Conditions for Use of Campus Computing Resources
Conditions for Use of Campus Computing Resources
Users are responsible for understanding and complying with the Conditions for using Shawnee State's systems, resources and networks (see SSU Policy 5.30).
1.0 Conditions for Information Security
Information security is critical to the interests of the University and the many constituencies it serves. As a result of the University's dependency on electronic information, it is critical that information and information systems be protected from unauthorized access and electronic attacks so the University can operate without interruption. Furthermore, it is paramount the University safeguards institutional data as well as protects personal information from unauthorized access.
Officially protected or confidential information created or maintained by the University or student academic records may only reside on systems or networks operated and maintained by ITS, without prior written authorization by the Director of ITS.
Confidential information is defined as that information which is not releasable to the public under state or federal law, and which could reasonably be used to perpetrate identity theft, constitute a serious and unwarranted invasion of personal privacy, compromise the physical security of university employees or property, or compromise the University's computer systems. Examples of "confidential information" include, but are not limited to, the following:
- "Personal information" which includes an individual's name, consisting of the individual's
first name or first initial and last name, in combination with and linked to any one
or more of the following data elements, when the data elements are not encrypted,
redacted, or altered by any method or technology in such a manner that the data elements
- Social security number;
- Driver's license number or state identification card number;
- Account number or credit or debit card number, in combination with and linked to any required security code, access code, or password that would permit access to an individual's financial account.
- "Personal Financial Information" which would link an individual with nonpublic information about that individual's tax return, gross income, investments, financial aid, etc. A public employee's salary is not "personal financial information."
- Educational Records, as defined under state and federal law as:
- "Any record with certain exceptions, maintained by an institution that is directly related to a student or students. This record can contain a student's name, or students' names, or information from which an individual student or students can be individually identified.
- These records include: files, documents, and materials in whatever medium (handwriting, print, tapes, disks, microfilm, microfiche, etc...) which contain information directly related to students and from which students can be personally identified."
- "Medical Treatment Records" as defined under state and federal law. The HIPAA Privacy Rule defines private health information (PHI) as individually identifiable health information, held or maintained by a covered entity (i.e. our SSU group health plan) or its business associates acting for the covered entity, that is transmitted or maintained in any form or medium (including the individually identifiable health information of non-U.S. citizens). This includes identifiable demographic and other information relating to the past, present, or future physical or mental health or condition of an individual, or the provision or payment of health care to an individual that is created or received by a health care provider, health plan, employer, or health care clearinghouse.
- Security and Infrastructure records, to include records or information concerning the protection of a University office against sabotage or attack.
- Information which would allow unauthorized access to University computer systems or electronic files.
ITS has overall responsibility for the security of the University's information technologies. Implementation of security policies is the responsibility of all SSU supervisors, employees and students.
The President or the President's designee, upon recommendation by the Director of ITS, may authorize other networks solely for academic purposes which do not come under the supervision of ITS, provided the department understands its responsibility for the security of such networks under its domain of control and responsibility, and may not use the network to host officially protected or confidential information. These responsibilities include but are not limited to responsibility for general security issues, e.g., legal issues, security compliance and reporting, physical security, communications, and IT infrastructure security on wired and wireless networks. Authorization may be revoked if the President or President's designee finds the network is operating contrary to University policy or the law.
All academic and administrative offices within the University have the primary responsibility and authority to ensure their respective departments comply with University requirements for privacy and security of specific types of confidential information (e.g., student educational records, personnel records, health records, and financial transaction data). These units are responsible for general security issues (e.g., legal issues, security compliance, physical security and communications) as well as for completing risks assessments and assisting in the development of University IT security policies, standards and best practices in the areas of their responsibility.
Users who use University or personally-owned mobile devices to access University resources are responsible for the security of their data and are subject to the following:
- The provisions of the Campus Computer and Network Use Policy 5.30 and Conditions for Use of Campus Computing Resources
- The regulations for reporting lost or stolen confidential or private data
- All other laws, regulations, or policies directed at the individual user or institution.
Reporting Security Violations
Reporting suspected violations of the Conditions for Information Security is the responsibility
of all members of the University community.
Examples of prohibited (actual or attempted) behavior include, but are not limited to:
- Allowing institutionally or personally-owned mobile devices with officially protected or personal, confidential information to leave the campus.
