on the SSU network. Departments wanting WLAN capability will schedule with UIS for installation and maintenance.
2.2.4 Radio Signal Interference
The use of other electronic data and telecommunication devices that occupy the same frequency as the SSU WLAN is discouraged on campus. In cases of significant problems, users of other devices will be required to cease using those devices.
UIS shall resolve frequency conflicts in a manner which is in the best interest of the University and its academic mission.
2.2.5 Security/Access
It is critical that UIS
maintains the necessary security measures consistent with current network
practices and procedures. All access points in the SSU WLAN will use a
Service Set Identifier (SSID) maintained by University Information
Services. All access points in the SSU WLAN will use authentication and
security measures maintained by UIS.
3.0 Conditions for Campus Email
The campus electronic
communications system is designated as the primary means for distributing
critical information to the University community. Unless otherwise
provided in Collective Bargaining Agreements, any official communication
to University users via campus electronic communications constitutes
notice to the recipients.
3.1 Intended Recipients
Electronic mail (e-mail) is
intended for communication between individuals and clearly identified
groups of interested individuals, not for mass distribution.
3.2 Mass Distribution
Mass distribution is
defined as sending an email to a group of University users, who have not
otherwise indicated their desire to receive messages not directly related
to their University position or University mission. Sending multiple
copies of the same message to multiple groups is also mass distribution.
Mass distribution of messages is permissible only for University business
and official University-sponsored activities. Mass distribution of other
non-University business and non-University-sponsored activities may be
considered "spamming" and a violation of the Conditions for Use of Campus
Computing Resources as determined by the President or President’s
designee.
3.3 Email Access
A University email account
may be accessed without the user’s permission upon authorization from the
President or President’s designee for any employee placed on temporary or
extended leave of absence, or otherwise is not reasonably available, in
order to secure documents or communications essential to the mission.
4.0 Conditions for Software Use and
Intellectual Property Rights
Respect for the scholarly
work and intellectual property rights of others is essential to the
educational mission of any university. Shawnee State University,
therefore, endorses the following 1987 EDUCOM/ADAPSO statement on
Software and Intellectual Rights:
"Respect for intellectual
labor and creativity is vital to academic discourse and enterprise. This
principle applies to works of all authors and publishers in all media and
publishers in all media. It encompasses respect for the right to
acknowledgement, right to privacy, and right to determine the form,
manner, and terms of publication and distribution. Because electronic
information is volatile and easily reproduced, respect for the work and
personal expression of others is especially critical in computer
environments. Violations of authorial integrity, including plagiarism,
invasion of privacy, unauthorized access, and trade secret and copyright
violations, may be grounds for sanctions against the violator.”