Skip to Main Navigation | Skip to Content
Shelly Bachus, Policy Director
Warrensburg, MO 64093
NETWORK SECURITY REGULATIONS
Approval: Approved by the President on May 1, 2003
Authority: Board of Governors Policy 1.2.040
Responsibility: University Director of Information Services
IF YOU HAVE SPECIFIC QUESTIONS REGARDING THESE REGULATIONS, PLEASE CONTACT THE DEPARTMENT OF INFORMATION SERVICES.
Information technology exists to support the mission and operation of the University of Central Missouri. The University of Central Missouri relies on information technology to perform daily operations vital to achieving the university’s mission. UCM ’s network must be protected and secured in a manner which strikes a balance between the functional needs of academic disciplines, functional needs of administrative units and the realistic threat of network security breaches.
A. Campus-level Security Mearsures
B. Network-level Security Measures
C. User-level Security Measures
- When users leave their workstations, they should log off the network or secure their workstations to prevent unauthorized use. The Department of Information Services may implement a network tool that automatically logs off users after a certain period of inactivity. The length of this period of inactivity may be determined based upon the necessary security level of the open application. Users should also close all applications and turn off the desktop computer when they have completed computing work and are leaving for the day, unless they are participating in a project which requires that their computers be left on. Every effort should be made to reduce energy usage, including turning off monitors and other peripherals that are not needed for a project. (Note: Before an automatic log off tool is implemented, the Department of Information Services will give users the opportunity to identify machines that should be exempted from automatic log off processes.)
- Software installed by users may create security risks. Users should exercise caution in downloading software from the Internet, as the software may be contaminated with viruses or other security problems. To ensure full support from the Department of Information Services, all software to be installed must be approved by the Department of Information Services to ensure that the software is safe for use and will not conflict with other programs on the user’s machine. When users install software without proper consultation with the Department of Information Services, troubleshooting will be limited to rebuilding the base system from a standard desktop or from a ghost image. The Department of Information Services will obtain the user’s permission before rebuilding a system from a standard desktop or a ghost image.
Specific computer labs may be designated as experimental labs for the purpose of downloading experimental or test software for educational purposes. Labs designated as such will implement procedures to ensure the security of the hardware used as well as the network.
- Software must not be installed on university equipment without a valid license.
- All student workstations in university Residence Halls which are connected to the university network are required to have an up-to-date anti-virus software installed and operating at all times. The Department of Information Services may be contacted for information about anti-virus software available at no cost to students. When a student workstation without an anti-virus software installed and operating in a university Residence Hall is detected, that workstation will be isolated from the network. Student work orders initiated as a result of improper anti-virus protection may be billable to the student at a reasonable rate to be determined by the Department of Information Services.
- Faculty and staff workstations must have the university-selected anti-virus application active at all times. The automatic update option of the virus software must be activated at all times. When a faculty or staff workstation that does not have the anti-virus software active and up-to-date is detected because it has been disabled by the user, it will be isolated from the network. Work orders initiated as a result of the user disabling the ant-virus software or disabling the automatic update feature of the software may be billable to the department at a reasonable rate to be determined by the Department of Information Services.
- The University of Central Missouri has limited resources with which to maintain security and deliver services to students, faculty and staff. Unopened aged email messages occupy storage space on information technology equipment which could otherwise be used to provide more and better services to the university community. Unopened aged email messages can also pose a security risk. Therefore, the Department of Information Services, while not reading the email, will periodically use an automated process to detect unopened aged email in the accounts of all students, faculty and staff and delete any unopened messages which are over three months old.
III. Implementation Procedures
The Department of Information Services will develop and maintain implementation procedures for each item contained in the procedure above.