- Allowing others to use your personal network, MySSU or CARS account
- Any attempt involving campus-computing resources for the purpose of hacking. Hacking is defined as attempting (either successfully or unsuccessfully) to break into or gain unauthorized access or rights on a computer system or network. Any unauthorized attempts to access non-university systems will be reported to the administrators of these non-university systems.
- Accessing or using a protected computer account assigned to another person or the unauthorized sharing of a password to a protected account with another person without prior authorization by the director of ITS.
- Misuse or abuse of computer equipment, networks, software, or supplies.
- Any act which interferes with the appropriate access rights of others.
- Transmitting or posting fraudulent, defamatory, harassing, obscene, or threatening messages, or any communications prohibited by law.
- Use of any computer network for a purpose contrary to the stated purpose of that network.
- Software theft or piracy, data theft, or any other action which violates the intellectual property rights of others.
- Deletion, examination, copying, or modification of files and/or data belonging to other users without their prior consent.
- Forgery (or attempted forgery) of electronic mail messages.
- Deliberate interference with the ability of other users to send/receive electronic mail.
- Network-based applications will not be installed or utilized on Shawnee State systems without prior authorization by ITS
- Decryption of system or user passwords and files.
- The copying of copyrighted materials, or unauthorized sharing of electronic files (audio/video) or third party software, without the express written permission of the owner of the copyright.
- Intentional attempts to crash systems or programs are subject to disciplinary sanctions.
- Any improper or unauthorized attempts to secure a higher level of privilege on Shawnee State systems.
- A physical connection of any computer to any of the University's networks without proper authorization from the appropriate network administrator.
- Misrepresenting one's identity or relationship to the University when obtaining or using University computer or network privileges.
- Creating, installing, or knowingly distributing a computer virus, "Trojan horse", or other surreptitiously destructive program on any University computer or network, regardless of whether any demonstrable harm results.
- Adding, modifying or reconfiguring (without proper authorization) the software or hardware of any University computer or network.
- Loading of software on campus computers without compliance to all licensing requirements. Proof of licensing must be readily available.
- Any unauthorized access (or attempted access) of student identifiable data.
- Using any University computer or network resources to perpetrate a violation of state or federal law or University policies.
1.1 ITS Recommended Best Practices
Individuals are required to know and comply with additional Best Practices established by ITS, colleges, departments or other units. Failure to comply with these Practices may result in loss of computing privileges and/or disciplinary action.
- Lock down console (using <Ctrl-Alt-Delete> function) when not at user station.
- Do not share passwords. Passwords should be complex in nature i.e. uses upper/lower case, numbers, special characters.
- Log-off or lock down computer when leaving office for the day.
- Keep all doors locked when not in office.
- Do not share personal office computers with unauthorized users.
- Do not share confidential information via the Internet without a secure connection.
- Do not respond to emails phishing for personal or institutional information.
- Do not store passwords or usernames in a non-secure location.
- Do not allow unauthorized individuals into your office or to access your computer. Request Id information from unfamiliar individuals.
- Notify ITS (via helpdesk) when a student or departmental employee terminates employment with SSU or leaves the department.
- Notify ITS (via helpdesk) when an electronic data transmit process (dialup transmission or the internet) is needed to complete a University business function.
- Do not access the Internet from Computers with confidential files stored on the local hard drive.
- Do not store Data/Reports with confidential student or staff information locally (C: drive) or on departmental Web shared spaces. If departmental files need to be stored/shared a request for a department share should be forwarded to ITS.
- Change passwords to third-party software on a frequent basis, using complex passwords (at least every 90 days or as required by the third-party).
- Do not keep paper reports with confidential information in non-secured areas and shred all reports and electronic media when no longer needed.
- Do not download (from the Internet) unauthorized, non-work related software onto your computer (i.e. Screensavers, Pointers, WeatherBug, Hotbar, Kazaa etc.)
2.0 Conditions for Network Access (including ResNet and Wireless)
Access to computer systems, resources and networks owned or operated by Shawnee State University is a privilege which imposes responsibilities and obligations and is granted subject to University policies as well as local, state, and federal statutes. These Conditions apply to all users who are granted access to the University's computing resources.
