skip to page content
Printed Header
NorthCentral Technical College - Home

NTC Student Email NTC Distance Learning NTC Library NTC Bookstore Log on to my NTC
About NTC Getting Started NTC Students Courses & Programs Workforce Learning Foundation/Alumni
Library

Services & Resources
Electronic Reserves
Glossary
Online Library Catalog
Electronic Reference
Online Help
Find Books
Find Articles
Off Campus Users
Faculty Services
Policies
Contact Us
Get Acrobat Reader
   
Refer a friend Print this page Request Information

Policy 643 Information Security


Click here for a printer friendly version

Introduction
Computer information systems and networks are an integral part of business at Northcentral Technical College. The organization has made a substantial investment in human and financial resources to create these systems.

Only those computer resources designated as Library Public Use are accessible and can be used by the public. Northcentral Technical College's Information Security Policy will apply to public users

The enclosed policies and directives have been established in order to:

  • Protect this investment.
  • Safeguard the information contained within these systems.
  • Reduce business and legal risk.
  • Protect the good name of the organization.

Violations
Failure to observe these guidelines may result in disciplinary action by the organization depending upon the type and severity of the violation, whether it causes any liability or loss to the organization, and/or the presence of any repeated violation(s).

Administration
The Information Systems Instructional Technology Team Leader (ISIT Team Leader) is responsible for the administration of this policy.

Contents
The topics covered in this document include:

  • Statement of responsibility
  • The Internet and e-mail
  • Computer viruses
  • Access codes and passwords
  • Physical security
  • Copyrights and license agreements

Statement of responsibility
General responsibilities pertaining to this policy are set forth in this section. The following sections list additional specific responsibilities.

Middle Leaders responsibilities

Middle Leaders:

  1. Ensure that all appropriate personnel and students are aware of and comply with this policy.
  2. Create appropriate performance standards, control practices, and procedures designed to provide reasonable assurance that all employees/students observe this policy.

ISIT Team Leader responsibilities

The ISIT Team Leader must:

  1. Develop and maintain written standards and procedures necessary to ensure implementation of and compliance with these policy directives.
  2. Provide appropriate support and guidance to assist employees to fulfill their responsibilities under this directive.

The Internet and e-mail
This policy pertains to internet and e-mail use on any computer connected to the NTC network or placed in any NTC educational environment.

Policy
Access to the Internet is provided to employees and students for the benefit of Northcentral Technical College and its students. Employees and students are able to connect to a variety of educational resources around the world.

Unfortunately, computers connected to the Internet also face risks associated with computer viruses and data security, and users can easily and in some cases inadvertently download material that is inappropriate to the educational, business or workplace setting. To ensure that all employees and students are responsible and productive Internet users and to protect the organization's interests the following guidelines have been established for using the Internet and e-mail.

Acceptable use
Employees and students using the Internet are representing the organization. Employees and students are responsible for ensuring that the Internet is used in an effective, ethical, and lawful manner. Examples of acceptable use are:

  • Using Web browsers to obtain educational information from educational Web sites.
  • Accessing databases for information as needed.
  • Using e-mail for Northcentral Technical College business contacts.

Unacceptable use
Employees and students must not use the Internet for purposes that are illegal, unethical, harmful to the organization, or nonproductive. Examples of unacceptable use are:

  • Broadcasting e-mail, i.e., spam.
  • Transmitting any content that is offensive, harassing, slandering or fraudulent.
  • Non-instructional/Non-business chat rooms.
  • Destruction of or damage to equipment, software, or data belonging to the College or others.
  • Disruption or unauthorized monitoring of electronic communications.
  • Use of the College's trademarks, logos, insignia, or copyrights without prior approval.
  • Use of computing facilities for private business purposes unrelated to the mission of the College or to College life.
  • Violation of software license agreements.
  • Displaying or sending obscene, pornographic, sexually explicit, or offensive material.
  • Displaying or sending material that is contrary to the mission or values of the College.
  • Peer-to-Peer (P2P) file sharing programs for non instructional use.

Downloads
Downloading or installing unauthorized software of any kind to computer hard drives is forbidden. Files or programs may be downloaded to removable media and designated file shares as directed by College faculty or staff.

