Policies & Procedures Manual

287

Policy No: 621.1

Policy Contact: Vice President for Institutional Research and Effectivenes

Policy Title: NETWORK SECURITY

In order to achieve the highest possible level of network security at East Central Community College, the College will adhere to the following policies and procedures: • Access to the College’s data center and the Information Technology office will be limited to Technology Management personnel. Access to Administrator passwords will be limited to Technology Management personnel. • Windows passwords for administration, faculty, and staff will have a required length of eight (8) characters consisting of at least: • Windows passwords for administration, faculty, and staff will expire every 180 days. Upon expiration, the user will be prompted to reset his/her Windows password. • All software installations on network servers will be performed by Information Technology personnel or contracted, third-party software vendors. Information Technology personnel will be involved with and supervise all software installations. • No network equipment, including wireless routers, will be installed on the campus network without the knowledge and consent of the Information Technology office. • All networked workstations will have network virus protection enabled. Information Technology personnel should be notified upon the discovery or suspicion of computer viruses. The willful distribution of computer viruses is prohibited. • Users should not expect confidentiality on the College’s network. East Central Community College has the capability and right to monitor all network activity as well as electronic messaging as instructed by legal or judicial authorities or by the College President as warranted. • Unencrypted e-mail messages or e-mail attachments should not include social security numbers. • Internally secure network folders are to be used for the transfer of confidential information or other data between or among employees. • By definition, e-mail spam is any e-mail that meets any one (1) of the following three (3) criteria: o The address and identity of the sender are concealed. Spam e-mail should be deleted or reported as spam through the user’s e-mail client. If the spam is particularly intrusive or offensive, the e-mail should be forwarded to the Technology Management department for further analysis and treatment. • E-mail attachments from unknown or unusual sources should not be opened or executed. • Access to the College staff and student e-mail groups will be restricted to the President, members of the Executive Council, and Information Technology Administration. E-mails to this group should be official in nature and pertain to the business and mission of the College. E-mails to staff or student e-mail groups should be forwarded to the sender’s respective Vice President for distribution to the appropriate group(s). (1) Upper case character; (1) Lower case character; (1) Numeral; and (1) Special character. o The e-mail is sent to large groups of people. o The e-mail is not requested by the recipients.

(Revised 6/11/13; Revised 6/14/16; Revised 9/12/17)