Policies & Procedures

Policies & Procedures

POLICY OF BOARD OF TRUSTEES PEARL RIVER COMMUNITY COLLEGE

Computer Security

Adopted July 8, 1997

Revision Date October 15, 2003

Reference: Administrative

Policy: Pearl River Community College will provide personnel with access to computers, computer systems, and computer networks. Each user mu st agree to the guidelines and rules prior to receiving this access.

Procedure: 1. Personnel will be required to sign this Computer Security Policy stating that they have read, understand, and agree to abide by the procedure s that have be en established by Pearl River Community College. 2. Personnel utilizing the computer system and network must accept the responsibilities and obligations for ethical use that is mandated by Pearl Rive r Comm unity College, state government policies, an d laws. 3. Use of Pearl River Community College’s computer system and network will be subject to monitoring for security and management purposes. Users mus t be aware of this monitoring and management and agree to this practice. 4. Individual users are responsible for the security of their workstations and the data they store. 5. Users mu st accept responsibility for their lo gins, passwords, and use r IDs— these must be kept confidential. Each employee is responsible for a ll transactions occurring du ring the use of his or her login and password . Do N OT give these to anyone; not even students who work for you . Guidelines for Password Selection: # DON’T use your login name in any form. # DON’T use your first, middle, or last name in any form (back wards, scram bled, etc.). # DON’T use your spouse’s or child’s name. # DON’T use other information that can be easily obtained about you (license #, social security #, telephone #, make of your automobile, the name of the street you live on, your pet’s name, etc.) # DON’T use a password that contains all digits o r all letters--mix numbers and letters. # DON’T use a word contained in English or foreign language dictionaries, spelling lists, or other lists of words. # DON’T use a password shorter than six characters. # DO use a password with mixed-case alphabetics, digits and/o r punctuation. # DO use a password that is easy to rem ember so you won’t have to write it down. # DO use a password that you can type quickly without having to loo k at the keyboard. # TIP: Choose a line or two from a song or poem and use the first letter of each word. # TIP: Alternate between one consonant and one or two vowels, up to seven or eight characters . This provides nonsense words which are usually pronounceable, and thus easily remembered. # Change your password periodically. This makes sure that an intruder who has guessed a password will eventually lose access, as well as invalidating any list of passwords they may have obtained. 6. If any user suspects that his or her lo gin and password have been us ed by another person , immediately notify the Pearl River Community College Department of Information Technology; they will investigate the problem and decide what course to follow. 7. The computer network system can be used for official college business only, not for personal gain or commercial purposes. 8. Users will no t attempt to modify the comp uter systems in any unauthorized manner . 9. Copying of copyrighted software or other materials may be a violation of the copyright laws and is not permitted. Users who violate copyright laws are acting outside the scope of their employment and will be held personally responsible and liable for these violations. Pearl River Community College accepts no responsibility for such activities. 10. Files that are owned by someone else should not be accessed without the owner’s permission; viewing or using files that do not belong to you is an invasion of that person’s privacy. Breaking into accounts or bypassing security is not permitted. 11. If it is determined that a user is in violation of the guidelines, he/she may be subject to restrictions, banned from use of the network, and /or disciplinary action. 12. Access to a ll of Pearl Riv er Comm unity College’s administrative computer systems are for official use only. This includes but is not limited to BANNER, SIRSI, Blackboard Academic and Transaction Systems, and student e-mail. 13. As an employee you will have access to student information and other administrative systems—the confidentiality of these records is governed by the federal Family Education Rights and Privacy Act of 1974 (aka, Buckley Amendment, FERPA). All information is confidential and the students have a right to expect that their academic records are being properly supervised. Requests for disclosure of information should be directed to the appropriate college official. 14. Security infractions with an e-mail account should be reported to the Department of Information Techno logy immediately. 15. Employee e-mail accounts will be re moved when their employment is terminated with the College. 16. It is the responsibility of all e-mail account holders to abide by the Pearl River Community College Computer Security Policy. 17. Users need to be aware that e-mail is public domain and is not a good w ay to have a private conversation. 18. No modems will be allowed in individual computers. Regular site checks will be conducted in order to assure compliance with this policy. Any user found in violation of this policy will be disconnected from the campus network. 19. Adherence to these rules and regulations is critical for computer utilization services and information security. I understand my responsibilities to assist with appropriate use of Pearl River Community College’s computer systems, security, confidentiality, and disclosure of official College data. NAME:______________________________________________________________________________________ (Please Print) SIGNATURE:___________________________________________________ DATE:_______________________

No such file or directory