Employees and students responsibilities
An employee or student who uses the Internet or Internet e-mail shall:

  1. Ensure that the use of the Internet does not interfere with his/her productivity.
  2. Be responsible for the content of all text, audio, or images that (s)he places or sends over the Internet. All communications should have the employee’s/student’s name attached.
  3. Not transmit copyrighted materials without permission.
  4. Know and abide by all applicable Northcentral Technical College policies dealing with security and confidentiality of organization records.
  5. Avoid transmission of nonpublic customer information. If it is necessary to transmit nonpublic information, employees are required to take steps reasonably intended to ensure that information is delivered to the proper person who is authorized to receive such information for a legitimate use.

Copyrights
Employees and students using the Internet are not permitted to copy, transfer, rename, add, or delete information or programs i.e. shareware belonging to others unless given express permission to do so by the owner. Failure to observe copyright or license agreements may result in disciplinary action by the organization and/or legal action by the copyright owner.

Monitoring
All messages created, sent, or retrieved over the Internet are the property of the organization and may be regarded as public information. Northcentral Technical College reserves the right to access the contents of any messages sent over its facilities if the organization believes, in its sole judgment, that it has a business need to do so.

All communications, including text and images, can be disclosed to law enforcement or other third parties without prior consent of the sender or the receiver. This means don’t put anything into your e-mail messages that you wouldn’t want to see on the front page of the newspaper or be required to explain in a court of law.

Computer viruses
Computer viruses are programs designed to make unauthorized changes to programs and data. Therefore, viruses can cause destruction of organizational resources.

Background
It is important to know that:

  • Computer viruses are much easier to prevent than to cure.
  • Defenses against computer viruses include protection against unauthorized access to computer systems, using only trusted sources for data and programs, and maintaining virus-scanning software.

ISIT responsibilities
ISIT shall:

  1. Install and maintain appropriate antivirus software on all Northcentral Technical College owned computers.
  2. Respond to all virus attacks, destroy any virus detected, and document each incident.

Employee/Student/General Public responsibilities
These directives apply to all employees and students:

  1. No one shall knowingly introduce a computer virus into organizational computers.
  2. No one shall load storage media of unknown origin.
  3. Incoming storage media shall be scanned for viruses before they are read.
  4. Any person who suspects that his/her workstation has been infected by a virus shall IMMEDIATELY POWER OFF the workstation and call the ISIT help desk.

Access codes and passwords
The confidentiality and integrity of data stored on organization computer systems must be protected by access controls to ensure that only authorized persons have access. This access shall be restricted to only those capabilities that are appropriate to each person’s duties.

ISIT responsibilities
The ISIT Team Leader shall be responsible for the administration of access controls to all organization computer systems. The ISIT help desk will process adds, deletions, and changes upon receipt of a written request from the People Services team.

Deletions may be processed by an oral request prior to reception of the written request. The ISIT Team Leader will maintain a list of administrative access codes and passwords and keep this list in a secure area.

Employee/Student responsibilities
Each employee/Student:

  1. Shall be responsible for all computer transactions that are made with his/her User ID and password.
  2. Shall not disclose passwords to others. Passwords must be changed immediately if it is suspected that others may know them. Passwords should not be recorded where they may be easily obtained.
  3. Will change passwords at least every 60 days.
  4. Should use passwords that will not be easily guessed by others.
  5. Should log out when leaving a workstation for an extended period.

Middle Leader’s responsibility
Middle Leaders should notify the People Services team promptly whenever an employee leaves the organization or transfers to another department so that his/her access can be revoked/changed. Involuntary terminations must be reported concurrent with the termination.

People Services responsibility
The People Services team will notify ISIT of employee transfers and terminations. Involuntary terminations must be reported concurrent with the termination.

Physical security
It is organizational policy to protect computer hardware, software, data, and documentation from misuse, theft, unauthorized access, and environmental hazards.

