Office of the CIO

CIO Home | Information Technology Services | Academic Technology Center

Who Is Responsible for Security?

Security is the responsibility of everyone who uses the computing resources of the seminary.  This responsibility is shared between the Information Technology Services department and all users.  Users are entitled to the privilege of accessing the seminary’s network and computing resources, but certain responsibilities accompany that privilege to effect secure computing.  Studies have repeatedly found that end-user behavior plays a prominent role in an organization’s computing security, accounting for a majority of all information security breaches.

Developing secure computer-use behaviors is important in protecting the information assets of the seminary and its systems, including the personal privacy of its users. Practicing safe computer use will reduce the seminary’s risk of data theft, performance interruptions, system damage, and help maintain the reliability of all systems, which is critical for productivity and the seminary’s mission.

Please become thoroughly familiar with this policy that outlines user responsibilities for secure computing.  In addition, please consult the Acceptable Use Policy (AUP) for statements governing the use of the seminary’s computing resources: http://www.fuller.edu/cio/accept_use_policy.asp

Your Responsibilities

1.    Log out or lock your computer if you step away.

2.    Be aware of and provide physical security when computing.

3.    Be careful when using administrative rights on your computer.

4.    Use antivirus software and keep virus definitions up to date.

5.    Update software by applying the latest upgrades and patches.

6.    Beware of spam, pop-up ads, and spyware.

7.    Do not download random software off the Internet.

8.    Beware of email or attachments from unknown sources.

9.    Never share passwords and user ids.

10.  Manage your passwords and change them regularly.

11.  Treat sensitive data cautiously and confidentially.

12.  Don’t infringe on copyrights.

13.  Backup documents and important data that are on your computer regularly.

14.  When in doubt, call the ITS Help Desk for support.

For further explanation of any responsibility listed above, refer to its number on the following pages.

If you have further questions, please call the ITS Help Desk at x5675.

1.   Logout or lock your computer if you step away.

      Do not leave your computer logged in while away from it, especially if your computer is in a more public area.  This leaves your computer open to access by unauthorized persons.  In addition to manually locking your computer before you step away from your desk, turn on automatic locking which will require you to re-enter your password after you are away for a set period of time even if you forget to manually lock your computer.  This is required and can be implemented for you by the Information Technology Services (ITS) Help Desk staff.

2.   Be aware of and provide physical security when computing.

      Never leave laptop computers unattended, especially unsecured ones.  Do not leave computer printouts, hard copy files or other paperwork that has sensitive information such as student ID numbers, Social Security numbers, credit card information, phone numbers, addresses, etc. unattended in your work space.  Ask ITS Help Desk to protect your computer with a security cable.

3.   Be careful when using administrative rights on your computer.
Certain eligible users, approved to have “administrative rights” (Windows status allowing user to create, delete, and modify items and settings) on their seminary computer, should understand that having administrative rights makes your computer vulnerable to security risks. Visiting unfamiliar Internet sites with these high-privilege accounts can be dangerous to your computer and the seminary’s network, allowing exploits like file deletions, creation of administrative accounts for access, installation of malicious software, and hard drive reformats.  Follow safe use for this level of access privilege.  When you log into an account with administrative rights, only do the specific tasks that require administrative privileges, then log out.  It is required that you use a non-administrative account for everyday work.

4.   Use antivirus software and keep virus definitions up-to-date.

      A virus is a program or piece of code that is able to generate copies of itself.  It can disrupt, and in some cases, permanently damage data files and programs as it spreads.  If your computer begins to act strangely, or if it stops being able to do things it has always done in the past, it may be infected with a virus so call ITS Help Desk for support. Symptoms such as longer-than-normal program load times, unpredictable program behavior, inexplicable changes in file sizes, inability to boot, strange graphics appearing on your screen, or unusual sounds may indicate that a virus is on your system. However, it is important to distinguish between virus symptoms and similar symptoms that can be caused by non-malicious hardware or software problems.  Remain calm and objective, and rule out more standard causes before suspecting a virus.

      New viruses are written and released on a daily basis. Viruses evolve frequently, which makes them more difficult to detect. They spread rapidly and through different means, including email attachments, infected document files, Web sites that contain hostile code, and unprotected file shares.  Never propagate virus hoaxes or chain mail.  Do not click on any links that you can't verify, e.g., think before clicking when using Instant Messaging (IM) to avoid virus infections from unknown source messages.

      The anti-virus software included on your PC will help keep your computer protected.  Use it to scan removable media (e.g. floppy disk, zip disks, CDs) for viruses and schedule regular scans of your hard drive.  If your computer becomes infected with a virus, immediately disconnect it from the network to prevent the virus from spreading and call the ITS Help Desk.

      If you use a laptop when traveling, it is imperative that you scan your computer for viruses and spyware before reconnecting to the seminary network.  This will help prevent infections on our network and protect our valuable data assets.

      Your PC will be vulnerable to virus attacks if you turn off the anti-virus software that has been installed on it.  Do not turn off the automatic updating feature. It should run daily.

      It is against seminary policy to turn off any security application installed on your computer, e.g., anti-virus, anti-spyware, or anti-spam software.

5.   Update software by applying the latest upgrades and patches.

      If you receive a new computer, it will arrive configured with the latest operating system.  However, should you need an upgrade, you will need to call ITS Help Desk to perform these upgrades to ensure that performance and security is maintained.  Limited “administrative rights” allow some users to install software themselves, but it is strongly recommended that you seek ITS Help Desk’s assistance to avoid installation problems.  If you are not permitted to install or don’t know how to install software or upgrades on your computer, you must call the ITS Help Desk.