Use of the University's computing systems, resources and networks is granted solely to current Shawnee State University faculty, staff, enrolled students, and any others designated in writing by the President or Vice President of Business and Administrative Affairs. Use of these resources is limited to applications and activities appropriate to the user's role in the University. The University reserves the right to limit, restrict, extend or deny computing privileges and access to its resources.
The University reserves the right to test and monitor security, and review any files or information resident on University systems for unacceptable use. It is the expectation that all accounts assigned to authorized individuals will be treated as private by University employees charged with managing University computer systems, resources, and networks.
An account may be accessed without the user's permission upon authorization by the President or the President's designee for any employee placed on temporary or extended leave of absence, in order to secure documents or data. The University reserves the right to deny access to its computer systems, resources and networks until authorization to access the account is provided by the President or President's designee.
Access to some computer programs and network resources may require a written request.
Access to information which is private or confidential may be restricted.
Employees who leave the institution shall have their accounts disabled, and then deleted after documents of a departmental nature are identified and archived. Those employees who have been terminated or have received notification of termination will be restricted from access to the system, unless authorized by the President or President's designee.
Access to some on-campus computers and to external networks requires a means to authenticate
a user's identity, usually with a password. The user, or account owner, is responsible
for all actions originating from an assigned account. Passwords to protected accounts
may not be shared or used by anyone other than the assigned user.
Users given access to University computational resources shall be advised of their domain (resources available for their use). Users may not go beyond or attempt to go beyond their respective domain without authorization.
The installation/execution of games and/or recreational programs on Shawnee State systems excluding those required for academic coursework in designated labs intended for gaming is prohibited.
Use of Shawnee State computer systems, resources, networks and/or services for unauthorized commercial activities, including use of Internet facilities for any commercial activities, is prohibited.
2.1 Conditions for Residential Housing (ResNet)
ResNet provides a reliable, efficient connection to the Internet, but the drawback of this connection is that it provides an avenue for more people to reach one's computer. ITS provides as much protection as possible, but in order to help you must install Anti-virus and Spyware software and keep both definitions up to date on your computer.
Since ResNet/Wireless Network Access is an "always on connection" similar to commercial broadband, the University has a responsibility to both the ResNet/Wireless Network Participant, and the greater Internet community to protect them from each other. These rules are meant to help educate, inform, and provide an environment free of computer viruses and security attacks. They are meant to help foster a friendly, safe and clean network environment for ResNet/Wireless Network Participants. They are not optional.
Selection of inclusion is entirely at the discretion of the Participant, ITS, and Student Housing (ResNet). ResNet/Wireless Network is provided with the understanding that it serves primarily as an academic tool. The University reserves the right to limit or prohibit activities that might interfere with the primary function of the ResNet/Wireless Network.
ResNet will be periodically scanned to check for malicious activity. If issues are detected on a system, the owner of that computer will be notified of the action taken to resolve the problem and will be advised of the steps that must be taken to be re-connected to ResNet.
In order to reactivate a port after a virus or other malicious software has been removed, an appointment with a ITS Technician may need to be made for the Technician to verify that the hard drive has been cleaned.
All computers accessing or attempting to access the ResNet/Wireless Network must have an anti-virus with the anti-malware component software package installed with current definitions. If the participant's anti-virus software package does not have an anti-malware component then an anti-malware software program must be installed separately.
ITS provides a free copy of Symantec Anti-Virus with an anti-malware component free to all registered students, faculty and staff. This software package is available on the ITS Resource CD which can be picked up in the ITS office or can be downloaded through the network access control interface. Please review the ResNet Conditions prior to installing the software. Computers connected to ResNet via network access control must meet the following software prerequisites before authentication is complete.
2.1.1 Installed Software
- An anti-virus software package must be installed and running.
- Anti-virus definitions must be current
- Live Update feature must be enabled for anti-virus definition files.
Anti-Malware Software (if not a component of Anti-Virus software package)
- An anti-malware software package must be installed and running.
- Anti-malware definition files must be current.
- Update feature must be enabled for anti-malware definition files.
Microsoft Security Updates (only applies if running Windows)
- Operating system updates will be posted when required. Any required updates must be applied.