Employee responsibilities
The directives below apply to all employees:

  1. Storage media should be stored out of sight when not in use. If they contain highly sensitive or confidential data, they must be locked up.
  2. Storage media should be kept away from environmental hazards such as heat, direct sunlight, and magnetic fields.
  3. Environmental hazards to hardware such as food, smoke, liquids, high or low humidity, and extreme heat or cold should be avoided.
  4. Since the ISIT Team Leader is responsible for all equipment installations, disconnections, modifications, and relocations, employees are not to perform these activities. This does not apply to temporary moves of portable computers for which an initial connection has been set up by ISIT.
  5. Employees shall not take Northcentral Technical College owned equipment out of the building without the informed consent of their e-unit or s-unit manager. Informed consent means that the manager knows what equipment is leaving, what data is on it, and for what purpose it will be used.
  6. Employees should exercise reasonable care to safeguard the valuable electronic equipment assigned to them. Employees who neglect this duty may be accountable for any loss or damage that may result.
  7. All non NTC wireless access points, network devices, and computers are not allowed to connect to the NTC network without prior approval from the ISIT Team Leader.

Copyrights and license agreements
It is Northcentral Technical College’s policy to comply with all laws regarding intellectual property.

Legal reference
Northcentral Technical College and its employees are legally bound to comply with the Federal Copyright Act (Title 17 of the U. S. Code) and all proprietary software license agreements. Noncompliance can expose Northcentral Technical College and the responsible employee(s) to civil and/or criminal penalties.

Scope
This directive applies to all software that is owned by Northcentral Technical College, licensed to Northcentral Technical College, or developed using Northcentral Technical College resources by employees or vendors.

ISIT responsibilities
The ISIT Team Leader will:

  1. Maintain records of software licenses owned by Northcentral Technical College.
  2. Periodically (at least annually) scan organization computers to verify that only authorized software is installed.

Employee/Student responsibilities
Employees/Students shall not install or copy software that is not licensed to or owned by Northcentral Technical College on the organization’s computers.

Civil penalties
Violations of copyright law expose the organization and the responsible employee(s) to the following civil penalties:

  • Liability for damages suffered by the copyright owner
  • Profits that are attributable to the copying
  • Fines up to $100,000 for each illegal copy

Criminal penalties
Violations of copyright law that are committed “willfully and for purposes of commercial advantage or private financial gain (Title 18 Section 2319(b)),” expose the organization and the employee(s) responsible to the following criminal penalties:

  • Fines up to $250,000 for each illegal copy
  • Jail terms of up to five years

Glossary of Terms

Chat Room: The name given to a place or page in a Web site or online service where people can "chat" with each other by typing messages which are displayed almost instantly on the screens of others who are in the "chat room."

Internet: The Internet is a very large, publicly accessible network that has millions of connected users and organizations worldwide.

ISIT: Information Systems Instruction Technology service unit (Team Leader is Chet Strebe).

Organization: Northcentral Technical College.

Peer-to-Peer (P2P): A commonly used protocol for downloading software, music or other files with other ordinary users on the Internet. P2P is often used to obtain freeware, shareware, and bootleg software. P2P exchange is often made practical through web sites that act as clearinghouses listing people who have or want something. One of the most famous of these was Napster.

Shareware: Software that you can try before you buy. It's distributed through on-line services, and user groups. You're allowed to try it out and give copies to others, but if you want to keep using it, you must pay the registration fee.

Spam: Unsolicited "junk" e-mail sent to large numbers of people to promote products or services.

Unauthorized Software: Unlicensed or unapproved software. Examples include but are not limited to games, web shots, instant messengers, shareware, etc.

Disclaimer
As part of the services available through the Northcentral Technical College campus network, the College provides access to a large number of conferences, lists, bulletin boards, and Internet information sources. These materials are not affiliated with, endorsed by, edited by, or reviewed by Northcentral Technical College, and the College takes no responsibility for the truth or accuracy of the content found within these information sources. Moreover, some of these sources may contain material that is offensive or objectionable to some users.

Existing College Rules and Regulations
This policy is intended to be an addition to existing College rules and regulations and does not alter or modify any existing College rule or regulation.

This policy is posted on NTC web pages at: www.ntc.edu/about/compuse.htm

Please direct questions regarding this policy to:

Information Systems and Instructional Technology (ISIT)
Northcentral Technical College
1000 Campus Drive
Wausau, WI 54401
715.675.3331

 
NorthCentral Technical College - 1000 W. Campus Drive, Wausau, WI - 715.675.3331 Login required Site Map Legal/Disclaimer ADA Compliance Contact Us Campus Maps Downloads Jobs at NTC Wisconsin Technical College System FAFSA - Free Application For Federal Student Aid Click here for information on e-cashier. Bookmark and Share