6.   Beware of spam, pop-up ads and spyware.

      Spam is unsolicited email that is more than a nuisance.  It can carry risks of viral infection.  Never click on any of the links in a spam message.  Spyware is code that is covertly downloaded on your computer when surfing the web.  Music and shopping sites are notorious for downloading spyware that simply tracks your surfing habits and preferences or more seriously logs your keystrokes, stealing credit card numbers and other personal information.

      Learn to recognize a scam. Currently, “phishing” scams are pervasive on the Internet.  Phishing (also known as spoofing) is the act of attempting to fraudulently acquire sensitive information, such as passwords or credit card details, by masquerading as a trustworthy person or business in a seemingly official electronic notification or message, most often an email or instant message.  Hackers try to trick people into giving away their passwords and other personal information by sending fake emails that appear to come from common Web sites such as eBay, a local bank, or a greeting card vendor. Because the emails look official, some people respond to requests for their login name and password.  Instead of clicking a link in an e-mail, type the URL into your web browser by hand, especially if the link takes you to a login page.  Don’t be tricked by these scams and risk personal data theft that could result in serious financial loss.

      The ITS Help Desk installs and configures software that will help you to control spam, pop-ups and spyware, but you can help by practicing the aforementioned behaviors.

7.   Do not download random software off the Internet.

      Many programs available as free downloads may appear to be legitimate applications, but are in fact malicious. Programs such as KaZaA, Bonzi, Gator, HotBar, WhenUSave, CommentCursor, and WebHancer are known to provide private data about the user and his computer to unknown third-parties via the internet. Installing a program such as one of these will often spawn a background process that will significantly slow the computer down and may damage the operating system. These programs are known to open the computer up to control by others over the internet.  In general, do not install software on your seminary computer.  Call Help Desk to inquire about seminary-approved software and any special needs.

      It is against policy to install and use Peer-to-Peer (P2P) applications on your computer.

8.   Beware of email or attachments from unknown sources.

      Email can be the gateway that allows all sorts of malware to get onto your computer and into the seminary’s systems.  Don't open email or attachments from unknown sources or even know sources that you were not expecting an attachment from.  Be wary of unsolicited messages and odd subject line content.  Be careful to verify credentials of commercial senders before responding with any information.  Never send private information (personal or financial) about yourself via email.

9.   Never share passwords and user ids.
Passwords are like passports or blank checks; they give unauthorized people a world of opportunity by providing access to your personal, financial and work data. And it’s much easier than you might think for someone to determine your password.

Create a strong password, and keep it private. Never share your password.  Eight or more characters that include digits, punctuation and both upper-case and lower-case letters, should be used to create a strong password.  A good way to create a strong password is to identify a phrase and translate it into a password. For example, “I am great. You are, too!” becomes “ImGR8.Ur2!”.  A password should not be based on personal information.  Do not use birthdates, log-ins or family member names in your passwords.

      It is against policy to share your password with anyone except your supervisor.

10. Manage your passwords and change them regularly.

      Change any default passwords immediately after you have installed a new product, particularly administrative or default passwords, to a new, stronger password.  For more information, log into Campus Pipeline, go to “Departments and Services” and click on “Information Technology Services” to see options for creating and changing passwords.

      Don’t write down your passwords, but if you must, don’t put them on a post-it near your computer or create a file labeled “passwords.”  Store them in a physically secure place.

A strong password is one you change every few months. Just as you regularly scan for viruses, update your patches, or do backups, you should also regularly change passwords.

11. Treat sensitive data cautiously and confidentially.

      Sensitive data like Social Security numbers, credit cards, and dates of birth should be handled (i.e., collected, manipulated, stored, or shared) according to stated policy and in compliance with governmental regulation.  Never leave such data showing on a screen for public viewing and secure all physical reports containing confidential information.  Never send Social Security numbers via email or by other unencrypted electronic means.

      Do not use Instant Messaging (IM) to transmit private information such as student ID numbers, Social Security numbers, birth dates or credit card numbers. IM is not secure.  For an approved method of transferring private information between computers, contact ITS Help Desk.

      Do not keep private personal or financial information on your computer.

12. Don’t Infringe on Copyrights.

      Do not use seminary computers for copying personal CDs and DVDs.  If you're not sure whether it's okay to put a copy of a song on your Web site because you already paid for it or whether you can burn a movie you own to DVD for a friend, you should get the facts on downloading and distributing copyrighted materials (see next paragraph). In many cases, file sharing may be illegal.  Beyond music and movies, the copyrights of images and literature must also be respected.

      You and the seminary can be held liable for copyright infringements.  Read the Copyright policies from the Recording Industry Association of America (available at www.riaa.com/issues/piracy/default.asp) and from the Motion Picture Association of America at (www.mpaa.org/piracy.asp/).  Know digital copyright regulations before you receive a hefty fine...or worse.  Make sure no pirated software exists on your seminary computer.  You and the seminary can be held liable for such infringement.

13. Backup documents and important data that are on your computer regularly.

      It is very prudent to backup your computer to protect from valuable data loss due to a hardware failure, a virus or malware attack, or an operating system crash.  You can backup onto separate diskettes, flash drives, removable drives, external drives or compact disks (CDs).  Contact the ITS Help Desk if you need help backing up your computer.  Computers do fail, so protect valuable information through regular backup practices.

14. When in doubt, call the ITS Help Desk for support.

It is better to contact the ITS Help Desk to check it out any suspicious activity or behavior on your computer than to be the root cause of a virus infection that takes down the seminary’s network.

The seminary reserves the right to change this policy and its procedures at any time, without advance notice, subject to approval by the chief information officer. Users are encouraged to periodically review this policy.  Questions related to seminary technology policies should be directed to the seminary’s chief information officer (CIO).

March 24, 2006; revised: Oct. 2, 2006; Jul. 18, 2007; Sep. 27, 2007