Shawnee State University utilizes a network access control application, which each Participant must download on his or her personal computer to have access to the ResNet/Wireless Network. This application ensures all requirements are satisfied.
2.1.2 Personal Servers
Servers of any kind are not permitted on the ResNet/Wireless Network.
Servers open security holes on the network allowing attackers to gain unauthorized access to your computer and/or the ResNet/Wireless Network. They also may serve files to unauthorized persons without your knowledge or consent. Specific examples of servers are: Web servers, FTP servers, File sharing servers, Print servers, Database or Application servers.
2.1.3 Static IP's
Static IP's will not be permitted on any system connected to the ResNet/Wireless Network. ITS managed software will monitor IP addresses and assign them appropriately.
2.1.4 Network Port Scans
Network port scans by Participants are not permitted. Port scans may be performed by ITS to maintain the ResNet/Wireless Network. However, no ResNet/Wireless Network Participant is to perform a port scan of any host inside or outside of the ResNet/Wireless Network. This will be considered a network attack and ITS will respond accordingly.
2.1.5 Network Attacks
Network attacks of any kind will not be tolerated. Network attacks are serious concerns to the University and ITS, and should be to the ResNet/Wireless Participant involved as well.
2.1.6 Dissemination of Information
Dissemination of libelous or slanderous material on the SSU ResNet/Wireless Network is prohibited, as is the dissemination of material that has the purpose or effect of harassing one or more individuals based on their race, color, religion, sex (including sexual orientation, gender identity and gender expression), national origin, age, or disability. Material is considered harassing when it is sufficiently serious (i.e., severe, pervasive, or persistent) and objectively offensive so as to deny or limit a person's ability to participate in or benefit from the University's programs, services, opportunities, or activities.
2.1.7 Software and Hardware Devices
Software and hardware devices that are currently prohibited by Shawnee State University and ITS will not be permitted on the ResNet/Wireless Network. Devices include wireless network products (i.e. Apple Airport), thin-clients, game consoles (i.e. Xbox, Playstations, etc), hubs, switches, routers, print servers, and network appliances.
2.1.8 Modification of Physical Wiring
ResNet/Wireless Network services and physical wiring may not be modified or extended for any reason. This applies to all network wiring, hardware, and in-room data jacks.
2.1.9 Minimum Hardware Requirements
Participants must have a computer system that satisfies the minimum published requirements of the ResNet/Wireless Network program. For current minimum system requirements, click here.
2.1.10 File Sharing
Participants are reminded that sharing of copyrighted materials over the network such as software, music, images, videos, publications, or any other protected materials is a violation of federal copyright statutes and is strictly prohibited. Students who are cited in infringements notices under the Digital Millennium Copyright Act (DMCA) will have their ResNet/Wireless Network access suspended. Repeat violations will result in a judicial referral.
2.1.11 Access to Participant's Systems
ITS staff may require access to a Participant's computer to maintain ResNet/Wireless Network operations. Participants agree to provide reasonable access to their system.
2.1.12 Licensing of Software
Participants agree to abide by the license agreements governing the use and distribution of the software provided by the University.
2.1.13 Responsibility for All Participants
Participants are ultimately responsible for any and all network use or communication traffic originating from their personally-owned computer, regardless of the actual author of such traffic.
2.1.14 Disclaimer of Liability
Participants connecting computers to the ResNet/Wireless Network or seeking technical assistance in order to connect computers to the ResNet/Wireless Network understand and agree that Shawnee State University, its contractors, employees, representatives and agents volunteering to help set up the computer assumes no responsibility for a Participant's loss of time, data or other loss due to unavailable network services or network outages. With full knowledge of the risks involved the Participant waives any claim whether in tort or contract, for any damage including but not limited to loss of data, programs, and hardware which may result from work, as well as suggested or required downloads on the Participant's personal computer. Furthermore, the Participant agrees to hold harmless, Shawnee State University, its contractors, employees, and agents from any liability of damages the Participant may incur or cause to others. In addition to this waiver of any claim of damages, the Participant agrees to assume the risks associated with computer assistance. The Participant agrees to this waiver, hold harmless agreement and assumption of risk without reservation and certify that the Participant has had the opportunity to ask any questions concerning the risks that might be involved with this computer assistance. ITS is charged with ensuring that Participants can connect their personally owned computers to ResNet/Wireless Network. Beyond network connectivity, it is at the discretion of the ITS staff the extent to which it will troubleshoot and/or resolve issues related specifically to the equipment. ITS does not provide repair services for personally owned computers, printers, or PDA devices.
