Computer Security

POLICY OF BOARD OF TRUSTEES OF PEARL RIVER COMMUNITY COLLEGE Tuesday, July 8, 1997 1 Wednesday, October 15, 2003 Administrative

Pearl River Community College will provide personnel with access to computers, computer systems, and computer networks.  Each user must agree to the guidelines and rules prior to receiving this access. 

1. Personnel will be required to sign this Computer Security Policy stating that they have read, understand, and agree to abide by the procedures that have been established by Pearl River Community College.
2. Personnel utilizing the computer system and network must accept the responsibilities and obligations for ethical use that is mandated by Pearl River Community College, state government policies, and laws.
3. Use of Pearl River Community College’s computer system and network will be subject to monitoring for security and management purposes.  Users must be aware of this monitoring and management and agree to this practice.
4. Individual users are responsible for the security of their workstations and the data they store.
5. Users must accept responsibility for their logins, passwords, and user IDs—these must be kept confidential. Each employee is responsible for all transactions occurring during the use of his or her login and password.  Do NOT give these to anyone; not even students who work for you .Guidelines for Password Selection:  
   • DON’T use your login name in any form. 
   • DON’T use your first, middle, or last name in any form (back wards, scram bled, etc.). 
   • DON’T use your spouse’s or child’s name.
   • DON’T use other information that can be easily obtained about you (license #, social security #,  telephone make of your automobile, the name of the street you live on, your pet’s name, etc.)
   • DON’T use a password that contains all digits or all letters–mix numbers and letters. 
   • DON’T use a word contained in English or foreign language dictionaries, spelling lists, or other lists of words.
   • DON’T use a password shorter than six characters. 
   • DO use a password with mixed-case alphabetics, digits and/or punctuation. 
   • DO use a password that is easy to remember so you won’t have to write it down. 
   • DO use a password that you can type quickly without having to look at the keyboard. 
   • TIP:  Choose a line or two from a song or poem and use the first letter of each word. 
   • TIP:  Alternate between one consonant and one or two vowels, up to seven or eight characters.  This provides nonsense words which are usually pronounceable, and thus easily remembered.
   • Change your password periodically.  This makes sure that an intruder who has guessed a password will eventually lose access, as well as invalidating any list of passwords they may have obtained.
6. If any user suspects that his or her login and password have been used by another person , immediately notify the Pearl River Community College Department of Information Technology; they will investigate the problem and decide what course to follow.
7. The computer network system can be used for official college business only, not for personal gain or commercial purposes. 
8. Users will not attempt to modify the computer systems in any unauthorized manner. 
9. Copying of copyrighted software or other materials may be a violation of the copyright laws and is not permitted. Users who violate copyright laws are acting outside the scope of their employment and will be held personally responsible and liable for these violations.  Pearl River Community College accepts no responsibility for such activities. 
10. Files that are owned by someone else should not be accessed without the owner’s permission; viewing or using files that do not belong to you is an invasion of that person’s privacy.  Breaking into accounts or bypassing security is not permitted.
11. If it is determined that a user is in violation of the guidelines, he/she may be subject to restrictions, banned from use of the network, and/or disciplinary action.
12. Access to all of Pearl River Community College’s administrative computer systems are for official use only. This includes but is not limited to BANNER, SIRSI, Blackboard Academic and Transaction Systems, and student e-mail.
13. As an employee you will have access to student information and other administrative systems—the confidentiality of these records is governed by the federal Family Education Rights and Privacy Act of 1974 (aka, Buckley Amendment, FERPA).  All information is confidential and the students have a right to expect that their academic records are being properly supervised.  Requests for disclosure of information should be directed to the appropriate college official.
14. Security infractions with an e-mail account should be reported to the Department of Information Technology immediately.
15. Employee e-mail accounts will be removed when their employment is terminated with the College. 
16. It is the responsibility of all e-mail account holders to abide by the Pearl River Community College Computer Security Policy.
17. Users need to be aware that e-mail is public domain and is not a good way to have a  private conversation.
18. No modems will be allowed in individual computers.  Regular site checks will be conducted in order to assure compliance with this policy.  Any user found in violation of this policy will be disconnected from the campus network.
19. Adherence to these rules and regulations is critical for computer utilization services and information security.

I understand my responsibilities to assist with appropriate use of Pearl River Community College’s computer systems, security, confidentiality, and disclosure of official College data.

NAME:______________________________________________________________________________________

                      (Please Print)

SIGNATURE:___________________________________________________ DATE:_______________________