Versions Compared

Old Version 18

changes.mady.by.user Adam Slagell

Saved on

compared with

New Version 19

changes.mady.by.user Adam Slagell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The privacy of other staff must also be respected, and unauthorized snooping of traffic or communications of fellow staff is a serious offense that will be reported to HR. This includes unauthorized video and audio recording as well as network traffic recording or any means of superseding ones authorizations to look at digital files they should not access. Some types of unauthorized recording are a criminal offence in Illinois and could also be reported to the authorities.

...

Appropriate use of University Systems & Services

Staff are in a position of trust when given authentication credentials, such as, passwords, keys or tokens. These accounts given to staff are for their use only, and cannot be shared to give another party access to NCSA systems or resources. Furthermore, per the University's policies, passwords are confidential information and therefore cannot be stored or transmitted unencrypted. For example, NCSA passwords cannot be emailed or put on a web site or wiki.

Staff are expected to obey all relevant laws and regulations regarding computer hacking, attacking, fraud, etc. Staff and users of NCSA systems also agree not to "hack" NCSA systems or exceed their authority on them. This includes violating file permissions, impersonating others, stealing/cracking other users' credentials, and using NCSA systems as part of an attack on other computers or electronic equipment. Attacks in this context do not include authorized cracking as part of normal research and development, but rather malicious or unauthorized activities.

While the University respects academic freedom and has a broad mission, staff need to take careful consideration of personal use of University owned systems or networks. For example, profiting or politicking with University equipment violates State law. Other activities may be legal but against the mission of the University. Staff are advised to contact the Ethics Office with specific questions about personal use of University equipment.

...

  • Policy systems/accounts/services
  • authentication credentials
    • No sharing
    • no cleartext storage
    • no clear text email/xfer
  • hacking/exceeding authority
    • includes violating permissions & impersonating others
    • using to attack others
    • personal use and ethical consideration
  • University ethics office
    • not making money, inline with mission of the university
    • Service operation
      • BE aware of laws and privacy of users
      • follow network security policies
      • involve security in planning process
      • change control as appropriate
      • production servers belong in a RAF room, see network zone policy
    • Equipment registered to you
      • Follow best practices and maintain updates, follow university policies
      • screen locks on mobile devices, leaving office doors open
      • taking home
      • Done with it, broken or lost
        • surplus & wipe
        • xfer equipment
      • ethical use
      • Personal equipment implications
    • Information/Data
      • Follow university policy
        • includes printed materials and physical locks
      • Notify of high risk or confidential data
      • backup important
      • encryption on backup & mobile
      • approved third parties like box
    • employee exit
      • authorizations
      • keys
      • email lists
      • property return
  • Authority & Consequences
    • revoked accounts, privileges, taken off network, reported to HR
    • PA only has authority to speak with the public directly or the DO
  • Exceptions process
  • Review & update
  • References

...