2.2 Conditions for Wireless Installation and Usage
To guide the deployment and usage of wireless networking on the SSU campus, to protect the security of SSU's information resources and electronic communications as well as to abate possible interference in the FCC unlicensed 2.4 GHz and 5 GHz radio frequency spectrum, Conditions for Wireless Installation and Usage 2.2 serve as a prerequisite to implementing and using wireless networks on the SSU campus.
2.2.1 Installing Personal Wireless Access Points
The installation of any wireless access device on SSU networks by any individual or group other than University Information Services (ITS) is prohibited without prior authorization by the Director of ITS. Contact University Information Services at 740-351-3538, or via e-mail at firstname.lastname@example.org for wireless access point procurement, survey and installation.
Installation must comply with all health, safety, building, and fire codes.
Students may not install or operate wireless local area network (WLAN) access points in the residence halls or any other areas on campus.
ITS retains the right to enforce cessation of any unapproved access points, and/or disable network ports where unauthorized access points are found.
All IP addresses for the SSU WLAN will be assigned and maintained by ITS.
2.2.2 Acceptable Technology
The Institute of Electrical and Electronic Engineers (IEEE) is responsible for defining and publishing telecommunications and data communications standards. ITS will use these standards as a basis for establishing and keeping current its wireless protocols for the campus.
2.2.3 Installation and Management
University Information Services (ITS) will be the sole provider of design, specification, installation, operation, maintenance, and management services for all wireless access points on the SSU network. Departments wanting WLAN capability will schedule with ITS for installation and maintenance.
2.2.4 Radio Signal Interference
The use of other electronic data and telecommunication devices that occupy the same frequency as the SSU WLAN is discouraged on campus. In cases of significant problems, users of other devices will be required to cease using those devices.
ITS shall resolve frequency conflicts in a manner which is in the best interest of the University and its academic mission.
It is critical that ITS maintains the necessary security measures consistent with current network practices and procedures. All access points in the SSU WLAN will use a Service Set Identifier (SSID) maintained by University Information Services. All access points in the SSU WLAN will use authentication and security measures maintained by ITS.
3.0 Conditions for Campus Email
The campus electronic communications system is designated as the primary means for distributing critical information to the University community. Unless otherwise provided in Collective Bargaining Agreements, any official communication to University users via campus electronic communications constitutes notice to the recipients.
3.1 Intended Recipients
Electronic mail (e-mail) is intended for communication between individuals and clearly identified groups of interested individuals, not for mass distribution.
3.2 Mass Distribution
Mass distribution is defined as sending an email to a group of University users, who have not otherwise indicated their desire to receive messages not directly related to their University position or University mission. Sending multiple copies of the same message to multiple groups is also mass distribution. Mass distribution of messages is permissible only for University business and official University-sponsored activities. Mass distribution of other non-University business and non-University-sponsored activities may be considered "spamming" and a violation of the Conditions for Use of Campus Computing Resources as determined by the President or President's designee.
3.3 Email Access
A University email account may be accessed without the user's permission upon authorization from the President or President's designee for any employee placed on temporary or extended leave of absence, or otherwise is not reasonably available, in order to secure documents or communications essential to the mission.
4.0 Conditions for Software Use and Intellectual Property Rights
Respect for the scholarly work and intellectual property rights of others is essential to the educational mission of any university. Shawnee State University, therefore, endorses the following 1987 EDUCOM/ADAPSO statement on Software and Intellectual Rights:
"Respect for intellectual labor and creativity is vital to academic discourse and enterprise. This principle applies to works of all authors and publishers in all media and publishers in all media. It encompasses respect for the right to acknowledgement, right to privacy, and right to determine the form, manner, and terms of publication and distribution. Because electronic information is volatile and easily reproduced, respect for the work and personal expression of others is especially critical in computer environments. Violations of authorial integrity, including plagiarism, invasion of privacy, unauthorized access, and trade secret and copyright violations, may be grounds for sanctions against the violator."